Tuesday, April 26, 2011

Security -

I successfully completed the certification exam for CompTIA Security+. Then I saw this in the building.
View from outside the security door.
I'll give you a hint. That's one of those magnetic door sensors you see inside the door frames in some places. The problem? I'm out in the hall.
Yes, this sensor is installed on the wrong side of the door. Poorly, I might add; that's double-sided foam tape barely holding the sensor on the door jamb.
This may not seem like much of an issue but as an example, let's walk through a couple of ways I would, er, a malicious intruder could exploit this.
  • Hold onto the information. If you learned anything from Indiana Jones and the Last Crusade, it's that the wired door is the important one. 
  • Simply cut the wire. The false alarm would tie up responders here at this door while an intruder was left free to operate at another location. 
  • Hack the sensor. The signal coming off that sensor probably isn't complex. It could be trivial to rig up a device to replicate it. Install the signal generator on a tap then cut the wire. The intruder is now free to breach the door while the "sensor" continues to report nothing wrong. 
Standard issue cipher lock
Speaking of breaching that door, looking at the handle reveals a standard-issue cipher lock. That's the one with a keypad. You'll note both a keyed deadbolt and a keyhole on the lock itself. Very convenient that the keypad can be bypassed with a regular key. Or a pick set. Or a bump key.

So how would you protect your facility against this sort of vulnerability? First, obviously, install your door sensors on the correct side of the door. Second, establish a security presence inside the building with guards patrolling the hallways and a camera on that door. Also, train the building tenants to approach unidentified personnel and confirm their identity. Third, standardize the appearance of all the doorways. If all the doors look equally secured, an intruder won't be able to pick out the high value targets easily.