SlideShare une entreprise Scribd logo

Is Your Data Literally Walking Out the Door?

Télécharger en tant que PPTX, PDF
Mike Saunders
Mike Saunders

Your network security doesn't matter if an attacker can enter your facility and walk off with your critical assets and sensitive data, or attach a back door to your network. This presentation provides an introductory overview of physical security from an attacker's perspective.

Technologie
1  sur  69
Is Your Data Literally Walking Out the Door? Mike Saunders – CISSP, GPEN, GWAPT, GCIH Hardwater Information Security
About Mike  In IT full-time since 1998  Entered IT Security in 2007  Avid fisherman  In the best horn rock band ever!
DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught  Attempting physical bypass of security mechanisms may result in damage  Don’t test on your critical controls unless you have backups
Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  Talk about some defenses  When you leave here, look at your infrastructure in a new way
Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
Surveillance and accesibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  Are there doors only used for exiting?  Hedges and trees are great for privacy for you and potential attackers  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there gaps in the camera coverage?
Recon
Street view
Cameras
More cameras
We haz security! O Rly?
What the? I can’t even. www.schneier.com
Lootz is here!
Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling
We’ve got doors! Even Locks! gregvan.com
Doors with External Hinges  Just pop the hinge pins!
Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
Set screw hinge www.renovation-headquarters.com
Stud hinge www.renovation-headquarters.com
Non-removable hinge www.renovation-headquarters.com
Crash (panic) Bar Doors www.leinbachservices.com
Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
J tool door bypass tool © RiftRecon
J tool in action www.vententersearch.com
TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
Well, what do we have here?
No keys? No problem! Pick a card. Any card will do!
What about lever handles?
The K-22 © RiftRecon
K-22 in action © RiftRecon
Stealth © RiftRecon
K-22 meets crash bar http://www.theben-jim.com/
What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
We’ve got badge readers!
And he’s cloning your badge!
RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
Or go for a walk Time to get on the bus
What about cameras?
Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
IP cameras (and security systems) www.cctvcamerapros.com
IP cameras (and security systems) …(and the Internet)
IP Camera + Internet + Weak/Default Creds =
Blinding a security camera with a laser www.naimark.net
You say convenience… securestate.com
Oh hai! Come on in! securestate.com
Yes, we have bypass!  Video removed for size reasons. Video showed motion detectors can be triggered with a big cloud of vapor from an e-cigarette
Motion detector tricks  Slide a notebook under the door  Or…
More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
Hrm… I wonder what the code is? www.schneier.com
I wonder why those buttons are so shiny… www.schneier.com
Fun with a black light
Fingerprints from UV pen ink
Fingerprints from highlighter
Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
Attacking biometric systems
Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners  Enable live scan for iris scans
Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
Any questions?  mike.saunders@hardwaterinformationsecurity.com  @hardwaterhacker  http://hardwatersec.blogspot.com/

Recommandé

Is Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationIs Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationMike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...eSAT Publishing House
 
Europe2015
Europe2015Europe2015
Europe2015Sarah Weatherhead Kous
 
برای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدبرای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدSelf-employed
 

Recommandé

Is Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationIs Your Data Literally Walking Out the Door-presentation
Is Your Data Literally Walking Out the Door-presentationMike Saunders
 
Vulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsVulnerability Assessment, Physical Security, and Nuclear Safeguards
Vulnerability Assessment, Physical Security, and Nuclear SafeguardsRoger Johnston
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Physical Penetration Testing - RootedCON 2015
Physical Penetration Testing - RootedCON 2015Hykeos
 
Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...Optimization of cutting parameters on mild steel with hss & cemented carbide ...
Optimization of cutting parameters on mild steel with hss & cemented carbide ...eSAT Publishing House
 
Europe2015
Europe2015Europe2015
Europe2015Sarah Weatherhead Kous
 
برای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدبرای تدریس زور الکی نزنید
برای تدریس زور الکی نزنیدSelf-employed
 
пасха презентация
пасха презентацияпасха презентация
пасха презентацияБолотова Елена
 
пасха презентация
пасха презентацияпасха презентация
пасха презентацияБолотова Елена
 
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComHarsh Vardhan Sharma
 
Korus
KorusKorus
KorusAnupam Sarsar
 
Sudden death
Sudden deathSudden death
Sudden deathDoc Piyush
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheeleSAT Publishing House
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...eSAT Publishing House
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diegosaezs0596
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on blackallisonwickler
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingeSAT Publishing House
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?vissua
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)deep sharma
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 80031547308003154730
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to PaswordsDeepanshu Saini
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data SecurityFrederik Questier
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom TechnologiesAnil Bilgihan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingCTIN
 

Contenu connexe

En vedette

Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComHarsh Vardhan Sharma
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheeleSAT Publishing House
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...eSAT Publishing House
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diegosaezs0596
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on blackallisonwickler
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingeSAT Publishing House
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?vissua
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 80031547308003154730
 

En vedette (13)

пасха презентация
пасха презентацияпасха презентация
пасха презентация
 
пасха презентация
пасха презентацияпасха презентация
пасха презентация
 
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BComDo BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
Do BA BCom BSc BSc BSc BSc BSc BA BA BA BA BCom BCom BCom
 
Korus
KorusKorus
Korus
 
Sudden death
Sudden deathSudden death
Sudden death
 
Quality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheelQuality improvement of indoor air by using heat recovery wheel
Quality improvement of indoor air by using heat recovery wheel
 
Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...Water quality modeling of an agricultural watershed with best management prac...
Water quality modeling of an agricultural watershed with best management prac...
 
San Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San DiegoSan Diego Taxi Reform - United Taxi Workers of San Diego
San Diego Taxi Reform - United Taxi Workers of San Diego
 
2014 conference photo contest entries, on black
2014 conference photo contest entries, on black2014 conference photo contest entries, on black
2014 conference photo contest entries, on black
 
A study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed schedulingA study of load distribution algorithms in distributed scheduling
A study of load distribution algorithms in distributed scheduling
 
¿Por qué Mindfulness?
¿Por qué Mindfulness?¿Por qué Mindfulness?
¿Por qué Mindfulness?
 
Agile (s.e)
Agile (s.e)Agile (s.e)
Agile (s.e)
 
Benefits of 8003154730
Benefits of 8003154730Benefits of 8003154730
Benefits of 8003154730
 

Similaire à Is Your Data Literally Walking Out the Door?

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to PaswordsDeepanshu Saini
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesPeter Wood
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom TechnologiesAnil Bilgihan
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingCTIN
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Jeffrey Lam
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1AfiqEfendy Zaen
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
Open Nature Park Ops & Security Solutions
Open Nature Park Ops & Security SolutionsOpen Nature Park Ops & Security Solutions
Open Nature Park Ops & Security Solutionskoottummel
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thChapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thsamirapdcosden
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 

Similaire à Is Your Data Literally Walking Out the Door? (20)

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
Alternatives to Paswords
Alternatives to PaswordsAlternatives to Paswords
Alternatives to Paswords
 
Top Five Internal Security Vulnerabilities
Top Five Internal Security VulnerabilitiesTop Five Internal Security Vulnerabilities
Top Five Internal Security Vulnerabilities
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
 
Guestroom Technologies
Guestroom TechnologiesGuestroom Technologies
Guestroom Technologies
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For PolishingEvidence Seizure Ctin Version Draft Sent To Sandy For Polishing
Evidence Seizure Ctin Version Draft Sent To Sandy For Polishing
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)
 
Basic Security Chapter 1
Basic Security Chapter 1Basic Security Chapter 1
Basic Security Chapter 1
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
Open Nature Park Ops & Security Solutions
Open Nature Park Ops & Security SolutionsOpen Nature Park Ops & Security Solutions
Open Nature Park Ops & Security Solutions
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System Security
 
How To Make Your Security
How To Make Your SecurityHow To Make Your Security
How To Make Your Security
 
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe thChapter 6Authenticating PeopleChapter 6 OverviewThe th
Chapter 6Authenticating PeopleChapter 6 OverviewThe th
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
Application of science & technology in security management
Application of science & technology in security managementApplication of science & technology in security management
Application of science & technology in security management
 

Plus de Mike Saunders

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101Mike Saunders
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopMike Saunders
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017Mike Saunders
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distroMike Saunders
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITSMike Saunders
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksMike Saunders
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 

Plus de Mike Saunders (11)

I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101I Want My EIP - Buffer Overflow 101
I Want My EIP - Buffer Overflow 101
 
BSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshopBSidesMSP 2017 - SDR101 workshop
BSidesMSP 2017 - SDR101 workshop
 
SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017SDR 101 - NDSU CyberSecurity 2017
SDR 101 - NDSU CyberSecurity 2017
 
SDR101-presentation-distro
SDR101-presentation-distroSDR101-presentation-distro
SDR101-presentation-distro
 
InsiderThreat-2016NDITS
InsiderThreat-2016NDITSInsiderThreat-2016NDITS
InsiderThreat-2016NDITS
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
DetectingSpearPhishingAttacks
DetectingSpearPhishingAttacksDetectingSpearPhishingAttacks
DetectingSpearPhishingAttacks
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 

Dernier

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Dernier (20)

MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

Is Your Data Literally Walking Out the Door?

  • 1. Is Your Data Literally Walking Out the Door? Mike Saunders – CISSP, GPEN, GWAPT, GCIH Hardwater Information Security
  • 2. About Mike  In IT full-time since 1998  Entered IT Security in 2007  Avid fisherman  In the best horn rock band ever!
  • 3. DISCLAIMER  If you don’t own it or don’t have permission, don’t test it!  Seriously! Don’t do it!  Make sure you have written authorization with you if you’re attempting a physical pen test  Have at least two contact numbers  Make sure your contacts will be available in case you get caught  Attempting physical bypass of security mechanisms may result in damage  Don’t test on your critical controls unless you have backups
  • 4.
  • 5. Goals  Overview on how attackers see your physical security  Provide information about bypassing common security mechanisms  Talk about some defenses  When you leave here, look at your infrastructure in a new way
  • 6. Data Loss / Breach via Physical Theft  2009 - BCBSTN – 57 stolen hard drives = over 1M records  datalossdb.org – ~21% of all lost records due to theft  11% stolen laptop  4% stolen computer  3% stolen document  1% stolen drive  1% stolen media  1% stolen tape
  • 7.
  • 8. Physical security principles  Deter  Lighting, fencing and gates, guards  Deny  Locking mechanisms  Detect  Cameras, motion sensors, glass break sensors, noise sensors, vibration sensors  Delay  Locking cables, higher security locks, attack-resistant safes
  • 9. Surveillance and accesibility  Are there vantage points to observe your facility discretely?  Even if there aren’t, there’s always Google  Are there doors only used for exiting?  Hedges and trees are great for privacy for you and potential attackers  7’ fences will deter most attackers  8’ with 3-strand barbwire on top, 45 degrees facing outward will deter all but most determined / most to gain  Higher security areas may require multiple perimeters with gates  Lights act as a weak deterrent, coupled with cameras they act as a detective control  Are there gaps in the camera coverage?
  • 10. Recon
  • 15. What the? I can’t even. www.schneier.com
  • 17. Other thoughts on perimeter security  Easy wins  Doors propped open  Doors unlocked for convenience  Windows open for cooling  Were you expecting that delivery?
  • 18. Escalation  Segmentation is important  Perimeter – fencing, gates, exterior entrances  DMZ – reception/receiving areas, common areas  Core – majority of office area  VLANs – higher security than core areas  Computer room, network closet, document storage, drug storage, trade secrets, etc.  Moving from lower security area to higher security area  Controls commensurate with sensitivity of asset  False-ceilings adjacent to higher security area  Walls should extend from floor to actual ceiling
  • 19. We’ve got doors! Even Locks! gregvan.com
  • 20. Doors with External Hinges  Just pop the hinge pins!
  • 21. Protecting hinges  If you must have external hinges, use a secure hinge  Set screw hinges  Stud hinges  Non-removable hinge pin
  • 25. Crash (panic) Bar Doors www.leinbachservices.com
  • 26. Bypass and protect a crash bar door Insert a prying tool here! A latch plate protector helps prevent prying. Can possibly be bypassed by tying a small screw or nail to a piece of string, inserted behind protector plate, pulled through from underneath to trigger latch. Infosecinstitute.com
  • 27. J tool door bypass tool © RiftRecon
  • 28. J tool in action www.vententersearch.com
  • 29. TouchSense Crash Bar Doors If there’s enough room, a piece of copper wire inserted through door frame and touched to bar will trigger sensor. www.katzlerlocks.com
  • 30. Well, what do we have here?
  • 31. No keys? No problem! Pick a card. Any card will do!
  • 32. What about lever handles?
  • 34. K-22 in action © RiftRecon
  • 36. K-22 meets crash bar http://www.theben-jim.com/
  • 37. What about the roof?  Access to roof may be gained from adjacent building, tree, or climbing  Rooftop openings often overlooked  Simple locks or no locks at all  May not have additional controls (RFID, cameras, etc.)  Access to ventilation shafts
  • 38. We’ve got badge readers!
  • 39. And he’s cloning your badge!
  • 40. RFID Badge Reader Attacks  Badges can be cloned  $500 buys the hardware to clone cards and brute force RFID badge reader  Proxbrute - http://www.mcafee.com/us/downloads/free-tools/proxbrute.aspx  Larger antennas can be hidden in a clipboard, read from several feet away  Newer HID iCLASS encryption key available for purchase  Resources:  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red- teaming-all-your-badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that- intro-to-hardware-hacking-with-an-rfid-badge-reader-kevin-bong
  • 41. Where do I find badges to clone?  Physical observation may lead to favorite lunch places or watering holes  After-hours company events posted online  Wait, didn’t we see something earlier?
  • 42. Or go for a walk Time to get on the bus
  • 44. Who’s got a wire cutter? www.cabletiesandmore.com www.assecurity.ca
  • 45. IP cameras (and security systems) www.cctvcamerapros.com
  • 46. IP cameras (and security systems) …(and the Internet)
  • 47. IP Camera + Internet + Weak/Default Creds =
  • 48. Blinding a security camera with a laser www.naimark.net
  • 50. Oh hai! Come on in! securestate.com
  • 51. Yes, we have bypass!  Video removed for size reasons. Video showed motion detectors can be triggered with a big cloud of vapor from an e-cigarette
  • 52. Motion detector tricks  Slide a notebook under the door  Or…
  • 53.
  • 54. More thoughts on doors and locks  Good locks on bad doors = BAD  Bad locks on good doors = BAD  Master keys are great  Unless you rekey once in every never  Cheap padlocks can be shimmed or picked easily
  • 55. You say keypad…  Cheaper than a badge system  Convenient for sharing code between multiple employees  But you have to change the code when employees leave  Analog keypads don’t have brute forcing detection capabilities  But, they can leak information about the code…
  • 56. Hrm… I wonder what the code is? www.schneier.com
  • 57.
  • 58. I wonder why those buttons are so shiny… www.schneier.com
  • 59. Fun with a black light
  • 62. Attacking biometric systems  Biometric signatures (and/or pins) are stored on your access card!  If I can clone your card, I can just put in my own fingerprint/pin  Fingerprints can be duplicated
  • 64. Defending against biometric attacks  Live tissue verification  Looks for heartbeat and body heat  Iris and retina scanners  Enable live scan for iris scans
  • 65. Detection gives you the upper hand  Sensors  Door open, glass break, motion, infrared, acoustic, vibration, pressure  Monitor badge system for brute force attacks  Cameras can help identify intruders and what was taken  Test your systems regularly
  • 66. Final thoughts  Look at your facility in a new light  Are your doors installed properly?  How are you locks looking?  What about those keypads?  Don’t forget about cameras!
  • 67. Other Resources  Videos  http://www.irongeek.com/i.php?page=videos/derbycon4/t110-advanced-red-teaming-all-your- badges-are-belong-to-us-eric-smith  http://www.irongeek.com/i.php?page=videos/derbycon3/3303-how-can-i-do-that-intro-to- hardware-hacking-with-an-rfid-badge-reader-kevin-bong  http://www.youtube.com/watch?v=me5eKw6BP8g  http://www.irongeek.com/i.php?page=videos/derbycon4/t540-physical-security-from-locks-to- dox-jess-hires  Other Resources  http://www.aijcrnet.com/journals/Vol_3_No_10_October_2013/12.pdf  http://resources.infosecinstitute.com/physical-security-managing-intruder/  http://www.slideshare.net/jemtallon/cissp-week-26  https://www.defcon.org/images/defcon-13/dc13-presentations/DC_13-Zamboni.pdf  https://ourarchive.otago.ac.nz/bitstream/handle/10523/1243/BiometricAttackVectors.pdf  https://blog.netspi.com/ada-requirements-opening-doors-for-everyone/
  • 68. Credits  Chris Nickerson, Eric Smith, Joshua Perrymon – Lares Consulting  Dave Kennedy - TrustedSec  SecureState  Tim and Jem Jensen
  • 69. Any questions?  mike.saunders@hardwaterinformationsecurity.com  @hardwaterhacker  http://hardwatersec.blogspot.com/