Navigating The Crossroads
The invisible threat of computer network attacks traditionally has been treated as a separate issue than the physical protection of facilities and staff. Typically separate strategies — tools and specialized staffs — are employed with little interaction between the two efforts.
Today, that model no longer applies. With physical security systems such as badge readers, 9-1-1 systems and even surveillance cameras now managed over the data network, a network security vulnerability is also a physical security vulnerability. The opposite is also true: Unauthorized physical access to network assets can lead to downtime and disruption.
Security personnel should ensure that an agency’s security policy includes strong protection of physical network devices — the routers, switches, servers and other hardware that supports the agency’s mission. If malicious parties are able to tamper with network equipment, they can wreak havoc.
One way would-be attackers could exploit physical vulnerabilities in a network is to gain access to the network through an unused port on a router or switch. Internal employees with malicious intent are also dangerous since they could use their legitimate access to a device to unleash an attack.
An attacker also might steal or “hijack” an end-user device, such as a laptop or personal digital assistant (PDA) that is authorized to access the network. If wireless networking systems are used, an attacker might try to intercept wireless data traffic from a location outside the building that is still within the radio frequency (RF) range (for example, a parking space near a building exit). An ambitious attacker might even try to install his or her own wireless receiver (called a “rogue access point”) on the premises to intercept wireless traffic. Such attacks can cause substantial damage and can be hard to trace.
Here are some guidelines government agencies can use to protect themselves against these types of attacks:
Network equipment should be kept under lock and key with access tightly restricted and closely monitored.
Unused ports on network devices should be disabled. Network equipment should be configured so that all active ports are limited solely to their intended use. Network routers and switches should include tools to detect whether a device plugged into a port is legitimate.
Network and computing resources should be able to self-defend, notifying legitimate administrators of unauthorized access or configuration changes.
Wireless networks should incorporate security systems to detect and block rogue access points or unauthorized users attempting to hijack wireless traffic.
All computing devices should be tracked, for example with RFID tags.
Access should be monitored to network routers, switches, security devices and servers. Within the network, the security policy should include sophisticated authentication systems to control who has access to equipment and how each user is authorized to use that access.
Ultimately, the best defense against an attack on an agency’s physical network equipment is a sound, comprehensive security policy — one that recognizes the interdependency of physical and digital assets and provides for robust protection of both.
Mike Nielsen Mike Nielsen is a security solution manager for Cisco Systems, focusing on the deployment of network security systems for government and enterprise customers. He has 14 years experience in data networking, with the past six years devoted to network and information security technologies.