Vulnerability Prevention

While cyber defenses are crucial to mitigate attacks, the most effective approach is avoiding vulnerabilities so that they cannot be exploited.

Vigilance is needed to identify, fix or avoid defects or design flaws. In many cases these flaws are "baked in" to the device and cannot be fixed. In these cases it's either avoiding flaws or replacing the device. Prioritizing strong and secure solutions that avoid known design flaws will help protect your business and our critical infrastructure for the long run.

Weak Solutions

Hiding by using uncommon ports

Overview: Use ports other than the common 10001 and 8001 ports. This relies on hackers only choosing easy targets.

Enable Built in Password Protection

Overview: The built in password system in ATGs is limited to 6 characters with NO limitation in number of attempts or mandatory delays between attempts. In addition password protected ATGs are easily detected because they allow a TCP/IP connection but only respond to a command prefaced by the password. Hackers with modern computers can break these passwords in a few minutes.

Restrict Unknown IP Addresses, by configuring a site firewall

Overview: Block access attempts from IP addresses not on an approved whitelist to prevent unauthorized remote access from unknown locations. Only IP addresses associated with known legitimate remote access points are allowed to connect. This method while popular, depends on the security of the systems that have the known IP addresses. If these systems are compromised then this protection is negated as the attacks come from a "white" address. It's very likely that these systems have been compromised by State hackers and have undetectable dormant viruses. As these "white" IP addresses are public and well known, they are a target for hackers. When these viruses are triggered, thousands of ATGs will be compromised.

VPNs

Overview: Use a VPN to secure communication between the network of the system sending commands and the network of the device responding to the commands. Essentially creating a secure tunnel between the two networks. This method while popular, depends on the security of VPN access credentials. If the credentials are stolen by phishing or other means, the device's network can be accessed from anywhere. The ATG and possibly every computer and device on both networks. There have been thefts of financial data by hackers who expolited VPN credentials stolen from contractors who were given VPN credentials so that they could use existing VPNs.

Stronger Solutions

Remove unprotected serial to TCP/devices

Overview: Eliminates remote access vulnerability. By removing public network connectivity, it prevents threats.

Kachoolie Core

Overview: Installing Kachoolie Core avoids the baked in vulnerabilities associated with ATGs. Kachoolie devices have no public IP address and cannot be found. Incoming communication is rejected, all communication is initiated outbound only to specific servers, its communication is encrypted and the receiving servers use multi factor authentication.

Kachoolie TCP

Overview: Kachoolie TCP is a high speed polling system that utilizes existing TCP/IP to serial converters. It is unaffected by RunOut™ attacks and includes full ATG protection without the need for firewalls or VPNs.