Re: [PEN-TEST] Penetration Testing and Van Eck Scanning

[Greg <greg () HOOBIE NET>]

The use of Van Eck sureveillance I guess borders on the realms of physical
security, at least the most common fixes are physical (not counting anti-Van
Eck software measures such as 'anti-tempest' fonts etc.)

The biggest problem is cost, followed by information. Commerical Van Eck
meaurement/sureveillance devices are very expensive and not readily
availiable to Joe/Josehphine Public. You 'could' roll your own, if you're
interested check the following :

http://www.eskimo.com/~joelm/tempest.html

also the guys at Codex used to offer the kit components to build your own at

http://www.thecodex.com

The most expensive component is going to be the wide spectrum
receiver/scanner, last time I checked suitable models came in at around
10,000 GBP (around US$15,000.)

How you transfer that cost to your clients, I don't know.

Remember that big chunks of this technology are still government classified,
that applies to at least the UK and US. There are government affiliated
agencies that typically perform this type of assessment as they have easier
access to equipment and training.

If you can find a suitable training course that doesn't require government
sponsoring and security clearance I'd like to know...


regards


Greg


-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Johann van Duyn
Sent: 08 November 2000 15:45
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Penetration Testing and Van Eck Scanning


Just a thought I had while on a nicotine-and-caffeine break:

Has anyone ever done a bit of Van Eck (aka TEMPEST) surveillance as part of
a penetration test, just to show people what can be seen from a van in the
corporate parking lot when the security attendant is on his lunch break?
That could provide a few hot debates in boardrooms, especially if one were
to tune in to the Internet browsing habits of a few senior directors...

Has anyone done it, or had/seen it done (esp. outside of a military
environment)? Are there any good references around re. proposed civilian
standards for 'safety' from Van Eck scanning? And where would one look
around either for people who do that type of surveillance, or the equipment
to do that with.

And, finally, if this is not the right forum for such discussions, could
anyone in the know point me to such?

Very ta,

+----------------
| Johann van Duyn BA, MCSE, BCP-ISS
| Network Manager: The Appleton Group Ltd
| johann.vanduyn () appleton com
| tel. +27 21 7998026
| cel. +27 82 4588472
| fax. +27 21 7944677
+----------------

"Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out judgement. For even the
very wise cannot see all ends."
                -- Gandalf, in "Lord of the Rings" by JRR Tolkein


***The Appleton Group Ltd***

This message, including any attachments, is intended only for the individual
or institution to which it is addressed and may contain information that is
privileged, confidential or prohibited from disclosure or unauthorized use.
If the recipient of this transmission is not the intended recipient, you are
hereby notified that any use, reproduction dissemination, copying,
disclosure, modification, distribution and/or publication of this email
message or any of its attachments other than by its intended recipient is
strictly prohibited by the sender. If you have received this message in
error, please notify The Appleton Group Ltd immediately at
postmaster () appleton com and destroy the message and all copies thereof in
your possession.

****************************