2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	326/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 322 323 324 325 326 327 328 329 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Keyboards/Mice

Printers
Printers also may represent a security risk, albeit a simpler one. Depending on the physical
security controls used at your organization, it may be much easier to walk out with sensi-
tive information in printed form than to walk out with a flash drive or magnetic media. If
printers are shared, users may forget to retrieve their sensitive printouts, leaving them vul-
nerable to prying eyes. Many modern printers also store data locally, often on a hard drive,
and some retain copies of printouts indefinitely. Printers are usually exposed on the net-
work for convenient access and are often not designed to be secure systems. But there are

Assess and Mitigate Security Vulnerabilities
341
numerous configuration settings that may be available depending on the printer model that
can provide some reasonable level of secure network printing services. These can include
encrypted data transfer and authentication before printer interaction. These are all issues
that are best addressed by an organization’s security policy.
Keyboards/Mice
Keyboards, mice, and similar input devices are not immune to security vulnerabilities
either. All of these devices are vulnerable to TEMPEST monitoring. Also, keyboards are
vulnerable to less sophisticated bugging. A simple device can be placed inside a keyboard or
along its connection cable to intercept all the keystrokes that take place and transmit them
to a remote receiver using a radio signal. This has the same effect as TEMPEST monitoring
but can be done with much less expensive gear. Additionally, if your keyboard and mouse
are wireless, including Bluetooth, their radio signals can be intercepted.
Modems
With the advent of ubiquitous broadband and wireless connectivity, modems are becom-
ing a scarce legacy computer component. If your organization is still using older equip-
ment, there is a chance that a modem is part of the hardware configuration. The presence
of a modem on a user system is often one of the greatest woes of a security administrator.
Modems allow users to create uncontrolled access points into your network. In the worst
case, if improperly configured, they can create extremely serious security vulnerabilities
that allow an outsider to bypass all your perimeter protection mechanisms and directly
access your network resources. At best, they create an alternate egress channel that insiders
can use to funnel data outside your organization. But keep in mind, these vulnerabilities
can only be exploited if the modem is connected to an operational telephone landline.
You should seriously consider an outright ban on modems in your organization’s secu-
rity policy unless you truly need them for business reasons. In those cases, security officials
should know the physical and logical locations of all modems on the network, ensure that
they are correctly configured, and make certain that appropriate protective measures are in
place to prevent their illegitimate use.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 322 323 324 325 326 327 328 329 ... 881