Reinforcing superyacht computer network security
by Richard Boggs
Defending the network
Just as it doesn’t take a CIA operative to access your network, it doesn’t take an MI6 communications room to keep all but a very determined and well-equipped intruder at bay.
Hernando Giraldo, of Great Circle Systems, a Nevada-based integrator of IT hardware and software with offices in Fort Lauderdale, Florida, pointed out that just buying a consumer-grade wireless router and installing it, without at least changing the default settings, is a clear invitation to intruders of all sorts.
Just knowing the model of the router can allow even the least sophisticated hacker to log on within a few moments of finding the signal. This situation probably applies mostly to smaller yachts, which may not have the benefit of employing an IT contractor to install and maintain the yacht’s network.
While it might be unlikely that a casual intruder would seriously compromise a yacht’s security through its wireless network, a ‘disgruntled former employee’ could seek malicious satisfaction from a safe distance.
One industry source who preferred not to be identified told the story of an unhappy former crew member who left with the boat’s passwords stored on their laptop. Failing to change network passwords when someone leaves a yacht’s employ is like letting them take the keys to the boat with them. In this case, it provided an open door to crack the password for the owner’s on-board email account.
Passwords should be changed often, and they must be changed when a crew member leaves. If a password is easy to remember, it’s just as easy for a determined intruder to crack.
Failing to change network passwords when someone leaves the yacht’s employ is like letting them take the keys to the boat with them
Combinations of letters and numbers in upper and lower case offer the best protection but are difficult to remember. Just don’t write it on a label stuck to a computer and you should be fairly safe. The bad guys always look for the simplest way in first, so don’t leave the front door unlocked for them.
‘If someone wants it badly enough, they will get it,’ says Giraldo. He suggests purchasing ‘business-class’ hardware, which offers more robust security features than inexpensive, consumer-grade products and allows the integration of even more barriers between authorised users and passers-by.
Antoine Guy of Synchronicity, and Sophia Antipolis, France, IT consultant, offered the following advice on configuring even the simplest wireless network to provide enough barriers to force a casual intruder to find easier pickings: ‘The idea is to make the basic set of WiFi parameters not trivial, not transparent, and not broadcast so a hacker can get this info by simply scanning the cloud,’ he says. ‘These parameters must be set up in the device to connect to the cloud.
‘Disable Access Point SSID broadcasting,’ the name of the yacht’s WiFi network. ‘If this information is not broadcast in the clear, it is difficult to obtain.
‘Change the default network SSID into a non-trivial one. Don’t use the boat name or an equivalent.
‘Set up the access point [router] to ask for an encrypted WPA key,’ WPA encryption is secure, unlike the older WEP standard, which can be broken using free software, ‘and try not to use a trivial key such as the boat name. A hacker will try that option immediately.
‘Don’t write down the default WPA password everywhere. It’s usually printed on a sticker at the back of the access point device, so remove that sticker.
‘Lock the network rack or location where the access point is located. Do not trust people who [say] they won’t give the key to a friend. They will.
‘Set up the Access Point to use a non-trivial Wi-Fi channel number – such as five, six or seven – not the usual one, eleven or thirteen.’
Following Guy’s advice will keep most network snoopers away. But for a very small minority of them, there are freely available software tools to chip away at the firewalls.