http://www.darkreading.com/database_security/security/management/showArticle.jhtml?articleID=224900081 By Kelly Jackson Higgins DarkReading May 17, 2010 You can spend millions of dollars on network security, but it's all for naught if the data center has physical weaknesses that leave it open to intruders. Red team experts hired to social-engineer their way into an organization say they regularly find physical hacking far too easy. Ryan Jones, senior security consultant with Trustwave's SpiderLabs, says data centers he has investigated for security weaknesses commonly have the same cracks in the physical infrastructure that can be exploited for infiltrating these sensitive areas. Jones says the five simplest ways to hack into a data center are by crawling through void spaces in the data center walls, lock-picking the door, "tailgating" into the building, posing as contractors or service repairman, and jimmying open improperly installed doors or windows. "Over the years, you can spend millions of dollars protecting your network, but [many organizations] are leaving the front door wide open. They are missing huge gaping holes" in their physical security of the data center, says Jones, who will discuss his findings at the conference today in Sao Paulo, Brazil. "These are the top ways we get in." One of the flaws in the physical design of most data centers is their drop ceilings and raised floors, Jones says. "The walls don't go all the way up [to the ceiling] or down [to the floor]," he says. The drop ceiling leaves a void for an intruder to remove a ceiling tile from a nearby area and then crawl to the data center from above it. "You can crawl down carefully to where you need to drop down," Jones says. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Mon May 17 2010 - 22:37:52 PDT
This archive was generated by hypermail 2.2.0 : Mon May 17 2010 - 22:49:23 PDT