- Physical access
Physical access is a term in
computer security that refers to the ability of people to physically gain access to a computer system. According to Gregory White, "Given physical access to an office, the knowledgeable attacker will quickly be able to find the information needed to gain access to the organization's computer systems and network." [White, Gregory: Security+ Certification All-in-One Exam Guide, McGraw-Hill, 2003, p. 388.]Attacks and countermeasures
Attacks
Physical access opens up a variety of avenues for hacking [ [http://support.microsoft.com/kb/818200 An attacker with physical access to a computer may be able to access files and other data] , Microsoft.] . Michael Meyers' "Network+ Certification All-in-One Exam Guide" notes that "the best network software security measures can be rendered useless if you fail to physically protect your systems," since an intruder could simply walk off with a server and crack the password at his leisure ["Network+ Certification All-in-One Exam Guide", Michael Meyers, Third Edition, Chapter 17, p. 551,
McGraw-Hill Companies , 2004.] . Physical access also allowshardware keylogger s to be installed. An intruder may be able to boot from a CD or other external media and then read unencrypted data on the hard drive [ [http://www.irongeek.com/i.php?page=security/localsamcrack Cracking Windows 2000 And XP Passwords With Only Physical Access] ,Irongeek .] . They may also exploit a lack of access control in theboot loader ; for instance, pressing F8 while certain versions of Microsoft Windows are booting, specifying 'init=/bin/sh' as a boot parameter to Linux (usually done by editing the command line inGRUB ), etc. One could also use a rogue device to access a poorly secured wireless network; if the signal were sufficiently strong, one might not even need to breach the perimeter [http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1238092,00.html Threats to Physical Security] ] .Countermeasures
IT security standards in the
United States typically call for physical access to be limited by lockedserver room s, sign-in sheets, etc. Physical access systems and IT security systems have historically been administered by separate departments of organizations, but are increasingly being seen as having interdependent functions needing a single, converged security policy [ [http://www.technewsworld.com/story/54176.html Bridging Physical Access Systems and IT Networks] , David Ting, TechNewsWorld, November 10, 2006.] . An IT department could, for instance, checksecurity log entries for suspicious logons occurring after business hours, and then use keycard swipe records from a buildingaccess control system to narrow down the list of suspects to those who were in the building at that time.Surveillance camera s might also be used to deter or detect unauthorized accessReferences
Wikimedia Foundation. 2010.