Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Penetration Testing and Van Eck Scanning

From: "Brooke, O'neil (EXP)" <o'neil.brooke () LMCO COM>
Date: Thu, 9 Nov 2000 16:29:08 -0500
        To offer this as a penetration test, I think would be very positive for the security industry. I do not think 
that the general public is aware of TEMPEST or it's implications. If penetration testers started to offer this type of 
a scan I am sure we would raise awareness on this issue. Demand for tempest resistant office equipment would increase 
and given time we would all be a little safer from this kind of monitoring.



-----Original Message-----
From: Rob Shein [SMTP:rshein () mail wash averstar com]
Sent: Wednesday, November 08, 2000 11:08 AM
To:   PEN-TEST () SECURITYFOCUS COM
Subject:      Re: [PEN-TEST] Penetration Testing and Van Eck Scanning

If I understand the laws correctly (and I am NOT a lawyer, thank god),
construction of a Van Eck device is illegal in the U.S.  The concept behind
the law is similar to the law regarding ownership or construction of bugging
devices.  Frankly, I don't see how viable it really is for a typical
commercial enterprise to go sufficiently TEMPEST-compliant to thwart this
form of surveillance.  If they're a small business, it's too expensive for
their budget, and if it's a large business, it's too difficult to cast the
net that wide and be sure that some high-level manager doesn't circumvent
the controls because he doesn't want to deal with the inconvenience or cost.


-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Johann van Duyn
Sent: Wednesday, November 08, 2000 10:45 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Penetration Testing and Van Eck Scanning


Just a thought I had while on a nicotine-and-caffeine break:

Has anyone ever done a bit of Van Eck (aka TEMPEST) surveillance
as part of
a penetration test, just to show people what can be seen from a van in the
corporate parking lot when the security attendant is on his lunch break?
That could provide a few hot debates in boardrooms, especially if one were
to tune in to the Internet browsing habits of a few senior directors...

Has anyone done it, or had/seen it done (esp. outside of a military
environment)? Are there any good references around re. proposed civilian
standards for 'safety' from Van Eck scanning? And where would one look
around either for people who do that type of surveillance, or the
equipment
to do that with.

And, finally, if this is not the right forum for such discussions, could
anyone in the know point me to such?

Very ta,

+----------------
| Johann van Duyn BA, MCSE, BCP-ISS
| Network Manager: The Appleton Group Ltd
| johann.vanduyn () appleton com
| tel. +27 21 7998026
| cel. +27 82 4588472
| fax. +27 21 7944677
+----------------

"Many that live deserve death. And some that die deserve life.
Can you give
it to them? Then do not be too eager to deal out judgement. For even the
very wise cannot see all ends."
                -- Gandalf, in "Lord of the Rings" by JRR Tolkein


***The Appleton Group Ltd***

This message, including any attachments, is intended only for the
individual
or institution to which it is addressed and may contain
information that is
privileged, confidential or prohibited from disclosure or
unauthorized use.
If the recipient of this transmission is not the intended
recipient, you are
hereby notified that any use, reproduction dissemination, copying,
disclosure, modification, distribution and/or publication of this email
message or any of its attachments other than by its intended recipient is
strictly prohibited by the sender. If you have received this message in
error, please notify The Appleton Group Ltd immediately at
postmaster () appleton com and destroy the message and all copies thereof in
your possession.>

****************************
Previous By Date Next
Previous By Thread Next

Current thread: