This Sunday is Superbowl XLVI (or if you prefer, XLII part 2…Will the scrappy underdog Giants stun the Patriots again, or will Tom Brady get his revenge and fourth ring*)
It seems every year a slew of articles come out talking how tight security is at the Superbowl. This year a quote jumped out at me:
Brigadier Gen. Stewart Goodwin, of the Indiana War Memorial, said keeping tabs on downtown security will be just a click away for some officials.”If you had the right (Internet) address, you could set up a laptop anywhere and you could watch the camera from there,” Goodwin said.
Now I sincerely hope that this is an oversimplification to be used as a sound-bite, because if I were someone interested in messing around with the security at Lucas Oil Stadium I get a couple of takeaways from this brief quote.
- “If you had the right (Internet) address…” Access to the cameras is restricted by IP address. This is a good practice BUT it must be combined with other controls. If they are solely relying on IP address, that is a hack waiting to happen, since IP addresses can be spoofed.
- ” you could set up a laptop anywhere …” Combined with the previous bit of information, we can assume some of those IP addresses are not hardwired into a government/law enforcement office. So officials with this access must have a mobile Internet connection. Such as a hotspot or aircard.
So now I need to figure out which individuals are likely to have access to the cameras and get the IP address of their mobile Internet connection. Certainly not an easy task, but possible.
The overall point here is that it’s fine to talk about the security measures you have put in place, but be careful that you do not expose any information that could give potential attackers a blueprint to target your organization.