Security Basics mailing list archives
Re: Physical security
From: rohnskii () gmail com
Date: Thu, 22 Jan 2009 20:37:17 -0700
here are a few links for you to check out: http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1237173,00.html?track=NL-427&ad=578106USCA&asrc=EM_NLT_960413&uid=4739563 - How to assess and mitigate information security threats http://www.isecom.securenetltd.com/osstmm.en.2.1.pdf - OSSTMM 2-1 Security Testing Methodology Manual (there's about 10 pages specifically on physical security) http://www.us-cert.gov/ - US CERT, I don't have a specific link, but there is bound to be some in there somewhere http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1241956,00.html - When physical and logical security converge http://www.csoonline.com/article/219055/The_Clean_Desk_Test_What_s_Wrong_with_This_Picture_ - The Clean Desk Test: What's Wrong with This Picture? (this is a fun one you can pass on to your employees) http://www.baselinemag.com/c/a/Past-News/Sept-11-What-3-NYC-Tech-Leaders-Learned/ - Sept. 11: What 3 NYC Tech Leaders Learned (there are several more links on this page on 911) http://software.techrepublic.com.com/abstract.aspx?kw=blue+lock&docid=838257 - Blue Lock - Lock your Win PC when your Bluetooth device is out of range (interesting concept, haven't tried it) http://searchsecurity.techtarget.com/guide/securitySchool/category/0,296296,sid14_tax310797,00.html?track=NL-102&ad=569739&asrc=EM_NLN_697528&uid=4739563#tip - Essential practices for securing mobile devices (I have a bunch more links on Laptop physical security if that is what you are intersted in) http://forensics.sans.org/ - nothing specific, but there is bound to be something in here http://www.cososys.com/security_overview.html - Endpoint Security Software Overview If you are thinking about "Endpoint" security, ie NAC, I have a bunch of links on that too. http://esj.com/security/article.aspx?EditorialsID=1113 - Five Steps to Enforcing Your Endpoint Security http://www.csoonline.com/article/220860/How_to_Keep_Portable_Data_From_Escaping?source=csoupdate - How to Keep Portable Data From Escaping http://www.pcworld.com/article/136087/flash_drive_adds_pin_security.html - Flash Drive Adds PIN Security http://searchsecurity.techtarget.com/searchSecurity/downloads/Dubin_Ch5.pdf - Little black book of Computer Security- Ch5 Taking Care of Physical Security http://www.version2.dk/whitepapers/9/Printing+Security:+A+Guide+to+Some+Commonly+Overlooked+Vulnerabilities - Printing Security: a guide to some commonly overlooked vuln http://technet.microsoft.com/en-gb/library/cc722487.aspx - 10 Immutable Laws of Security, #3 is pertinent to your inquiry. Some short articles about Physical data breaches: http://blogs.techrepublic.com.com/networking/?p=301&tag=nl.e138 - 2007 07 29-State of Ohio passes the buck- Blames intern for dumb policy backup tape stolenfrom car http://www.pcpro.co.uk/news/103916/companies-face-data-theft-from-old-computers.html - Companies face data theft from old computers http://www.eweek.com/c/a/Security/Machine-Tampering-Allows-Data-Theft-at-2-Stop-Shop-Stores/ - Machine Tampering Allows Data Theft at 2 Stop & Shop Stores http://www.webappsec.org/projects/whid/ - Web Hacking Incidents Database http://lasecwww.epfl.ch/keyboard/ - Compromising Electromagnetic Emanations of Wired Keyboard (a possible result of physical security breach) http://www.csoonline.com/article/221016/Stop_IP_Thief_ - Stop (IP) Thief! (various ways physical breaches can be taken advantage of) http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1294447,00.html?track=NL-105&ad=530781 - Breach prevention - Adding security to the purchasing process (not specifically about physical security) http://banking.about.com/od/securityandsafety/a/skimmers.htm - Skimming Scams ATM Skimmers - Pocket Skimmers (a specific type of physical attack) http://it.toolbox.com/blogs/securitymonkey/stolen-machines-phone-home-10506 - Stolen Machines Phone Home http://www.channelregister.co.uk/2007/05/15/ibm_missing_tapes/ - IBM courier crashes. Sensitive tapes go AWOL http://www.theregister.co.uk/2006/09/20/court_pc_thief/ - PC thief steals court PC during trial (anything for a laugh) http://ehstoday.com/fire_emergencyresponse/ehs_imp_17983/ - Airport Security: Still Fighting the Last War? http://64.28.79.93/alarmed/03092007.html - Bolting on Security at Stop & Shop http://www.oag.state.tx.us/oagNews/release.php?id=1961 - Attorney General Abbott Protects Texas Consumers From Identity Theft Fort Worth-based RadioShack cited for exposing thousands of customer records http://www.cl.cam.ac.uk/~mgk25/iss2006-tempest.pdf - Eavesdropping attacks on computer displays http://www.theregister.co.uk/2007/04/02/us_nuclear_agency_missing_pcs/ - US nuclear security agency missing 20 PCs (oops!) http://www.eweek.com/article2/0,1895,2094290,00.asp?kc=EWNAVEMNL021307EOAD - OIG Report Criticizes FBI over Missing Laptops, Weapons (OOPS again, this one is my favorite) OK, that should keep you busy for a while Off topic, since someone else mentioned a Cisco conference, did anyone there ask about this little problem (I found it while collecting the links above): http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/ - Boffin brings 'write once, run anywhere' to Cisco hijacks
Current thread:
- Physical security dimkovtrajce (Jan 22)
- RE: Physical security Mercurio, Michael D (Dante) (Jan 22)
- RE: Physical security James Flaherty (Jan 22)
- <Possible follow-ups>
- Re: Physical security rohnskii (Jan 23)
- RE: Physical security Noah . Lance (Jan 23)