SecureTeam STORM Devices
Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic
What is a STORM device?
SecureTeam’s STORM (Security Testing On Remote Module) appliances have been designed to allow our consultancy team the ability to perform the majority of our onsite penetration testing and security assessment services remotely.
Based on a high-powered Intel NUC desktop computer, our STORM Node appliances combine a powerful set of automated and manual penetration testing tools with fast and efficient processing power – allowing SecureTeam consultants the ability to perform remote penetration tests effectively and securely.
Our custom-developed STORM appliances are security-hardened and have been designed to allow our consultancy team secure & remote access to your organisation’s network or applications. The security of your data is of paramount importance to us; therefore, we have custom-developed our STORM range of remote testing devices to safeguard your data and organisation at every stage of the process.
During the development phase of our STORM appliances, we concentrated on the following areas that relate to the security of your information:
Secure by design
Our custom-developed STORM appliances are security-hardened and have been designed to allow our consultancy team secure & remote access to your organisation’s network or applications. The security of your data is of paramount importance to us; therefore, we have custom-developed our STORM range of remote testing devices to safeguard your data and organisation at every stage of the process.
During the development phase of our STORM appliances, we concentrated on the following areas that relate to the security of your information:
Security-Hardened Device Build
Our STORM appliances are based around a secure Linux operating system, which has been security-hardened in line with leading industry security standards. These standards include the relevant CIS (Center for Internet Security) hardening guides, Payment Card Industry Digital Security Standard (PCI-DSS) and the UK government Cyber Essentials scheme. We have also applied our own experience as penetration testers, to mitigate the latest security threats and vulnerabilities that are being exploited by attackers “in the wild”.
Encrypted Storage
All data on our STORM appliances is encrypted using full-disk encryption and uses a strong AES-XTS cipher which is applied using a 512-bit cipher key. If an attacker was able to obtain physical access to a drive on a STORM appliance, it would theoretically take them several hundred years to obtain access to the data stored within it.
In addition to using a robust method of encryption, we have integrated a USB-based hardware key into the decryption process, which must be inserted into the STORM appliance before it can be booted. Once the device is booted, the USB key can be removed, so that your data remains encrypted if the device were to be stolen from your offices.
Our returns process requires that the USB decryption key is sent back to SecureTeam separately from the STORM appliance. This means that if the device were to be stolen on its return to us, the drive (and more importantly your data) remains encrypted, as it is unlikely that the thief would have access to both the STORM appliance and the decryption key.
Secure Remote Network Access
Once deployed on a customer network, our STORM appliances use an encrypted Virtual Private Network (VPN) connection between the device and our secure UK datacentre.
All network traffic is encapsulated in a TLS (version 1.3) network tunnel and is encrypted using an AES-GCM cipher which uses a 256-bit rotating cipher key. Authentication to our VPN gateway is implemented using certificate-based authentication, which means an attacker would not be able to gain access to the VPN through a set of stolen credentials.
Using a secure, end-to-end method of encryption, means that the network traffic is not susceptible to interception or modification by a malicious user through a “man-in-the-middle” attack.
We enforce strict firewall rules at both device and gateway-level to ensure complete network segregation between our STORM appliances. This level of network segregation makes it impossible for network traffic to be routed between two (or more) adjacent customer networks that each have a STORM appliance installed.
Logging & Monitoring
All activity on our STORM appliances is logged to SecureTeam’s central Security Information & Event Management (SIEM) solution. This provides us with a robust audit trail of all actions and events that have taken place on a STORM appliance when it is connected to a network.
In addition to this, all network traffic that is sent between SecureTeam and our STORM appliances is protected by our Intrusion Prevention System (IPS). This is designed to actively identify and block potential attacks and threats, which may impact the operational security of our STORM appliances.
Security Updates & Patching
In order to stay protected against the latest security vulnerabilities and threats, all STORM appliances have the latest patches and security updates applied before they are deployed to a customer site. We also have the ability to push patches and updates out to the devices once they are deployed in the field.
Robust Provisioning Process
SecureTeam follows a stringent provisioning process to ensure that every STORM appliance is deployed to our customer sites in a consistent and secure manner.
When a device is returned to us, all storage media is securely wiped using a UK government-approved disk wiping process, before being re-imaged from a standard “gold” image. This ensures that previous customer data cannot be recovered from our devices if they were to be stolen from a future customer site.
All device passwords and encryption keys are securely destroyed and regenerated on a per-project basis before being shipped to a customer site. This ensures that even if device passwords or encryption keys were stolen from a device while on a previous customer site, they would no longer be valid when the device is sent to the next customer.
Factory Acceptance Testing
All STORM appliances undergo a thorough Factory Acceptance Test (FAT) before being deployed to a customer site. This ensures that all security measures have been correctly applied and that the device is fully operational when it is deployed.
A vulnerability assessment is conducted on all STORM appliances before they are deployed to a customer environment and this forms part of our FAT process. This ensures that if any security vulnerabilities remain after our build process, they can be identified and corrected before our devices are connected to customer networks.
Qualified & Vetted Consultants
STORM appliances can only be accessed by our qualified and security vetted consultants. All of our security consultants undergo strict pre-employment background checks, before being granted access to our infrastructure. In addition to this, the majority of our staff carry UK government security clearance, which allows us to work in public sector environments that handle highly sensitive information.
Lastly, all of our penetration testers are either CREST (Council of Registered Ethical Security Testers) or TigerScheme accredited and undergo regular examinations to ensure they remain qualified to conduct the services that we offer to our customers.
Trusted Toolset
Our STORM appliances contain a specific security toolset, which comprises a blend of commercially available and industry-recognised applications and scripts. We perform strict quality assurance testing internally to ensure that all applications are fit for purpose and will not cause any undesired impact when used in a customer environment.
Continuous Development
SecureTeam is continuously developing our STORM appliances to ensure they remain security hardened against the latest vulnerabilities and threats. Our internal development lifecycle means that our STORM appliances are regularly updated, allowing us to deliver our onsite consultancy services with a high level of security and functionality as we develop new security testing services for our customers.
How to install one of our STORM devices
We have designed our STORM appliances, so that they can be installed by both IT support staff or staff members within your organisation who have limited technical knowledge.
When you receive one of our STORM Node appliances, check that you have received the following items inside the case:
- 1 x STORM Device
- 2 x USB Decryption Keys
- 1 x Power Supply
- 1 x Mains Power Cable
- 1 x HDMI Cable
- 1 x Network Cable
- 1 x Customer Guide
- 1 x Decryption Key Return Envelope
- 1 x Returns Label
- 1 x Return Security Seal
- 1 x Contents Checklist
IMPORTANT
All STORM transit cases are fitted with a tamper-proof security seal through the padlock hole. The number on this security seal should be checked with your contact at SecureTeam to verify that the case contents or STORM appliance have not been tampered with during the shipping process.
Please check all case contents against the Contents Checklist when the STORM appliance is first delivered to you and notify SecureTeam immediately of any items that are missing. All items provided in the case MUST be returned at the end of the project and any items which are lost or damaged will be chargeable at cost.
Once you have confirmed the case contents, the following steps can be followed to successfully deploy the STORM device:
- Before starting the installation of the STORM appliance, ensure that all prerequisites detailed in the previous section are in place.
- Connect the Mains Power Cable to the mains inlet on the Power Supply and plug the Mains Power Cable for the Power Supply into a mains power source.
- Connect the Power Supply to the power connector on the back of the STORM appliance.
- Connect a network cable between the Ethernet connection on the back of the STORM appliance and the network connection on the network that is to be tested. Depending on the network architecture of the organisation, this may be a wall or floor port or could be a direct connection to one of the organisation’s network switches or firewall / router.
- Insert one of the USB Decryption Keys into a spare USB port on the STORM appliance.
- Press the power button on the front of the device. The power light should illuminate to show the device has powered up.
- At this point, you need to contact SecureTeam to let us know you’ve installed the STORM appliance. One of our technical support team will be able to verify that the device has successfully connected back to our environment and will conduct a series of post-installation checks.
Once SecureTeam has confirmed that the installation process is complete, you MUST remove the USB Decryption Key from the device and store both USB Decryption Keys that were supplied with the device in a secure location. This is to ensure that the device cannot be decrypted if it is stolen from your organisation by an attacker.
If the STORM appliance needs to be rebooted for any reason, the USB Decryption Key will need to be re-inserted; however, one of our team will contact you if this needs to be done.
How to return a STORM device back to us
Once the project is complete, the following process should be followed to return the STORM appliance to us:
- Check that the STORM appliance is powered down. If the power LED is still illuminated, contact us and we’ll shut the device down remotely.
- Disconnect the Mains Power Cable from the mains inlet on the Power Supply.
- Disconnect the Power Supply from the power connector on the back of the STORM appliance.
- Disconnect the network cable from the Ethernet connection on the back of the STORM appliance and the customer network connection.
- Store all supplied components back inside the transit case that the device was delivered in.
- Using the supplied Contents Checklist, check and tick-off each supplied item and sign the checklist to validate that all items shipped to you have been returned to us. Please note that any lost or damaged items will be chargeable at cost.
- Place both USB Decryption Keys into the envelope provided, ensure the envelope is sealed and then post the envelope to SecureTeam from your nearest post box. It is important that the Decryption Keys don’t travel back with the STORM appliance, as this could allow your data on the device to be decrypted.
- Remove the previous plastic document wallet from the front of the transit case and attach the new document wallet provided with the return address on it.
Attach the new security seal through the padlock hole on the transit case. This is to ensure that we are notified if the case has been opened or tampered with on its return to our offices. - Contact SecureTeam to let us know that the STORM appliance is ready to collect and one of our team will organise a courier with you to have the device returned to us.