Hacking Building Automation Systems

We recently conducted a webinar on Spiceworks that looked at how unattended systems and devices have proliferated and some of the security concerns that have emerged as a result. During our webinar, some thought provoking questions were raised by a few individuals who were tasked with supporting building automation systems:bam_2

  • Is there a particular port that should be used for accessing building automation systems?
  • How can I hide / secure our directory structure?
  • What are the security considerations when retrofitting a location?
  • How do you provide vendor access without increasing risk for attack?
  • Beyond VPNs, what can we use to connect remotely with our networked devices?

We wanted to share a few follow-up resources related to these questions.  We’ll try to update this listing regularly as more is discovered about BAS vulnerabilities, how hackers are attacking building automation systems and tools that can be deployed to create better security in unattended environments..