By Sean Houle
When addressing cybersecurity, it can be easy to get caught up in things like firewalls, patching, IPS, EDR, DLP, EDR, SIEM, NAC and the rest of the alphabet soup that often manifests itself in blinky boxes and incessant sales demonstrations and pitches. Sometimes it is helpful to take a step back from the keyboard and look at some of the other aspects of information security.
Physical security is a very important part of a layered information security plan. Let’s take an imaginary walk down to see the network equipment and maybe, hopefully, it is in a closet of some sort. Is there a keyed lock on the door? Do you have a key? Who else has a key? It’s not uncommon for other departments to have access. IT likely has a key, but what about other departments such as housekeeping, the facilities maintenance department or security? Though these may be employees of the same organization, this is where the term “insider threat” comes in. Keep in mind that a threat does not need to act in an intentionally malicious manner. Your network closet could look like a great place to store a rolling tool cart when the lunch bell rings in the middle of a long job. Unfortunately, fiber connectors put up little resistance to a cart with a couple hundred pounds of tools invading its space (Figure 1).
It could even be a very well-intentioned housekeeping staff that decides to make cleaning up the network closet a project of theirs. In the process, they try to clean up the spaghetti mess of wires by rearranging the ports they are plugged in to in a more logical order. Maybe it’s the only place with a 20A breaker to plug in the floor buffer, unfortunately it trips the breaker. All you know is that your phone is now ringing with complains of “It doesn’t work.”
Network closets should be controlled access areas with limited key access. Consider developing an access roster listing individuals who have authorized unescorted entry and post it within the restricted area. When personnel need to access the area for things like maintenance, cleaning or new equipment installation, keep an access log to record those visits. Record who entered and include time, date, name and organization of visitors as well as who escorted them.
Perhaps your network closet looks more like something out of “Mission Impossible.” There is a solid looking door at the entry point for the network closet along with a card reader to control access. This is great, now access can be assigned to people and controlled by a proximity card that they possess. Let’s dig a little into some weaknesses that may exist in this setup. Depending on the version of access cards that you have, cloning them may be trivial with a homemade setup and can even be done from a significant distance with a large antenna concealed in something like a backpack or briefcase. Consider the card reader. If it has a keypad along with the proximity reader this is a great opportunity to implement multi-factor authentication. With the addition of a PIN, access now requires something you have and something you know. Even if the card is cloned, it is worthless without the PIN.
Next look at the hinges. Are the pins located on the outside of the room? If so, they may be able to be driven out and the door removed quite easily. If this is done by someone with a hardhat and a clipboard nearby, they may not be asked anything about what they are doing. To remediate this may not be as daunting as it may seem. Rather than retooling the whole door to move the hinges, this can be remediated quite simply and cheaply simply by removing two opposing screws from each of the hinges and replacing one screw on each hinge with a jamb screw pin (Figure 2). This effectively turns the closed hinge into a deadbolt, preventing the door from being pulled off, even if the hinge pins are removed.
The next thing that you will want to check for is a properly installed latch and specifically the deadlatch (Figure3). When the door is shut the deadlatch should be retracted by resting on the strike plate in the door jamb, with the deadlatch retracted the latch cannot be retracted without the handle being turned. If not installed correctly and both the latch and deadlatch sit in the cavity of the strike place hole, they can both be pushed in mechanically. Think of the old credit card trick, something is slipped in between the door jamb and the door, the latch is pushed in, the door is opened and the attacker, in a whispered tone, declares the hackers’ victory cry, “I’m in!” This misconfiguration can result from an improper initial door installation or even in the name of security when doors are retrofitted with electronic latches for card readers.
If you have a card reader on your door, you likely have a request exit sensor inside of the closet. This is designed to sense a person inside the room attempting to exit, in turn triggering the same electronic mechanism that triggers when you use your keycard, so that you can exit the room. This can be a security issue if the sensor is incorrectly positioned. If an object can be placed over, under or between the doors it may be able to trigger the sensor, unlocking the door. This can even be done using a can of compressed air turned upside down and blowing the resulting cloud in the direction of the sensor. No key, no keycard, no PIN, something as simple as office supplies may defeat your security.
One last thing to check is the construction of the walls. Do they extend all the way to the hard ceiling, or would it be possible to pop a ceiling tile and crawl over the wall bypassing your other entry control efforts? This may be more involved to remediate than the other issue but again can be done in a few ways, from extending the wall or closing the open space with wire mesh.
We evaluate security vulnerabilities in how they affect the three areas of the CIA triad — confidentiality, integrity and availability. The physical security of our network infrastructure can impact CIA in several ways, some may be malicious while others may be on accident or even someone trying to be helpful. It is easy to see how availability can be easily affected through things such as broken communications media, physical disconnection of power and, of course, the theft of equipment itself. The malicious installation of a network tap could be a significant threat to confidentiality of any network traffic flowing though the device. A rogue device, such as a drop box could be connected, allowing an attacker to gain remote access to the rest of the network. While it is possible that someone could manipulate and change network traffic before it reaches its intended destination affecting the integrity of the data, I think it is unlikely. I believe that the threat to integrity will be the integrity of the network devices themselves. That may be in the form of an OS with known vulnerabilities loaded, the configurations being compromised to reveal security controls and usernames and passwords.
In our approach to layered security, we can see that there are layers within the layers that we can address. While we will not be able to address every weakness, as we take steps to remediate what we can, we reduce the attack surface and in turn become more secure. We want to continue on our path to developing a mature security program, continually evaluating where we can improve, and never rest in a set it and forget it mentality.
Sean Houle is an Information Systems Biomedical Equipment Support Specialist (IS-BESS) with the Department of Veterans Affairs in Louisville, Kentucky.
