So the router does store some logs? Let’s say that the router was designated specifically for election cycles it should still have that information unless it was overwritten? I would hope they don’t use the router to watch YouTube after an election. I assume it falls under some umbrella as sensitive material.
Yep routers can store logs. There are many types of logs and log levels. One type of log is the command log. If any one is familiar with a command line it is the same concept (you can press the up arrow to call back issued commands).
In more advanced routers a command can be issued to see that command buffer. That buffer itself usually has a default number of "history" and in some cases can be configured to "remember" more or less commands. I know with cisco routers there are a few ways to clear/purge/delete/reset the command history.
Network traffic logs, over time, take up a considerable amount of space - obviously the more traffic there is the more logs are generated. Routers don't typically have a large storage space for logs (they certainly can store network traffic logs if configured to do so). Also having one router handle all logging is bad practice as it is a single point of failure. It is better to configure the router to send all logs to a log server that can easily be mirrored/replicated and backed up on a regular basis.
I doubt that the router was specifically deployed for the election. The router(s) in question I believe are for the local county government. So it is just part of the normal local government network that runs all the day to day things county wide. From the tax assessor to the sheriff etc.
When the election happened allegedly election equipment was connected to the LAN (Local Area Network) of whatever building they held the election equipment in. That LAN would have been connected to the county wide network and could potentially have access to the outside world. Once they have some one look at the router(s), they would be able to see how they were configured and be able to determine if network traffic would have been able to flow from election equipment to the outside world. (if there was mobile data involved that is a whole 'nother can of worms)
Depending on the skill of the person doing the changing and the degree of the operation they would be pulling off of course it would be possible. Sometimes things don't need to be hacked to get changed nor does it necessarily need to be malicious in nature. For example, an IT guy could get a work order to change a config or run some commands or upgrade the firmware, heck even swap a device out.
You can have threat scenarios from in person infiltration all the way up to remote execution, it all depends on the amount of resources you want to throw at one network closet in Arizona.
That's why its good to have good backups, monitoring and logging (and understand how to read them) of all network infrastructure regardless if its a small home business or a large government agency.
So the router does store some logs? Let’s say that the router was designated specifically for election cycles it should still have that information unless it was overwritten? I would hope they don’t use the router to watch YouTube after an election. I assume it falls under some umbrella as sensitive material.
Yep routers can store logs. There are many types of logs and log levels. One type of log is the command log. If any one is familiar with a command line it is the same concept (you can press the up arrow to call back issued commands).
In more advanced routers a command can be issued to see that command buffer. That buffer itself usually has a default number of "history" and in some cases can be configured to "remember" more or less commands. I know with cisco routers there are a few ways to clear/purge/delete/reset the command history.
Network traffic logs, over time, take up a considerable amount of space - obviously the more traffic there is the more logs are generated. Routers don't typically have a large storage space for logs (they certainly can store network traffic logs if configured to do so). Also having one router handle all logging is bad practice as it is a single point of failure. It is better to configure the router to send all logs to a log server that can easily be mirrored/replicated and backed up on a regular basis.
I doubt that the router was specifically deployed for the election. The router(s) in question I believe are for the local county government. So it is just part of the normal local government network that runs all the day to day things county wide. From the tax assessor to the sheriff etc.
When the election happened allegedly election equipment was connected to the LAN (Local Area Network) of whatever building they held the election equipment in. That LAN would have been connected to the county wide network and could potentially have access to the outside world. Once they have some one look at the router(s), they would be able to see how they were configured and be able to determine if network traffic would have been able to flow from election equipment to the outside world. (if there was mobile data involved that is a whole 'nother can of worms)
Interesting, thanks for the run down. Would the configurations for the router be able to be changed without a previous footprint?
Depending on the skill of the person doing the changing and the degree of the operation they would be pulling off of course it would be possible. Sometimes things don't need to be hacked to get changed nor does it necessarily need to be malicious in nature. For example, an IT guy could get a work order to change a config or run some commands or upgrade the firmware, heck even swap a device out.
You can have threat scenarios from in person infiltration all the way up to remote execution, it all depends on the amount of resources you want to throw at one network closet in Arizona.
That's why its good to have good backups, monitoring and logging (and understand how to read them) of all network infrastructure regardless if its a small home business or a large government agency.