Tip

Improving network security: How to avoid physical security threats

Vernon Habersetzer, Contributing Writer
There it is … that little jack on the wall that's connected to a world of information, ranging from the Internet to your company's payroll system. One click of a network cable into the jack and they're on their way! Who, you might ask? Let's start with the curious one who finds an active network jack in a nice, quiet conference or training room. What are the real issues with this, and how do you combat them? Here you will learn how improving network security can combat physical security threats.

Private facilities have always had an advantage over public facilities in that they are easier to physically secure. Public areas, such as hospitals, universities and libraries, can be a challenge to secure because of the lack of physical security. Public or private, there will always be some level of security risk wherever a network jack is active. Classrooms, communications closets and conference rooms are a few of the problem areas commonly found unlocked and accessible to anyone curious enough to peek inside.

Let's demonstrate the risk with an example scenario. Suppose a hacker connects a laptop to a network jack in your building. Most network jacks are active, meaning they are connected to a functioning piece of network equipment. If you run a DHCP server, which hands out IP addresses to any device that is plugged into the network, one will be issued to the hacker's laptop as well. If DHCP is not used, the hacker can simply launch a sniffer and find an unused IP address

    Requires Free Membership to View

for his laptop. Once connected, a few simple commands can locate some of your key servers, after which the enumeration of user accounts and services begins. In a matter of minutes, passwords will likely be compromised, a service or two may be exploited and the game is over; the hacker has won. You've now got a real mess on your hands.

Fortunately, there are ways to avoid physical security threats and prevent hackers -- or even vendors and contractors, for that matter -- from connecting computers to your network when they find a network jack. One thing you can do is disable network jacks in conference rooms and classrooms until people need them. Keeping these rooms locked whenever possible is another best practice. A third defense is to require your network switches to only allow network cards with specific addresses, called MAC addresses, to connect to the network. Every network card is programmed with a unique MAC address, though these can be altered via spoofing software. Even more stringent is the option of configuring network servers to require a valid computer certificate before a user can log on. Keep in mind, if you want to keep unauthorized people from using computers already connected to your network, such as classroom PCs, you should enforce bootup and screensaver passwords to lock the PC at both the client side and the network side, as well as requiring a user certificate. To learn more about certificates, contact a vendor of Public Key Infrastructure (PKI) and digital certificate systems.

Most of the above recommendations require the involvement of server and network administrators, who may or may not immediately see the value in these changes until you explain the reality of these security risks. Active network jacks are the entrance to a hacker's playground, and can result in a major security incident if ignored.

About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has seven years of in-the-trenches security experience in healthcare and retail environments.


HACKER ATTACK TECHNIQUES AND TACTICS

  Introduction: Hacker attack tactics
  How to stop hacker theft
  Hacker system fingerprinting, probing
  Using network intrusion detection tools
  Avoid physical security threats
  Authentication system security weaknesses
  Improve your access request process
  Social engineering hacker attack tactics
  Secure remote access points
  Securing your Web sever
  Wireless security basics
  How to tell if you've been hacked

This was first published in January 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.