SlideShare a Scribd company logo

Is Your Data Literally Walking Out the Door?

Download as PPTX, PDF
Mike Saunders
Mike Saunders

Your network security doesn't matter if an attacker can enter your facility and walk off with your critical assets and sensitive data, or attach a back door to your network. This presentation provides an introductory overview of physical security from an attacker's perspective.

Technology
1 of 69
Is Your Data Literally Walking Out the Door? Mike Saunders – CISSP, GPEN, GWAPT, GCIH Hardwater Information Security
About Mike  In IT full-time since 1998  Entered IT Security in 2007  Avid fisherman  In the best horn rock band ever!
DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught  Attempting physical bypass of security mechanisms may result in damage  Don’t test on your critical controls unless you have backups
Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  Talk about some defenses  When you leave here, look at your infrastructure in a new way
Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
Surveillance and accesibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  Are there doors only used for exiting?  Hedges and trees are great for privacy for you and potential attackers  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there gaps in the camera coverage?
Recon
Street view
Cameras
More cameras
We haz security! O Rly?
What the? I can’t even. www.schneier.com
Lootz is here!
Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling
We’ve got doors! Even Locks! gregvan.com
Doors with External Hinges  Just pop the hinge pins!
Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
Set screw hinge www.renovation-headquarters.com
Stud hinge www.renovation-headquarters.com
Non-removable hinge www.renovation-headquarters.com
Crash (panic) Bar Doors www.leinbachservices.com
Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
J tool door bypass tool © RiftRecon
J tool in action www.vententersearch.com
TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
Well, what do we have here?
No keys? No problem! Pick a card. Any card will do!
What about lever handles?
The K-22 © RiftRecon
K-22 in action © RiftRecon
Stealth © RiftRecon
K-22 meets crash bar http://www.theben-jim.com/
What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
We’ve got badge readers!
And he’s cloning your badge!
RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
Or go for a walk Time to get on the bus
What about cameras?
Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
IP cameras (and security systems) www.cctvcamerapros.com
IP cameras (and security systems) …(and the Internet)
IP Camera + Internet + Weak/Default Creds =
Blinding a security camera with a laser www.naimark.net
You say convenience… securestate.com
Oh hai! Come on in! securestate.com
Yes, we have bypass!  Video removed for size reasons. Video showed motion detectors can be triggered with a big cloud of vapor from an e-cigarette
Motion detector tricks  Slide a notebook under the door  Or…
More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
Hrm… I wonder what the code is? www.schneier.com
I wonder why those buttons are so shiny… www.schneier.com
Fun with a black light
Fingerprints from UV pen ink
Fingerprints from highlighter
Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
Attacking biometric systems
Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners  Enable live scan for iris scans
Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
Any questions?  mike.saunders@hardwaterinformationsecurity.com  @hardwaterhacker  http://hardwatersec.blogspot.com/

Recommended

Is Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationIs Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationMike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...eSAT Publishing House
 
Europe2015
Europe2015Europe2015
Europe2015Sarah Weatherhead Kous
 
برای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدبرای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدSelf-employed
 

Recommended

Is Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationIs Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationMike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...eSAT Publishing House
 
Europe2015
Europe2015Europe2015
Europe2015Sarah Weatherhead Kous
 
برای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدبرای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدSelf-employed
 
пасха презентация
пасха презентацияпасха презентация
пасха презентацияБолотова Елена
 
пасха презентация
пасха презентацияпасха презентация
пасха презентацияБолотова Елена
 
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComHarsh Vardhan Sharma
 
Korus
KorusKorus
KorusAnupam Sarsar
 
Sudden death
Sudden deathSudden death
Sudden deathDoc Piyush
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheeleSAT Publishing House
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...eSAT Publishing House
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diegosaezs0596
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on blackallisonwickler
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingeSAT Publishing House
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?vissua
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)deep sharma
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 80031547308003154730
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to PaswordsDeepanshu Saini
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data SecurityFrederik Questier
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom TechnologiesAnil Bilgihan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingCTIN
 

More Related Content

Viewers also liked

Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComHarsh Vardhan Sharma
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheeleSAT Publishing House
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...eSAT Publishing House
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diegosaezs0596
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on blackallisonwickler
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingeSAT Publishing House
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?vissua
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 80031547308003154730
 

Viewers also liked (13)

пасха презентация
пасха презентацияпасха презентация
пасха презентация
 
пасха презентация
пасха презентацияпасха презентация
пасха презентация
 
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
 
Korus
KorusKorus
Korus
 
Sudden death
Sudden deathSudden death
Sudden death
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheel
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diego
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on black
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed scheduling
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 8003154730
 

Similar to Is Your Data Literally Walking Out the Door?

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to PaswordsDeepanshu Saini
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom TechnologiesAnil Bilgihan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingCTIN
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Jeffrey Lam
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
Open Nature Park Ops & Security Solutions
Open Nature Park Ops & Security SolutionsOpen Nature Park Ops & Security Solutions
Open Nature Park Ops & Security Solutionskoottummel
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thChapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thsamirapdcosden
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 

Similar to Is Your Data Literally Walking Out the Door? (20)

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to Paswords
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom Technologies
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
Open Nature Park Ops & Security Solutions
Open Nature Park Ops & Security SolutionsOpen Nature Park Ops & Security Solutions
Open Nature Park Ops & Security Solutions
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System Security
 
How To Make Your Security
How To Make Your SecurityHow To Make Your Security
How To Make Your Security
 
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thChapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
Application of science & technology in security management
Application of science & technology in security managementApplication of science & technology in security management
Application of science & technology in security management
 

More from Mike Saunders

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101Mike Saunders
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopMike Saunders
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017Mike Saunders
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distroMike Saunders
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITSMike Saunders
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksMike Saunders
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 

More from Mike Saunders (11)

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshop
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distro
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITS
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacks
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Is Your Data Literally Walking Out the Door?

  • 1. Is Your Data Literally Walking Out the Door? Mike Saunders – CISSP, GPEN, GWAPT, GCIH Hardwater Information Security
  • 2. About Mike  In IT full-time since 1998  Entered IT Security in 2007  Avid fisherman  In the best horn rock band ever!
  • 3. DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught  Attempting physical bypass of security mechanisms may result in damage  Don’t test on your critical controls unless you have backups
  • 4.
  • 5. Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  Talk about some defenses  When you leave here, look at your infrastructure in a new way
  • 6. Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
  • 7.
  • 8. Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
  • 9. Surveillance and accesibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  Are there doors only used for exiting?  Hedges and trees are great for privacy for you and potential attackers  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there gaps in the camera coverage?
  • 10. Recon
  • 15. What the? I can’t even. www.schneier.com
  • 17. Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
  • 18. Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling
  • 19. We’ve got doors! Even Locks! gregvan.com
  • 20. Doors with External Hinges  Just pop the hinge pins!
  • 21. Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
  • 25. Crash (panic) Bar Doors www.leinbachservices.com
  • 26. Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
  • 27. J tool door bypass tool © RiftRecon
  • 28. J tool in action www.vententersearch.com
  • 29. TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
  • 30. Well, what do we have here?
  • 31. No keys? No problem! Pick a card. Any card will do!
  • 32. What about lever handles?
  • 34. K-22 in action © RiftRecon
  • 36. K-22 meets crash bar http://www.theben-jim.com/
  • 37. What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
  • 38. We’ve got badge readers!
  • 39. And he’s cloning your badge!
  • 40. RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
  • 41. Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
  • 42. Or go for a walk Time to get on the bus
  • 44. Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
  • 45. IP cameras (and security systems) www.cctvcamerapros.com
  • 46. IP cameras (and security systems) …(and the Internet)
  • 47. IP Camera + Internet + Weak/Default Creds =
  • 48. Blinding a security camera with a laser www.naimark.net
  • 50. Oh hai! Come on in! securestate.com
  • 51. Yes, we have bypass!  Video removed for size reasons. Video showed motion detectors can be triggered with a big cloud of vapor from an e-cigarette
  • 52. Motion detector tricks  Slide a notebook under the door  Or…
  • 53.
  • 54. More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
  • 55. You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
  • 56. Hrm… I wonder what the code is? www.schneier.com
  • 57.
  • 58. I wonder why those buttons are so shiny… www.schneier.com
  • 59. Fun with a black light
  • 62. Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
  • 64. Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners  Enable live scan for iris scans
  • 65. Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
  • 66. Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
  • 67. Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
  • 68. Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
  • 69. Any questions?  mike.saunders@hardwaterinformationsecurity.com  @hardwaterhacker  http://hardwatersec.blogspot.com/