Tuesday, August 17, 2010

Physical Security

First of all I would like to say that Hacking is not only confined to sit before a computer in a dark room but sometimes you need to perform physical actions too. So I recommend you to work out daily and remain healthy. If you can't defend others then you must at least have strength to defend yourself from any danger.

Let us discuss about Physical Security today. I am not going to teach you martial arts or some stealth tips, about how to kill someone instantly.
However this topic is mainly targeted for employers but it can also assist home users. It is not so technical in nature.



What is physical security ?
Physical security means securing the workplace from intruder's physical access. In other words you can say that
It is similar as we are securing our home from thieves or burglars(attackers).

So why we need Physical security ?
The reason is that by just implementing technical security on your machine doesn't makes it completely safe.
What is use of securing a precious in a safe/locker if safe/locker can be stolen too.. ??
For instance: Consider you have a laptop and you have secured it with good password now unfortunately if it gets stolen then all your data can be stolen too because now attacker can use password cracking utility. So your security was useless. Maybe you have encrypted your data, but what if attacker didn't wanted your data, so attacker will open the lappy unscrew the HDD, and use new HDD or he/she may format your HDD. Ultimately what ever the attacker does the loss will be yours only. So it means along with technical security we also need to
know about physical security.

Physical security checklist :

1. Infrastructure surroundings :
The surrounding of your building must be properly secured with fence, gates, guards, dogs, alarms, metal detectors etc. This is just common sense. It avoids attacker from causing any damage to your property. It will also avoid the attacker to perform other attacks like Dumpster diving.

2. Premises/Interior :
Check the roof/ceiling access through AC ducts. This ducts leads to many rooms of an infrastructure. They must be fixed properly with screws, nuts,bolts etc.
CCTV cameras should be used to monitor the activities. This recording can be later used to investigate any attack. Now a days these cameras are so small that they can be hidden anywhere without letting you know about its existence.
Panic buttons must be installed in companies so that if any employee suspects any danger he/she can just press that button to call security for help. eg: In banks the manager has this button, and whenever there is any danger he/she press that button and security gets acknowledge about the attack.
Doors are the main gatekeepers. There are many types of locks that are used to keep door safe.
Locks can be electric, magnetic or mechanical. The locks used in these doors may use ID card, metal key, some sort of password, or biometric authentication. Door that use metal keys can be cracked by lock picking. So it is better to use electric doors that need authentication via ID card, password, biometric authentication. Some doors have a keypad and user needs to enter the code to open the door. Biometric authentication includes finger print, retina scan, Iris scan, Voice authentication etc.

Mantraps :
It is mainly used in areas that require very strong security like government, military etc.
This is a good trick to trap an attacker.In this a room is secured by two doors. Which means
that person need to pass through 2 doors to get into the room. There is quite space between these two doors. Moreover if can't keep both doors open in same time. A door will only open if other door is closed.
Now the first door don't need any authentication from outside, so anyone can enter but the second door needs the authentication to open and to enter the room. The first door needs authentication from inside.
So here is how this trick work. Let an attacker enters a company in spy manner. Now he/she reaches the mantrap. Attacker will not be aware about mantrap. So attacker open the first door and enter as it will not require any authentication. Now attacker closes the first door. Now when attacker tries to open second door it will ask for authentication, now if attacker don't have authentication then he/she can't open second door. Moreover first door will also require authentication from inside to open .
As attacker don't have authentication he/she gets trapped in between both the doors. Later he/she can be caught by the employers and can be inquired.

3. Reception :
This is usually the place where people sit and wait for someone. It must be secured to avoid any attacker to enter internal places. The activities of people in reception area must be watched and recorded by CCTV. etc.People sitting in reception area must be questioned about there presence. The computer of receptionist must be well secured and screen must not face towards the crowd.
Moreover no important documents must be lying on reception area. This can be used by attacker for social engineering.
The sitting arrangement of visitors must be at safe distance so that they don't overhear any important conversations.

4. Workplace :
This is area where the employers work. Employer of one department must not be allowed to pass information to other department unless it is regarding project/work. Employers must lock their unattented screen before leaving.
This is main step because it can avoid the attacker to have physical access to system. Employers must be provided badges to identify them. If any person is wandering in company without badge he/she can be questioned about it. Visitors must be provided visitor badge. Employers must not write any useful information on small paper and stick it on desktop, keyboard or walls. It is seen that many employers write their password on small bit of paper and hide it somewhere like under keyboard etc. This type of thing must be avoided. Usually it is seen that many companies label their machines with the name according to their fucntions. Like mail servers has a label of paper on which it is written mail server. This must be avoided because attacker can easily know the location of your particular machines.
Wireless access points must be also secured in order to avoid unauthorized access to corporate network. Use WPA instead if WEP, use techniques like MAC filtering all this can make breaking into WiFi complicated for attacker.

So these were some precautions that can be taken to implement physical security in an infrastructure.

No comments:

Post a Comment