Separate names with a comma.
Discussion in 'UK Railway Discussion' started by SPADTrap, 1 May 2015.
Which parts do you consider to be misinformation?
I'm not sure what the misinformation is, but it seems like a massive gaffe... unless there are other security precautions in place. It would be (barely) tolerable in the short run if it had to be that particular computer terminal.
They call it a workstation on a signaller's control desk yet then refer to it as utility unknown along with the headline about revealing signalling system passwords, just gives the impresion that someone could go to 'www.waterloosignalling.com' and play trains!
Some valid points raised in there though and certainly a lot to think about, perhaps misinformation wasn't the best word to use!
This is not a signallers workstation. It is an information screen on the desk of a controller or some other manager or administrator in a train company control office. These offices have absolutely no direct control over the signalling system. The login is an index number for the particular map being displayed which is legitimately viewable by anyone who is legitimately in the office so the generic password is not a security issue because all it does is give access to that information screen on that monitor. Much of the same information is available to public through real time information systems such as this: http://www.opentraintimes.com/maps/signalling/WAT
Quite but on reflection I wouldn't expect journalists to be aware of CCF.
A couple of problems with that, London Waterloo is not controlled from Waterloo and it doesn't use computers as its controlled from signalling panels. Workstation computers are not logged on or off and run 24/7/365.
You mean that when I'm playing Simsig, I don't actually get to control the trains!
I was under the impression it was merely a local login for that workstation, and therefore of absolutely no use to anyone sitting at home or in the library or whatever!
I've been in several station offices where login information is similarly attached to monitors. As long as the room itself is secure, while it's obviously not best practice, I don't see anything particularly worrying about it.
I'd hope that it was useless information, given it was recorded months ago and was on display. The Register isn't written by the average idiotic journalist, though, they do tend to know what they're talking about.
The Register article has now been updated, with a link back here!
"Our story has generated a discussion thread among people on a rail interest forum, who know much more about how the system works than Reg staffers."
I wondered why the world didn't stop when I hit the pause button...
As said, that is probably just a windows log in for that machine. The signalling workstations don't run on your normal windows, and thus don't "log in".
And as said, Waterloo is controlled from Wimbledon ASC, which is controlled from panels, not signaller workstations.
A ridiculous situation.
Surely, in this day and age, everyone should know that the sticky with the logon credentials should be affixed to the underside of the keyboard in order to keep them safe from casual observers.
That is very interesting! Fair play to them!
In order to get onto CCF you either need to be on the Network rail network, or access it via Network Rail's Gateway. This has two-factor authentication and you need an RSA token. This makes it more secure than what is implied.
Isn't it single factor and an RSA token? That makes it double (rather than triple) factor.
Regardless of the actual risk, two organisations showed poor 'Security Culture', and arguably Safety Culture.
The TV producers should have noticed and 'smudged out' the password, just in case.
The signalling centre showed bad 'Security Culture' by keeping login details on display. Many people do it and in this case it may not have been that serious, but its a very bad habit to get into. Its a bit like stepping on rails - Ok most of the time, except the one time its not a running rail but one with some power in it. Get in the habit of writing down login details to low risk systems and leaving them on view and one day you, or your staff, will do it for a high risk system.
If you really, really, need all visitors to have access to login details, have them somewhere that they can't be overlooked. Ideally put them on something like a little badge that lives in the workstation draw and lock it away when the location is unstaffed. If you just need a reminder for emergencies and the inevitable forgetfulness around, put the details on a bit of paper in a sealed envelope kept somewhere secure - or arrange for the password to be reset by the Sysop or similar.
BTW, if you are mandating hard to remember passwords (or username ids) that people need to type in regularly then you are eroding you own security. People WILL write them down, often in stupid places visitors or passers by can see. Put rules in place to force non-stupid passwords and allow people to come up with ones they can remember. And if you really don't need a password check at that stage on that system at all, don't design your system that way - excessive checks encourage people to simplify things by stuff like ... writing things sown in plain view.
Oh, and with the slowly increasing overlap between IT Security and Safety, a poor Security Culture is evidence of a Safety Culture that is frayed around the edges.
there is not enough space under a keyboard for all the different paswords used, half of which are not needed anyway....and really CCF is one of them !
exactly the same password shown in the screen grab as my previous employer had the IT department force upon us
It's not a signalling centre.
It is never unstaffed.
Basic points still stand however.
Furthermore, the screen display of the track layout and trains etc is available in at least locations 5 locations around Waterloo, all of which are public areas and there is nothing to stop passengers looking at them even though they will be largely meaningless to almost all train users, there is nothing on that screen that would be a breach of security and in any case similar overviews are available to the public on the opentraintimes website.
The reason these maps are on display in public areas are so that train crew can easily find their next working without having to phone control or go up to the raft to find out. It saves time and keeps the trains moving-particularly when disruption hits.
Of course I could be part of the cover up, if so can someone please hack into the system and give me a 455 next time I'm booked for a Southampton fast. Thanks
I presently work, and have worked in the past, at locations with usernames/passwords stuck to the desk/VDU/nearby walls. The passwords only work on those units, and the systems do not get logged out, you only need the login details if it crashes and you have to reboot it, or if there has been a power failure of some sort. Why exactly there has to be a username and password is not really clear, I suppose it comes as default.
Some railway systems (not being specific, and not referring to the one being discussed here) used to have security based on 'terminal id' (i.e. the specific piece of equipment) but this came to be seen as inflexible - e.g. if the terminal/PC whatever blows up you have a problem. If you have security based on the userid instead, in the event of equipment failure you can immediately log the same userid in at a backup terminal, which could even be at different site, and be back up and running straight away (except if at different site the relevant trained person/s may need to physically get there of course).
The railway systems I know about now tend to have a mixture of terminal and/or userid based security.
So even if a given userid is 'always' used at a given terminal (etc.) and 'always' logged on there is (or at least may be) a good reason for having it.
Ok then. Can you please tell me what security issues you think could occur with this system itself given that it does nothing but tell you where something is?
And the information that you can get from other websites?
Well the answer to that does tend to rather depend on the system in question. And just because something is only used in read-only mode doesn't mean that user account doesn't have write permissions to whatever backend system powers it.
For example, at my place of work, a number of our employees only have supposed read-only access to our electronic patient records - that's something managed by the application's security model itself. In reality, that employee is still forced to have read-write access to the database, because the application writes login concurrency and a whole bunch of audit logs into it.
If someone wrote their passwords down and stuck them to a monitor, I'd be pretty unhappy, even if there wasn't a lot the account could do directly with the application.
This is the point. Whilst this particular system might not be safety critical and not capable of any harm, it is very poor practice to have passwords in plain view. If a system really doesn't need a password then don't have one.
Does anyone actually know what the password was for.
As this to me seems the only sensible explanation. Computers require some form of password as a check measure and you cannot disable them! If you have a windows machine with autologin you don't need a machine password to login unless you logout or somehow lock the screen. But you have to have to have a password. Other systems use a passkey to encrypt data.
We authenticate on IP addresses at work to to reduce risks.
It would of been the windows login for that machine.
Oh and CCF only reads information from train describers. EVEN if CCF could somehow be reverse engineered to write data, nothing will come of it.