Secure Desktops and Computer Rooms to Avoid Hacks
After hackers obtain physical access to a building, they look for the computer room and other easily accessible computer and network devices. Securing these physical components is a good step to take against hackers.
The keys to the kingdom are often as close as someone’s desktop computer and not much farther than an unsecured computer room or wiring closet.
Malicious intruders can do the following:
Obtain network access and send malicious e-mails as a logged-in user.
Crack and obtain passwords directly from the computer by booting it with a tool such as the ophcrack LiveCD.
Place penetration drop boxes such as those made by Pwnie Express in a standard power outlet. These devices allow a malicious intruder to connect back into the system via cellular connection to perform their dirty deeds. This is a really sneaky (spy-like) means for intrusion that you have to check out.
Steal files from the computer by copying them to a removable storage device (such as a phone, MP3 player, or USB drive) or by e-mailing them to an external address.
Enter unlocked computer rooms and mess around with servers, firewalls, and routers.
Walk out with network diagrams, contact lists, and business-continuity and incident-response plans.
Obtain phone numbers from analog lines and circuit IDs from T1, Metro Ethernet, and other telecom equipment for future attacks.
Practically every bit of unencrypted information that traverses the network can be recorded for future analysis through one of the following methods:
Connecting a computer running network analyzer software to a hub or monitor, or a mirrored port on a switch on your network.
Installing network analyzer software on an existing computer.
A network analyzer is very hard to spot.
How would hackers access this information in the future?
The easiest attack method is to install remote-administration software on the computer, such as VNC.
A crafty hacker with enough time can bind a public IP address to the computer if the computer is outside the firewall. Hackers or malicious insiders with enough network knowledge (and time) can configure new firewall rules to do this.
Also, consider these other physical vulnerabilities:
How easily can someone’s computer be accessed during regular business hours? During lunchtime? After hours?
Are computers — especially laptops — secured to desks with locks? Are their hard drives encrypted in the event one is lost or stolen?
Do employees typically leave their phones and tablets lying around unsecured? What about when they’re traveling or working from home (and the coffee shop)?
Are passwords stored on sticky notes on computer screens, keyboards, or desks?
Are backup media lying around the office or data center susceptible to theft?
Are safes used to protect backup media? Are they specifically rated for media to keep backups from melting during a fire? Who can access the safe?
Safes are often at great risk because of their size and value. Also, they are typically unprotected by the organization’s regular security controls. Are specific policies and technologies in place to help protect them? Are locking laptop bags required? What about power-on passwords? Also, consider encryption in case these devices get into a hacker’s hands.
How easily can someone connect to a wireless access point (AP) signal or the AP itself to join the network? Rogue access points are also something to consider.
Are network firewalls, routers, switches, and hubs (basically, anything with an Ethernet connection) easily accessible, which would enable a hacker to plug in to the network easily?
Are all cables patched through on the patch panel in the wiring closet so all network drops are live?
This set-up is very common but a bad idea because it allows anyone to plug in to the network anywhere and gain access.
Network and computer security countermeasures are some of the simplest to implement yet the most difficult to enforce because they involve everyday actions. Here’s a rundown of these countermeasures:
Make your users aware of what to look out for so you have extra sets of eyes and ears helping you out.
Require users to lock their screens — which usually takes a few clicks or keystrokes in Windows or UNIX — when they leave their computers.
Ensure that strong passwords are used.
Require laptop users to lock their systems to their desks with a locking cable. This is especially important for remote workers and travelers as well as in larger companies or locations that receive a lot of foot traffic.
Keep computer rooms and wiring closets locked and monitor those areas for wrongdoings.
Keep a current inventory of hardware and software within the organization so it’s easy to determine when extra equipment appears or when equipment is missing. This is especially important in computer rooms.
Properly secure computer media when stored and during transport.
Scan for rogue wireless access points.
Use cable traps and locks that prevent intruders from unplugging network cables from patch panels or computers and using those connections for their own computers.
Use a bulk eraser on magnetic media before they’re discarded.