News reports and the several ongoing investigations of alleged hardware backdoors/vulnerabilities found in several mass-produced computer hardware suppliers leave many security professionals increasingly concerned about their hardware. According to US intelligence, it has become incredibly difficult, if not impossible in practice, to effectively audit modern computer hardware that may have been tampered with – even for them. With intelligence officials recently voicing concerns in even Canada’s ability to audit foreign hardware that is set to be used in their developing 5G infrastructure.
Scares of backdoored server hardware unknowingly deployed in giants such as Amazon, Apple (allegedly), Verizon has elevated hardware security concerns, showing how even the most resourceful entities are hard-pressed to combat hardware security and compromised supply chains. If such resourceful companies have such difficulty auditing their hardware, how can smaller companies worried about cyber security ever hope to combat such sophisticated attacks?
Many are now left wondering what they can and should be doing to make sure the hardware they will or already have is not in any way counterfeit, modified or intentionally compromised from the get-go. In this article we will take a look at what makes a hardware vendor reliable, what to look out for in a trustworthy supplier and similarly the red flags to keep in mind. We will focus on things like supply chain assurances, subcontracting, vendor assurances, process transparency and countries of origin (useful, due to poor practices and laws present in them that leave much room for doubt in their manufacturing and acquisition processes).
What to Look for In a Hardware Vendor, OEM/ODM
Lanner Electronics, long-before cybersecurity concerns were elevated to the forefront, has perfected a completely in-house, strict and transparent manufacturing policy to provide the most reliable hardware platform used in security based solutions and critical hardware appliances to date. Lanner supports a manufacturing area of 30,000 square meters at its facilities in Taiwan, with enough production capacity to manufacture well over 40,000 systems a month. This allows Lanner the capacity required to provide the appliances necessary to security-dedicated integrators, large-scale deployments and third-party experts seeking trusted hardware partners, OEMs and ODMs.
Supply Chain Management & Quality Assurance
Considering how incredibly difficult it has become to audit modern chips, integrated circuits, printed circuit and SoC’s the most cost-effective auditing is performed on the hardware manufacturing processes and vendor supply chains themselves. Secure hardware partners are very strict on hardware acquisition sources, components and the manufacturing processes. In this way systems can be designed, created and assembled with validation and assurance each step of the way.
This was demonstrated in recent reports where hardware in the mainboard supply chain was compromised in manufacturing facilities that where sub-contracted out to third-parties in China. For any vendor looking to use the Asian supply chain to supply IT hardware, it is imperative that you work closely with your supply chain partners and understand how they are manufacturing their products, and be proactive in performing audits on their processes and quality assurance practices to remove any doubts.
Transparency & Visibility in Manufacturing
Companies committed to providing secure hardware provide the transparency, logistics and tools to ease their customers verifications and queries into every aspect of the manufactured system. From Manufacturing Execution System tracking capabilities to RFID for each component on the printed circuit board that keep track of every aspect in real time, notably: Component installation/placement time, tests performed and technical metrics.
Accountability, Responsability & Support from Professionals in the Field
To provide longevity in secure systems, customers should expect a strong level of support for their hardware systems and appliances. Lanner, for example, has an established team of software experts to offer value-added services and deliverables like personalized, packaged secure firmware for devices like the BMC, UEFI, cpu microcode, etc. These packages also include updates to security features like Secure Boot, Boot Guard, TPM, and IPMI which all serve to create an up-to-date hardened network appliance, while maintaining the important security features, remote management capabilities, accelerated cryptography and high performance network professionals expect.
Corporate History, Track record & Country of Origin
When it comes to security, its paramount to learn from previous mistakes and grievances. A hardware vendor’s corporate history, countries of origin and their overall track record which can serve as a great indicator of how the company operates in response to security concerns. Things like compromised facilities, recurring lapses in logs and records, slow response time to security concerns and the time to roll out security patches are all things to look out for.
Analyze their total offerings and level of fulfillment. Honest, secure vendors give upfront the total costs of ownership, without cutting corners or depreciate support to offer low prices. As with most things today, the saying “you get what you pay for” is more often than not true. Dedicating the extra mile with resources to maintain a hardened secure system is the only way to curb the onslaught of cybersecurity threats plaguing the web.
Lanner prides itself in its corporate track record, consistently and successfully providing firewall appliance integrators, security-hardened system integrators and networking professionals from all sectors of the computer networking industry for almost 3 decades. We maintain strategic alliances with respected technologies and professionals to ensure cross-compatibility, ease of-use and informed support for our customers. Our OEM/ODM services, computing and networking hardware is trusted by hundreds of companies, security-specific vendors, integrators and professionals around the globe.