Hardware security has a poor cyber security reputation. Frequently customers and service providers often do not implement appropriate safeguards. Businesses and consumers typically do not change the default passwords nor update the pre-installed software. Hardware security is too easy to ignore.
Best Practice Guidelines
The following guidelines should be verified by the customer when hardware devices are purchased and/or services are subscribed to by the customer.
Most hardware devices ( routers, switches , firewalls , modems , telephone system units , IP end points of all kinds etc ) are being sold with universal default usernames and passwords. The customer should ensure the installer changes the password before use.
Software resident in internet-connected devices should be securely updateable. Updates should not impact on the functioning of the device and be delivered in a timely manner.
Store credentials and sensitive data securely
Any credentials should be securely stored within hardware services and devices. Hard-coded credentials are not recommended in hardware device software.
Limit exposure to cyber attack
Security-sensitive data should be encrypted when communicating, including any remote management and control. All keys should be securely managed.
Hardware device software changes should be verified. When a change is detected, the device should alert operators to the issue.
Deliver resilient operation
Hardware services should continue operating functional when there is a loss of network connectivity. They should recover cleanly when power is restored. Hardware devices should return to a network operation in an acceptable , usable state and in an orderly fashion.
Usage and measurement data should be monitored for security anomalies.
Data ownership and deletion
Who owns the collected data? Hardware devices may change ownership and may be recycled or disposed of. Mechanisms should be in place so that businesses remain in control and remove data from services, devices, and applications.
Easy device installation and maintenance
Hardware device installation and maintenance should require few steps and follow security best practices.