Business Security Information

Pod slurping is a generic term that refers to a technique where someone uses an MP3 player, such as an iPod, to steal sensitive information from a company.  In addition to MP3 players, thieves can also use other devices such as flash drives, digital cameras, mobile phones, PDA’s, or other plug-and-play devices that have storage capabilities.  Basically, any portable storage device can be used to steal or slurp sensitive information.   Special software on the thief’s device can automatically search the computer it is connected to for any sensitive information and then download or “slurp” the information to the device.  This type of software can easily be downloaded from the internet.  Back in 2004,  security expert Abe Usher developed a program called “slurp.exe” that he used on his iPod to demonstrate how information could easily be “slurped” from a computer.  In the demonstration, it took just over a minute to download all files from the computer.

It seems like almost every book or article I read defines computer security a little differently.  Often the terms computer security, information security, network security, information system security and information assurance are used interchangeably even though each of these terms covers a slightly different portion of security.  I feel that computer security is the overall general term used to indicate the protection of a company or organizations data, network and computer systems.  The other terms  (information security, network security, information system security, etc.) fall under the main heading of computer security.

It seems like there are numerous websites on the Internet covering the main aspects of computer security but very few on physical security for a typical business.  On this website I try to cover all types of security on this website, but today I want to focus on physical security.

Physical security is mainly related to the protection of people, buildings, equipment and other physical or tangible assets.  Physical security is often overlooked in this high-tech business world where protecting digital assets of a business is emphasized. Adequately protecting digital assets, though, depends on implementing physical security as well.

A strike plate is a part of a door lock.  It is the metal plate that is attached, usually with screws, to the door jamb (door frame) and has one or more holes that hold the lock bolt when the lock is engaged.  When the door is closed, the lock bolt extends into the hole which then keeps the door closed.  Refer to the picture for a look at a high security strike plate.

Crimeware is a form of of malware (malicious software) that is  used to attack your computer and/or network.  Crimeware is designed for one purpose which is to facilitate illegal or criminal activity.

This type of software is often used to commit identity theft.  Also, crimeware allows attackers to capture and export sensitive information which they can sell or use to exploit for some other type of financial gain.  Another common type of crimeware includes phishing kits that allow an attacker with little or no technical skill to launch a phishing attack.  This type of crimeware may include website development software, content for the site, and spamming software that will allow the attacker to send out mass e-mails to their phishing targets.

A rootkit is a collection of software programs that contain a variety of tools and allow an attacker root or administrative level access to a computer or network.  Attackers install rootkits usually after having obtained basic user level access to a system, then gaining higher access to the account by using a cracked password or through some other vulnerability on the system which allows them to install software on the system.  Once a rootkit is installed, it allows the attacker to bypass security measures and hide the intrusion.  Rootkits do this by replacing normal operating system components or altering existing system tools or software so as to escape detection.

In security, a Trojan Horse is similar but not the same as it was described in Greek mythology in which the Greeks presented the city of Troy with a wooden horse in which they had hidden their soldiers.  After the Trojan Horse was inside the city and night had fallen, the soldiers emerged from the wooden horse and overtook the city.

Lock Bumping, or “bumping” as it is sometimes called, has been around for the past fifty years and is a form of lock picking where a specially cut key is used to move the pins in the lock so the lock can be opened.  The key is made by cutting all cuts in the key to their maximum depth and is sometimes called a 999 key because the cuts are made to the maximum depth of 9.  The cuts can be made by using a hand file, but using a key-cutting machine speeds up the process of making a bump key.

In the computer security field, a backdoor is basically a computer program that gives an attacker easy access to a computer system and bypasses security measures that are currently in place.  Computer programmers sometimes install backdoors in the programs they write, but they use the backdoor  to access the program for the purpose of troubleshooting the software.  For this definition, we will limit our discussion to backdoor programs that attackers use.  Backdoors, whether used as a troubleshooting tool or as a means of gaining undetected access to a computer system, are a security risk.

IP Cameras are surveillance or CCTV cameras that use IP (Internet Protocol) to transmit a video image and any control signals for the camera over an Ethernet network.  IP cameras are also referred to as network cameras.  They are usually recorded using a digital video recorder (DVR) or a network video recorder (NVR).  The use of IP cameras allow the video to be stored and retrieved from anywhere on the existing network.  IP cameras also allow a business to view the cameras through an internet connection or across private networks such as LANS (local area networks) or WANS (wide area networks).  Also, IP cameras are able to be deployed or used across a wireless network.  Resolution of IP cameras, just like digital cameras, has improved over time.