Ethical Hacking: A BCS Talk

This evening I went along to the Edinburgh BCS talk on Ethical Hacking. It was really eye-opening and made me suitably paranoid about my own security.

Peter Wood of First Base Technologies gave a remarkably useful, informative and funny talk on the subject. (and left me totally paranoid as I said before).

Some interesting points and some thoughts

Physical intrusion is very likely
Physically entering a building and stealing data is often easier than getting past network security and cracking a network.
Social engineering is a serious concern

It is relatively easy to get people to give access information away
Have a plan to deal with physical intrusion.

In one case the receptionists realised that the intruder was present but didn’t have any instructions on what to do in that situation – result: failure. Have obvious guidelines on who to call and what to do if an intruder is spotted.
Look at logs
Log files are often the first sign of unexpected happenings
Encrypt valuable data
The machine doesn’t have to be secure for your data to be secure
Firewall all access and especially firewall dialup accounts
One of the examples should how an apparently secured network was compromised by a dial up access point within the network
People with clipboards and pens are always accepted as genuine, even when they are actually intruders
Suggestion: Have anyone holding a clipboard and pen removed from the building immediately. Or at least don’t assume that they are genuine, just because they look busy

Overall fascinating and really interesting.

This entry was posted in General, Internet Stuff. Bookmark the permalink.

Leave a Reply