Radio frequency threats in the data centre and how to find them

Data centres are vital to every enterprise. They house the most sensitive customer and business information and critical business applications. As a result, it should come as no surprise that data centres are an attractive target for malicious activity from hackers and other cybercriminals.

So how do you protect the data centre?

It starts with physical security as the first line of defense to prevent unauthorised physical access. This includes guards, gates, badge readers, personnel access control and surveillance. While required, physical security is not absolute. This is where the second line of defense, cybersecurity, comes into play. The objective here is to protect the data itself from unauthorised access. Measures may include things like firewalls, authentication systems, network segmentation, continuous monitoring of network activity and automated response for analysis, adjudication and mitigating risk.

More recently, there has been a migration toward a Zero Trust paradigm. In a Zero Trust model, just because you have access to the network does not mean that you have access to, or a role within, all the assets on that network. Zero Trust has become increasingly necessary because of the myriad of devices and equipment found inside data centres. This includes equipment installed by third-party vendors, industrial control systems and IoT devices and shadow IT equipment

However, many cybersecurity defenses are useless if the attackers gain physical access to the systems or bypass the monitored network.

The invisible threats

Meanwhile, wireless devices are now more pervasive and particularly concerning as they account for an increasing number of hidden threats in the data centre. There are billions of cell phones, IoT devices, Wi-Fi connected endpoints and more. These devices communicate with each other and with network infrastructure invisibly using Radio Frequency (RF). They utilise protocols including Wi-Fi, Bluetooth, cellular, BLE, Zigbee, LoRa, etc. that traditional security tools can’t monitor.

Let’s look at a real-life example:

A data centre had industrial chillers installed. Unknown to the facility owners, the chillers contained an unsecured Zigbee console that the contractor had not disabled. The contractor had done this so they could access the system remotely from the parking lot and bypass having to go through the data centre’s physical security procedures. This left a glaring vulnerability that a hacker could have compromised had they shut down or disrupted the chillers. Because it was operating on Zigbee, it was completely invisible to the traditional physical and cybersecurity measures in place. It was even invisible to traditional Wireless Intrusion Detection because older systems don’t detect Zigbee.

Shining a light on invisible threats

Which brings us to the need for an up-to-date WIDS: Wireless Intrusion Detection System in Data Centres. As previously noted, many of the devices inside a data centre contain invisible threats from RF, cellular and wireless intrusions. The key word here is “invisible.” Traditional physical and cybersecurity cannot detect or identify these wireless threats.

What can a wireless intrusion detection system do? Going back to our industrial chiller example, the WIDS was automatically able to detect emitters radiating RF energy, specifically Zigbee. It then went a step further by localising the signal and pinpointing the location to the chillers themselves. The security team was alerted, who were then able to rectify what could have been an easy backdoor entrance for a hacker.

That’s just one other example. Earlier this year, Cybel researchers discovered more than 20,000 examples of publicly exposed data centre infrastructure management software used to control and monitor a variety of systems within the data centre. This included thermal and cooling management dashboards, humidity controllers, UPS controllers, rack monitors, transfer switches and more. Any one of these vulnerabilities leaves a data centre open to a potentially catastrophic attack. Combining the threat of unknown wireless connectivity with vulnerable control systems leaves your data centre exposed to significant risk if not monitored properly.

If you’re not monitoring the full spectrum (more than Wi-Fi) of wireless components, you’re not monitoring all of the network. To fully protect the data centre, you need to bring visibility to the entire attack surface, including the wireless, wired and physical domains.

By Scott Altman, Data Centre Security Architect at Bastille Networks