There it is … that little jack on the wall that's connected to a world of information, ranging from the Internet
to your company's payroll system. One click of a network cable into the jack and they're on their way! Who, you might ask? Let's start with the curious one who finds an active network jack in a nice, quiet conference or training room. What are the real issues with this, and how do you combat them? Here you will learn how improving network security can combat physical security threats.
Private facilities have always had an advantage over public facilities in that they are easier to physically secure. Public areas, such as hospitals, universities and libraries, can be a challenge to secure because of the lack of physical security. Public or private, there will always be some level of security risk wherever a network jack is active. Classrooms, communications closets and conference rooms are a few of the problem areas commonly found unlocked and accessible to anyone curious enough to peek inside.
Let's demonstrate the risk with an example scenario. Suppose a hacker connects a laptop to a network jack in your building. Most network jacks are active, meaning they are connected to a functioning piece of network equipment. If you run a DHCP server, which hands out IP addresses to any device that is plugged into the network, one will be issued to the hacker's laptop as well. If DHCP is not used, the hacker can simply launch a sniffer and find an unused IP address for his laptop. Once connected, a few simple commands can locate some of your key servers, after which the enumeration of user accounts and services begins. In a matter of minutes, passwords will likely be compromised, a service or two may be exploited and the game is over; the hacker has won. You've now got a real mess on your hands.
Fortunately, there are ways to avoid physical security threats and prevent hackers -- or even vendors and contractors, for that matter -- from connecting computers to your network when they find a network jack. One thing you can do is disable network jacks in conference rooms and classrooms until people need them. Keeping these rooms locked whenever possible is another best practice. A third defense is to require your network switches to only allow network cards with specific addresses, called MAC addresses, to connect to the network. Every network card is programmed with a unique MAC address, though these can be altered via spoofing software. Even more stringent is the option of configuring network servers to require a valid computer certificate before a user can log on. Keep in mind, if you want to keep unauthorized people from using computers already connected to your network, such as classroom PCs, you should enforce bootup and screensaver passwords to lock the PC at both the client side and the network side, as well as requiring a user certificate. To learn more about certificates, contact a vendor of Public Key Infrastructure (PKI) and digital certificate systems.
Most of the above recommendations require the involvement of server and network administrators, who may or may not immediately see the value in these changes until you explain the reality of these security risks. Active network jacks are the entrance to a hacker's playground, and can result in a major security incident if ignored.
About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.
HACKER ATTACK TECHNIQUES AND TACTICS
Introduction: Hacker attack tactics
How to stop hacker theft
Hacker system fingerprinting, probing
Using network intrusion detection tools
Avoid physical security threats
Authentication system security weaknesses
Improve your access request process
Social engineering hacker attack tactics
Secure remote access points
Securing your Web sever
Wireless security basics
How to tell if you've been hacked