When we think of vulnerabilities in technology, we usually think of the software holes that allow attackers access over the Internet. However, computer hardware also comes with its own set of vulnerabilities. Even if you have perfect software (and no one does), here are three ways your hardware could leave you vulnerable:
1) Unknown Equipment - One of the easiest ways to hack a company's computer network is to not go through the network at all. Exploiting our natural curiosity is another great way to gain unauthorized access to a network. Many attackers have found their way to company data by leaving a flash drive or external hard drive in the lobby of a building. An employee finds it and wants to help return it, so he plugs it in hoping that the files give some indication of the owner. Meanwhile, this drive is downloading information to the computer that will then be used to cause all kinds of trouble on the network. Even if you are just a home user, plugging in a drive you found could be a recipe for disaster.
If you find a drive, be very careful about plugging it in at all, and if you do, be very careful about the files you open. I have a computer that I use that contains no personal or business information; its entire purpose is to open suspicious files (or suspicious drives). If you find a flash drive or hard drive and you don't have a setup that allows you to contain the problems that could occur from opening it, take it to an employee at the business where you are or turn it in to the police.
2) Theft - Think about all the information your phone could tell about you. Someone who looks through the phone could potentially find your home address, photos of your family, where you bank, who you know, and a whole host of usernames and even passwords for your accounts. Even if you do not do sensitive activities on your phone, syncing data with your home computer could cause that information to be stored on your computer without your knowledge. Plus, a knowledgeable person can easily uncover information hidden away on your computer. I once observed an investigation on a server, and I was stunned at how much information was exposed in under two minutes. If your phone or laptop falls in the wrong hands, it could expose pages of information about you.
Any device should always be password-protected before it goes out the door of your home for any reason. If it contains sensitive information, that data should also be encrypted.
3) Plugging In - You have a password (hopefully, a good one) to secure your wireless internet. However, that password can be bypassed by anyone who has direct access to your router through its Ethernet ports. Obviously, someone cannot do this from outside your house, but if they are allowed inside (perhaps as a repairman), they could quickly plug in a device to obtain physical access. Once they have access, they can access the router's control panel unless the default password has been changed.
If you have a business location, your network could be set up to allow/disallow access based on location. For example, people plugged into ports in the accounting room could automatically be granted access to the financial programs and data. However, it is not difficult to unplug a cable from a desktop in order to plug it into a laptop. If your network is configured in this way, make sure that it requires permission for every new device on the network.
No comments:
Post a Comment