When people think about securing their computer systems they seem to focus on things like antivirus programs and firewalls. However, making sure their physical system is secure is just as important. Insuring that your system is safe from spikes in electricity adds to maintaining the health of your system and for continuing operations of your business. The last thing you want is for your vital systems down due to a lightning strike.



Yeah but I already have a surge protector..

One common misconception among users is that power strips and surge protectors are one in the same. It is important to know the difference between the two. Put simply a surge protector works by taking extra electricity sent through it and divert it to a grounding wire. These protectors are given ratings on how many joules they can take. If this threshold is met or surpassed by the surge the protector will break rendering it useless. For a normal household environment, you want to have a joule rating of at least 600.  For a business environment a higher rating is usually recommended.

As a general rule of thumb if the power strip or surge protector doesn’t label how many joules of energy it can absorb it is most likely just a power strip. You can typically expect to pay a little more for a surge protector as well. On the left you can see a Belkin surge protector, notice at the top that there is a light indicator showing that the protector has ground. If the protector breaks in some way, the second light will turn on next to the not grounding label. On the bottom of this protector you can find ratings and other information.

What is a UPS?

One other alternative to a surge protector is a UPS this stands for Uninterruptible Power Supply. In essence this is a power strip or surge protector with a built-in battery. If the power were to go out, you can continue to get power to your devices for a limited time. However, the real benefit for a UPS is that is provides line conditioning. Due to the way Alternating Current works in providing power there is often dips and high points in the power provided to your devices. Using a UPS helps to regulate the electricity provided to your system.

Securing your UPS

If you are using a UPS, you also want to make sure that it is secured.  Many UPS’s (especially APC brand) have web interfaces on them.  The web interface allows you to program how you want the UPS to handle power outages.  These web interfaces are very commonly left with default username and passwords.  As a Penetration Testing Company, this is the first thing that Cyber Protection Group looks for when doing a penetration test, whether internal or external.

If during a penetration test, we are able to gain access to a UPS, we typically notify the company that we are currently doing the vulnerability assessment for so that they can mitigate the issue by using a more secure password.  If a hacker were to gain access to a few UPS’s, they could potentially cause a denial of service issue by shutting things down.