|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [ISN] Satellite Command Security?
From: InfoSec News (isn
c4i.org)
Date: Fri Jan 04 2002 - 05:11:21 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Forwarded from: "Jumelet, Johan" <Jumelet.Johanpmintl.ch>
Has anyone verified the identity of this curious requestor? It would
be nice to have many security specialists, who are curious by nature,
digging this one out and then using the outcome for exactly........!
Johan Jumelet.
-----Original Message-----
From: InfoSec News [mailto:isnc4i.org]
Sent: donderdag 3 januari 2002 7:12
To: isnattrition.org
Subject: [ISN] Satellite Command Security?
http://slashdot.org/article.pl?sid=01/12/28/2144248&mode=thread
Posted by Cliff on Wednesday January 02, 09:53AM
from the preventing-orbital-hacking dept.
teridon asks: "I work in the satellite control industry, and I've been
asked to present mission safety with regards to command security. In
other words, how do we ensure that 'unknowns' don't command the
satellite. Military and commerical birds often employ encryption on
both the uplink and the downlink. However, it seems that none of the
science-oriented satellites my company operates do this. We rely on
physical security (access to the control center), network security (we
use closed networks), technology (most crackers don't have access to a
huge radio antenna with which to transmit), and obscurity (each
satellite has its own command structure, not publicly documented).
Many satellites use CCSDS frames to uplink commands; only the command
data is obscured by lack of public info." A common mantra heard from
Slashdot is "obscurity is not security", and this is a lesson that
teridon wants his company to learn, in addition to other steps they
can take to improve the security of their system. What suggestions
might you have when it comes to improving security on satellite
systems, especially if you have experience from some of the mistakes
that you may have seen in production?
[...]
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn' in the BODY
of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]