« Back to Basics | Main | Free library at your fingertips »

What keeps me up nights

There are a lot of great tools for scanning your enterprise network infrastructure or to perform penetration testing, but some are getting fairly scary.  The PWNIE EXPRESS, which is an applicance based on the SheevaPlug, allows you to drop a unit on someone's private network to perform any number of functions from legitimate penetration testing, to real world hacking.  Physically this unit looks like a larger USB phone charger and can be plugged directly into the target's ethernet network.  If the network is using simple MAC based network authentication, this unit can spoof the MAC.  If you use higher level port authentication, it wouldn't be very difficult to build a simple passive ethernet receive tap with some scrap CAT5 and a few keystone jacks. 

All of that could have been built into a PC based implementation, but the scary thing is that there are versions of this with a cellular data back end as well as the ability to capture traffic and save it to a SD card.  So someone could plug in a unit like this behind a network printer, capture all the web traffic to and from a specific host.  If they didn't care about coming back to retrieve it later, something like this could be easily installed above a false ceiling or below a raised floor and controlled via a cellular connection.    



What is the big picture here?  If you have important data that you do not want stolen, do be interested in who has access to your physical location and when people have access (not just people with tech jobs, but janitors, temps and other visitors).  You should also start thinking about using encryption internally as well as externally.  Do you ever do audits of your physical space and know what each piece of equipment does?  


Bookmark and Share


TrackBack URL for this entry: