Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | (show all)   Print Thread
Standard User ft247
(regular) Tue 20-Apr-21 15:47:43
Print Post

Re: Chinese routers?


[re: charlestown] [link to this post]
 
The argument that using Huawei to build a 5G network gives them an immediate backdoor into the UK's communications may be valid, but it's not hugely persuasive on its own. This is because I'm sure GCHQ, MoD and friends are capable of running their own highly secure networks separate from the public internet.

What I do find convincing is that highly cost-driven outsourcing of comms infrastructure development and more crucially, ongoing operation to a vendor based in a non-allied state is a dangerous long-term choice. It has the potential to hollow out the talent pool in domestic communications providers to a point where they are merely consumers of 'access network as a service', handing all the power to the vendor. I believe that the survival and prosperity of domestic comms engineering talent and vendors in allied countries such as Nokia, Cisco etc. are valid national security concerns.

To answer the original question, at a consumer or small business level I wouldn't (couldn't) refuse to do business with an ISP simply because they used Huawei kit. I'd imagine if you're working from home for the MoD different policies apply, and I would expect similar at enterprises that are corporate espionage targets.

On a practical level I'd encourage anyone technically minded enough to consider separating their home network with VLANs and implementing firewall rules to prevent inter-VLAN routing by default. IoT devices all want to hoover up as much data as possible, isolating them, including from each other is a good start.

If you have CCTV on the network, put that in its own VLAN and prevent it from phoning home. You can always VPN in to check it remotely.

And stay on top of software updates!
Standard User Pipexer
(eat-sleep-adslguide) Tue 20-Apr-21 18:25:30
Print Post

Re: Chinese routers?


[re: ft247] [link to this post]
 
In reply to a post by ft247:
The argument that using Huawei to build a 5G network gives them an immediate backdoor into the UK's communications may be valid, but it's not hugely persuasive on its own. This is because I'm sure GCHQ, MoD and friends are capable of running their own highly secure networks separate from the public internet.

That may be true in isolation - but even if so, there's a lot of other critical infrastructure (utilities, major industry, police, fire, etc etc) that largely relies on the public internet and if it got interupted or compromised would have major consequences.

Andrews & Arnold Home ::1 on Draytek 2862ac - Why settle for inferior?
Standard User ggremlin
(experienced) Tue 20-Apr-21 18:41:11
Print Post

Re: Chinese routers?


[re: ft247] [link to this post]
 
call me paranoid, but I have a similar distrust of many American firms.


Register (or login) on our website and you will not see this ad.

Standard User ft247
(regular) Tue 20-Apr-21 19:37:51
Print Post

Re: Chinese routers?


[re: ggremlin] [link to this post]
 
In reply to a post by ggremlin:
call me paranoid, but I have a similar distrust of many American firms.


The US authorities aren't averse to intercepting Cisco gear on its way to foreign clients of interest. I don't find that surprising - indeed, we should all assume that every major global power is playing that game. I'd be worried if they weren't!
Standard User ft247
(regular) Tue 20-Apr-21 19:51:23
Print Post

Re: Chinese routers?


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
That may be true in isolation - but even if so, there's a lot of other critical infrastructure (utilities, major industry, police, fire, etc etc) that largely relies on the public internet and if it got interupted or compromised would have major consequences.


Fair point. I think the UK's original counterargument to US pressure was that the deployment of 'just' some Huawei 5G kit wasn't going to put us in a position where Huawei had the access to disrupt that kind of critical infrastructure. I presume police, fire etc. are on leased lines where Huawei kit is probably not used. Utilities due to their distributed nature could well have some reliance on mobile or DSL where Huawei is harder to avoid.

My angle is that buying in one component of the infrastructure can in itself, if managed well, be of limited risk. A long-term general reliance on vendors from non-allied countries is to my mind what we should be worried about. The 'other side' almost certainly see it that way too - all part of the great global power game.
Standard User Pipexer
(eat-sleep-adslguide) Tue 20-Apr-21 21:02:29
Print Post

Re: Chinese routers?


[re: ggremlin] [link to this post]
 
In reply to a post by ggremlin:
call me paranoid, but I have a similar distrust of many American firms.

The difference is American companies often have ethical conduct and wouldn't want to get caught out assisting in nation-state activities. The Chinese on the other hand have no conscious when it comes to this regard and whether companies like Huawei want to keep good PR is irrelivant as they are ultimately under the thumb of their government. This is a stark contrast to American companies which would not want to be actively assisting the NSA with backdoors in products which are used by overseas customers.

So I have to say the US and China are miles apart when it comes to which one you should be trusting more..

Andrews & Arnold Home ::1 on Draytek 2862ac - Why settle for inferior?
Standard User Pipexer
(eat-sleep-adslguide) Tue 20-Apr-21 21:07:35
Print Post

Re: Chinese routers?


[re: ft247] [link to this post]
 
The thing is a lot of this infrastructure these days requires frequent updates and/or is connected to the internet in some shape or another. So while it is possible there are no backdoors in the product when it is bought it would be reasonably easy for a backdoor to get pushed to those products after the fact in either a covert fashion or in a single hit sort of manner. Take a look at solarwinds - malicious code was inserted into a product update and not discovered for months. The same could happen with firmware for core internet infrastructure etc. They could even have logic bombs etc which don't require the presense of an internet connection but for an inside acter to create some sort of flag to activate it. The possibilities are endless and it wouldn't be that difficult to do. The UK government should have never allowed all this stuff to be purchased in the first place, it was clearly dubious at best and now that they are having to rip it all out the costs far exceed what it would have been to just buy it from reputable companies in the first place.

Andrews & Arnold Home ::1 on Draytek 2862ac - Why settle for inferior?
Standard User amiga_dude
(learned) Wed 21-Apr-21 08:47:31
Print Post

Re: Chinese routers?


[re: Pipexer] [link to this post]
 
Where is there an equivalent of HCSEC for :-
Alcatel-Lucent
Avaya
Ciena
Cisco
Ericsson
samsung
TP-Link
D-Link
Juniper Networks
Motorola
NEC
Nokia Networks
Unify
ZTE
Pages in this thread: 1 | [2] | (show all)   Print Thread

Jump to