Upload
dougfarre
View
10
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Physical Security In the Workplace presentation given at Hacker Halted Miami 2008 by Doug Farre and Mitch Capper.
Citation preview
PHYSICAL SECURITY IN THE
WORKPLACE
Avoiding getting owned without knowing it
By: Mitch Capper and Doug Farre
This Presentation
We only have 45 minutes Won’t be covering:
Mechanical lock detailsHigh security mechanical lock detailsLatest high security exploits details
Goal is to help you evaluate a ‘secure’ area to see possible holes in security
What is most important to you? Your Data Your Contacts Your Customers Confidence Your Inventory Your Employees
Security BudgetVirtual Security: Firewalls Anti-virus IDSs VPNs System administrators Auditing and review Segmented networks Encryption and training Software Updates and Group Policies
Security Dollars
VirtualPhysical
Your Virtual Security Setup
IS GREAT Keeps the virtual bad guys out Stops drive by and 0 day exploits like no
others Has kept your company secrets secure
for many years
Compromising Virtual Security Physical key loggers Bios level rootkits with FDE and
virtualization Live malware Cold boot attacks
Physical Security is Trump
Most virtual security monitors the border Secure data can only be defined as
offline and encrypted At the end of the day there is only one
undeniable fact:
Physical Access means 100% data vulnerability
Why don’t people think about Physical Security? Don’t think it’s a threat Impossible to secure Not enough resources or knowledge Haven’t got around to it
Espionage Frequently use physical attacks Over 100 billion annually in cost Large attacks can be “game over” Social Engineering w/ minimal physical
attacks have accomplished most large attacks
Social Engineering and Information Gathering Social Engineering
Co-workerSalesmanInterviewsReference checksImpersonation
Information GatheringInterviewsProspective clientsPublic toursDumpster divingOff-site observationInternet
Lets Talk Physical Security
Breaks down to 5 main areas: Mechanical Access Control Electronic Access Control Alarm Systems Surveillance Egress Devices
Egress Devices: Latches
Latches Guards Deadlatches
Egress Devices: Continued Push Bars Button Releases Infrared/Motion Sensors
Alarm Systems Must be hardwired Expensive Install 4 main sensor connection types:
Trip on failCircuit always connected‘Constant Monitoring’Magnetic Coupling
Use GSM or Phone for reporting Spend most of their time off Response Time
Alarm Systems:Considerations Take advantage of unconventional
technologiesAlarmed glassPhotoelectric controlsPull-trip switchesStress detectorsVibration sensorsSound monitoring sensorsUltrasonic motion sensors
Surveillance
CCTV Primarily Forensic toolPartial Deterrent
ID CardsOnly good for casual ID
Guards ResponseTwo person rule
Surveillance
Electronic Access Control
Handling of lost keys/terminated employees
Easy to reprogram/rekey Advanced control (blackout times, use
counts etc…) Provides AUDITING
EAC: Keypads• Most are fairly weak• Scramble Pads can be good
EAC: Biometrics /Physical Characteristics
Fingerprints and hand geometry Facial recognition Vein mapping Retinal scanning
EAC: BiometricsBehavioral Characteristics Voice mapping
VoiceVault – phone verification Keystroke biometrics
BioPassword – keystroke behaviorThink Morse Code during WWII
Signature Dynamics
EAC: Cards
Barcode/ Concealed Barcode Cards Mag Stripe Cards RFID / Prox Cards Smart Cards
EAC: Fail
Most devices/systems use Weigand Protocol, think clear text over hard wire
Mechanical Lock Backup No destructive attack resistance
Mechanical Locks: Attacks
Key Duplication Bumping Picking Impressioning Rights Escalation in Master Key
Systems Bypass
MLA: Key Duplication
All non high security locks Some high security locks Key duplicators Clay Molding Silicon Casting
MLA: Bumping
Requires a bump keyA blank or key in the systemA file
Can be purchased online for under $5 a key
All non high security Some high security Low barrier to entry
MLA: Picking
Most people can pick an easy lock in 5-30 minutes of initially being given the tools and minimal instruction
Within months of casual practice most can open most non-high security locks both pin tumbler and wafer.
Large picking community www.lockpicking101.com
MLA: Bypass - Shimming
Padlock Shimming Handcuff Shimming
MLA: Lock Bypasses
Medeco Deadbolts Master lock 175 American Padlocks
MLA: Adam Rite Wires
Effected huge numbers of locks Lock/Egress combined attack
MLA: Impressioning
Key from the lock Key Blanks, File Skilled Attack The art of a locksmith
MLA: Rights Escalation in MK Systems Matt Blaze from AT&T Labs -2002 No technical skill required One key to the system, one lock, 5-7
key blanks, and a file Under desk attack
High Security Locks
Abloy, ASSA, Bilock, Medeco, Mul-T-Lock, Schlage (Primus)
Should be: bump resistanthard to pickhard to duplicate keyshard to drill
Industrial Locks
HSL: Problems
Changing Keys is a pain Even some high security locks suffer
from varying degrees of standard attacks (bumping, rights amplification, key duplication)
Getting unique blanks very hard for anyone short of the largest companies
HSL: Ground Zero
Mechanical locks usually are what is in-between the outside world and the sensitive data
One of few Active Preventions Low investment can greatly enhance
security Frequently Overlooked
Electronic vs MechanicalElectronic Mechanical
Hard to evaluate security Can be fully disassembled/understood
Compromises Simple Generally More Complex
Power Failure Issues
Auditing No Auditing
Rekeying Easy (generally) Rekeying Harder
High Cost for high quality Much Lower Cost
Proper Physical Security
Layers Look not just at how you are supposed
to enter, but alternate methods/exit ways Dual authentication separate electronic
with mechanical authentication
Combined Physical/Electronic Locks
Combined cylinders (Say Assa Abloy Brand’s Cliq) try to bridge gaps and minimize costs
Most brand systems (Medeco, Assa, Mul-t-lock) are already compromised
Abloy Protec Cliq still safe (also only mechanical lock for that matter)
Closing Points
Use your imagination! Never underestimate the attacker!
Questions?
Our email is at @SecuritySnobs dot com (first name @)
Mitch Capper Doug Farre
MLA: Rights Escalation – The How
File each of the 5 keys to the same depths of the normal user key skipping one of each position on each key
Put non working key in door try itIf doesn’t work file the one unfiled position
○ Try again until worksIf works and is same height as normal key keep
filing, otherwise the key is done Once all keys are done, compare each to the
original and make the GMK of different heights