SlideShare a Scribd company logo

Is Your Data Literally Walking Out the Door?

Download as PPTX, PDF
Mike Saunders
Mike Saunders

Your network security doesn't matter if an attacker can enter your facility and walk off with your critical assets and sensitive data, or attach a back door to your network. This presentation provides an introductory overview of physical security from an attacker's perspective.

Technology
1 of 69
Is Your Data Literally Walking Out the Door? Mike Saunders – CISSP, GPEN, GWAPT, GCIH Hardwater Information Security
About Mike  In IT full-time since 1998  Entered IT Security in 2007  Avid fisherman  In the best horn rock band ever!
DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught  Attempting physical bypass of security mechanisms may result in damage  Don’t test on your critical controls unless you have backups
Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  Talk about some defenses  When you leave here, look at your infrastructure in a new way
Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
Surveillance and accesibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  Are there doors only used for exiting?  Hedges and trees are great for privacy for you and potential attackers  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there gaps in the camera coverage?
Recon
Street view
Cameras
More cameras
We haz security! O Rly?
What the? I can’t even. www.schneier.com
Lootz is here!
Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling
We’ve got doors! Even Locks! gregvan.com
Doors with External Hinges  Just pop the hinge pins!
Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
Set screw hinge www.renovation-headquarters.com
Stud hinge www.renovation-headquarters.com
Non-removable hinge www.renovation-headquarters.com
Crash (panic) Bar Doors www.leinbachservices.com
Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
J tool door bypass tool © RiftRecon
J tool in action www.vententersearch.com
TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
Well, what do we have here?
No keys? No problem! Pick a card. Any card will do!
What about lever handles?
The K-22 © RiftRecon
K-22 in action © RiftRecon
Stealth © RiftRecon
K-22 meets crash bar http://www.theben-jim.com/
What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
We’ve got badge readers!
And he’s cloning your badge!
RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
Or go for a walk Time to get on the bus
What about cameras?
Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
IP cameras (and security systems) www.cctvcamerapros.com
IP cameras (and security systems) …(and the Internet)
IP Camera + Internet + Weak/Default Creds =
Blinding a security camera with a laser www.naimark.net
You say convenience… securestate.com
Oh hai! Come on in! securestate.com
Yes, we have bypass!  Video removed for size reasons. Video showed motion detectors can be triggered with a big cloud of vapor from an e-cigarette
Motion detector tricks  Slide a notebook under the door  Or…
More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
Hrm… I wonder what the code is? www.schneier.com
I wonder why those buttons are so shiny… www.schneier.com
Fun with a black light
Fingerprints from UV pen ink
Fingerprints from highlighter
Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
Attacking biometric systems
Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners  Enable live scan for iris scans
Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
Any questions?  mike.saunders@hardwaterinformationsecurity.com  @hardwaterhacker  http://hardwatersec.blogspot.com/

Recommended

Is Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationIs Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationMike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Roger Johnston
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
 
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
eSAT Publishing House
 
Europe2015
Europe2015Europe2015
Europe2015
Sarah Weatherhead Kous
 
برای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدبرای تدریس زور الکی نزنید
برای تدریس زور الکی نزنید
Self-employed
 

Recommended

Is Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationIs Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationMike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Roger Johnston
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015
Hykeos
 
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
eSAT Publishing House
 
Europe2015
Europe2015Europe2015
Europe2015
Sarah Weatherhead Kous
 
برای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدبرای تدریس زور الکی نزنید
برای تدریس زور الکی نزنید
Self-employed
 
пасха презентация
пасха презентацияпасха презентация
пасха презентацияБолотова Елена
 
пасха презентация
пасха презентацияпасха презентация
пасха презентацияБолотова Елена
 
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Harsh Vardhan Sharma
 
Korus
KorusKorus
KorusAnupam Sarsar
 
Sudden death
Sudden deathSudden death
Sudden death
Doc Piyush
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheel
eSAT Publishing House
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...
eSAT Publishing House
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diegosaezs0596
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on black
allisonwickler
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed scheduling
eSAT Publishing House
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?
vissua
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)
deep sharma
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 8003154730
8003154730
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to Paswords
Deepanshu Saini
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
Peter Wood
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
Rishabha Garg
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
Frederik Questier
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom TechnologiesAnil Bilgihan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingCTIN
 

More Related Content

Viewers also liked

Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Harsh Vardhan Sharma
 
Sudden death
Sudden deathSudden death
Sudden death
Doc Piyush
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheel
eSAT Publishing House
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...
eSAT Publishing House
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diegosaezs0596
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on black
allisonwickler
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed scheduling
eSAT Publishing House
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?
vissua
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)
deep sharma
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 8003154730
8003154730
 

Viewers also liked (13)

пасха презентация
пасха презентацияпасха презентация
пасха презентация
 
пасха презентация
пасха презентацияпасха презентация
пасха презентация
 
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
 
Korus
KorusKorus
Korus
 
Sudden death
Sudden deathSudden death
Sudden death
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheel
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diego
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on black
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed scheduling
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 8003154730
 

Similar to Is Your Data Literally Walking Out the Door?

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
dougfarre
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to Paswords
Deepanshu Saini
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
Peter Wood
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
Rishabha Garg
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
Frederik Questier
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom TechnologiesAnil Bilgihan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingCTIN
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009
University of Southern Mississippi
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
SupanShah2
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)
Jeffrey Lam
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
abdifatah said
 
Open Nature Park Ops & Security Solutions
Open Nature Park Ops & Security SolutionsOpen Nature Park Ops & Security Solutions
Open Nature Park Ops & Security Solutionskoottummel
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
How To Make Your Security
How To Make Your SecurityHow To Make Your Security
How To Make Your Security
CCTV Camera Bangladesh
 
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thChapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
samirapdcosden
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
trendy updates
 
Application of science & technology in security management
Application of science & technology in security managementApplication of science & technology in security management
Application of science & technology in security management
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 

Similar to Is Your Data Literally Walking Out the Door? (20)

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to Paswords
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom Technologies
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
Open Nature Park Ops & Security Solutions
Open Nature Park Ops & Security SolutionsOpen Nature Park Ops & Security Solutions
Open Nature Park Ops & Security Solutions
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System Security
 
How To Make Your Security
How To Make Your SecurityHow To Make Your Security
How To Make Your Security
 
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thChapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
Application of science & technology in security management
Application of science & technology in security managementApplication of science & technology in security management
Application of science & technology in security management
 

More from Mike Saunders

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101
Mike Saunders
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshop
Mike Saunders
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017
Mike Saunders
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distroMike Saunders
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITSMike Saunders
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksMike Saunders
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
Mike Saunders
 
You will be breached
You will be breachedYou will be breached
You will be breached
Mike Saunders
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
Mike Saunders
 

More from Mike Saunders (11)

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshop
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distro
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITS
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacks
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 

Is Your Data Literally Walking Out the Door?

  • 1. Is Your Data Literally Walking Out the Door? Mike Saunders – CISSP, GPEN, GWAPT, GCIH Hardwater Information Security
  • 2. About Mike  In IT full-time since 1998  Entered IT Security in 2007  Avid fisherman  In the best horn rock band ever!
  • 3. DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught  Attempting physical bypass of security mechanisms may result in damage  Don’t test on your critical controls unless you have backups
  • 4.
  • 5. Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  Talk about some defenses  When you leave here, look at your infrastructure in a new way
  • 6. Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
  • 7.
  • 8. Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
  • 9. Surveillance and accesibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  Are there doors only used for exiting?  Hedges and trees are great for privacy for you and potential attackers  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there gaps in the camera coverage?
  • 10. Recon
  • 15. What the? I can’t even. www.schneier.com
  • 17. Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
  • 18. Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling
  • 19. We’ve got doors! Even Locks! gregvan.com
  • 20. Doors with External Hinges  Just pop the hinge pins!
  • 21. Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
  • 25. Crash (panic) Bar Doors www.leinbachservices.com
  • 26. Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
  • 27. J tool door bypass tool © RiftRecon
  • 28. J tool in action www.vententersearch.com
  • 29. TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
  • 30. Well, what do we have here?
  • 31. No keys? No problem! Pick a card. Any card will do!
  • 32. What about lever handles?
  • 34. K-22 in action © RiftRecon
  • 36. K-22 meets crash bar http://www.theben-jim.com/
  • 37. What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
  • 38. We’ve got badge readers!
  • 39. And he’s cloning your badge!
  • 40. RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
  • 41. Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
  • 42. Or go for a walk Time to get on the bus
  • 44. Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
  • 45. IP cameras (and security systems) www.cctvcamerapros.com
  • 46. IP cameras (and security systems) …(and the Internet)
  • 47. IP Camera + Internet + Weak/Default Creds =
  • 48. Blinding a security camera with a laser www.naimark.net
  • 50. Oh hai! Come on in! securestate.com
  • 51. Yes, we have bypass!  Video removed for size reasons. Video showed motion detectors can be triggered with a big cloud of vapor from an e-cigarette
  • 52. Motion detector tricks  Slide a notebook under the door  Or…
  • 53.
  • 54. More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
  • 55. You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
  • 56. Hrm… I wonder what the code is? www.schneier.com
  • 57.
  • 58. I wonder why those buttons are so shiny… www.schneier.com
  • 59. Fun with a black light
  • 62. Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
  • 64. Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners  Enable live scan for iris scans
  • 65. Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
  • 66. Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
  • 67. Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
  • 68. Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
  • 69. Any questions?  mike.saunders@hardwaterinformationsecurity.com  @hardwaterhacker  http://hardwatersec.blogspot.com/