easy web builder



How to… Ensure a reboot doesn't work

Config? What config?

Back in these days, many devices allowed you to store operating systems, start up files and other things on removable cards – think the equivalent of a USB stick today.

This was a good way, in fact at times, the only way of doing software upgrades. It was generally accepted that if you put a card in a device it was always intended to stay in that device for the lifetime. Someone somewhere made a lot of money out of selling $5 cards for $100s. You know who you are!

However, and this is clearly a predictable story now, there is that occasion where someone ‘borrows’ one. On this specific occasion the hero engineer in question who borrows the thing to do his heroics, is the same hero engineer who installed the original device, so my sympathy levels are low.

For reasons best known only to this engineer, he had left the device instructed to boot the operating system from this card. Which he had now removed. In reality this is no problem, unless you reboot the device. Which he did remotely a few weeks later. Cue trip to site and a lot of deep breathing.



Learning point for everyone:

This might not seem, relevant, but trust me it is. If you have anything physical, assume it will disappear. It could be a USB stick that was briefly used to transfer some data around that just goes for a walk. It could be a USB stick that contains a security ‘key’ to allow some software to run. It could be your office server from under the desk, all your laptops, someone’s mobile, their car, a sensor, a thing. 

If it can be lost, stolen, exists and is movable, at somepoint one or all of these assets will go for a walk or be compromised.

How you handle this is critical. To be surprised that something left the building is not the right answer, every asset should be known about - be that a physical asset or a data asset. The move to cloud helps us with some of this problem but creates new ones in it’s wake. How do you revoke access to a device? In the world of IoT how do you revoke access to a ‘thing’? How do you know if a ‘thing’ has been stolen and is now being used as the gateway into your network?

We are in the early days of IoT and I am predictably seeing poor IoT solutions that do not deal with lifetime asset control.

Choose carefully in this world, make sure you can switch off, as well as on.

Onwards to next epic fail
itQua home

Business details

Registered company no. 11869849 
VAT number 317720513

Contacts

Please get in touch using our contact form.

© Copyright 2020 itQua - All rights reserved