Big Business

Protecting the networks will save the assets

  • By Matt Neely
  • Nov 06, 2009

Behind all the glamour and glitz, casinos are a lot like other businesses, yet they face a number of unique challenges. Casinos are required to adhere to numerous regulations and must secure their assets without causing inconvenience to customers.

Casinos must protect against physical heists, but just as important, if not more so, casinos must protect their networks. Although it may not play as well on the big screen, a network breach could cost millions of dollars.

Evolving Threats
Just as the styles have changed from the 1980s and 90s, so have casino networks.

All casinos face changing threats; however, some have adapted better than others. Where there was once loud carpet and coax cable, there is now chrome and Cat-5. Although these modern IP networks may be easier to implement and manage, they also are easier for attackers to penetrate. With the old security and gaming networks, serial cables connected devices to a central monitoring and control center. The networks were point-to-point, so gaining access required a direct connection that was fairly easy to prevent with the inplace physical security.

With today’s IP-enabled networks, it can be diffi cult to tell a hacker from a tourist checking their e-mail on their laptop. Perhaps even more alarming, if the gaming and security systems are on the corporate network and that network is not properly hardened, they can be attacked from anywhere on earth.

No matter how good the physical security might be, armed guards can’t stop an attacker in another state or country.

All casinos have IP-enabled corporate networks. In casinos with IP-enabled passwords are easily available on the Internet, often on manufacturer Web sites. One of the easiest and most important security controls for any organization, including casinos, is to change passwords from the manufacturer’s defaults. Passwords also need to be strong, consisting of a miniumum of eight characters if supported by the device, and a combination of letters, numbers and symbols.

The strongest password is useless if it is not stored properly. Passwords must be stored inside a password vault, and must never be stored unencrypted on a network share or hard drive.

Network segmentation. Sometimes, the easiest way to understand network segmentation is to consider the physical equivalents. The same way cash is kept in a safe, and the operations areas of the casino are physically protected and separated from the public areas, so too should the security and gaming networks be segmented. Of course, cash is kept in the counting room under armed protection, in an area of the casino away from the public.

There are cases where the critical systems may not be able to be patched or the devices may not support strong passwords. In these situations, it becomes far more important to segment the network. Threats from the inside can cause the most damage. Casinos conduct stringent background checks, but employees who handle cash are vetted more carefully. The threat is that lower-level employees are generally given access to the corporate network as it is necessary to perform their job. If the networks are not segmented, anyone with access to the corporate network can likely find a way on to the gaming and security networks.

There are two options for network segmentation: Virtual LANS and air gaps. With a VLAN, the networks run on the same physical infrastructure but are confi gured to be logically separate. It becomes extremely important that VLANs are properly confi gured, otherwise an attacker can VLAN hop and move from one network to another. Critical VLANs, including those used for the gaming and security networks, must be designed, implemented and validated by IT networking and security experts.

Air gaps refer to networks that are physically separated and run on their own equipment and infrastructure. This means that an attacker needs access to the network infrastructure they want to compromise. They are not able to gain access to a softer network, such as the corporate network, and fi nd a way to break into the gaming network.

The weakest point on these networks is often a machine or device that is connected to multiple networks. The best solution is to remove these machines or devices. If these devices are required for business, then they need to be carefully hardened, or an attacker can use them to access a critical network if a less-critical network is compromised. These systems, along with contractor laptops, are the most common points of infection for these critical networks.

Additional controls. The aforementioned controls are only the beginning.

Keep in mind these controls must be implemented before the following controls are deployed.

Network access control can be helpful but should not be solely relied upon. Most modern NAC implementations can be bypassed by a knowledgeable and motivated attacker. In fact, given the amount of money involved in casinos, they tend to attract the most knowledgeable and motivated attackers. The more valuable the target, the more secure the protections. It also is important to keep in mind that few physical security devices and gaming systems support 802.1x, which is required by most NAC solutions.

On these systems that don’t support 802.1x, NAC will need to be disabled on that network jack or port, which defeats the purpose of NAC and makes NAC a wasted expense.

Testing. It is best to test controls before an attacker has the chance. This is where a third party can be helpful. An integrator or physical security department that implements controls should not test the controls.

The integrator or department will protect against every attack vector they know of, but a third party can test elements that the integrator of the security department did not think of or may be unaware of.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.