Physical Threats


Physical security is an often-overlooked aspect of network security design; most of the protection is implemented inside network devices. However, physical access to the device or the communications medium can compromise security.

Consider the following potential physical threats:

■ A network device does not always enforce all its security settings when an attacker accesses the hardware directly (for example, it might allow console access, memory probing, and installation of unreliable software).

■ Access to the physical communication medium (such as unrestricted access to a switch port, unrestricted wireless network access, or access to the telecommunications infrastructure) could allow an attacker to impersonate trusted systems and view, intercept, and change data that is flowing in a network.

■ An attacker might use physically destructive attacks against devices and networks (such as physical force, attacks on the power network, or electromagnetic surveillance and attacks).

■ An attacker might steal a device such as a home office router or laptop computer and use it to access the corporate network.

A good security policy must anticipate possible physical attacks and assess their relevance in terms of possible loss, probability, and simplicity of attack. Figure 10-16 illustrates possible physical breaches of network security. In this sample network, an attacker might do the following:

■ Break into the computing center, obtain physical access to a firewall, and then compromise its physical connections to bypass it, or access the console port on some routers or switches and alter their security settings.

■ Obtain physical access to the copper media of the corporate WAN or the public switched telephone network (PSTN), and intercept all communications. The attacker could read and change sensitive data that is not protected by cryptography.

■ Steal a device, such as a small office/home office (SOHO) router or laptop, and use it to access the corporate network.

Figure 10-16 Physical Security Is Often Overlooked

Figure 10-16 Physical Security Is Often Overlooked

Are Devices Under Physical Control?

Was this article helpful?

0 0

Post a comment