Every organization must deal with the threats that are present in the environment each day. Threats can be natural, human, or technical. Natural threats can include items such as fires, floods, hurricanes, tropical storms, tidal waves, and earthquakes.

Human threats are not always as predictable as natural threats. For example, anyone living in California knows that earthquakes will hit, but they just can’t say when. However, an organization may expect someone to attempt or even succeed in breaking into the company, but the attempt may never come. Aside from natural disasters, security professionals must think of other threats, such as hackers who do not issue notices when an attack is coming. Any organization can be threatened by outsiders or insiders: people who are apparently trusted or unknown individuals.

Human threats can include the following:

• Theft—Theft of company assets can range from mildly annoying to extremely damaging. A CEO’s laptop may be stolen from the hotel lobby; but is the real loss the laptop—or the plans for next year’s new software release?

• Vandalism—A teenager just having some malicious fun by breaking windows and a hacker who decides to change your company’s webpage are both destroying company property.

• Destruction—This threat can come from insiders or outsiders. Destruction of physical assets can cost organizations money that was budgeted to be spent on other items.

• Terrorism—This form of threat is posed by individuals or groups that wish to prove a point or draw attention to a cause.

• Accidental—Accidents are bound to happen sooner or later, and their effects can be varied depending on the situation. Damage could range from lost data to attackers’ having access they should not have.

Any organization can also be at risk because of technical issues. A truck driver can knock down a power pole in front of the company, or a hard disk drive in a server might fail. Each of these occurrences can affect the capability of the organization to continue to conduct operations. Whenever a security professional is asked to perform a physical review, he or she should not neglect physical controls that are needed to protect against these or any of the various types of threats that are present. Any equipment failure and loss of service can affect the physical security of the organization.

Hardware keystroke loggers are physical devices used to record everything a person types on the keyboard. These devices are usually installed while the user is away from the desk. Keystroke loggers can be used for legal or illegal purposes, such as the following:

• Monitoring employee productivity and computer activity

• Law enforcement

• Illegal spying

Physical keystroke loggers can store millions of keystrokes on a small device that is plugged in between the keyboard and the computer. Some keystroke loggers are built into keyboards. The process is transparent to the end user and can be detected only by finding the keystroke logger.

Keystroke loggers can be:

• Attached to the keyboard cable, as inline devices

• Installed inside standard keyboards

• Installed inside replacement keyboards

• Installed as software on a system along with other software

Sniffing is the basic technique used for a large number of network-based attacks. If attackers can gain access to the network via a physical network connection, they can begin to capture traffic. Sniffing can be passive or active. Passive sniffing relies on a feature of network cards called “promiscuous mode.” When placed in promiscuous mode, a network card passes all packets on to the operating system rather than just those unicast or broadcast to the host.

Active sniffing, on the other hand, relies on injecting packets into the network, causing traffic that should not be sent to your system to be sent to your system. Active sniffing was developed largely in response to switched networks. Sniffing is dangerous in that it allows hackers access to traffic they should not see. An example of a sniffer capture is shown in FIGURE 4-1.

Sniffing is not restricted to wired networks. Electronic signals emanate from mobile devices, wireless local area networks (WLANs), Bluetooth devices, and even other devices, such as monitors. These signals can be intercepted and analyzed by an attacker with the right equipment. Even when signals cannot be intercepted, they can still potentially be jammed. For example, a cellular jammer could transmit a signal on the same frequencies that mobile phones transmit on and then prevent all cellular communication within a given area.

Other wireless technologies are vulnerable to attack as well. Bluetooth is a short-range communication technology that has been shown to be vulnerable to attack. One such attack is Bluejacking, which allows an individual to send unsolicited messages over Bluetooth to other Bluetooth devices. WLANs are vulnerable to attacks as well. These attacks can be categorized into four basic categories: eavesdropping, open authentication, rogue access points, and denial of service.

Finally, the attacker may attempt to set up a fake access point to intercept wireless traffic. Such techniques make use of a rogue access point. This fake access point is used to launch a man-in-the-middle attack. Attackers simply place their own access points in the same area as users and attempt to get them to log on.