Standards for Technology in Automotive Retail

 
 Home -  News Feed 

Chapter 7. DEALERSHIP SECURITY

Table of Contents

7.1. OVERVIEW
7.1.1. System Administration
7.1.2. Physical Security
7.1.3. Network Monitoring
7.1.4. Software Configuration
7.1.5. Quality Assurance
7.2. FIREWALLS
7.2.1. Inbound Access Examples
7.3. PACKET FILTERS
7.4. PERSONAL FIREWALL SOFTWARE
7.5. DEMILITARIZED ZONE
7.6. PROXY SERVER
7.7. INTRUSION DETECTION AND PREVENTION SOFTWARE
7.8. ANTI-VIRUS PROTECTION
7.8.1. Client Protection
7.8.2. Firewalls, Routers and Server Protection
7.9. ATTACK RECOVERY
7.10. RECOMMENDED POLICIES
7.11. USEFUL WEBSITES

7.1. OVERVIEW

The most important element of a good network design is also the most often overlooked – security. Too often security outlays are considered expensive, never ending line items that can be trimmed or eliminated when looking for budget reductions. However, security spending is a strategic investment that protects the business. There is no single magic ingredient to the formula for complete network security. Some networks simply place a firewall device between themselves and the Internet and assume that all is safe. In reality, even the best firewall provides minimal help if its configuration is weak or out of date. A proactive security approach will help avoid problems by layering people, hardware, and software to create reasonable and safe protections around the network.

7.1.1. System Administration

A good security plan starts with good system administration. This role does not have to be embodied within a single person whose sole job is to administer to dealership hardware and software needs. Duties can be part time, shared, or even outsourced. However, it is paramount that the dealership has personnel that understand how the network and computer systems operate, what software is used and why, and how that software and hardware is configured. That knowledge is required to develop configurations that lock down the unnecessary system privileges that are taken advantage of by attackers. System administrators should receive ongoing training to stay up to date with recent security bugs and attacks. Most importantly, they need the unrestricted support from management in their pursuit of a secure system.

7.1.2. Physical Security

Most security breaches occur because of poor physical security. Far more breaches occur when internal users gain access to data for which they have not been granted privileges than when external hackers or spies gain access to the system. Passwords that are not kept secret or are easy to guess, “spare” user accounts that are rarely used and workstations in public areas that are not password protected, all allow for easy access into the network. User and password administration should be restricted to only a few people in the dealership, and those people should follow documented procedures to establish users, set passwords, and grant privileges. An easy method to bypass security barriers is to use a modem that is connected to a networked Personal Computer (PC). Modems should only be connected to devices used for remote support and Internet access backup with appropriate security measures in place. All PC’s connected to the Local Area Network (LAN) should have their modems disconnected. If they must be used, they should only be used for making outgoing calls. Auto-answer should be disabled whenever possible. Modems that are configured to answer calls automatically are a security threat. Hackers using tools that detect the presence of modems may discover them and use them to access or destroy dealership data.

7.1.3. Network Monitoring

Monitoring network access is another important ingredient. Network attacks rarely work the first time. All of the servers and security hardware should log any attempts to connect to them. Those logs should be reviewed daily to look for signs of possible attacks. Firewalls often generate these reports automatically. Software to compress and summarize those logs is also available. Logs can also be used to better understand the workings of the network and to help anticipate the need for system upgrades well in advance. Comparing network monitoring systems and intrusion detection systems can also assist in the overall analysis of dealership security. A key here is for the administrator to trust their instinct. If something does not look right, act on it. It is easy to act after an attack succeeds, but, of course, it is too late.

7.1.4. Software Configuration

Every device on the network should have its software configuration scrutinized for potential problems. Unused and unneeded software should be removed from systems. Access to servers should be restricted to only those ports that known software packages require. Remote control software that allows external users to run internal machines, usually over a modem, should not be permitted. Websites dedicated to systems security and administration are available that will help identify known security problems with software packages. If any of these packages are in use on the network, fixes should be downloaded and applied.

Most security plans begin with software tools or hardware devices. However, it is the thoroughness of the policies and procedures of the previous four elements (systems administration, physical security, network monitoring, and software configuration) that allow for the success of these tools. Only if access is funneled through expected gateways on known paths can intrusion detection software and firewalls offer complete protection. Costs for these devices can range from nothing to six figures. However, increased cost does not always buy increased security. If the knowledge of the network software and hardware is complete enough, firewall software running on the Internet router can provide excellent protection. Do not overlook the need to scan email and hardware for viruses. Very high-profile attacks have occurred recently in the form of email attachments. Anti-virus software is essential to avoiding those kinds of attacks.

7.1.5. Quality Assurance

Finally, hackers are moving targets that constantly search for new ways to exploit networks. The final element to any good security plan should include frequent reviews and audits to insure that known holes are plugged. Attempts should be made to break into the dealership’s own network. Dial all telephone numbers to see if an unexpected modem answers. Consider the use of outside auditors on a regular basis (at least yearly). Many consulting firms and CPA’s now offer these kinds of audits. An audit MUST test every aspect of network security. Firewalls, mail, Domain Name Server (DNS), domain, web, and File Transfer Protocol (FTP) servers should all be evaluated.

On the surface, these precautions may seem overly detailed. Security professionals are often accused of crying wolf. Nevertheless, the cost to recover from even one attack can easily pay for all of these efforts. Attacks are becoming more frequent as is evident by recent reports in the media. The story being told by the media is that thousands of people and businesses are being hurt by the attacks. What they are not reporting on is the tens of thousands that were not hurt because they had tight, secure network plans and they took immediate action when a threat was discovered.