SlideShare a Scribd company logo

Is Your Data Literally Walking Out the Door-presentation

Download as PPTX, PDF
Mike Saunders
Mike Saunders
1 of 72
Is Your Data Literally Walking Out the Door? Mike Saunders @hardwaterhacker Hardwater Information Security
About Mike  In IT full-time since 1998  Entered IT Security in 2007  Certifications: CISSP, GPEN, GWAPT, GCIH  Not a professional physical security tester, just curious. And paranoid.
DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Don’t test on your critical controls unless you have backups  Attempting physical bypass of security mechanisms may result in damage  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught
Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  When you leave here, look at your infrastructure in a new way  Talk about some defenses  We aren’t going to discuss lock picking – there are plenty of resources out there for this. Know that an attacker could also choose to pick a lock in place of the bypasses discussed here
Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset
Surveillance and accessibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Hedges and trees are great for privacy for you and potential attackers  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there doors only used for exiting?  Are there gaps in the camera coverage?
Recon
Street view
Cameras
More cameras
We haz security! O Rly?
What the? I can’t even. www.schneier.com
More fail
Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
We’ve got doors! Even Locks! gregvan.com
Doors with External Hinges  Just pop the hinge pins!
Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
Set screw hinge www.renovation-headquarters.com
Stud hinge www.renovation-headquarters.com
Non-removable hinge www.renovation-headquarters.com
Crash (panic) Bar Doors www.leinbachservices.com
Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
J tool door bypass tool © RiftRecon
J tool in action www.vententersearch.com
TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
Well, what do we have here?
No keys? No problem! Pick a card. Any card will do!
What about lever handles?
The K-22 © RiftRecon
K-22 in action © RiftRecon
Stealth © RiftRecon
K-22 meets crash bar http://www.theben-jim.com/
What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
We’ve got badge readers!
And he’s cloning your badge!
RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
Or go for a walk Time to get on the bus
What about cameras?
Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
Wireless cameras? www.astak.com
Seek… And destroy (or at least jam) advanced-intelligence.com
IP cameras (and security systems) www.cctvcamerapros.com
IP cameras (and security systems) …(and the Internet)
IP Camera + Internet + Weak/Default Creds =
Blinding a security camera with a laser www.naimark.net
You say convenience… securestate.com
Oh hai! Come on in! securestate.com
Yes, we have bypass!
Motion detector tricks  Slide a notebook under the door  Or…
More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
Hrm… I wonder what the code is? www.schneier.com
h/t @Rance
I wonder why those buttons are so shiny… www.schneier.com
Fun with a black light
Fingerprints from UV pen ink
Fingerprints from highlighter
Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
Attacking biometric systems
Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners
More escalation  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling  Raised flooring can be used if wall does not extend to floor
Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
Any questions?  msaunders.sec@gmail.com  @hardwaterhacker  http://hardwatersec.blogspot.com/

Recommended

Is Your Data Literally Walking Out the Door?
Is Your Data Literally Walking Out the Door?Is Your Data Literally Walking Out the Door?
Is Your Data Literally Walking Out the Door?Mike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdingershawn_merdinger
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Evidence Seizure Sandyb
Evidence Seizure SandybEvidence Seizure Sandyb
Evidence Seizure SandybCTIN
 
Security Theatre - Confoo
Security Theatre - ConfooSecurity Theatre - Confoo
Security Theatre - Confooxsist10
 
Criminal Investigative Team
Criminal Investigative TeamCriminal Investigative Team
Criminal Investigative TeamCTIN
 
July132000
July132000July132000
July132000CTIN
 

Recommended

Is Your Data Literally Walking Out the Door?
Is Your Data Literally Walking Out the Door?Is Your Data Literally Walking Out the Door?
Is Your Data Literally Walking Out the Door?Mike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdingershawn_merdinger
 
Developing Software with Security in Mind
Developing Software with Security in MindDeveloping Software with Security in Mind
Developing Software with Security in Mindsblom
 
Evidence Seizure Sandyb
Evidence Seizure SandybEvidence Seizure Sandyb
Evidence Seizure SandybCTIN
 
Security Theatre - Confoo
Security Theatre - ConfooSecurity Theatre - Confoo
Security Theatre - Confooxsist10
 
Criminal Investigative Team
Criminal Investigative TeamCriminal Investigative Team
Criminal Investigative TeamCTIN
 
July132000
July132000July132000
July132000CTIN
 
Presentacion estadistica II
Presentacion estadistica IIPresentacion estadistica II
Presentacion estadistica IIalexjcv
 
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. GalwayArchaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. GalwayJohn Tierney
 
Evaluacion y administracion de proyectos una vision integral
Evaluacion y administracion de proyectos una vision integralEvaluacion y administracion de proyectos una vision integral
Evaluacion y administracion de proyectos una vision integralrox_cord
 
Intellectual property
Intellectual propertyIntellectual property
Intellectual propertySharron Scott
 
KVPY-2013 Stream SA General Results
KVPY-2013 Stream SA General ResultsKVPY-2013 Stream SA General Results
KVPY-2013 Stream SA General ResultsALLEN CAREER INSTITUTE
 
Tipsforonlinesuccess
TipsforonlinesuccessTipsforonlinesuccess
TipsforonlinesuccessSharron Scott
 
Ley General De Acceso De Las Mujeres
Ley General De Acceso De Las MujeresLey General De Acceso De Las Mujeres
Ley General De Acceso De Las MujeresDiplomado democracia familiar
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to PaswordsDeepanshu Saini
 
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...EC-Council
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data SecurityFrederik Questier
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of CybersecurityBenoit Callebaut
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 
How does a home security system work
How does a home security system work How does a home security system work
How does a home security system work nishiyath
 
How does a home security system work
How does a home security system work How does a home security system work
How does a home security system work nishiyath
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-Baljit Saini
 
Improving privacy in blockchain using homomorphic encryption
Improving privacy in blockchain using homomorphic encryption Improving privacy in blockchain using homomorphic encryption
Improving privacy in blockchain using homomorphic encryption Razi Rais
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 

More Related Content

Viewers also liked

Presentacion estadistica II
Presentacion estadistica IIPresentacion estadistica II
Presentacion estadistica IIalexjcv
 
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. GalwayArchaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. GalwayJohn Tierney
 
Evaluacion y administracion de proyectos una vision integral
Evaluacion y administracion de proyectos una vision integralEvaluacion y administracion de proyectos una vision integral
Evaluacion y administracion de proyectos una vision integralrox_cord
 
Intellectual property
Intellectual propertyIntellectual property
Intellectual propertySharron Scott
 
Tipsforonlinesuccess
TipsforonlinesuccessTipsforonlinesuccess
TipsforonlinesuccessSharron Scott
 

Viewers also liked (7)

Presentacion estadistica II
Presentacion estadistica IIPresentacion estadistica II
Presentacion estadistica II
 
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. GalwayArchaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
Archaeological Excavation Report - E2448 Cooltymurraghy, Co. Galway
 
Evaluacion y administracion de proyectos una vision integral
Evaluacion y administracion de proyectos una vision integralEvaluacion y administracion de proyectos una vision integral
Evaluacion y administracion de proyectos una vision integral
 
Intellectual property
Intellectual propertyIntellectual property
Intellectual property
 
KVPY-2013 Stream SA General Results
KVPY-2013 Stream SA General ResultsKVPY-2013 Stream SA General Results
KVPY-2013 Stream SA General Results
 
Tipsforonlinesuccess
TipsforonlinesuccessTipsforonlinesuccess
Tipsforonlinesuccess
 
Ley General De Acceso De Las Mujeres
Ley General De Acceso De Las MujeresLey General De Acceso De Las Mujeres
Ley General De Acceso De Las Mujeres
 

Similar to Is Your Data Literally Walking Out the Door-presentation

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to PaswordsDeepanshu Saini
 
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...EC-Council
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of CybersecurityBenoit Callebaut
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 
How does a home security system work
How does a home security system work How does a home security system work
How does a home security system work nishiyath
 
How does a home security system work
How does a home security system work How does a home security system work
How does a home security system work nishiyath
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-Baljit Saini
 
Improving privacy in blockchain using homomorphic encryption
Improving privacy in blockchain using homomorphic encryption Improving privacy in blockchain using homomorphic encryption
Improving privacy in blockchain using homomorphic encryption Razi Rais
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 

Similar to Is Your Data Literally Walking Out the Door-presentation (20)

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to Paswords
 
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
All Your Base Still Belong To Us Physical Penetration Testing Tales From The ...
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
The importance of Cybersecurity
The importance of CybersecurityThe importance of Cybersecurity
The importance of Cybersecurity
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
How does a home security system work
How does a home security system work How does a home security system work
How does a home security system work
 
How does a home security system work
How does a home security system work How does a home security system work
How does a home security system work
 
Password selection,piggybacking-
Password selection,piggybacking-Password selection,piggybacking-
Password selection,piggybacking-
 
Improving privacy in blockchain using homomorphic encryption
Improving privacy in blockchain using homomorphic encryption Improving privacy in blockchain using homomorphic encryption
Improving privacy in blockchain using homomorphic encryption
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Class 8, 9 and 10
Class 8, 9 and 10Class 8, 9 and 10
Class 8, 9 and 10
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
One Time Pad Journal
One Time Pad JournalOne Time Pad Journal
One Time Pad Journal
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 

More from Mike Saunders

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101Mike Saunders
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopMike Saunders
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017Mike Saunders
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distroMike Saunders
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITSMike Saunders
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksMike Saunders
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 

More from Mike Saunders (11)

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshop
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distro
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITS
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacks
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 

Is Your Data Literally Walking Out the Door-presentation

  • 1. Is Your Data Literally Walking Out the Door? Mike Saunders @hardwaterhacker Hardwater Information Security
  • 2. About Mike  In IT full-time since 1998  Entered IT Security in 2007  Certifications: CISSP, GPEN, GWAPT, GCIH  Not a professional physical security tester, just curious. And paranoid.
  • 3. DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Don’t test on your critical controls unless you have backups  Attempting physical bypass of security mechanisms may result in damage  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught
  • 4.
  • 5. Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  When you leave here, look at your infrastructure in a new way  Talk about some defenses  We aren’t going to discuss lock picking – there are plenty of resources out there for this. Know that an attacker could also choose to pick a lock in place of the bypasses discussed here
  • 6. Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
  • 7.
  • 8. Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
  • 9. Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset
  • 10. Surveillance and accessibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Hedges and trees are great for privacy for you and potential attackers  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there doors only used for exiting?  Are there gaps in the camera coverage?
  • 11. Recon
  • 16. What the? I can’t even. www.schneier.com
  • 18. Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
  • 19. We’ve got doors! Even Locks! gregvan.com
  • 20. Doors with External Hinges  Just pop the hinge pins!
  • 21. Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
  • 25. Crash (panic) Bar Doors www.leinbachservices.com
  • 26. Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
  • 27. J tool door bypass tool © RiftRecon
  • 28. J tool in action www.vententersearch.com
  • 29. TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
  • 30. Well, what do we have here?
  • 31. No keys? No problem! Pick a card. Any card will do!
  • 32. What about lever handles?
  • 34. K-22 in action © RiftRecon
  • 36. K-22 meets crash bar http://www.theben-jim.com/
  • 37. What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
  • 38. We’ve got badge readers!
  • 39. And he’s cloning your badge!
  • 40. RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
  • 41. Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
  • 42. Or go for a walk Time to get on the bus
  • 44. Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
  • 46. Seek… And destroy (or at least jam) advanced-intelligence.com
  • 47. IP cameras (and security systems) www.cctvcamerapros.com
  • 48. IP cameras (and security systems) …(and the Internet)
  • 49. IP Camera + Internet + Weak/Default Creds =
  • 50. Blinding a security camera with a laser www.naimark.net
  • 52. Oh hai! Come on in! securestate.com
  • 54. Motion detector tricks  Slide a notebook under the door  Or…
  • 55.
  • 56. More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
  • 57. You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
  • 58. Hrm… I wonder what the code is? www.schneier.com
  • 60. I wonder why those buttons are so shiny… www.schneier.com
  • 61. Fun with a black light
  • 64. Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
  • 66. Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners
  • 67. More escalation  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling  Raised flooring can be used if wall does not extend to floor
  • 68. Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
  • 69. Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
  • 70. Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
  • 71. Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
  • 72. Any questions?  msaunders.sec@gmail.com  @hardwaterhacker  http://hardwatersec.blogspot.com/

Editor's Notes

  1. Network segmentation can help slow down attackers once they gain access to a perimeter system. Segmentation in the physical world works the same.
  2. You don’t have to go through doors to escalate privileges