Home > Threats to physical security
Book Chapter:
EMAIL THIS LICENSING & REPRINTS

Threats to physical security

26 Jan 2007 | By Dan Sullivan, Realtimepublishers

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This is tip No. 6 in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers.

Electronic defenses, especially perimeter defenses, can be defeated if attackers gain physical access to IT assets. If an attacker can reach an office, the attacker could:

  • Install hardware keyloggers to capture keystrokes, including usernames and passwords
  • Pose as a driver from a parcel delivery service and pickup backup tapes and disks
  • Engage in social engineering with office staff to learn about security procedures, office policies, and the names of executives and managers in the office
  • Use a rogue device to access a poorly secured wireless network

Any one of these ploys might not be enough to compromise a system or result in a disclosure, but they can provide pieces to the security puzzle that attacker is trying to assess. Physical access controls, surveillance, and security awareness training are countermeasures to this type of threat.

From increasingly sophisticated malware to social engineering to physical threats, there are many ways to fall victim to information security attacks. With a large set of countermeasures at one's disposal, the question arises, how to choose among them?


How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The Ever-Evolving Threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Viruses, Worms and Other Malware
Yahoo, McAfee to warn users of dangerous websites
Botnets and ethics
Trojan downloaders, droppers skyrocket, Microsoft says
New phishing, Zeus Trojan technique spreads crimeware
Researchers uncover tool used to infect websites, spread malware
RSA 2008: Defeating botnets
Malware found on HP ProLiant server USB keys
Is there a market for standalone antivirus products?
Can 'herd intelligence' effectively stop malware?
Panda latest AV firm trying to adapt with the times

Spyware, Adware and Trojans
Yahoo, McAfee to warn users of dangerous websites
Botnets and ethics
Trojan downloaders, droppers skyrocket, Microsoft says
Kraken botnet balloons to dangerous levels
New Storm attack exploits April Fool's Day
Panda latest AV firm trying to adapt with the times
PDF spam reemerges in some inboxes
Trojan toolkit infected 10,000 Web sites in December
New rootkit threatens Windows users
Spam continues surge as spammers become clever in '07
Spyware, Adware and Trojans Research

Social Engineering
Should social engineering tests be included in penetration testing?
What kind of data is compromised during a Google hack?
Information security book excerpts and reviews
How Russia became a malware hornet's nest
Are senior level executives a target for social engineering attacks?
How does a mail server respond to fake email addresses?
RSA Conference: Children must learn about cyber risks
Social engineering
Online crime as ugly as ever
Social engineering's new tricks present bigger dangers

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
directory traversal  (SearchSecurity.com)
Kraken  (SearchSecurity.com)
man in the browser  (SearchSecurity.com)
Mytob  (SearchSecurity.com)
polymorphic malware  (SearchSecurity.com)
RavMonE virus  (SearchSecurity.com)
RFID virus  (SearchSecurity.com)
Rock Phish  (SearchSecurity.com)
Zotob  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts