Did You Really Lock that Door?

One of my favorite books about information security is Ghost in the Wires, by Kevin Mitnick.

Kevin, of course is one of the notorious early hackers whose exploits are brilliant and quite entertaining. If you have not already done so, add that book to your reading list. This post however is not a book review.

I was reminded of Kevin’s book the other evening when my son went dashing to the door in the middle of the night to make sure that he locked it. Normally, like all teenagers, he just eventually goes to sleep. However, this time, the memory of the horror movie he was watching prior to going to bed startled him enough to make him double check that door. We have all experienced that, haven’t we? THE KILLER IS IN THE HOUSE!

What was it about that event that reminded me of Mitnick’s book?

A lot of Mitnick’s exploits began with bypassing physical security mechanisms. Early in the book, he describes how one of his “pen testers” would pop a ceiling tile to gain access to an office through the dropped-ceiling that is so common in many of the office buildings today.

Physical security in the SMB

Fortunately, most data center architects are wise to this trick and they build their surrounding walls from floor to the concrete ceiling, not the drop ceiling. During a recent data center walk-through, an auditor asked me to open a ceiling tile to prove that this was the case. (Auditors clearly have trust issues.)

One thing that auditors have never checked is the exiting procedure, and this is something that I have seen overlooked by the most seasoned data center employees. Next time you see your sysadmin or any other authorized data center employee exiting a secured area, observe what they do.

Does your staff simply leave the secured area, relying on that satisfying *click* sound of the door-locking mechanism as the door closes behind them, or do they stop and check to make sure that door is actually locked? A simple push is all it takes to make sure that door is secure.

Incidentally, does the door to your data center pull open from the outside? If it does, then it, indicates that the hinges are on the outside, resulting in an improperly installed door with an easily defeated locking mechanism.

Data center? What data center?

In our new “everything in the cloud” cyber world, most data centers have been reduced to a small room with some networking equipment. In a sense, many of the “server rooms” of the pre-cloud era have taken a dramatic step further back in time, resembling more of a storage closet setup reminiscent of the early days of network computing.

These down-sized infrastructure rooms create a new problem; the rooms are devalued since the belief is that the important data is not stored there. However, for most small to medium sized businesses, that room represents the single point of failure in an office environment.

How is the door to that now glorified broom closet secured? Is the staff that enters that space authorized and trained in physical security protocol? What is the possibility of that non-technical employee actively checking the door security after it closes?

With so many of us distracted by the threat of nation state actors and all the perils of remote cyber-attacks, it is easy to overlook a simple step in physical security that could make us sleep just a bit easier each night.

Source: ALIEN VAULT

Topics: Social Engineering, penetration testing, World's Most Famous Hacker, data center, keynote speaker, pen testers, security awareness training, security consultant, malware, simulated phishing, Spam, sysadmin, the Cloud, cyber attacks, cyber world, cybercrime, cybersecurity vulnerabilities, down-sized infrastructure rooms, physical security mechanisms, Ghost in the Wires, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Remote Security: 5 Cyber Security Tips for Employees and Businesses

By 2025, 32.6 million Americans are estimated to work remotely. Additionally, 73% of executives believe employees who work remotely present more cyber..

Read more ›

How Long Will It Take To Recoup From a Data Breach?

While many think of the steps needed to avoid a data breach, it’s equally important to think about the steps your business would need to take in the w..

Read more ›

Ransomware Attacks: Trends and Most Targeted Industries

With the rise of worldwide ransomware attacks, 2024 is the perfect time to understand why these current cyber threats are happening and how to safegua..

Read more ›
tech-texture-bg