Latest Threat To Your Corporate Network: Smoking Bans?
from the um...-what? dept
It’s amazing what kinds of things people will try to warn you about these days when it comes to computer systems. Following the warning about bird flu potentially taking down the internet now we apparently need to be aware that smoking bans may put company networks at risk. Apparently, over in the UK, they’re about to put in place a ban on smoking in workplaces (similar to bans that have been found in the US for many years). So, what’s the problem? Turns out those darn smokers leave the back door to their offices open so they can go in and out — and a crafty criminal can just walk right into the building and plug into the network. Of course, there are a few problems with this. First off, walking directly into an office is pretty risky. While some people can get away with it, it hardly seems like a common practice that your ordinary cybercriminal is going to try. Second, it seems ridiculous to blame the smoking ban for this rather than the people who leave the door open. It’s not the fault of the ban, but the workers who can’t learn to shut the door properly. Apparently, that doesn’t make for such a good headline, though.
Comments on “Latest Threat To Your Corporate Network: Smoking Bans?”
Disable their ass!
If there is a smoker that is leaving the door open and someone may get in, then lock them out. Do this on a cold enough winter day and I bet they won’t leave it open anymore.
Front Door
The front door is good enough. I took my auntie to the large medical complex down the way and while I was there I noticed a tech accessing a panel that was hidden behind a plant. The tech left the panel off. Over the next few months of taking the auntie to the large medical complex down the way I was tempted to bring a laptop and take a looksey at the network, but then thought that was illegal.
No they would not leave it open, But you can bet they would find a way to disable the door latch
Alarm
Sounds like more people need door prop alarms installed.
Open Doors
The obvious solution is to weld the doors shut!!
Hacking for Dummies in the first chapter recounts how the author had preformed security testing on a building (he was payed by the company to see if their network was secure by attempting to break into it) by walking in the front door, stopping by the security desk, saying he was there to work on the servers – at which point the front desk handed him a clearence badge and brought him to the server room and even logged on at the admin level for him. I don’t think it matters if the door is latched or unlatched.
Re: Kyros
“at which point the front desk handed him a clearence badge and brought him to the server room and even logged on at the admin level for him.”
So exactly how many security guards have ADMIN level access on the company network? Hell you want in just become a rent a cop.
Whatever. . .
Change the doors then
If that worries you make the doors easier to use and get back in, or alarm them (even just making a noise after 10 seconds of being held open would help)
Years ago I used to work in a datacentre as a temp and used exactly this method to get in every day for 4 months, rather than stand in line every morning to get my new pass (the company had a farce of a procedure which involved me spending 5 minutes with a security guard every day while he checked various crap)
All went well for ages until we got audited and in the pre-audit someone asked me where my pass was
1st time I had been challenged in 4 months of working in a building of over 500 employees – I’d spent the rest of the time tailgating etc
So yeah if you’re convincing you can get away with a LOT once you’re in the door ;0)
Re: Security Fusion
While this item may be over-emphasizing a bit point, it does point to, what I believe is, an emerging security trend – especially in the government space.
Stovepipes of cyber and physical security are being broken-down. Looks like the buzzword is “Security Fusion.”
For example, DHS will now have an emergency communications IT component in the next iteration of its TOPOFF exercise. Amazing to think that DHS was doing these large-scale COOP/COG simulations without any this communications component.
E.G.,
http://www.fcw.com/article97613-02-08-07-Web
You non-smokers are such asses
I have to ask
Wheres the ban exactly? Is it that there not allowed to smoke in the building, or is it there not allowed to smoke at all? I ask because if they ban smoking all together then this isn’t a problem because people are not going in and out.
Bah!
All I can say is I never smoked cigarettes until they implemented smoking bans. Starting at about 12, I smoked cigars here and there. But in my late teens, they implemented a smoking ban at my college. Not being 21, I couldn’t go to a bar and have my stogie, and I wasn’t about to stand outside in a Vermont winter for 2 hours toking my Upmanns. Plus th cold air throws the taste off. So I started smoking premium cigarettes. I’m hella pissed Davidoff stopped importing his line 🙁 I miss the Magnums.
Duh?
“Apparently, that doesn’t make for such a good headline, though.”
Apparently not, because you are still using a misguided headline.
Stealth Nicotine
Unless you chew tobacco, of course. The new varieties come in pouches that don’t leave tobacco leaves in the mouth.
Re: Stealth Nicotine
Those are called “bandits” or as we referred to them in high school: “training dip”.
In Calabasas, California, a small city in Los Angeles County banned public smoking completely. You’re not allowed to smoke anywhere in public even if you’re by yourself with no one around you. Absurb I tell you.
Given that the smokers will be standing 6′ from the back door, I find it hard to believe that a hacker will be able to walk past them and into the building.
The front door security guard may be a dork, but most of us geeks know who we work with. We may be lazy – and not want to fix the mess a hacker makes – but we aren’t stupid.
Re: Re:
Maybe you aren’t but plenty are trust me
In case you’re interested the real trick is to be smoking a cigarette yourself and be stubbing it out as they open the door to come out
Hold it open for them once they’ve turned the knob
I guarantee you very few people will stop you if you look confident enough – just another smoker going back in
I think their might be some confusion here. Smoking bans have been in place for many years in the work place, except for bars, restaurants and private clubs.
What we are implementing now in the UK is a total ban on smoking anywhere in an enclosed public space. This means that all public places, including all pubs, restaurants, bars and private members clubs, will be smoke free from Summer 2007.
And to be honest it’s about time. These bans have been in place in other European countries for some years now but the UK just doesn’t want to lose tax money from tobacco, just in case people decide to quit smoking.
silly
I’m a smoker, so I’m not a fan of smoking bans, but I can understand the want for them, I guess. Anyways, this claim of smokers leaving the back door open as a security problem is just out there.
I mean, if a company has a weak enough security system that people can just walk in and have access to everything, then they have more serious things to worry about anyway. Looking to blame smokers leaving the doors open (and attended even) shouldn’t be the first place to look. If these “security experts” were experts, they would know that modern offices use RFID badges, not just for the back (or any other) door but also for access to equipment rooms.
This is Silly
Whilst it’s true that a legal smoking ban in enclosed public spaces is due to come into force here in the UK in a few months the fact is that smoking in the workplace has been banned at a company level in most places for years. I can’t remember the last time i went to somehwere that is a place of work, where you could smoke.
“While some people can get away with it, it hardly seems like a common practice that your ordinary cybercriminal is going to try.”
It’s actually very common in office towers etc. to have people walk in & grab latops/wallets etc. during office hours with people present – and this is in places where the only access is via passcode.
I’ve been surprised over the years how many times I’ve been in an office of another company and basically given free-roam over the space, including being let back into secure doors by simply knocking on the glass and simply saying “I’m just in a meeting down the hall”.