Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Layered Security on Mainstream IT Platforms Brings
Better threat protection
• Implementaseriesofdifferentdefensesacrossthedevice
• Defendagainstadvancedpersistentthreats(APTs),suchasStuxnet
Less support burden
• Usefamiliartechnologiesdeployedinnetworkedclients
• Minimizeefforttodetermineifadeviceiscompliant
Increased scalability
• Administerandmonitorequipmentinasimilarfashion
• Implementfuturesecuritysolutionsconsistentlyacrossthenetwork
This layered security model spans multiple layers:
hardware, virtualization, operating system and services
software
High Stakes: Medical Device Security and Patient Safety
HealthcareITmanagersknowthatmedicaldevices,suchasinfusionpumps,patientmonitors,medicaltabletsandMRIscanners,canbejustassusceptibletomalwareasstandardcomputers.Keepingthemsecureinanynetworkedenvironmentiscertainlychallenging,butthestakesareparticularlyhighfortheseparticularapplicationssincetheycanaffectpatientcareandoutcomes.
Provingthispoint,McAfee*andamedicalequipmentmanufacturerrecentlyraisedawarenessofsecurityholeswithpotentiallylifeordeathconsequences;theyidentifiedanetworkedinsulinpumpwithasecurityflawthatallowsthedevicetobehackedandsubsequentlyadministerapotentiallylethalamountofinsulintodiabetespatients.1Althoughnottypicallythetargetofcyberattacks,medicalequipmentcanbecome“collateraldamage”inamalwareoutbreak,orevenbetheweaklinkthatopensthedoortoacyberattack.Sincethereisn'tasinglesecuritysolutioncapableofaddressingallfuturerisks,mostwouldagreeit'snecessarytoincorporatethreatprotectionusingaseriesofdifferentdefensesacrossthesystem.
Why Insist on Mainstream IT PlatformsOneofthechallengesfacinghealthcareITorganizationsismanagingandsecuringalargevarietyofhardwareandsoftwaresystems.Furthercomplicatingmatters,manyequipmentmanufacturersdevelopuniquesecuritysolutions,theresultofdesigningpurpose-builtsolutionsbasedonnon-standardorproprietarycomponents.Consequently,itcanbedifficulttodetermineifthesemedicaldevicescomplywithtoday'ssecuritypoliciesandwillsuccessfullysatisfyfuturerequirementsthroughtheirexpectedlife.
Alternatively,whynottakeadvantageofthesameprovensecuritytechnologiesusedthroughouttheITinfrastructure?ThisispossiblewhenmedicaldevicesarebasedonIntel®vPro™technologydeliveredonmainstreamstandardITplatforms,whichgreatlysimplifymedicaldevicemanagementandprovidestate-of-the-artsecurityprotection.OneexampleisIntel®VirtualizationTechnology(Intel®VT),2akeyingredientinIntelvProtechnology,whichisolatesapplicationsfrommalwarebyrunningtheminsecurepartitions.AsampleconfigurationisdepictedinFigure1.
Intel® Processor with Multi-core & Virtualization Technology
Wind River Hypervisor
Communication
Port
Wind River
VxWorks*
Microsoft*
Windows* 7
Virtual Machine 1
Processor Core 1 Processor Core 2
Wind River*
Linux* Secure
Virtual Machine 2
Safety-Critical
Application
Virtual Machine 3
Human Machine
Interface
Figure1:VirtualizationExample
Threat Protection for Medical Devices
2
For More InformationMovingforward,medicaldevicesbasedonmainstreamITplatformscangreatlysimplifysecuritymanagementwhileofferingstate-of-the-artsecurityprotection.Thistopiciscoveredingreaterdetailinthewhitepaperathttp://download.intel.com/embedded/applications/medical/326505.pdf#iid=5871.
TolearnmoreabouthowIntelvProtechnologycanimproveamedicaldevice'ssecurityposture,visitwww.intel.com/vproandwww.intel.com/healthcare.
Defend Against APT-Class Threats
Stuxnet,asophisticatedAPTandcyberweaponthattargetedandsabotagedautomateduraniumenrichmentfacilitiesinIran,changedthescopeandcontextofcontrolsystemcybersecurityforever.Stuxnetraisedthebar—bycombiningstolencertificatesandmultiplezero-dayexploits.
Improvedsecuritymeasuresarerequired,suchaslockingdownmedicaldeviceswithMcAfee*EmbeddedControl*,awhitelistingapplicationthatensuresonlytrustedapplicationsandfilesarepermittedtoexecute,whileallothersareprohibitedfromlaunching.Whitelistingiswell-suitedformedicaldevicesrunningonlyknownsoftware;thepermittedcodeisenumerated,andanyapplicationorfilenotonthelistispreventedfromexecuting.
Robust Virtualization
Virtualizationallowssafety-criticalapplicationstoruninasecurepartitioncalledavirtualmachine.Intel®VirtualizationTechnology(Intel®VT)2,akeyingredientofIntel®vPro™Technology,providesanotherlayerofprotection.WithIntelVT,memoryaddresstablesaresaferbecausetheyaremanagedbythehardware,notthesoftware,makingitfarmoredifficultforavirustomanipulatethem.DeveloperscanimplementvirtualizationusingtheWindRiver*Hypervisor*,whichtakesadvantageofthehardware-assistedvirtualizationfeaturesofIntelVT.
Seven Safeguards for Protecting Medical DevicesInhealthcare,networkedmedicaldevicescanfallvictimtoalltypesofperpetratorsusingawidevarietyofmethods.Thissectionexplorespotentialvulnerabilitiesandsuggestssafeguards,implementedacrosstheplatform,thateitherhelppreventattacksorminimizetheirimpactuntilcorrectiveactionistaken.
Objective 1: Stop unauthorized data copying
PreventconfidentialpatientrecordsfromfallingintothewronghandsbyimplementingMcAfeeDeviceControl*,whichgiveshospitalITorganizationsgranularcontroloverdataprivileges,suchasspecifyingwhatdatacanbecopiedtoexternaldevices.
Objective 2: Prevent untrusted code execution
Stopworms,viruses,spywareandothermalwarefromeverexecutingbyusingawhitelistingapplication,suchasMcAfeeEmbeddedControl*,thatensuresonlyknowncodecanrun.
Objective 3: Interrogate incoming packets
DetectwhenahackerconcealsavirusinspuriouspacketsbyimplementingaWindRiver*orMcAfeefirewallonthedevicethatdiscardsunwantedpacketsandlogspackets,whichcanbeusedtoidentifypotentialmaliciousactionsatalatertime.
Objective 4: Secure data and communications
Prohibitacompromisedmedicaldevicefrombecomingabasefromwhichahackerlaunchesattacksonothersystemsonthenetworkbyusingapassword-basedauthenticationincorporatedintheWindRiverLinux*Securedistribution.
Objective 5: Prevent unintended interactions between applications
MinimizetheharmmalwarecancausebyrestrictingitsaccesstoothersoftwareelementsrunninginsecurepartitionswiththeaddedhardwareprotectionfromIntelVirtualizationTechnology(IntelVT).
Objective 6: Prevent device performance degradation due to poorly functioning code
Don'tletabadlycodedapplicationorapatchconsumecopiousamountsofCPUcyclesandpotentiallyimpactdevicesafety;instead,runcriticalapplicationsonadedicatedCPUcore,thusdeliveringafixedlevelofcomputingresources.
Objective 7: Reduce attack surface
MinimizeexposuretovirusesenteringvianetworkportsbyrunningWindRiverLinuxSecureasagatekeeper–throughwhichallcommunicationswiththemedicaldevicemustpass–creatingaprotectionlayerforotherdevicesoftware.
1 Source: www.reuters.com/article/2011/10/25/us-medtronic-cybersecurity-idUSTRE79O8EP20111025.2 Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM), and for some uses,
certain platform software enabled for it. Functionality, performance, or other benefits will vary depending on hardware and software configurations and may require a BIOS update. Software applications may not be compatible with all operating systems. Please check with your application vendor.
Copyright © 2012 Intel Corporation. All rights reserved. Intel, the Intel logo, Intel vPro and Intel Core are trademarks of Intel Corporation in the United States and/or other countries.
*Other names and brands may be claimed as the property of others. Printed in USA 0612/LS/TM/PDF Please Recycle 327597-002US