News Database Security

Five Ways To (Physically) Hack A Data Center

Many data centers contain easy-to-exploit physical vulnerabilities that don't require hacking into the network

Kelly Jackson Higgins May 17, 2010

But like any undercover work, social engineering can tax the professional social engineer's conscience. Jones says the toughest job he had was for an energy firm, where he had to get inside the utility for five days and grab as much data and gain as much access as possible. "So I tailgated in talking on my phone ... and no one ever questioned me," he says. He found an empty desk in a cubicle and plugged his laptop into the network jack.

"An older lady in the cube next to me asked, 'Is there something I can help you with?' and I said I was trying to get my laptop on the network, and that I was here for training."

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

The woman got IT support to come and connect Jones to the company's network. "She was a really sweet lady," he says, and they would chat regularly. "She knew I was leaving that Friday, so she brought me a plateful of homemade cookies and said she hoped I'd had a great time at the company. I felt so bad -- I had spent a week lying to 'my Grandma.'"

Jones says doors and windows installed with their hinges on the outside of the data center also are a common mistake; it takes a couple of seconds to pop a door or window off of its hinges if it's installed this way. "This is a construction problem. When people have these things built, they don't think about it," Jones says. "It shouldn't cost any extra money for the contractor to fix it. Or you can call your lesser" if the data center is in a leased space, he says.

Jones discussed some of these physical weaknesses in data centers at the Thotcon conference last month in Chicago. A copy of his slides from that presentation are available here (PDF).

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

« Previous Page | 1 | 2

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

Security Implications Of Big Data Strategies

To understand how to secure big data, you have to understand what it is - and what it isn't. As organizations set about building big data clusters, they're finding that many of the best practices for securing such clusters are the same used to secure any corporate data. However, there are some big differences as well. Here are some recommendations on how to alter your security strategy to accommodate big data - and when not to.
Building and Maintaining Database Access Control Provisions

Knotted and complex database access permissions are among the biggest threats to enterprise data security. In this Dark Reading report, we examine the problems associated with granting permissions to sensitive data, and recommend solutions that will help organizations thoughtfully and effectively grant privilege when and where it is needed - and only when and where it is needed.
A Guide to Database Activity Monitoring

Database activity monitoring, or DAM, is an effective compliance and security strategy. However, not every DAM system will work the same in every organization. Indeed, not every organization can even make use of every feature that DAM systems provide. In this report, we examine what DAM can and can't do, and recommend how to evaluate and implement the best system for your organization.

Other reports from the Database Security Tech Center:

Related Content

Sponsored by

Control And Protect Sensitive Information In The Era Of Big Data

This report outlines the future look of Forrester's solution for security and risk executives seeking to develop a holistic strategy to protect and manage sensitive data. In the never-ending race to stay ahead of the competition, companies are developing advanced capabilities to store, process, and analyze vast amounts of data from social networks, sensors, IT systems, and other sources to improve business intelligence and decisioning capabilities.
Understanding Holistic Database Security, 8 Steps to Successfully Securing Enterprise Data Sources

This paper discusses the 8 essential best practices that provide a holistic approach to safeguarding data and achieving compliance with a proactive and systematic approach to ensure that corporate databases, data warehouses, file shares and Hadoop-based big data environments are secure from breaches and unauthorized changes, while achieving compliance with key regulations such as SOX, PCI DSS, GLBA, HIPAA and data protection laws.
Database Activities You Should Be Monitoring, Gartner analyst

As data stores grow in scope and importance, the need to monitor activities - especially in RDBMSs becomes essential for meeting legal and regulatory compliance requirements. These databases store huge amounts of sensitive data, affecting both data security and system and data availability. Is the data safe? Who has access and what are they doing with that access?
Top 3 Myths about Big Data Security: Debunking common misconceptions about big data security ebook

Security for big data systems is not optional, it's imperative. This eBook addresses three myths of big data security: 1) Big data is a buzz word; existing security controls will suffice. 2) Big data deals with social media and sentiment analysis; this data is freely given up by individuals, waiving their security rights. 3) Big data equals Hadoop and Hadoop is used for internal analytics only.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Back Issues

In This Issue

How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
Not All Or Nothing: Effective security doesn't mean stopping all attackers.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Database Security

Five Ways To (Physically) Hack A Data Center

Many data centers contain easy-to-exploit physical vulnerabilities that don't require hacking into the network

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Security Implications Of Big Data Strategies

Building and Maintaining Database Access Control Provisions

A Guide to Database Activity Monitoring

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Database Security

Five Ways To (Physically) Hack A Data Center

Many data centers contain easy-to-exploit physical vulnerabilities that don't require hacking into the network

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue