Video: Protect Your Office From Wireless Attacks

by Rashelle Broadhuhn 14. September 2016 09:33

This video demonstration by Motherboard explains how sophisticated hackers can use RF radio frequencies emitted from electronic devices to wirelessly bug your office and unveil your company's sensitive data. API Technologies' SST and Emcon-brand TEMPEST solutions shield your office equipment, preventing the exploitation of sensitive data.

Explore our full range of SST and Emcon Security Solutions to learn more!

Tags: , , , , ,

Secure Systems & Information Assurance

INFOGRAPHIC: What is TEMPEST?

by Jaymie Murray 6. January 2016 08:17

In commemoration of the upcoming Data Privacy & Protection Day on January 28th, the API blog will be highlighting our Secure Systems & Information Assurance products and capabilities. First we will explore TEMPEST... its history, how it impacts secure government and military data, and how the SST range of TEMPEST products can mitigate threats. To learn more about TEMPEST products and solutions, including thin clientsnotebooks, plugin filters, affordable monitors and computers, and more, visit sst.ws.

Tags: , ,

Infographics | Secure Systems & Information Assurance

Federal Civilian Agencies’ Next Security Vulnerability

by Tara Condon 24. August 2015 09:19

By Tara Condon & Henry Gold

Recent data breaches at the Internal Revenue Service (IRS) and the Office of Personnel Management re-focused the technology community on security challenges facing U.S. government and federal civilian agencies. Many of these groups provide critical services that impact the everyday lives of Americans, including the Social Security Administration, Food Safety and Inspection Service, and the U.S. Postal Service. As such, a security incident’s impact would be pervasive.

One of the reasons why the security landscape is cumbersome to manage is the increasing number of network-connected devices. Today’s peripherals are now smart devices. All of these access points offer new avenues to access sensitive information. Specifically, printers and copiers offer a new point of vulnerability.

Security Risks of MFDs: 

Standalone printers and, later, combination printer/copiers, were largely output devices. A command was entered; the function was executed. The main security risk - leaving sensitive items on the printer tray – was mitigated by physical security. Many users were issued individual printers that were kept in locked offices. 

Document scanning changed the game. Multi-Function Devices (MFDs) were born.  What was once a peripheral was now an intelligent system with document memory and consistent access to the network. Also, with this additional functionality came a (justifiably) higher price tag. This meant that printer / copier / scanners became shared resources, typically kept in public areas, where personnel and visitors have unfettered access. 

Enabling PIV Card Authentication:

In recognition of the vulnerability of these access points, government regulations now require PIV card authentication (sometimes referred to as CAC – Common Access Card – access) on all network connected devices. Today, federal civilian agencies are struggling with how to meet this requirement. 

A number of major printer manufacturers now offer built-in PIV authentication on new devices. There is also a printer agnostic solution offered by API Technologies, called the Netgard®, that may be used on both new and existing MFDs and printers, including wide format printers.

Photo of Netgard® MFD courtesy of API Technologies

 

Regardless of which solution you choose for PIV authentication, here are two key features you should be aware of that enable you to comply with government security best practices:

  • Scan to Home: What this means is that the person doing the scanning may only place the document in a designated folder on the network. The person may then retrieve that document from the designated network location and use it for his/her intended purpose.  This feature ensures no confidential or sensitive materials can be sent in an uncontrolled fashion – for example: sending a scanned document to a personal email address via the printer.

  • Secure Print Release: MFDs are often stationed in easily accessible parts of the office. This means that sensitive printed material may sit out in the open for some time before an employee has the opportunity to retrieve it. When the Secure Print Release feature is enabled, the employee would walk to the printer and scan her PIV card. Then documents would be printed (“released”) when she is standing there to retrieve them. This security measure also has the added benefit of saving paper and toner, which saves operating cost. 

Protecting the information assets of federal civilian agencies is of vital importance. Securing access to network entry points is key to thwarting security threats. When reviewing their security best practices, federal civilian agencies are encouraged to remember that peripherals – such as MFDs – present vulnerability. PIV and/or CAC card enablement is necessary to secure these network entry points. The good news is that there are a number of government compliant, commercially available solutions to meet the need. 

 

About the Authors:

Tara Flynn Condon (@api_taracondon) is a published writer and Vice President of API Technologies Corp.

Henry Gold is a security expert and frequent panelist on security-related issues. He is General Manager of SSIA North America for API Technologies Corp.

Tags: , ,

Secure Systems & Information Assurance

INFOGRAPHIC: Custom VoIP Phone Modification Capabilities

by Jaymie Murray 8. April 2015 09:10

The SST line of security products includes customisable VoIP telephones that are made to meet the security needs of today's commercial or government workplace. Standard VoIP phones can be easily customised to meet the level of security necessary, including disabling webcams and requiring smart cards or CAC cards for phone access. TEMPEST phones that meet SDIP-27 and NSTISSAM/1-92 standards are also available and can be customised. 

Customisable VoIP Telephones SST offers a standard, COTS VoIP telephone that can be modified to suit the security needs of individual users and their environments. Customisations include enhanced TEMPEST security, access control via a smart or CAC card, visible positive disconnect, and more. Custom VoIP Telephone Capabilities Push to Talk / Push to Mute Handsets Enhance the security of telephones when used in sensitive areas, physical disconnection of handset microphone, plug and use functionality directly replaces OEM handset. Positive Disconnect Positive assured physical disconnection of all microphones and speakers within the telephone, also available with optional visible confirmation LED. TEMPEST TEMPEST VoIP telephones f or deployment into sensitive areas to ensure security (SDIP-27 and NSTISSAM/1-92) Bezel Modification Access Control Identif y separate security classification LANs or areas with easily distinguished bezel colours, logos or Biometric, smartcard, CAC card or token access to VoIP services, combined with centralised identity/profile with easily distinguished bezel colours, logos or department-specific information. services, combined with centralised identity/profile lookup. Custom Developments SST has demonstrated expertise in telephone modification with in-house 3D CAD modelling and rapid prototyping in a Government secure site with security cleared personnel, crypto integration and test facilities. Fibre Ethernet Connectivity Easily deploy VoIP telephones into areas which only have a fibre network. Dual fibre enables deployment without re-cabling , simply connect the telephone to the fibre network and the PC to the telephone. Easy Disable Microphone Webcam Speakerphone Applications Ministry of Defence Commercial Government sst.ws/voip-capabilities.php sst.ws/voip-capabilities.php

Learn more about our VoIP capabilities, contact us, or request a quote

Tags: ,

Infographics | Secure Systems & Information Assurance

Data Privacy & Protection Week: Meet Richard Mundy, SSIA Security Manager

by Karen Gait 27. January 2015 11:38

As part of our Data Protection Week we introduce the SSIA Security Manager Richard Mundy, who is responsible for the overall data protection and information security for the SST product line. As technical sales director and security manager, Richard is responsible for managing key sales accounts as well as information and overall security at the SST location.

Q: What is your background and when did you start at SST?

A: As a teenager I completed an apprenticeship with Square D Ltd during which achieved a Higher National Diploma in Mechanical Engineering. This resulted in a role as a design engineer. I have been a senior development engineer / assistant chief engineer at Philips TMC designing telephone equipment and PABXs where I also gained my Bachelor of Science in Electrical and Electronic Engineering. After holding a variety of senior management roles at Dowty Limited and Menvier, I joined SST as the technical director (which has evolved into the technical sales director role) I also took on the additional responsibility of the security manager. 

Q: How important is data protection in your role?

A: Data protection is vital for all companies in order to protect sensitive competitive information.  This ranges from critical design information through to financial and operating information for companies. Every company also has an obligation to protect an individual’s identity and information, whether this be employee, customer, or supplier. With our role in the industry in which we operate this is particularly important as we handle classified information on behalf of the UK government and NATO organisations. This is a full time commitment to keeping aware of the latest risks and vulnerabilities, taking appropriate action to mitigate these threats, and managing the IT infrastructure to provide the best possible protection. 

Q: Is data protection and information security important away from the workplace?

A: For a great deal of these issues highlighted for companies to consider, there are parallels for individuals to consider in their home life.  The consequences of identity theft are well publicised and can cause significant financial or other hardships.  We should all be well aware of looking after our credit card and similar personal details nowadays, but how far do we take this really?  Do we adequately destroy bill receipts?  Are we careful of what we throw into the general refuse bin?  Do we change default passwords on home WIFI networks and similar equipments? Maybe not as often as we should... it is critical that we are equally vigilant in our personal life as in our work environment.

12 Days of Products: Emcon All-In-One Secure Workstation

by Jaymie Murray 23. December 2014 09:15

The holiday season is all about multitasking, and so is the Emcon® All-In-One Secure Workstation! The All-In-One is a multi-domain solution that provides classified and unclassified network access all on one screen. There are many cases when a user needs to work simultaneously with a number of computers with both classified and unclassified access. The All-in-One provides these users with a native windowing environment across multiple isolated networks in a single platform. It is highly suited to Network Operations Centers and to the work environment defined by the new Canadian Government Workplace2.0 fit-up standards.

Learn more about the All-In-One, consult an engineer, or request a quote

Tags: ,

Secure Systems & Information Assurance

12 Days of Products: SST Streamline Range

by Jaymie Murray 20. December 2014 08:30

This season, who doesn't need a little streamlining? The SST Streamline Range of TEMPEST products are designed to comply with SDIP-27/I – Level B requirements.  The SCI4000 TEMPEST DELL™ Computer and the SL22TI TEMPEST Widescreen Monitor combine high performance with sturdy construction and blend seamlessly into any office environment. SST TEMPEST products are designed, manufactured, and tested under the direction of certified TEMPEST engineers in the Gloucester, UK facility, the first business in the UK to be accredited under the CESG Formal TEMPEST Certification Scheme (CFTCS), and the only UK business to be both an accredited TEMPEST manufacturer and test house.

Learn more about the Streamline Range, contact us, or request a quote.

Tags: , ,

Secure Systems & Information Assurance

12 Days of Products: ION™ SA5610-SAL - Avaya® SAL Edition Secure Appliance

by Jaymie Murray 18. December 2014 09:55

Gifts aren't the only things that need to delivered. The ION™ SA5610-SAL: Avaya® SAL Edition is a plug-and-play Avaya® Secure Access Link (SAL) appliance that provides remote service delivery. The appliance comes with a full standalone SAL Gateway preinstalled, which provides IP and secure dial-up connectivity to Avaya and heritage Nortel systems. The easy-to-install appliance allows technicians, service providers, and Avaya Support Services to conduct remote troubleshooting and maintenance for up to 400 managed devices, eliminating the need for a dedicated SAL server. This enables SAL users to quickly and cost effectively realize the benefits of the SAL platform with no implementation costs and reduced set-up times.

To learn more about the ION™ SA5610-SAL - Avaya® SAL Edition Secure Appliance, read the datasheet, contact us, or request a quote.

 

Tags: , ,

Secure Systems & Information Assurance

12 Days of Products: The SST Secure Venue Tablet

by Jaymie Murray 15. December 2014 15:11

Can you keep a holiday secret? SST's Secure Venue Tablet can! The tablet provides the portability of a tablet and the power of a laptop combined with the ability to manage data up to Top Secret (United Kingdom and Canada) and Secret (NATO) levels. The tablet comes standard with industry leading Intel Core i5 processor (4th generation) technology and supports Microsoft Windows® 8.1 Pro. Download our datasheet or request a quote to learn more.

Tags:

Secure Systems & Information Assurance

Meet the Team: Engineering Apprentice Lewis Childs

by Karen Gait 25. November 2014 12:00

SST, part of API's SSIA product line, is proud of our engineering department and the skills that our highly qualified personnel possess. Our engineers have demonstrated expertise in COTS product modification with in-house 3D CAD modelling and rapid prototyping, as well as electrical and electronics engineering across a wide range of products, environments, and customers.

As part of our acknowledgement of the importance of this skill set, we are delighted to have been able to recruit local student Lewis Childs as an engineering apprentice. Lewis will complete a four year programme and achieve a nationally recognised qualification whilst training on site at SST. 

Profile
My name is Lewis Childs, I’m 19, and I became SSIA-UK’s first Engineering Apprentice in August 2014.

Likes:

  • Playing football for my local club, Randwick FC
  • Cycling
  • Going to the gym and keeping fit
  • Socialising
  • I like food. A LOT. 

Why I Chose an Apprenticeship...
I have always been interested in product design and how things work. Through Gloucestershire Engineering Training I researched the Apprentice Programme and decided that this was the route that I wanted to take: ongoing education with hands on experience and the opportunity to work with and learn from other engineers. I am really looking forward to completing my first year of technical study at Gloucestershire College so that I can start full time at SST and become involved in the company.

What I Am Most Proud of...
I am very proud that I managed to get this apprenticeship. Being interviewed for this position was a new experience for me, and as I had researched API Technologies and SST on the internet, I was very keen to land the role. I feel that this is an exciting opportunity which I know I will enjoy. I do realise that it will be hard work but I think that it will be worth it, and puts me in a better position than a lot of young men my age. 

Tags: ,

Meet the Team | Secure Systems & Information Assurance

Month List

Tag cloud