Cyber Operators Course (Op) – Module 6
Communication equipment and security – Example 1: Cobham Sailor 900
Example 1: Cobham Sailor 900
Cyber Operators Course (Op) – Module 6
Communication equipment and security – Example 2: KVH Commbox
Example 2: KVH Commbox
Cyber Operators Course (Op) – Module 6
Communication equipment and security – Is the software running on the satcom system kept up to date?
Next, check the current version of the software against the vendors product support web pages. Updates contain fixes for security flaws, so it is imperative that these updates are applied quickly.
Manufacturer support pages often change, but currently the relevant page on the Cobham web site is here: https://sync.cobham.com/satcom/support/downloads/?type=2502&article=7399
From this, one can see that the current version of software 1.60 Build 15, which means the software in the Cobham image above is indeed current.
Use a search engine to find the vendors current software update pages, or navigate through the vendors web site looking for the update pages.
Ask for written evidence of the procedure used for monitoring for updates and subsequent installation of upgraded software.
Cyber Operators Course (Op) – Module 6
Communication equipment and security – SATCOM cabinet security
Ask to inspect the location of the below-deck satellite terminal equipment on the vessel. This should be located in a locked cabinet to which only authorised, senior personnel have access.
Whilst the risk of a direct, physical attack to terminal is much lower than one exposed on the public internet, it still important to check that the terminal is locked away.
Cyber Operators Course (Op) – Module 6
Communication equipment and security – VOIP (Voice over Internet Protocol)
VoIP is basically a telephone connection over the Internet. The data is sent digitally, using the Internet Protocol (IP) instead of analogue telephone lines. In order to use VoIP, you need a computer, an Internet connection, and VoIP software. You also need a microphone, analogue telephone adapter, or VoIP telephone. Many VoIP programs like skype and TeamSpeak allow you to use a basic microphone and speaker setup. Others require VoIP phones, which are like regular telephone handsets, but typically connect to your computer via USB. Analogue telephone adapters allow you to use regular phones with your computer. IP phones are another option that connect directly to a router via Ethernet or wirelessly. These phones have all the necessary software for VoIP built in and therefore do not require a computer.
Cyber Operators Course (Op) – Module 6
Communication equipment and security – VPN (Virtual Private Network)
Virtual Private Network enables you to send and receive data across networks as if their device was somewhere else. It hides your identity even from your network provider.
VPN use is good practice for any user. It provides privacy. How the crew use a VPN is another matter, but it’s on the crew network, so can be reasonably ignored so long as good segregation is present. VPNs will also be present on board for business use.
Cyber Operators Course (Op) – Module 6
Communication equipment and security – VPN (Virtual Private Network)
VPN’s are sometimes regarded as an ‘anti-system’ program, but it depends what you use it for. Some use VPN’s to browse illegal websites. Others just use it to watch videos as if they were based in different countries. So a Virtual Private Network works by using encryption and other security measures, a VPN can scramble all the data sent through the wide area network, so the network is “virtually” private.
Businesses often use VPNs to communicate across multiple locations. For example, a large company that has offices in several cities may need to send Information to the different locations via the Internet and make sure it’s done securely so it can’t be hacked. To keep the information secure, the company might set up a VPN with an encrypted connection.
Cyber Operators Course (Op) – Module 6
Communication equipment and security – SSL Certificate
An SSL certificate, or secure certificate, is a file installed on a secure Web server that identifies a website. This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable. In order to verify that these sites are legitimate (they are who they say they are), the companies and their websites are verified by a third party. When going to these webpages, you will notice that they are slightly more different! How? By looking at the Hypertext Transfer Protocol type in the address bar. It will say HTTPS Instead of HTTP These Can then be viewed by a person if they want to know more details about the company who is selling.
Cyber Operators Course (Op) – Module 6
Communication equipment and security – SSL Certificate
Image of an SSL cert error on iOS and Android
Whilst these are sometimes legitimately seen when connecting to a public Wi-Fi hotspot, they are also a common route for hackers to intercept emails. Do not accept the certificate!
Cyber Operators Course (Op) – Module 6
Communication equipment and security – Cloud Computing
The cloud is basically just Online Storage where you can upload all your files to without having to keep it on your hard drive. Cloud computing lets you keep information on a remote server (the cloud), instead of trapped in a computer. You can access your data from a Smartphone, a tablet, a laptop, or a desktop, wherever you have an Internet connection. Some cloud services let you share files. They are also always backing them up so there is less of a chance of your data being lost compared to if you keep it on your hard drive. Often cloud hosting companies either charge you for the amount of storage you’re using monthly. But some companies also allow you to pay annually. Some also let you have some storage for free. Some examples are Apple iCloud & Dropbox.