Security Cameras become hacker pawn’s because they successfully use the manufacturer’s default username and passwords or worse, the vendor’s secret back door maintenance account like occurred with Sony.  Hackers from the “deep web” scan the world’s internet addresses to find any device, once a device responds it engages to see if it is a camera.  If it’s a camera, it tries to connect with the default username and password of popular manufacturers.  If successful, it resets the destination of the camera’s video stream to the object on which a Denial of Service attack is focused – a hated website for political or denial of commerce purposes.  The resulting massive video streams from IoT cameras “Denies” legitimate traffic.

Hackers from the “deep web” scan the world’s internet addresses to find devices… Hop Sphere Radius Security makes devices invisible to the “deep web”. 

Sony announced updates last week to remove a “vendor created back door” allowing access to its IP Security Cameras. Sony Camera Update Without this update hackers may be able to control high end security cameras in the largest corporations. Golden Goose Security’s defined Hop Sphere Radius Security can help insulate from this and other IoT hacking by implementing the methods in this article – at no cost as it is a best practice method.

Security cameras or other IoT Internet of Things – hospital biomedical devices or home automation devices such as music servers, can immediately avoid this issue by applying Hop Sphere Radius Security to starve the TCP/IP TTL value making devices “stealth” from deep web hackers looking for pawns to exploit.

Think of IoT as just some roadside internet camera?  Think again. Medical devices used in clinics and hospitals are types of Internet of Things (IoT) devices.

Think of IoT as just some roadside internet camera?  Think again. Medical devices used in clinics and hospitals are types of Internet of Things (IoT) devices.  This is not a trivial pursuit – and firewalls fail, so don’t be lulled into a false sense of security, this Fall Cisco announced every firewall, router and switch was vulnerable to compromise without updates.  Security is a multi-layered discipline, Hop Sphere Radius Security combined with security equipment together helps lock things down tighter and amazingly inexpensively.

BLUF (Bottom Line Up Front)

Starving TCP/IP Time-to-live TTL using Hop Sphere Radius Security vastly reduces risks of becoming an Internet of Things (IoT) Pawn.  Learn more watching this Animation on TCP/IP Time-to-live TTL.

Imagine a little puppy (your data) running toward path of a truck (hacker) – as disaster looms, a choker chain limits travel – saving the pup – (valuable data!)  Similarly, Hop Sphere Radius Security limits access outside the local area.  It’s like a “choker chain” on IoT (Internet of Things) device packets, limiting communications.  Stopping compromise, denying a login prompt, making IoT devices stealth to hackers.

Imagine a little puppy (your data) running toward path of a truck (hacker) – as disaster looms, a choker chain limits travel – saving the pup – (valuable data!) 

The definition of Hop Sphere Radius Security is new, but its technology is as old as the Internet.  It stops up to 80% of hacks outside the service “Hop Sphere” (Hop Sphere is the appropriate area access is required).  “Hop” defines how many routers a packet can traverse or “hop” through as set by IP TTL (Time-to-live) value on the device.  “Radius” is number of routers in the allowed area of operation.  Hop Sphere Radius Security stops packets from going beyond the appropriate number of routers in a network or Internet.  That means even when firewalls fail, packets stop before existing the Data Center.  Nothing to buy, just set the parameter, this safety mechanism can be set today by most network technologists following simple instructions.

How It Works – Some Theory

Hop Sphere Radius Security uses the knowledge and power of network theory existing in every network device and router.  Prevention is accomplished by setting the Time-to-live TTL=x where x=max number of router hops inside the area cameras appropriately operate.  Do people in deep China need to see your security camera or only people inside your company or local area?  Then why can they view it right now from deep China or Russia? If they can view it they can more easily hack it.  Cut access by the “deep web” and areas beyond the rule of law, apply Hop Sphere Radius Security to lower exposure from 100% of the web to under 1% and become 99% safer.

Stops Far Away Hacking Attempts

Unsophisticated (script kiddies or terrorists) intent on harm download hacking scripts from smarter hacker-coders who provide automated scripts for “kiddies” less capable to use, thus termed “script kiddies”.  Or worse, our own National Security Agency (NSA) developed hacking tools, themselves compromised, now provide hackers automated methods to seriously compromise systems.  The preponderance (80%) of the sources of those hacks are from far-away remote countries termed the “deep web”.  Thousands of these scripts run 24/7 aimed at high value targets from deep web hackers can be eliminated by lowering the TTL from high defaults values.  Many are lulled to false security thinking firewalls will defend – every hacked organization has employed firewalls, and all Cisco firewalls can be compromised by recently compromised NSA tools if not updated recently.

The primary problem is the default TTL value.  Time-to-live TTL=default, starts as high as 255 router hops allowing dangerous unlimited worldwide communications.  With TTL starting lower, it’s like running out of fare on the tollway, routers discard packets when Time-to-live TTL=0.  Imagine a “router” as a “toll taker” decrementing by -1 HOP through each router until after reaching zero (0) the packet is discarded.  For instance, if TTL=4 packets can only traverse 3 routers before packets expire and are discarded.

Hop Sphere Radius Security powerfully hardens IoT devices from compromise.  Preventing hackers from “even getting a login prompt” keeps the IoT devices safe inside an organization – and costs little more than the one time to set TTL lower.  No capital spending, no vendor pressures, no negotiations, no product installation, no product training, no maintenance contracts, no updates, no patches and no massive product operations expenditures and years to implement.  Inexpensive, a best practice, ready to implement, and highly effective.  The solution compares to products with associated operation costs exceeding $1 million and when used in conjunction with sophisticated security products it can save millions obviating far away nuisance attacks that consume firewall processing and manned operations research.  Hop Sphere Radius Security TTL settings make IoT devices like cameras appear stealth outside the limited Hop Sphere.

Bill Alderson, founder of Golden Goose Security, formerly Technology Officer at NetQoS/CA Technologies trained over 50k technologists in 27 countries in network deep packet security theory, certifying over 3000 Deep Packet NetAnalysts, Bill was called upon to assist the Pentagon (recommended by both Meta and Gartner) immediately following the 911 disaster, deployed with US Central Command 6 times to Iraq and Afghanistan to help with large scale network problems with DoD Biometric systems solved using deep packet network analysis, assisting Army programmers through network analysis and simulation at Ft. Huachuca.  Government and 75 of the Fortune 100 organizations have benefited from Bill’s services, now you can too.

Hop Sphere Radius Security Technical Details: How to control cameras and set TTL on IoT devices manually or using DHCP.

Here are some example TTL values to achieve limits. (Actual TTL needs to be analyzed from location)

  • TTL=1 No routing, stays on one switch or network
  • TTL=8 No communications outside an internal network
  • TTL=12 No communications outside a regional internet area
  • TTL=15 No communications outside a state internet area
  • TTL=18 No communications outside the national internet area
  • TTL=22 No communications outside developed countries
  • TTL=default values of 64, 128, 255 allow dangerous unlimited worldwide communications enabling hackers around the world to hack systems 24/7.

DHCP Options Can Speed & Simplify Implementation of IoT devices

TTL settings can be accomplished using DHCP even easier without changing the device settings directly.  Dynamic Host Configuration Protocol (DHCP) set TTL by using Option 23 to TTL=x.  The device can be set by DHCP Reservation so it receives the same IP address and options each time.

Cameras have a unique OUI (IEEE Organizational Unique Identifier) coded in the first 3 bytes of the Mac Address.  DHCP can apply a filter to place cameras into a unique Scope and apply both special IP Addresses and or Options such as Time-to-live TTL using DHCP Option 23.  Although the camera’s setup does not have a TTL setting, DHCP can in fact set the TTL.

Cameras and IoT typically only transact with things like Milestone Systems video recorder servers and associated devices inside the organization.  Once configured, IoT devices won’t communicate directly outside the Hop Sphere.

Hop Sphere Radius Security protects cameras and IoT devices from transacting with any device outside the Hop Sphere setting, while enabling communications with appropriate devices inside the Hop Sphere.

This security layer is highly effective stopping internal users or Internet users from identifying the device as port scanning does not respond to scans preventing the hacker from even knowing the device exists with an ICMP Ping or Application Port because the response packet expires and is discarded by routers.  Hackers cannot get so much as a login prompt to use lost or stolen credentials or use credential cracking methods.

Share This