Threats to physical security

Electronic defenses, especially perimeter defenses, can be defeated if attackers gain physical access to IT assets. If an attacker can reach an office, the attacker could:

• Install hardware keyloggers to capture keystrokes, including usernames and passwords
• Pose as a driver from a parcel delivery service and pickup backup tapes and disks
• Engage in social engineering with office staff to learn about security procedures, office policies, and the names of executives and managers in the office
• Use a rogue device to access a poorly secured wireless network

Any one of these ploys might not be enough to compromise a system or result in a disclosure, but they can provide pieces to the security puzzle that attacker is trying to assess. Physical access controls, surveillance, and security awareness training are countermeasures to this type of threat.

From increasingly sophisticated malware to social engineering to physical threats, there are many ways to fall victim to information security attacks. With a large set of countermeasures at one's disposal, the question arises, how to choose among them?

How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The Ever-Evolving Threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Viruses, Worms and Other Malware Product Review: Sophos Endpoint Security and Control 8.0 Researcher disinfects multimedia Trojans Researchers develop cloud-based antivirus Web advertising exploits: Protecting Web browsers and servers SaaS startups enter Web security gateway market Hoffman to demonstrate new hacking techniques Analysis tool uses Intel virtualization to hide from malware How can widget malware on social networking sites threaten enterprises? How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks? Microsoft Word zero-day being actively exploited Spyware, Adware and Trojans Clickjacking details released after attack proof-of-concept emerges Product Review: Sophos Endpoint Security and Control 8.0 Researchers develop cloud-based antivirus Web advertising exploits: Protecting Web browsers and servers SaaS startups enter Web security gateway market Ransomware: How to deal with advanced encryption algorithms Stolen data ending up in Google cache, say researchers Information security book excerpts and reviews Yahoo, McAfee to warn users of dangerous websites Botnets and ethics Spyware, Adware and Trojans Research Social Engineering Combat social engineering the 'Carnegie' way Quiz: Anatomy of an attack Countermeasures against targeted attacks in the enterprise Stolen data ending up in Google cache, say researchers Information security book excerpts and reviews Should social engineering tests be included in penetration testing? What kind of data is compromised during a Google hack? How Russia became a malware hornet's nest Are senior level executives a target for social engineering attacks? How does a mail server respond to fake email addresses?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) directory traversal  (SearchSecurity.com) Kraken  (SearchSecurity.com) man in the browser  (SearchSecurity.com) Mytob  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) RavMonE virus  (SearchSecurity.com) RFID virus  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Zotob  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary