If you haven’t come across it yet, the HP Enterprise blog ran an article back in February that is worth reading today, May the Fourth, also known as Star Wars Day. While not as important as an opening day, 5/4 is a great day to geek out a bit and enjoy an article that shows how Rogue One wasn’t just about Star Wars, it’s a lesson film on how NOT to run Empire Enterprise IT.
The article highlights five key failures in IT security that are quite applicable to any business, whether it’s dominating the galaxy or just selling a product. Here are some highlights and a few ways that Uplogix can help you with cybersecurity too.
Access Control
In Rogue One, after a fairly easy entrance through the impenetrable whole-planet shield to the Empire data center planet of Scarif, Jyn Erso and Cassain Andor seem to be able to get anywhere they want after effectively mugging a few loading dock workers for their uniforms. With the change of clothes they are able to walk right into the most sensitive data storage area. On Earth, hopefully it’s not so easy. A real world example from the HP article of good security shows a more limited privileges:
“First, I had to arrange my access a week in advance, with managers communicating with each other, explaining why I needed to be there,” says Campbell. When he entered, he had to pass his backpack and computer through an airport-style X-ray machine. “I had to pass through an explosives detection device,” he adds. “And then I walked through a man-trap, a room that I could not get out of, unless the guard pushed the button that lets me out.”
With Uplogix, you can avoid all of the interstellar travel with secure remote access, meaning you can ensure that only the right people have access to the right gear.
- Maintain and enforce AAA (Authentication, Authorization and Accounting) of the state of the network. Under normal circumstances, Uplogix Local Managers (LMs) integrate with remote multi-factor authentication mechanisms, such as TACACS and Radius, but if connectivity is lost, the LM can failover to other AAA servers before falling back on cached authentication data to maintain authorized access.
- Prevent unauthorized user access by automatically closing idle sessions, eliminating a potential security gap. Uplogix also ensures that the right users have the right access by enforcing granular, role-based permissions.
- Improve overall security by restricting access to specific IP addresses and encrypting passwords stored in the database, and by automating management functions related to security enforcement, like updating the access passwords on hundreds of managed devices at once.
Data Encryption
In the movie, Jyn and Cassian jump over to the big server-like-thing (it appears to be air-cooled), and are able to pull the right hard drive. Beyond the facts that it looks like a spinning drive and they treat it pretty roughly and that it seems to be some standard that works on both the big server as well as the open air satellite dish control penthouse (convenient!), the data on this oversized Iomega Zip Drive (here’s a link for you kiddies) isn’t encrypted. And apparently the full set of plans for the Death Star is all in one place.
With Uplogix, not only do we communicate securely, with the available 256-bit AES compliant solid state drive, the stored configurations and data on the Uplogix Local Manager itself are secure. If Rebel spies make it through your physical security barriers like the Rebellion walks through walls of Storm troopers, you can rest easy that they can’t beam up your golden configs.
And much more
The HP article is pretty entertaining. As you celebrate May the Fourth give it a read for some other security fails you can learn about from watching the Empire suffer from their overconfidence.