On the way back from a very interesting an informative Microsoft Security Summit the other day and I noticed something that caught my eye.
Too many people concentrate on the hardware and software, and leave gaps. Gaps in the physical security, or gaps in the training of staff.
This photo shows off both.
Seems a cleaner at the train station near me had left the door open to the area that she kept her cleaning supplies, the same area that had a rack with server, fibre switch, ethernet switch, patchpanel and other miscelania. Whats that you spy, yep the rack door is unlocked too. Click click and a bad guy is on the network, just plug in a wireless router and see what traffic you can capture, doesn't matter if this network is firewalled the best in the world, or even airgapped, game over.
Back on the security conference I attended it was very interesting, it was all covered under an NDA, except the bit at the end which I already talked about. I am starting a security group in Sydney, sponsored by Microsoft. So Jeff Alexander let everyone know, I had a heap of business cards handed over for people that wanted to be kept in the loop, it is very exciting that we have this much interest already.
Well Peace out all, and please lock your racks and don't put them in a room with a sink for the cleaner to use.