Defenses Security
CYBER DEFENSES
The open Internet connection is a hostile place. Some activity is legitimate
and a lot is not. An automation device such as the JNIOR should be in a well-
protected network environment such as behind a firewall, router or other proxy.
Even in that case care must be taken when opening ports for external communications
as you might with a port forwarding rule or firewall exception. And still you
run the risk that some other computer on the internal network becomes infected
and serves as a bridge to the local network for an external malicious actor.
Granted that there are applications of the JNIOR that are intended for operation
over Internet. If, for instance, you need to access the JNIOR through your cell
phone or other remote computer, connections from the outside world need to be
possible. And if you can reach your JNIOR, others can and from anyplace in the
world and with any intention. In fact if a JNIOR is newly connected to the
Internet with an unpublished and never before used IP address it will come under
attack within minutes. Luckily you have defenses that can be deployed to thwart
these attempts.
Depending on your point of view there are some legitimate unsolicited activities
that may reach your JNIOR. For instance, search engines such as Google eventually
find out about the active IP address and begin crawling web pages. They may just
encounter the webUI login and proceed no further. Your application might offer
a more public web site and that will get scanned. Today various Artificial
Intelligence (AI) platforms search the Internet as part of their ongoing training.
These things may or may not be of concern to you.
And on the dark side, infected systems throughout the Internet (and there are
100s of thousands) work diligently to spread. These computer worms search for
machines hoping to load a copy of themselves and to start that independently on
that same task. These are some of the first attacks that you would see with a
newly connected JNIOR. This would come in the form of a Telnet connection and
attempts to login using a library of standard (default) usernames and passwords.
Sadly they are successful all too often as we are not as diligent and we need
to be in removing default passwords. The default 'admin' account active in a
factory default JNIOR is at risk here. Those login credentials are very common.
Fortunately, even if a bot successfully logs into your JNIOR it will likely be
unsuccessful. These malicious programs are looking for common computers and
expect either a Microsoft Windows environment or some form of Linux installation.
They will attempt to execute commands at the command line for those systems.
The intent as previously stated would be to save a copy of themselves and to set
that running. While JANOS mimics a number of MSDOS and Linux commands, the JNIOR
is different enough to not fall prey.
Perhaps there will be a day when a bot specifically searches for a JNIOR and
knows what to do with it. Your first and foremost defense is to eliminate the
default passwords and to remove unused accounts. You might also limit the
availability of unused protocols. Both are actions previously discussed here.
And there is even more that you can do to harden your JNIOR and to repel
the attacks and to perhaps even frustrate them.
SEE ALSO
HELP Topics:
SECURITY,
CONNECTIVITY,
PLAIN_TEXT
[/flash/manpages/manpages.hlp:1841]