After hackers gain entry to your building, they’ll search the computer rooms and other areas for an easy access to your network.
The key to the kingdom is often as simple as an ordinary workstation which is connected to the network.
Malicious interlopers may do the following:
• Find a way to access the network.
• Steal data from a workstation by copying them onto a flash drive, or by uploading them to an online storage service.
• Changing routers, firewalls, and servers settings.
• Walk out with contact lists, incident-response plans, and network diagrams.
• Obtain circuit IDs from T1 and phone numbers from analog lines for future attacks.
Virtually every bit of unencrypted data that traverses the network may be intercepted for future examination through one of the following techniques:
• Connecting a PC running network-analyzer application to your network through a hub or switch.
• Installing network-analyzer application on an existing computer. This can be very difficult to spot.
How would hackers use the information?
• The easiest way to use the stolen information is by either installing remote-administration application on the PC or by using PCAnywhere or VNC.
• A cunning hacker with enough skill and time will bind a public IP address to a computer if it’s unprotected by firewall. Those with enough network experience can tamper with the firewall rules to do it.
You should also consider these entry points:
• Are routers, switches, servers, and firewalls mounted in locked racks?
• How easily can a computer be used during working hours? During lunchtime?
• Are computers – especially notebooks – secured properly with locks to the desks?
• Are passwords kept on sticky notes on monitors, desks or keyboards?
• Are portable storages lying around the desks susceptible to easy pick up?
• How are hand-held computers and laptops handled by IT department and regular employees? Are PDAs (personal digital assistants) and mobile phones sitting around unsecured? Those devices are usually at great risk due to their value and small size. Also, they are commonly unprotected by the company’s standard security controls. Are specific technologies and policies in place to regulate mobile devices? Is locking PDA cases and laptop bags necessary? What about boot-up passwords? Also consider encryption procedure in case those devices are stolen.
• How easily can you access a wireless AP (access point) signal to log into the network?
• Are network switches, hubs, firewalls, and routers (basically, anything with a network connection) easily accessible, which could allow a hacker to break into the network quickly?
• Are all cables patched through on the patch panel in the wiring closet so all network drops are live?
• Are cable locks/traps in place to discourage hackers from removing network cables from computers or patch panels, so they can use those cables to access the networks?
Computer security and network counter-measures are some of the easiest to implement, yet the hardest to enforce because they involve common actions. Mentioned below is a rundown of possible countermeasures:
• Demand users to lock their OS when leaving the room – which usually takes a couple of mouse clicks in Linux or Windows – to keep interlopers out of the network.
• Create and enforce an organization-wide standard for creating strong passwords.
• Require mobile devices users to lock their gadgets to their desks or store it in a locked cabinet. This is especially necessary in larger corporates or places that receive a good deal of foot traffic.
• Keep wiring closets and computer rooms locked, and monitor those places for malicious attempts.
• Keep a current inventory of software and hardware within the organization – particularly in computer rooms – so it will be quite easy to know when extra equipments appear or other equipments are missing.
• Properly secure digital storage – such as hard drives, tapes, CD-ROMs, and floppy disks – when carrying or storing them
• Use a reliable bulk eraser on magnetic storages before discarding them.