finally, in this model, let's look at physical security,
and this is important because all the other security that we implement
can be circumvented by poor physical security.
all the security you have put in around your documents and applications and installing anti virus software and so on
is not much. Use that someone can wander into your office and just walk out with your desktop computer, your laptop or even your smartphone.
Someone steals a copy of a backup.
So you have been meticulous about doing regular backups of all of your documents, which is a good thing.
But then you leave the backups lying around.
Somebody walks off with it. Now they have a copy of all of your documents.
Denial of service attacks? Well, in one sense, Donal denial of service attacks up fairly sophisticated attacks launched across the Internet to attack your network and bring down certain servers. That's why it's called denial of service.
But denial of service attacks can be very simple.
For example, if your company leaves its server room unlocked,
a malicious user could wander in there.
They could unplug the cables from the back of the servers, disconnecting them from the network.
They've just done a denial of service attack
that could wander in there with a hammer and just smash your stuff to bits.
So physical security is important, obviously
sort of implement physical security doors and locks need to be in place.
Access to any sensitive areas like of server room or any other sensitive part of your organization
should be guarded by locked doors, cameras, security guards and so on.
You can provide secure access to certain parts of the building by having keypads, where users have to enter a pin
or bots that locked doors or biometric devices like fingerprint scanners.
You can have turnstiles so user, your staff have to scan a card, and then they can walk through the turnstile.
You can have man traps, which are more sophisticated, because one of the problems that turn styles on other types of doors is tailgating, which we'll get to in a minute.
But what a man trapped as is it has a Korea's a short corridor with doors at either end
to get through the first door. Maybe you scan your fingerprint, the door opens, you get into their little corridor,
and then the door Shuts
wanted his shut. You couldn't then go to the second door and again scan your fingerprint on. Get through that.
Meanwhile, they have a camera that monitors that small corridor, so there's a visual record of everyone who passed through
requiring. Logging simply means that users should be required to sign in when entering secure locations.
So what is tailgating? Tailgating is when someone walks right behind you
so either to get through a turnstile or through a secure door.
So you walk up to a secure door, you enter your pin
and someone's right behind you and follows you as you open the door.
And most of us are too polite to turn around and say to the person, Hate,
no, you wait until I'm through and the door closes, and then you have to enter the pin yourself
on. So that's something you have to be aware off because tailgating can be done very commonly, and most people will not try and stop it from happening.
To protect your devices,
desktop computer cases can be locked and intrusion intrusion detection enabled within the bios of the computer.
So what there is is a small switch in the case, so if anyone takes the side panel off
indicates that it's been opened.
The next time you log on, you'll get in intrusion detection message saying somebody opened your computer case
So that's important, because what were they doing? Maybe they opened it to steal your hard disk or to replace it, or maybe install something like a hardware key logger.
The key logger records all your key presses, and then they come and retrieve that later on.
What about laptops? And the problem with laptops is it's very easy to walk off with them.
So laptops have this thing called the Kensington Lock Point,
and you can then get steel cables that you attach to the Kensington Lock Point
that may be attached to a table. So it's not so easy to walk up with the laptop. In that case,
it's a shoulder. Surfing refers to someone standing behind you as you type in your password,
and they're watching carefully and note down what your password waas as you typed it in.
Similarly, if you have one of the secure doors where you have to enter a pin to get through the door,
somebody could be standing right behind you and noting the pin that you type in into the keypad
dumpster diving. So one of the things we've mentioned throughout this module is reconnaissance Many times before there's an attack on your network. They need to gather a lot of information about the organization,
and it's this network if they can.
So one way of doing that is searching through the waste thrown out in the garbage.
You can that case find e mails, find letters on even
find copies off the company directory
with the names of all your members of staff, their jobs, possibly the job title that telephone numbers, email addresses and so on.
This could then be used in spear phishing attacks. So if you remember, spearfishing is when, instead of randomly targeting people with email,
you target specific users like, say, somebody in the Finance Department, and then you send them an email that they will open because you say the email. This contains an invoice or contains a receipt.
So one of the ways you would find out was working in the Finance Department is if you go dumpster diving and find a copy of the company directory
so sensitive. Documents should always be shredded rather than just thrown out into the dumpster
But CDs DVDs that may have been created, for example, is backups
If you just throw those out, people could recover data from those,
so these should be physically destroyed. So CDs and DVDs should be destroyed Now hard drives you can either securely erased them using a number of methods.
Or you should physically destroy the hard disk. You can drill holes through it or smash it with a hammer or something like that.
means actually wiping the data off it,
because there is one thing you need to know. And that is, if you delete a file on the hard disk, it doesn't actually get deleted. It's left intact on the hard disk. Instead,
the indexing system in the file system simply removes the pointer to that file.
So if I do the following, if I'm about to give away the computer to someone
and I go into the hard drive and I delete all my files
when they get home, they could use certain types of software that will scan the disk and find all those allegedly deleted files.
So a secure raising process does this. All those areas of the disk that contains thes allegedly deleted files
is over it multiple times so that they cannot be read.
You can also get hardware devices that fire very powerful magnetic fields at the hard disk, basically wiping out everything on it.
So there are various ways off securely disposing off things like CDs and hard drives
for software provided on CDs or DVDs. The box may contain stickers with the license number or product code.
This could be used by someone to install illegal copies of the software.
because getting the actual software's not difficult. Very often it could be downloaded from the Internet.
And then when you get to the screen where it prompts you for the license number or product key,
well, if they copied yours, they could enter that.
So for those reasons, do not print out licenses or store them in unprotected digital files on the network where people could get to them.
So to summarize, Model 3.1 defined basic security threats
in this module. We started by looking at basic security principles such as defence in depth on the trade off between security and ease of use.
We looked at social engineering tricks that I used to get information as well as dumpster diving.
Social engineering may be carried out during the reconnaissance phase when the attacker just trying to gather as much information about the target as possible.
That information is used to figure out the best way to attack the network.
Finally, we noted that if you don't have good physical security,
many other security measures can be undermined.