P1: JDV
Michael WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:10 Char Count= 0
70 PHYSICALSECURITYdetection (other than visual inspection of all exposed
wires) may be difficult. Contrary to some rumors, fiber-
optic cable remains far more difficult to tap, and detec-
tion (without visual inspection) is highly likely; any light
that can be made to “leak” from a cable is not useable for
recovering data.
A specific type of wiretapping is akeyboard monitor,
a small device interposed between a computer and its
keyboard that records all work done via the keyboard.
The attacker (or suspicious employer) must physically
install the item and access it to retrieve stored data.
(Hence, keyboard logging is more often accomplished by
software.)
A variation on wiretapping is to use connectivity hard-
ware already in place, such as a live, unusedLAN(local
area network) wall jack; a live, unused hub port; a LAN-
connected computer that no longer has a regular user; and
a computer in use but left unattended by the user cur-
rently logged on. For the perpetrator, these approaches
involve varying degrees of difficulty and risk. The second
approach may be particularly easy, safe, and reliable if the
hub is in an unsecured closet, the connection is used for
sniffing only, and no one has the patience to check the
haystack for one interloping needle.
Phone lines are connectivity hardware that is often
overlooked. A na ̈ıve employee might connect a modem
to an office machine so it can be accessed (for legiti-
mate reasons) from home. This gives outsiders a potential
way around the corporate firewall. Even IT administra-
tors who should know better leave “back-door” modems in
place, sometimes with trivial or no password protection.
Sometimes the phone service itself is a resource that is
misappropriated. Although less common now, some types
ofPBX(private branch exchange) can be “hacked,” al-
lowing an attacker to obtain free long-distance service or
to mount modem-based attacks from a “spoofed” phone
number.
A final asset is an adjunct to the phone service. Em-
ployee voice mail, even personal voice mail at home, has
been compromised for the purpose of obtaining sensitive
information (e.g., reset passwords).
Appropriate access through appropriate channels does
not imply appropriate use. One of the biggest produc-
tivity issues nowadays is employee e-mail and Inter-
net surfing unrelated to work. If prohibited by com-
pany policy, this can be viewed as misappropriation
of equipment, services, and, perhaps most important,
time. Although text-based e-mail is a drop in the bucket,
downloading music files can “steal” considerable band-
width; this is especially a problem at those academic
institutions where control of students’ Internet usage is
minimal.Eavesdropping
Eavesdroppingoriginally meant listening to something il-
licitly. Although capture of acoustic waves (perhaps with
an infrared beam) is still a threat, the primary concern
in the computing environment involves electronically
capturing information without physical contact. Un-
guided transmission media such as microwave (whether
terrestrial or satellite), radio (the easiest to intercept), andinfrared (the hardest to intercept) should be considered
fair game for outsiders to eavesdrop; such transmissions
must be encrypted if security is a concern. Among guided
transmission media, fiber-optic cable stands alone for its
inability to radiate or induce any signal on which to eaves-
drop. Therefore, the interesting side of eavesdropping is
tempest emissions. Electrical devices and wires have long
been known to emit electromagnetic radiation, which is
considered “compromising” if it contains recoverable in-
formation. Mobile detectors have been used to locate ra-
dios and televisions (where licensing is required) or to
determine the stations to which they are tuned. Video dis-
plays (including those of laptops) are notorious emitters;
inexpensive equipment can easily capture scan lines, even
from the video cable to an inactive screen.
The termtempestoriginated as the code word for a
U.S. government program to prevent compromising emis-
sions. (Governments are highly secretive in this area; con-
tractors need security clearance to learn the specifications
for equipment to be tempest-certified.) Related compro-
mising phenomena are as follows:1.hijack—signals conducted through wires (and perhaps
the ground, as was noted during World War I);
2.teapot—emissions intentionally caused by an adversary
(possibly by implanted software); and
3.nonstop—emissions accidentally induced by nearby ra-
dio frequency (RF) sources.One attack is to irradiate a target to provoke resonant
emissions—in other words, intentional nonstop. (This
is analogous to how an infrared beam can expropriate
acoustic information.) Interestingly, equipment certified
against passive tempest eavesdropping is not necessarily
immune to this more active attack. (Compare the infrared
device to a parabolic microphone, which is merely a big
ear.) Although these emissions were formerly the concern
only of governments, increasingly less expensive and more
sophisticated equipment is making corporate espionage
a growing temptation and concern. An excellent intro-
duction to this area is chapter 15 of Anderson (2001). A
well-known portal for tempest information is McNamara
(2002).PREVENTIVE MEASURES
To expand George Santayana’s famous quote, those who
are ignorant of history are doomed to repeat it, but those
who live in the past are also doomed. Although an under-
standing of past disasters is essential, not all thatwillhap-
pen (in your neighborhood or in the world)hashappened.
The key to preventing physical breaches of confidential-
ity, integrity, and availability of computing resources is
to anticipate as many bad scenarios as possible. A com-
mon flaw is to overlook plausible combinations of prob-
lems, such as the incursion of water while backup power
is needed.
History has taught us that, regardless of the time, ef-
fort, and money invested, preventingallbad events is im-
possible; therewillbe failures. For integrity and availabil-
ity of resources, redundancy can be used as a parachute