A few weeks ago I had friends visiting from Thailand. Being the good host I try to be I took them to see several A few weeks ago I had friends visit from Thailand. Being the good host I try I took them on a variety of sightseeing tours; one of them was inevitably to one of the castle switch around here.
While we were strolling through the facility I couldn’t help but see a wire running throughout the complex, which obviously didn’t exist back in the 1800s.
Lo and behold it was a network cable.
This network cable was not only connected to the sprinkler system and the fire alarms, the exit signs and alarm system; it was also the same cable that ran to the cashier. Meaning, that the entire network infrastructure was exposed to interception.
Technically, it would be possible to separate the cable and install a device which will give you permanent access to the network.
As if this wasn’t bad enough, I found at least half a dozen RJ 45 sockets throughout the complex which would have made my work even easier; had I been a criminal.
It’s important to understand that these sockets were at locations where I would have been undisturbed four hours.
After this startling experience I kept my eyes open for rogue RJ 45 sockets in the wild.
A few days after the visit I mentioned, I had to go to a public and ministration building: and what was the first thing that smiled at me? Right! Another rogue RJ-45 socket.
Now, unless you have very specific MAC address filtering in place, rogue sockets will allow criminals to get a very good scan of your organization. If the access to systems is limited to, even then would it be possible to conduct a scan of the network, Which would reveal devices that are vulnerable, and allow for penetration of the network through that device.
Well this may seem obvious to a lot of us, they’re obviously a lot of people out there in our profession that do not take such Warnerville it is as a given fact.
Therefore, I dedicated an entire part of my cyber security risk assessment checklist to not only wrote RJ-45 sockets in the wild, but also to their placement, the mapping of the placement in case someone tampers with the box, and a variety of other issues.
Contact me if you’d like to get a copy of my checklist for your work.
