Security Basics mailing list archives

Re: Physical security

From: rohnskii () gmail com
Date: Thu, 22 Jan 2009 20:37:17 -0700
here are a few links for you to check out:

http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1237173,00.html?track=NL-427&ad=578106USCA&asrc=EM_NLT_960413&uid=4739563
 - 
How to assess and mitigate information security threats

http://www.isecom.securenetltd.com/osstmm.en.2.1.pdf - OSSTMM 2-1 Security Testing Methodology Manual (there's about 10 
pages specifically on physical security)

http://www.us-cert.gov/ - US CERT, I don't have a specific link, but there is bound to be some in there somewhere

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1241956,00.html - When physical and logical 
security converge

http://www.csoonline.com/article/219055/The_Clean_Desk_Test_What_s_Wrong_with_This_Picture_ - The Clean Desk Test: 
What's Wrong with This Picture? (this is a fun one you can pass on to your employees)

http://www.baselinemag.com/c/a/Past-News/Sept-11-What-3-NYC-Tech-Leaders-Learned/ - Sept. 11: What 3 NYC Tech Leaders 
Learned (there are several more links on this page on 911)

http://software.techrepublic.com.com/abstract.aspx?kw=blue+lock&docid=838257 - Blue Lock - Lock your Win PC when your 
Bluetooth device is out of range (interesting concept, haven't tried it)

http://searchsecurity.techtarget.com/guide/securitySchool/category/0,296296,sid14_tax310797,00.html?track=NL-102&ad=569739&asrc=EM_NLN_697528&uid=4739563#tip
 - Essential practices for securing mobile devices

(I have a bunch more links on Laptop physical security if that is what you are intersted in)

http://forensics.sans.org/ - nothing specific, but there is bound to be something in here

http://www.cososys.com/security_overview.html - Endpoint Security Software Overview

If you are thinking about "Endpoint" security, ie NAC, I have a bunch of links on that too.

http://esj.com/security/article.aspx?EditorialsID=1113 - Five Steps to Enforcing Your Endpoint Security

http://www.csoonline.com/article/220860/How_to_Keep_Portable_Data_From_Escaping?source=csoupdate - How to Keep Portable 
Data From Escaping

http://www.pcworld.com/article/136087/flash_drive_adds_pin_security.html - Flash Drive Adds PIN Security

http://searchsecurity.techtarget.com/searchSecurity/downloads/Dubin_Ch5.pdf - Little black book of Computer Security- 
Ch5 Taking Care of Physical Security

http://www.version2.dk/whitepapers/9/Printing+Security:+A+Guide+to+Some+Commonly+Overlooked+Vulnerabilities - Printing 
Security: a guide to some commonly overlooked vuln

http://technet.microsoft.com/en-gb/library/cc722487.aspx - 10 Immutable Laws of Security, #3 is pertinent to your 
inquiry.




Some short articles about Physical data breaches:

http://blogs.techrepublic.com.com/networking/?p=301&tag=nl.e138 - 2007 07 29-State of Ohio passes the buck- Blames 
intern for dumb policy backup tape stolenfrom car

http://www.pcpro.co.uk/news/103916/companies-face-data-theft-from-old-computers.html - Companies face data theft from 
old computers

http://www.eweek.com/c/a/Security/Machine-Tampering-Allows-Data-Theft-at-2-Stop-Shop-Stores/ - Machine Tampering Allows 
Data Theft at 2 Stop & Shop Stores

http://www.webappsec.org/projects/whid/ - Web Hacking Incidents Database

http://lasecwww.epfl.ch/keyboard/ -  Compromising Electromagnetic Emanations of Wired Keyboard (a possible result of 
physical security breach)

http://www.csoonline.com/article/221016/Stop_IP_Thief_ - Stop (IP) Thief! (various ways physical breaches can be taken 
advantage of)

http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1294447,00.html?track=NL-105&ad=530781 - Breach 
prevention - Adding security to the purchasing process (not specifically about physical security)

http://banking.about.com/od/securityandsafety/a/skimmers.htm - Skimming Scams ATM Skimmers - Pocket Skimmers (a 
specific type of physical attack)

http://it.toolbox.com/blogs/securitymonkey/stolen-machines-phone-home-10506 - Stolen Machines Phone Home 

http://www.channelregister.co.uk/2007/05/15/ibm_missing_tapes/ - IBM courier crashes. Sensitive tapes go AWOL

http://www.theregister.co.uk/2006/09/20/court_pc_thief/  - PC thief steals court PC during trial (anything for a laugh)

http://ehstoday.com/fire_emergencyresponse/ehs_imp_17983/ - 
Airport Security: Still Fighting the Last War?

http://64.28.79.93/alarmed/03092007.html - Bolting on Security at Stop & Shop

http://www.oag.state.tx.us/oagNews/release.php?id=1961 - Attorney General Abbott Protects Texas Consumers From Identity 
Theft Fort Worth-based RadioShack cited for exposing thousands of customer records

http://www.cl.cam.ac.uk/~mgk25/iss2006-tempest.pdf - Eavesdropping attacks on computer displays

http://www.theregister.co.uk/2007/04/02/us_nuclear_agency_missing_pcs/ - US nuclear security agency missing 20 PCs 
(oops!)

http://www.eweek.com/article2/0,1895,2094290,00.asp?kc=EWNAVEMNL021307EOAD  - OIG Report Criticizes FBI over Missing 
Laptops, Weapons  (OOPS again, this one is my favorite)


OK, that should keep you busy for a while


Off topic, since someone else mentioned a Cisco conference, did anyone there ask about this little problem (I found it 
while collecting the links  above):

http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/ - Boffin brings 'write once, run anywhere' to Cisco 
hijacks
Current thread:

Physical security dimkovtrajce (Jan 22)
- RE: Physical security Mercurio, Michael D (Dante) (Jan 22)
- RE: Physical security James Flaherty (Jan 22)
- <Possible follow-ups>
- Re: Physical security rohnskii (Jan 23)
- RE: Physical security Noah . Lance (Jan 23)