- Главная
- Информатика
- Physical Security: A Crucial (But Often Neglected) Part of Cybersecurity
Содержание
- 2. I. Introduction
- 3. Welcome and Thanks For Participating Today! Welcome to the Eugene IT Pro Forum at the Eugene
- 4. Helping the Good Folks, Not the Bad Ones Any time you talk about security issues, you
- 5. Physical Security and IT: It's Not A Cool Topic, I Know, I Know Physical security of
- 6. II. Losing Hardware (Maybe Containing PII)
- 7. A Recent Example from the UK Press
- 8. Some Things to Note About That Incident This incident happened just last month. It potentially impacts
- 9. Physical Access Typically Equals Total System Control Sometimes people think that they've "protected" a device (such
- 10. Encryption Isn't a "Magic Bullet," Either, Unfortunately When correctly used, carefully-implemented whole disk encryption is something
- 11. Desktops Can Be As Vulnerable As Laptops Somewhere along the line, many folks began to focus
- 12. Some HW Protective Solutions Can Be Expensive If a new low-end PC costs $500 or less
- 13. This Isn't "Just About Workstations" -- Another Physical Security Incident: Theft of Backups @ ECMC www.ifap.ed.gov/presentations/attachments/50DontBeTomorrowsHeadlinesV1.ppt
- 14. Some Things to Note About This Incident If you have applied for a student loan for
- 15. Please Note, I Do NOT Mean to Discourage Backups! Backups are a very important part of
- 16. "4800 Aussie Sites Evaporate After Hack" [* * *] In a statement published today, Distribute.IT said
- 17. Sometimes They "Take," Sometimes They "Give"... "Stuxnet Worm Heralds New Era of Global Cyberwar," www.guardian.co.uk/technology/2010/sep/30/stuxnet-worm-new-era-global-cyberwar The
- 18. Hardware With PII Isn't The Only PhysSec Issue “Masked thieves storm into Chicago colocation (again!)” November
- 19. Not All Incidents Are Intentional: Fiber Runs Across Bridges, and Bridges Sometimes Fall Down -- The
- 20. Fiber Also Runs Through Tunnels; Tunnels Sometimes Accidentally Burn: The Howard St Tunnel Fire, Baltimore, July
- 21. Tunnels Like The Howard Street One Can Be Key Physical Security Choke Points Source: http://articles.baltimoresun.com/2001-07-21/news/ 0107210195_1_fiber-pratt-st-internet-traffic
- 22. Bad As Those Incidents Are, Others Are (Arguably) Worse http://news.bbc.co.uk/2/hi/7222536.stm , October 4th, 2008
- 23. Summarizing The Physical Security Risk Model What Might Happen? Damage from a natural disaster, such as
- 24. Summarizing The Physical Security Risk Model Who Might Do It? Act of God Random individual (in
- 25. III. Is Physical Security Something That's On The IT Security Radar?
- 26. Do IT Security People Care About Physical Security? If you’re involved with IT system and network
- 27. Physical Facilities Security Is Certainly A Big Issue for Federal Agencies (But They're Generally Not Going
- 28. One Notable Federal Exception: FISMA The Federal Information Security Management Act (FISMA) information security standards includes
- 29. Physical Security Areas From FISMA: PE-1—PE-19 PE-1 Physical and Environmental Protection Policy and Procedures PE-2 Physical
- 30. An Example: PE-4 – Access Control for Transmission Media
- 31. IV. Attacks on Critical Facilities?
- 32. What the Feds REALLY Worry About When It Comes To Physical Security Vehicle Borne Improvised Explosive
- 33. Khobar Towers, Saudi Arabia
- 34. WE Can’t Worry About “Everything…” In the real world, we all have to “make our numbers,”
- 35. But Eugene Can Be a Surprising Place Sometimes Eugene isn't the sleepy little quiet college town
- 36. Operation Backfire
- 37. Responding to Bomb Threats Terroristic threats, such as bomb threats, can also be very disruptive. There's
- 38. University of Texas Police Department K-9 Unit
- 39. University of Wisconsin Police Department K-9 Unit
- 40. San Diego State Police Department K-9 Unit
- 41. Sometimes IT's Role Is Supporting Efforts to Mitigate the Impact of Severe Weather, Active Shooters, etc.
- 42. V. Physical Security of Your Networks
- 43. Network Outages Due to Physical Network Damage Regardless of how skeptical we may be of other
- 44. Architecting and Building for High Availability One way you can improve the physical security of your
- 45. Redundancy and Resiliency Isn’t Free (Duh) Of course, the downside of all this is that redundancy
- 46. Provisioning Multiple Links For a 100 Unit load Links 1 Link Lost 2 Links Lost 3
- 47. Diminishing Returns When you’re thinking about how much you want to spend to insure that your
- 48. But An Example of How Sometimes Having Multiple Redundant Paths Can Pay Off Big Time: Public
- 49. Indirect Costs In addition to the direct costs associated with buying diverse redundant links, you'll also
- 50. Hardware Sparing You also want to work to ensure that if an outage does occur due
- 51. Network Confidentiality Most networks carry some sort of potentially sensitive information, whether that's financial information, health-related
- 52. Live Open Ethernet Jacks/Ports It is amazing how often organizations will tolerate live open ethernet jacks/ports
- 54. $8.99 to Defeat “Secure” Fasteners…
- 55. VI. Physical Security of Your Facilities
- 56. The Security of Cabinets, Rooms and Buildings When we think about the physical security of networks,
- 57. A Flooded Data Center… Video: http://www.youtube.com/watch?v=ANU-oSE5_hU Time: 2:01
- 58. Locks Once we get beyond things like protecting a site from flooding or other natural disasters,
- 59. Surreptitious Opening of Traditional Pin Tumbler Locks Even though traditional pin tumbler locks, such as the
- 60. Video: How Lock Bumping Works Video: http://www.youtube.com/watch?v=7xkkS2p7SuQ Time: 2:04
- 61. If Detection Isn’t A Problem… If discovery of an intrusion isn’t a problem, you should also
- 62. Hinges
- 63. Padlocks Padlocks are widely used to secure network equipment. They are typically subject to all the
- 64. A S&G 951 Padlock (Different key-ways are intended for use by different audiences)
- 65. Keys Key-related issues are another reason why traditional locks often provide mediocre security. In many environments,
- 66. Part of A Keys Control Checklist from the USDA See: http://www.usda.gov/da/physicalsecurity/physicalcheck.pdf
- 67. Alternatives to Locks and Keys Many facilities have moved to “key cards” (swipe cards, prox cards,
- 68. Some Prox Cards Tools Some resources are mentioned in http://www.mcafee.com/us/resources/white-papers/foundstone/wp-proxbrute.pdf -- Proxmark III: http://www.proxmark3.com -- Proxpick:
- 69. Proxmark3
- 70. FWIW, Many Swipe-Style Cards Aren’t Perfect Either
- 71. Biometrics Biometric systems use your physical characteristics to decide if you should or shouldn’t be granted
- 72. Example of One Site That Is Using Biometrics Video URL: http://www.youtube.com/watch?v=1SCZzgfdTBo
- 73. Building Security: Piggy Backing/Tailgating/Social Engineering Key cards or biometrics won’t help if random individuals can gain
- 75. Building Security: Stay Behinds There’s also the potential problem of “stay behind” visitors – if you’re
- 76. Walls, Ceilings, Floors, Roofs, Utility Tunnels, Etc. Sometimes you’ll see a high security lock “protecting” a
- 77. Windows (The Glass Type, Not The Microsoft Type!) Windows represent another potentially important physical security vulnerability.
- 78. Fencing University campuses aren’t like industrial or government facilities, but if you can add a fenced
- 79. Exclusion Zones, Intrusion Detection & Landscaping Most fences (particular with proper signage) will at least serve
- 80. Example of a Fencing Failure “A fence approximately six feet high surrounds some of [the Kinshasa
- 81. Alarms and Guards Access control features such as locks and reinforced doors and walls can’t keep
- 82. Surveillance Video You can’t be everywhere at once, so take advantage of surveillance cameras to increase
- 83. Emergency Systems: Fire Detection & Suppression Electrical fires are one of the most destructive events an
- 84. OSU’s Thanksgiving 2010 Steam Tunnel Fire “Oregon State University resumes classes, though some phone and computer
- 85. Source: http://tinyurl.com/65mrh3w
- 86. Emergency Power and Cooling Often uninterruptible power supplies prove to be too small for the load
- 87. An Example from 9/11 http://www.nanog.org/meetings/nanog23/presentations/donelan.ppt
- 88. VII. Personnel
- 89. Protecting Your Personnel (And Their Families) Just as you protect your personally identifiable information, networks, systems,
- 90. A Few Potential Personnel Protective Measures Limit the information about employees and their work (particularly any
- 91. Personnel Can Also Be A Potential Risk Personnel vetting and related controls are often viewed as
- 92. ID Badges ID badges are another routine component of personnel security programs, and become necessary when
- 93. Credentials and A False Sense of Security While ID badges have the potential to improve security
- 94. An Example of Credential Abuse From the GAO “Our undercover agents were 100 percent successful in
- 95. VIII. "Information Leakage"
- 96. “Information Leakage” (FISMA PE-19) The final area of physical security we might consider is what FISMA
- 97. Physical Surveillance Of Your Personnel The physical analog to some of those network-based eavesdropping attacks would
- 98. Simple Example: A Hardware Keylogger
- 99. More Hardware Logging Gear
- 100. Eavesdropping Just as your computer may have a hardware “bug” attached to it, so, too, in
- 101. (Un)Trustworthy Hardware? “Information leakage” and “physical security problems” take on a profound new meaning if you
- 102. Dumpster Diving and Surplus Equipment Historically, many crackers got their start by digging interesting computer and
- 104. What About Software Drive Sanitization? If you don't have access to hardware drive destructors, or a
- 105. Confidential Documents and Removable Media Sensitive documents and removable physical media also need to be shredded,
- 106. IX. Conclusion
- 107. All The Rest It isn’t possible to go over everything that we really should talk about
- 109. Скачать презентацию
I. Introduction
I. Introduction
Welcome and Thanks For Participating Today!
Welcome to the Eugene IT Pro
Welcome and Thanks For Participating Today!
Welcome to the Eugene IT Pro
I'd particularly like to thank Quentin Hartman for the invitation to speak with you tonight.
Mindful of the fact that this is an "after work" talk, and you all are enjoying fine beverages, I'll do my best to keep this talk moving right along.
In particular, Quentin has already stressed that I've got an hour (at the most). I promise I won't run over!
I also wanted to explain, for those of you who may not be familiar with my slide style, that I normally do fairly detailed slides to help those who may look at this talk after the fact, the hearing impaired, and Google. A second promise to you: I won't just read my slides to you!
Helping the Good Folks, Not the Bad Ones
Any time you talk
Helping the Good Folks, Not the Bad Ones
Any time you talk
(I think) this talk threads that needle.
You'll notice that I will usually carefully cite a public source for pretty much anything I share with you tonight, so none of this should be information that's new or particularly helpful to the bad folks.
At the same time, we may talk about some issues you haven't thought about much...
Physical Security and IT:
It's Not A Cool Topic, I Know,
Physical Security and IT: It's Not A Cool Topic, I Know,
Physical security of systems and networks is probably the last topic you wanted to hear about tonight.
We could have talked about a lot of things that are more "trendy," I suppose, such as the security of mobile devices,*
but I do think that the physical security of systems and networks is a pretty important (if largely underappreciated) area.
Oh heck, maybe we are talking about things like the security of mobile devices, at least if "mobile devices" includes laptops...
----
* "Securing Mobile Devices: A Security Professionals 2011 Pre-Conference Seminar,"
http://pages.uoregon.edu/joe/securing-mobile-devices/
II. Losing Hardware (Maybe Containing PII)
II. Losing Hardware (Maybe Containing PII)
A Recent Example from the UK Press
A Recent Example from the UK Press
Some Things to Note About That Incident
This incident happened just last
Some Things to Note About That Incident
This incident happened just last
It potentially impacts millions of people.
The incident didn't involve a sophisticated attack – it took place because a laptop was able to be stolen from a storeroom.
Even though laptop whole disk encryption (WDE) is a best common practice (BCP) these days, the laptop's hard drive apparently wasn't protected by WDE.
I'd also would wager those laptops didn't have stolen laptop locator software (such as "Lojack") installed on them.
The article goes on to say, "All the laptops were password protected, and our policy is to manually delete the data from laptops after the records have been processed."
Hmm. "All the laptops were password protected." Does a password *really* protect the contents of missing laptops?
Physical Access Typically Equals Total System Control
Sometimes people think that they've
Physical Access Typically Equals Total System Control
Sometimes people think that they've
That's a mistaken impression.
Remember, if an attacker has physical access to your system, he or she can remove the hard drives and mount it on another system that they control.
At that point they can mount and access any unencrypted files on your hard drives at will, even if the original system was using a hardware system startup password.
But what if that laptop HAD also been using whole disk encryption?
Encryption Isn't a "Magic Bullet," Either, Unfortunately
When correctly used, carefully-implemented whole
Encryption Isn't a "Magic Bullet," Either, Unfortunately
When correctly used, carefully-implemented whole
However, any halfway competent private investigator with physical access could install a commercially available hardware key logger (or even just use a hidden camera to watch the user's screen and keyboard!), and once s/he has the user's passphrase, s/he could easily defeat that whole disk encryption scheme.
And let's not even mention so-called "rubber hose cryptography!"
So I would argue that physical security can genuinely matter! Far better to ensure that bad people can never get near a laptop in the first place, rather than having to worry about WDE failure modes, right?
Desktops Can Be As Vulnerable As Laptops
Somewhere along the line, many
Desktops Can Be As Vulnerable As Laptops
Somewhere along the line, many
If you've ever run an unattended computer lab, you may be familiar with lab users defeating hardware security devices to steal system components. It can be quite tricky to fully secure all parts of modern systems (including small parts such as memory, and peripherals such as keyboards, mice, power bricks, and even cables – you'd be amazed at what people will steal, or try to steal).
You may be able to indelibly engrave ownership information on some property (or you can try STOP plates), but often only 100% positive user identification backed up by a video record of activity in the facility will stop theft of desktop systems or components.
Some HW Protective Solutions Can Be Expensive
If a new low-end PC
Some HW Protective Solutions Can Be Expensive
If a new low-end PC
Some hardware enclosures may make access for routine maintenance more difficult.
It may help to remember that you're not really protecting the $500 PC with the enclosure you buy, but rather the hundreds of thousands or millions of dollars worth of PII that's contained in the system (even though you're also being good about backing that information up, and encrypting it, right?)
There's also perception issues involved: have you taken REASONABLE common steps to protect your assets? (Would cheaper security cables be equally acceptable for this purpose?)
This Isn't "Just About Workstations" -- Another Physical Security Incident: Theft
This Isn't "Just About Workstations" -- Another Physical Security Incident: Theft
www.ifap.ed.gov/presentations/attachments/50DontBeTomorrowsHeadlinesV1.ppt
(Reportedly, the stolen safes were small consumer-sized
units, and were wheeled out on rolling office chairs…)
Some Things to Note About This Incident
If you have applied for
Some Things to Note About This Incident
If you have applied for
This was yet another incident potentially impacting millions of us
The incident didn't involve a sophisticated attack – it took place because backups were able to be physically stolen.
Do you think the thieves might have hoped those safes had cash? Should they have been clearly labeled, "Contains No Money"?
And could those safes have been better secured? For example, given how light and easy to move they seem to have been, could they have been blind-bolted down to a concrete floor perhaps?
I also wonder: were the backups in the safes encrypted? (I bet not – they were "securely" ensconced in safes, after all, right?)
Please Note, I Do NOT Mean to Discourage Backups!
Backups are a
Please Note, I Do NOT Mean to Discourage Backups!
Backups are a
However, when doing backups: -- make sure you encrypt them (while ensuring that the right people know password to decrypt those backups if they need to do so!) -- make sure the backups aren't just thrown on a shelf somewhere, store them securely offsite! -- don't reuse backup media – use fresh media each time, or at least rotate your backup media -- confirm that you're actually able to restore stuff from your backups! If there's a problem with them, you want to know now, not when you're desperately in need of what's on that unusable media.
"4800 Aussie Sites Evaporate After Hack"
[* * *]
In a statement published
"4800 Aussie Sites Evaporate After Hack"
[* * *] In a statement published
"In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data."
The company said 4800 websites were affected and since it did not have the capacity to transfer the domain names to other parts of its platform, Distribute.IT had no choice "but to assist you in any way possible to transfer your hosting and email needs to other hosting providers".
The significant data loss has raised questions from backup experts as to why Distribute.IT did not appear to have offsite backups of customer data. [* * *]
www.smh.com.au/technology/security/4800-aussie-sites-evaporate-after-hack-20110621-1gd1h.html
Sometimes They "Take," Sometimes They "Give"...
"Stuxnet Worm Heralds New Era of
Sometimes They "Take," Sometimes They "Give"...
"Stuxnet Worm Heralds New Era of
‘Mysterious "Spy" Computer In [Iceland’s] Parliament Works Differently Than Being Reported, Tech Expert Says,’ January 20th, 2011, http://tinyurl.com/6ja62rq An unmarked computer found in a spare room of [Iceland’s] parliament, and connected directly to parliament’s internet system, was most certainly planted there […] Any identifying serial numbers had been erased from the machine, nor were any fingerprints found, and its origins have not yet been traced. The police believed that the matter was the work of professionals.
Hardware With PII Isn't The Only PhysSec Issue
“Masked thieves storm into
Hardware With PII Isn't The Only PhysSec Issue
“Masked thieves storm into
“California Telecom Knocked-Out By Low-Tech Saboteur” April 11th, 2009, http://tinyurl.com/datfv3 Shortly before 1:30 a.m. on Thursday morning, four fiber-optic cables were severed in an underground vault along Monterey Highway in San Jose, Cal. About two hours later, another four were cut in San Carlos, followed by two more in San Jose shortly thereafter.
Not All Incidents Are Intentional: Fiber Runs Across Bridges, and Bridges
Not All Incidents Are Intentional: Fiber Runs Across Bridges, and Bridges
26 Sec. Video: http://www.youtube.com/watch?v=EKLjB_nq76c
Fiber Also Runs Through Tunnels;
Tunnels Sometimes Accidentally Burn:
The Howard
Fiber Also Runs Through Tunnels; Tunnels Sometimes Accidentally Burn: The Howard
See also section 3.4.1 of http://ntl.bts.gov/lib/jpodocs/repts_te/13754.html
Image: www.baltimoresun.com/features/bal-trainfiregallery,0,1855948.photogallery
Tunnels Like The Howard Street One
Can Be Key Physical Security
Tunnels Like The Howard Street One Can Be Key Physical Security
Source: http://articles.baltimoresun.com/2001-07-21/news/
0107210195_1_fiber-pratt-st-internet-traffic
Bad As Those Incidents Are, Others Are (Arguably) Worse
http://news.bbc.co.uk/2/hi/7222536.stm , October
Bad As Those Incidents Are, Others Are (Arguably) Worse
http://news.bbc.co.uk/2/hi/7222536.stm , October
Summarizing The Physical Security Risk Model
What Might Happen?
Damage from a natural
Summarizing The Physical Security Risk Model
What Might Happen?
Damage from a natural
Accidental damage (e.g., backhoe fade on poorly marked fiber)
Intentional vandalism (or complete destruction) of facilities
Theft of hardware (laptops, servers, routers, core switches, etc.)
Loss of system or network integrity (potentially with unauthorized disclosure of PII or other sensitive data)
Summarizing The Physical Security Risk Model
Who Might Do It?
Act of God
Random
Summarizing The Physical Security Risk Model
Who Might Do It?
Act of God
Random
Disgruntled insider (or former employee)
Financially-motivated criminals
(Maybe) ideologically-motivated actors (“insurgents”)
(Or even) state-sponsored professionals (“spies”)
III. Is Physical Security Something
That's On The IT Security Radar?
III. Is Physical Security Something
That's On The IT Security Radar?
Do IT Security People Care About Physical Security?
If you’re involved with
Do IT Security People Care About Physical Security?
If you’re involved with
One factor may be that we all know the “whole world” can attack our systems and networks online via the Internet, while (in general) attackers need to be locally present to exploit physical security vulnerabilities.
As a result, we continually see attacks from online sources, but (if we’re lucky), we may never have personally experienced a physical attack on IT systems and network resources.
We may also (incorrectly) view physical security as something that’s “someone else’s problem” – for example, isn’t the physical security of our systems and networks something that our local security guards will take care of? (Maybe, maybe not)
Physical Facilities Security Is Certainly A Big Issue for Federal Agencies
(But
Physical Facilities Security Is Certainly A Big Issue for Federal Agencies (But
One Notable Federal Exception: FISMA
The Federal Information Security Management Act (FISMA)
One Notable Federal Exception: FISMA
The Federal Information Security Management Act (FISMA)
I'm not normally a huge FISMA cheerleader, to say the least, but in this case, the FISMA authors should be commended for at least being willing to share their thinking with us.
FISMA specifically calls out 19 areas related to physical security, areas that you might want to keep in mind as we talk tonight...
Physical Security Areas From FISMA: PE-1—PE-19
PE-1 Physical and Environmental Protection Policy
Physical Security Areas From FISMA: PE-1—PE-19
PE-1 Physical and Environmental Protection Policy
PE-2 Physical Access Authorizations
PE-3 Physical Access Control
PE-4 Access Control For Transmission Medium
PE-5 Access Control for Output Devices
PE-6 Monitoring Physical Access
PE-7 Visitor Control
PE-8 Access Records
PE-9 Power Equipment and Power Cabling
PE-10 Emergency Shutoff
PE-11 Emergency Power
PE-12 Emergency Lighting
PE-13 Fire Protection
PE-14 Temperature and Humidity Controls
PE-15 Water Damage Protection
PE-16 Delivery and Removal
PE-17 Alternate Work Site
PE-18 Location of Information System Components
PE-19 Information Leakage
An Example: PE-4 – Access Control for Transmission Media
An Example: PE-4 – Access Control for Transmission Media
IV. Attacks on
Critical Facilities?
IV. Attacks on
Critical Facilities?
What the Feds REALLY Worry About
When It Comes To Physical Security
Vehicle
What the Feds REALLY Worry About
When It Comes To Physical Security
Vehicle
If you want to better understand the VBIED issue at a visceral level, let me recommend two movies you might want to watch: -- "The Kingdom" (2007) -- "The Hurt Locker" (2008)
Khobar Towers, Saudi Arabia
Khobar Towers, Saudi Arabia
WE Can’t Worry About “Everything…”
In the real world, we all have
WE Can’t Worry About “Everything…”
In the real world, we all have
The risks that you or I perceive may be different than the risks that someone else sees under different circumstances.
Here in Eugene, for example, we might hope that we could largely discount VBIEDs as a threat, choosing to accept that (hopefully low) risk rather than making investments in anti-VBIED technologies such as physical barriers and standoff zones, blast resistant glazing, vehicle inspection stations, specially trained and equipped bomb technicians, etc.
But Eugene Can Be a Surprising Place
Sometimes Eugene isn't the sleepy
But Eugene Can Be a Surprising Place
Sometimes Eugene isn't the sleepy
For example, I think most of us can remember some of the arson incidents that have disrupted the community over the past decade, including what some have referred to as the "largest domestic terrorism case in the United States."
That case, "Operation Backfire," played out (in part) right here in Eugene.
Operation Backfire
Operation Backfire
Responding to Bomb Threats
Terroristic threats, such as bomb threats, can also
Responding to Bomb Threats
Terroristic threats, such as bomb threats, can also
While many police agencies have interagency agreements allowing them to share specialized capabilities such as bomb detection dogs, a growing number of campus police departments have decided to deploy their own local K-9 units to help clear buildings in response to the bomb threats they receive.
These dogs and their handlers should be your good friends, and routinely invited to sweep your IT facilities so the animals and their handlers become familiar with them, and the potential intricacies of their layouts, should you ever experience a real threat where time is of the essence.
UO's DPS has recently proposed creation of a campus K-9 explosives detection unit (see http://tinyurl.com/65ojkb9 )
University of Texas Police Department K-9 Unit
University of Texas Police Department K-9 Unit
University of Wisconsin Police Department K-9 Unit
University of Wisconsin Police Department K-9 Unit
San Diego State Police Department K-9 Unit
San Diego State Police Department K-9 Unit
Sometimes IT's Role Is Supporting Efforts to Mitigate the Impact of
Sometimes IT's Role Is Supporting Efforts to Mitigate the Impact of
While IT (with its high value hardware and ongoing mission critical responsibilities) is sometimes the target of attacks, other times IT's role is to support efforts to mitigate the impact of attacks.
Since the shooting incident at Virginia Tech and passage of the Clery Act, many universities have created emergency notification programs, including things like:
-- "reverse 911" services to provide emergency information to user cell phones or email addresses, and
-- campus sirens, public address systems, electronic signage, etc.
For more information on what some campuses are doing, see
"Real Time Notification During a Disaster or Other Emergency,"
http://pages.uoregon.edu/joe/notification/
You may also want to check out UO's emergency management site at: http://em.uoregon.edu/
V. Physical Security of Your Networks
V. Physical Security of Your Networks
Network Outages Due to Physical Network Damage
Regardless of how skeptical we
Network Outages Due to Physical Network Damage
Regardless of how skeptical we
For the purposes of this talk, I'm going to assume that most of you DO NOT own or operate a regional or national fiber of your own. When you need wide area network connectivity, you buy what you need from a commercial network service provider.
As a result, I'm going to omit my spiel on what you might do to directly protect your own regional or national fiber infrastructure.
Let's talk a little about what you can accomplish via "appropriate use of purchase orders," instead.
Architecting and Building for High Availability
One way you can improve the
Architecting and Building for High Availability
One way you can improve the
Your network should be architected and constructed so that there are no choke points or “single points of failure” -- loss of any single link or piece of gear should NOT result in an outage! Think, “We must always have redundant paths over diverse facilities!”
One difficulty is that you may have a hard time determining the path that a given circuit or provider follows. You run the risk of purchasing "redundant" "diverse" connectivity from multiple providers that's all provisioned over the same infrastructure, thereby introducing unexpected single points of failure (ugh).
You may need to explain your concerns and be pushy. If you're a nice guy or nice gal, your primary and backup connectivity may end up running over the same glass, and that's not good. :-(
Redundancy and Resiliency Isn’t Free (Duh)
Of course, the downside of all
Redundancy and Resiliency Isn’t Free (Duh)
Of course, the downside of all
The first path between two paths normally goes via the cheapest and most direct route. A diverse path (virtually by definition) will need to go via some longer/less desirable/more expensive-to-provision path.
You also need to accept that you’ll be buying capacity that you normally won’t be using. (If you do rely on use of your “backup” link to have enough capacity to accommodate your normal production traffic requirement, what will you do if your primary link goes down? Your links should be able carry all the traffic at your site, so long as at least one link is still available. Alternatively you need a plan to selectively shed or de-prioritize load until you’ve eliminated performance-killing congestion issues.
Provisioning Multiple Links For a 100 Unit load
Links 1 Link Lost 2
Provisioning Multiple Links For a 100 Unit load
Links 1 Link Lost 2
1 100 unit 0 units n/a n/a 2 100 units 100 units 0 units n/a 3 100 units 200 units 100 units 0 units 4 100 units 300 units 200 units 100 units 2 50 units 50 units 0 units n/a 3 50 units 100 units 50 units 0 units 4 50 units 150 units 100 units 50 units
What you should buy depends on your availability requirements, your load characteristics, and your budget. Also note that you may be hard pressed to perfectly balance your load across multiple links. Under normal (and/or emergency!) circumstances, one link might run quite hot, while another might be nearly idle.
Diminishing Returns
When you’re thinking about how much you want to spend
Diminishing Returns
When you’re thinking about how much you want to spend
The first backup/failover circuit you add will likely provide a substantial improvement in system availability, since if your main production circuit fails, that backup circuit will "save your bacon." It likely represents an excellent bit of "insurance" for you to buy.
If you’re really risk averse or your service must absolutely remain available, a second backup/failover circuit might allow you to avoid an outage in the rare circumstances where both your primary and your secondary circuits simultaneously experience an outage – but, that *should* be a vanishingly rare event.
But what of a third or fourth or n’th backup/failover circuit? You might only need that extra circuit one time in ten million, and the cost of eliminating an event that rare may be prohibitive.
But An Example of How Sometimes Having Multiple Redundant Paths Can
But An Example of How Sometimes Having Multiple Redundant Paths Can
http://www.srb.state.mn.us/pdf/I-35W%20Final%20Report.pdf
[Remember, too, the triple cable outage mentioned on slide 16]
Indirect Costs
In addition to the direct costs associated with buying diverse
Indirect Costs
In addition to the direct costs associated with buying diverse
For example, multihoming across multiple commodity transit providers implies that you'll need a network engineer who understands BGP, border routers with the horsepower and capacity to carry a full routing table, your own ASN and your own provider independent address space, etc.
Some organizations may decide that they just can't afford those sort of expenses (especially if a salesperson offers a great alternative offer, albeit with all your eggs in just their one basket).
Hardware Sparing
You also want to work to ensure that if an
Hardware Sparing
You also want to work to ensure that if an
For example, are you continually monitoring your network and maintaining adequate local spares?
Often, particularly in smaller secondary markets, like Eugene, more expensive spares are not stocked locally, they’re shipped in from regional depots in Portland or Seattle or San Francisco or Denver on an as-needed expedited basis.
However, when multiple customers simultaneously suffer outages and all need replacement parts at the same time, or when same day courier service is disrupted due to a disaster, a lack of local spares could get ugly.
Beware of one disaster causing other "disasters!"
Network Confidentiality
Most networks carry some sort of potentially sensitive information, whether
Network Confidentiality
Most networks carry some sort of potentially sensitive information, whether
And if you're like most folks, you know that information sent over an unencrypted wireless like can easily be intercepted by a bad guy or gal, right? (WiFi is a broadcast medium after all)
But do you give any thought to the possibility that your hardwire 10/100/1000-base-T ethernet connection might also be getting monitored ("sniffed")?
Physical access to your network really simplifies the process of sniffing your/your users' traffic. Control access to wiring closets and cable runs!
And just because a network is switched, that doesn't mean it can't be forced into flooding traffic to all ports (c.f., dsniff, Cain&Abel)
Live Open Ethernet Jacks/Ports
It is amazing how often organizations will tolerate
Live Open Ethernet Jacks/Ports
It is amazing how often organizations will tolerate
Most universities do not allow “free love” open wireless networks, so why would you allow anyone with an ethernet cable to have open access to your wired network? Some options to consider: -- only heat up jacks on request, or at least disable jacks located in hallways and empty offices by default -- require authentication for most physical ethernet connections the same way you do for wireless connections -- consider locking unused jacks and installed patch cables (e.g., see www.rjlockdown.com, but remember that Torx screwdriver bits are publicly available and recognize that jack plates can still be removed or patch cables cut and reterminated for access)
$8.99 to Defeat “Secure” Fasteners…
$8.99 to Defeat “Secure” Fasteners…
VI. Physical Security of Your Facilities
VI. Physical Security of Your Facilities
The Security of Cabinets, Rooms and Buildings
When we think about the
The Security of Cabinets, Rooms and Buildings
When we think about the
In reality, every network also has numerous other physical facilities (cabinets, rooms, buildings, etc.) housing things such as key network equipment (optronics, routers, switches, etc.), as well as servers, critical staff, documentation, media, etc.
Those facilities also need to be physically secure.
Physical security can mean, among other things, that the facilities aren’t likely to be damaged by a deluge or other natural disaster.
A Flooded Data Center…
Video: http://www.youtube.com/watch?v=ANU-oSE5_hU
Time: 2:01
A Flooded Data Center…
Video: http://www.youtube.com/watch?v=ANU-oSE5_hU
Time: 2:01
Locks
Once we get beyond things like protecting a site from flooding
Locks
Once we get beyond things like protecting a site from flooding
Naturally, we all know that the locks on data equipment cabinets typically aren’t very strong, and more often than not the keys for those cabinet are just left on top of the cabinet so they don’t get “lost,” but because locks are used so many places related to computing and networking, let’s talk a little about locks.
Surreptitious Opening of
Traditional Pin Tumbler Locks
Even though traditional pin tumbler
Surreptitious Opening of
Traditional Pin Tumbler Locks
Even though traditional pin tumbler
If you think that traditional pin tumbler locks provide anything even *remotely* approaching reasonable security, I’d urge you to think again.
In particular, you should learn about “bump keys.”
Video: How Lock Bumping Works
Video: http://www.youtube.com/watch?v=7xkkS2p7SuQ
Time: 2:04
Video: How Lock Bumping Works
Video: http://www.youtube.com/watch?v=7xkkS2p7SuQ
Time: 2:04
If Detection Isn’t A Problem…
If discovery of an intrusion isn’t a
If Detection Isn’t A Problem…
If discovery of an intrusion isn’t a
Thus, for any lock that “matters,” you should probably consult with a professional locksmith and have a high security lock (such as those made by Medeco) installed, reinforcing the door and the door jamb (including the strike plate area) at the same time.
Don’t forget to secure any exposed outward-swinging external door hinges, too!
Hinges
Hinges
Padlocks
Padlocks are widely used to secure network equipment. They are typically
Padlocks
Padlocks are widely used to secure network equipment. They are typically
The ultimate? The Navy has approved the S&G 951 High Security Padlock, but at >$1,000/lock, it might be, um, a little pricey
A S&G 951 Padlock
(Different key-ways are intended for use by different
A S&G 951 Padlock
(Different key-ways are intended for use by different
Keys
Key-related issues are another reason why traditional locks often provide mediocre
Keys
Key-related issues are another reason why traditional locks often provide mediocre
In many environments, it is routine for the same key to get issued to multiple people. When one of those keys get lost (or is not recovered when someone quits or is terminated), the locks that are opened by that key tend not to get rekeyed (typically, the cost of doing this would be prohibitive, and there are only a finite number of usable key combinations given physical constraints).
Many sites also use master keys, allowing supervisors or custodial staff to have access to all offices on a given floor or in a particular building. If control over a master key is even temporarily lost (or an intruder can gain access to lock cylinders from multiple doors which all use the same master key), the intruder may be able to make a duplicate master and have the run of your facility.
You really want to have a conversation with your lock & key person
Part of A Keys Control Checklist from the USDA
See: http://www.usda.gov/da/physicalsecurity/physicalcheck.pdf
Part of A Keys Control Checklist from the USDA
See: http://www.usda.gov/da/physicalsecurity/physicalcheck.pdf
Alternatives to Locks and Keys
Many facilities have moved to “key cards”
Alternatives to Locks and Keys
Many facilities have moved to “key cards”
Key cards offer distinct advantages over traditional locks and keys: -- key cards can be integrated into user site IDs/badges -- key card use can be tracked, while use of a key leaves no audit trail or record -- key cards can be programmed to work only during particular days or particular periods of time, while keys work all the time -- many key card systems can be configured to require “two factors” (e.g., you must use your key card AND enter a PIN code) -- upon termination, a key card can be instantly canceled with no need to manually rekey the system, etc.
Sometimes, though, key cards may offer only an illusion of security. For example, some may be easily brute forced using widely available tools.
Some Prox Cards Tools
Some resources are mentioned in http://www.mcafee.com/us/resources/white-papers/foundstone/wp-proxbrute.pdf
-- Proxmark III:
Some Prox Cards Tools
Some resources are mentioned in http://www.mcafee.com/us/resources/white-papers/foundstone/wp-proxbrute.pdf -- Proxmark III:
Also worth a read: “The RFID Hacking Underground,” Wired, May 2006 http://www.wired.com/wired/archive/14.05/rfid.htm and http://rfidiot.org/
Proxmark3
Proxmark3
FWIW, Many Swipe-Style Cards Aren’t Perfect Either
FWIW, Many Swipe-Style Cards Aren’t Perfect Either
Biometrics
Biometric systems use your physical characteristics to decide if you should
Biometrics
Biometric systems use your physical characteristics to decide if you should
Examples include: -- fingerprint or hand geometry readers -- iris and retina scanners -- voice identification -- facial recognition -- signature recognition
Nice discussion of biometric issues in GAO-O3-1137T, “Challenges in Using Biometrics,” http://www.gao.gov/new.items/ d031137t.pdf
I'm not a huge fan of biometric solutions, but that's just me.
Example of One Site That Is Using Biometrics
Video URL: http://www.youtube.com/watch?v=1SCZzgfdTBo
Example of One Site That Is Using Biometrics
Video URL: http://www.youtube.com/watch?v=1SCZzgfdTBo
Building Security:
Piggy Backing/Tailgating/Social Engineering
Key cards or biometrics won’t help if
Building Security:
Piggy Backing/Tailgating/Social Engineering
Key cards or biometrics won’t help if
A nice example of manipulating basic social courtesies, mentioned to me by a colleague recently: approach the door to a controlled area carrying what’s obviously a heavy box. It takes a pretty "heartless" person to not help by holding the door. Social engineering is just as big a problem for IT physical security, as it is for phishing attacks.
An attendant at the door can also ensure that everyone coming in “cards in” as may be required (but I know that this is something that many higher education sites have trouble enforcing).
Floor to ceiling turnstiles or mantraps (interlocking pairs of doors) can be used to help physically prevent these sort of phenomena.
Building Security: Stay Behinds
There’s also the potential problem of “stay behind”
Building Security: Stay Behinds
There’s also the potential problem of “stay behind”
An unescorted and forgotten visitor can be the “camel’s nose” that defeats many of your physical access controls, potentially allowing anyone or everyone to gain access to your facilities.
For example, a stay behind visitor can open an unalarmed external door from the inside, thereby allowing entry of additional people.
Finding stay-behinds is easier if a building has motion sensor alarms deployed, or if the organization routinely uses security dogs to sweep sensitive buildings at closing time. Routinely lock all places where an unauthorized person might hide, out of sight, until the building empties (such as supply closets, unused offices, etc.)
Walls, Ceilings, Floors, Roofs, Utility Tunnels, Etc.
Sometimes you’ll see a high
Walls, Ceilings, Floors, Roofs, Utility Tunnels, Etc.
Sometimes you’ll see a high
In that sort of environment, an intruder can ignore the high security lock and just punch through the door or sheet rock walls, or climb in above the suspended ceiling or below the raised floor. (Embedded heavy gauge wire mesh can at least make that sort of through-the-wall or through-the-ceiling or floor entry a little more difficult)
Similarly, have you secured your roof? Or could someone use an extension ladder to get to your roof, and then go through an unsecured roof hatch or skylight?
What about any utility tunnels? Manholes are often one of the easiest-to-breach access points. Although locking manhole covers are available (e.g., see www.securemanholes.com), most manhole covers are simple cast iron units that provide no impediment to an intruder with a manhole cover lifter (or just a couple of bolts and some wire).
Windows (The Glass Type, Not The Microsoft Type!)
Windows represent another potentially
Windows (The Glass Type, Not The Microsoft Type!)
Windows represent another potentially
We all love fresh air and nice views, but some windows are large enough to allow a skinny thief equipped with a rock to break in.
Other times, windows might be left ajar and unattended, so that an intruder doesn't even need to break anything to gain access – they may just be able to reach in, or crawl in.
Important: your ability to secure windows with security grills or bars may be limited by building code requirements and life safety concerns in case of fires or other emergency. Be sure that any mechanisms you deploy to secure window issues DO NOT create life safety hazards.
While you're working on improving your window security, you may also want to consider deploying reflective film. Reflective window film may reduce the ability of casual pedestrian traffic to "window shop" for valuables, and may also help reduce unauthorized viewing of what's on employee LCD panels (see also 3M's line of display privacy filters).
Fencing
University campuses aren’t like industrial or government facilities, but if you
Fencing
University campuses aren’t like industrial or government facilities, but if you
Government and military folks (who worry about things like VBIEDs, as discussed earlier) like a wire cable-reinforced perimeter fence that’s ideally at least fifty feet away from the facility that’s to be protected, built from 9 gauge (or heavier) chain link, seven feet or more tall, with an outward facing razor wire top guard plus a bottom rail, well anchored and backed up by things like interlocking precast concrete obstacles or large concrete planters.
Dual fence designs are also popular.
That may all be a bit much for university environments, but if you can deploy it, it’s another layer of physical security.
Exclusion Zones, Intrusion Detection & Landscaping
Most fences (particular with proper signage)
Exclusion Zones, Intrusion Detection & Landscaping
Most fences (particular with proper signage)
Extensive lighting plus physical intrusion detection systems will help managing that exclusion zone.
Any landscaping should not provide hiding spots for intruders.
Any trees near or overhanging a security fence should also be trimmed or removed to prevent the tree from being used as a pathway over the fence.
Example of a Fencing Failure
“A fence approximately six feet high surrounds
Example of a Fencing Failure
“A fence approximately six feet high surrounds
Alarms and Guards
Access control features such as locks and reinforced doors
Alarms and Guards
Access control features such as locks and reinforced doors
What access control features do give you is a window of time for guards to respond and deal with any intrusion attempt.
The sooner your guards know that someone is attempting to break in, the more time they’ll have to mobilize and deal with the attempted intrusion. Alarms buy you response time.
Again, just as was the case with locks, you should consider engaging an alarm professional to help you plan and deploy a suitable comprehensive alarm system (including things like area motion detectors, and perimeter integrity alarms with window-ajar and door-ajar sensors). You should also review response requirements with security guards and local law enforcement.
Surveillance Video
You can’t be everywhere at once, so take advantage of
Surveillance Video
You can’t be everywhere at once, so take advantage of
Surveillance video may deter issues from arising in the first place: if people know they’re potentially being monitored, that alone may deter them from engaging in illegal activities.
If illegal activities do occur, surveillance video can provide crucial evidence documenting what happened during the incident: (a) When did the incident occur? (b) How did the incident occur? (c) Who did it? (d) What did they take/what did they do?
Consider using a redundant out-of-building digital video recorder to ensure that an in-building video recorder doesn’t get stolen or compromised during a security incident.
Emergency Systems: Fire Detection & Suppression
Electrical fires are one of the
Emergency Systems: Fire Detection & Suppression
Electrical fires are one of the
Automatic water sprinkler systems (“dry pipe” systems) are the most common alternatives, but water sprinkler systems may not be effective when it comes to suppressing electrical fires occurring in machine rooms under raised floors.
Non-Halon gaseous fire suppression systems (for example, carbon dioxide based systems) may be an alternative, but they represent serious potential risks for operators and other personnel who may need to be rapidly evacuated in the event of a fire. See the discussion of some Halon alternatives: http://tinyurl.com/6agevle
Note: Regrettably, not all fires will take place in your well- fire-suppressed machine room…
OSU’s Thanksgiving 2010 Steam Tunnel Fire
“Oregon State University resumes classes, though
OSU’s Thanksgiving 2010 Steam Tunnel Fire
“Oregon State University resumes classes, though
Source: http://tinyurl.com/65mrh3w
Source: http://tinyurl.com/65mrh3w
Emergency Power and Cooling
Often uninterruptible power supplies prove to be too
Emergency Power and Cooling
Often uninterruptible power supplies prove to be too
UPS systems need to be backed up by diesel generators. Have you tested yours recently? How much fuel do you have available for it? In an emergency will you be able to get more? Are you sure?
While most sites worry about emergency power, many forget to think about emergency cooling. If your machine room is going to overheat, even if you have juice, you won’t be able to stay online. Spend some time thinking about your emergency cooling plan.
An Example from 9/11
http://www.nanog.org/meetings/nanog23/presentations/donelan.ppt
An Example from 9/11
http://www.nanog.org/meetings/nanog23/presentations/donelan.ppt
VII. Personnel
VII. Personnel
Protecting Your Personnel (And Their Families)
Just as you protect your personally
Protecting Your Personnel (And Their Families)
Just as you protect your personally
Why worry about staff family members? Consider incidents such as the recent kidnapping of anti-virus expert Eugene Kaspersky's 20-year-old son Ivan* -- that incident caused a lot of concern for many security experts. Fortunately, the incident worked out okay for the Kaspersky family in the end, but it could have been a tragic event.
If you cannot effectively protect all critical staff and their families, you may want to consider "key person" insurance to hedge your business against the effects of their potential loss.
---- * "Russian Investigators Free Kaspersky's Son, No Ransom Paid," http://www.pcmag.com/article2/0,2817,2384235,00.asp
A Few Potential Personnel Protective Measures
Limit the information about employees and
A Few Potential Personnel Protective Measures
Limit the information about employees and
Employee directories should receive particularly careful review to make sure that personal information (such as employee home addresses) doesn't get disclosed.
Limit facility access by the public. Tours and other visits, for example, are a great opportunity for bad people to check out your physical security measures, looking for any weaknesses.
Provide secure parking. Employees may be targeted for attack while walking to or from their vehicle, or their vehicle may be burglarized or tampered with if left in an insecure location.
Provide a means by which employees can report suspicious activity, whether that's an outsider reconnoitering your offices, or a co-worker who's making threatening comments.
Personnel Can Also Be A Potential Risk
Personnel vetting and related controls
Personnel Can Also Be A Potential Risk
Personnel vetting and related controls
Historically many IT sites have rarely done background checks on their employees, however, that practice has been evolving over time, particularly for system and networking staff members having effectively unlimited access to infrastructure.
Don’t neglect personnel background checks in your eagerness to fill hard-to-fill positions!
Be sure to discuss any planned background checks with your Legal Counsel and Human Resources Department, since specific notice and consent requirements or other limitations may apply, and vary from state to state.
You may also want to schedule periodic re-reviews to see what, if anything, may have changed.
ID Badges
ID badges are another routine component of personnel security programs,
ID Badges
ID badges are another routine component of personnel security programs,
Ideally, ID badges would: -- identify the person bearing the badge (“Sam Anderson”), and make it easy for third parties to verify that the right person has that badge (e.g., the picture on the badge matches its user) -- give the person’s status (“employee”, “visitor”, etc.) and role (“senior network engineer”, “custodian”, etc.) -- signal any atypical access (“machine room access allowed” or “must be accompanied at all times”) -- include a magstripe or barcode that allows the credential to be easily verified against an authoritative database -- be difficult to forge, resistant to unauthorized modifications, hard to accidentally damage, and cheap
Credentials and A False Sense of Security
While ID badges have the
Credentials and A False Sense of Security
While ID badges have the
Credentials should also be challenged and verified if the person presenting them isn’t known, or just “feels wrong” (trust your paranoia).
For example, it has been reported that penetration testers have been routinely able to gain unauthorized access to sterile areas of airports and sensitive federal facilities by displaying bogus law enforcement credentials. Such access is particularly troubling when those individuals are allowed access with firearms or other weapons.
An Example of Credential Abuse From the GAO
“Our undercover agents
An Example of Credential Abuse From the GAO
“Our undercover agents
At no time during the undercover visits were our agents’ bogus credentials or badges challenged by anyone. At the 21 sites that our undercover agents successfully penetrated, they could have carried in weapons, listening devices, explosives, chemical/biological agents, devices, and/or other such items/materials.
At each visit, our agents carried bogus badges and identification, declared themselves as armed law enforcement officers, and gained entry by avoiding screening. At least one agent always carried a valise.
Sixteen of the sites we visited contained the offices of cabinet secretaries or agency heads. At 15 of these sites, our undercover agents were able to stand immediately outside the suites of the cabinet secretary or agency head. In the 5 instances in which our agents attempted entry into such suites, they were successful. At 15 of the sites, our agents entered a rest room in the vicinity of these offices and could have left a valise containing weapons, explosives, and/or other such items/materials without being detected. Except for one agency, we made no attempt to determine whether any of the cabinet secretaries or agency heads were present at the time we visited their agencies.
At a federal courthouse, our agents were waved through a magnetometer but not screened. A briefcase that one of the agents carried was not checked. The agents were escorted to a gun box room, which they were permitted to enter alone. They were then instructed to lock their weapons, but no one supervised or observed the actual surrender of the agents’ weapons.
At the two airports we visited, our agents used tickets that had been issued in their undercover names for commercial flights. These agents declared themselves as armed law enforcement officers, displayed their spurious badges and identification, and were issued “law enforcement” boarding passes by the airline representative at the ticket counter. Our agents then presented themselves at the security checkpoints and were waved around the magnetometers. Neither the agents nor their valises were screened.” Source: GAO/T-OSI-00-10, “Security Breaches at Federal Agencies and Airports,” May 25th, 2000, http://ntl.bts.gov/lib/11000/11400/11410/os00010t.pdf
VIII. "Information Leakage"
VIII. "Information Leakage"
“Information Leakage” (FISMA PE-19)
The final area of physical security we might
“Information Leakage” (FISMA PE-19)
The final area of physical security we might
If we weren’t talking about physical security today, when you hear the term “information leakage,” the first thoughts that would probably come to mind would probably include: -- sniffing unencrypted network traffic -- SQL injection attacks (potentially extracting PII or other confidential data in unanticipated ways) -- malware (such as “banking trojans”) eavesdropping on user financial data -- BGP route injection attacks (“BGP shunts”) -- DNS poisoning -- etc.
Physical Surveillance Of Your Personnel
The physical analog to some of those
Physical Surveillance Of Your Personnel
The physical analog to some of those
For some reason, while most people are all too willing to believe that hackers and malicious software exist and could spy on your online activity, they are often skeptical that there are physical surveillance devices that are an equal or greater threat.
Put another way, some people think that “physical surveillance devices are something that only the tin foil hat crowd tends to worry about. No one’s going to bother ‘bugging’ my computer or my office or my car.”
I’m happy that those folks are feeling so physically secure, but that sense of security may be unwarranted.
Physical surveillance devices DO exist and do get used.
Simple Example: A Hardware Keylogger
Simple Example: A Hardware Keylogger
More Hardware Logging Gear
More Hardware Logging Gear
Eavesdropping
Just as your computer may have a hardware “bug” attached to
Eavesdropping
Just as your computer may have a hardware “bug” attached to
While popular television shows frequently show these devices being easily detected, in reality, at least when professional quality equipment is used and installed by a skilled professional, it can be difficult to detect and neutralize those bugs (the process of locating and defeating bugs is normally referred to as “technical surveillance counter measures” or TSCM).
If you remain skeptical that bugs are an real physical security issue, or that they can be difficult to detect and remove, I recommend you review the presentation: “Phone Talk,” http://www.tscm.com/Phone_Lecture_2009/Phone_Lecture_Reston_VA-2009.htm (167 slides)
(Un)Trustworthy Hardware?
“Information leakage” and “physical security problems” take on a profound
(Un)Trustworthy Hardware?
“Information leakage” and “physical security problems” take on a profound
I would encourage everyone to become familiar with the threat I’m referring to in this area – a nice briefing is the FBI PowerPoint deck entitled, “FBI Criminal Investigation – Cisco Routers,” as embedded in graphical form in “FBI Fears Chinese Hackers Have Back Door Into US Government and Military,” see http://www.abovetopsecret.com/forum/thread350381/pg1
See also the excellent article “Dangerous Fakes,” http://www.businessweek.com/magazine/content/08_41/b4103034193886.htm
Buying counterfeit products is one physical security risk, but other physical security risks are associated with disposing of surplus/no longer needed hardware on the other end of the cycle…
Dumpster Diving and Surplus Equipment
Historically, many crackers got their start by
Dumpster Diving and Surplus Equipment
Historically, many crackers got their start by
Today, there’s much more emphasis on recycling, and that’s laudable, but any storage media in surplus equipment needs to get wiped before that gear gets sold or otherwise disposed of, even if the system itself no longer boots/runs.
Beware of amateur efforts at rendering hard drives unusable – staff members can easily hurt themselves while attempting to destroy surplus equipment with sledge hammers or other improvised tools (one particularly dangerous example involved amateur use of thermite!). Surprisingly, information may still be able to be recovered from an apparently “destroyed” drive.
Consider hiring a contractor to crush or shred your drives, or (if your volume is large), perhaps get your own crusher/shredder.
What About Software Drive Sanitization?
If you don't have access to hardware
What About Software Drive Sanitization?
If you don't have access to hardware
A couple of starting points:
-- Darik's Boot and Nuke (DBAN): http://www.dban.org/
-- Apple's discussion of erasing disks securely (OS X 10.4 or later): http://docs.info.apple.com/article.html?path=DiskUtility/ 10.5/en/duh1011.html
Confidential Documents and Removable Media
Sensitive documents and removable physical media also
Confidential Documents and Removable Media
Sensitive documents and removable physical media also
Note that not all shredders are equally effective (e.g., wide strip shredders are not as good as cross cut micro confetti shredders).
Shredders also must be used properly (simple example of a user error compounding a poor technology choice: by feeding documents into a strip shredder sideways, you might end up with strips that have whole sentences intact!)
You should also be aware that document reconstruction software now exists that automates the jigsaw-puzzle-solving-like process of "unshredding" shredded documents.
Lastly, for those who outsource their document destruction, be sure you properly secure any mobile containers you use to accumulate sensitive documents meant for eventual pickup!
IX. Conclusion
IX. Conclusion
All The Rest
It isn’t possible to go over everything that we
All The Rest
It isn’t possible to go over everything that we
If you’re not routinely talking about physical security at your site, or you don’t have a formal physical security policy, you may want to begin working on this important area.
Hopefully this talk will at least provide some starting points for that conversation.