• Choose a category
• All
• Classic-Fiction

This situation is fairly normal in a small building. You could recommend enhancing the system by adding motion detectors in each major hallway. You could also install video surveillance cameras, such as closed-circuit television (CCTV), at all the entrances. You should also consider upgrading your perimeter security by adding contact sensors on all the doors and ground-floor windows.

Evaluate the building from a multi-tiered approach. Incorporate perimeter security, security zones, and surveillance where needed.

Biometrics

Biometric systems use some kind of unique biological trait to identify a person, such as fingerprints, patterns on the retina, and handprints. Some of the devices that are used are hand scanners, retinal scanners, and, potentially, DNA scanners, which can be used as part of the access control mechanisms. These devices should be coupled into security-oriented computer systems that record all access attempts. They should also be under surveillance in order to prevent individuals from bypassing them.

These technologies are becoming more reliable, and they will become widely used over the next few years. Many laptops sold now have a fingerprint reader built in. The costs associated with these technologies have fallen drastically in recent years.

Real World Scenario

Installing Biometric Devices

You’ve been asked to solve the problem of people forgetting the smart cards that give them access to the computer center. Hardly a day goes by that a company employee doesn’t forget to bring their card. This can cause a great deal of disruption in the workplace because someone has to constantly reissue smart cards. The company has tried everything it can think of short of firing people who forget their cards. What could you recommend to the company?

Investigate whether biometric devices (such as hand scanners) or number access locks can be used in lieu of smart cards for access. These devices will allow people who forget their smart cards to enter areas that they should be able to access.

Understanding Social Engineering

Social engineering is the process by which intruders gain access to your facilities, your network, and even to your employees by exploiting the generally trusting nature of people. A social engineering attack may come from someone posing as a vendor or as e-mail from a (supposedly) traveling executive who indicates that they have forgotten how to log on to the network or how to get into the building over the weekend. It’s often difficult to determine whether the individual is legitimate or has nefarious intentions.

Occasionally, social engineering is also referred to as wetware. This term is used because it is a form of hacking that does not require software or hardware but rather the gray matter of the brain.

Social engineering attacks can develop subtly. They’re also hard to detect. Let’s look at some classic social engineering attacks:

■ Someone enters your building wearing a white lab jacket with a logo on it. He also has a toolkit. He approaches the receptionist and identifies himself as a copier repairman from a major local copier company. He indicates that he’s here to do preventive service on your copier. In most cases, the receptionist will let him pass and tell him where the copier is. Once the “technician” is out of sight, the receptionist probably won’t give him a second thought. Your organization has just been the victim of a social engineering attack. The attacker has now penetrated your first and possibly even your second layer of security. In many offices, including security-oriented offices, this individual would have access to the entire organization and would be able to pass freely anywhere he wanted. This attack didn’t take any particular talent or skill other than the ability to look like a copier repairman. Impersonation can go a long way in allowing access to a building or network.

■ The next example is a true situation; it happened at a high-security government installation. Access to the facility required passing through