Lecture Notes: Physical Security Attacks in Technology

Introduction

• Focus on physical security threats which are non-digital.
• Importance of addressing physical access to systems.

Physical Security Concerns

• Physical Access:
  • Full control can be gained if someone physically accesses a computer.
  • Locks are not foolproof; additional tools may be required.

Types of Physical Attacks

• Brute Force:

  • Commonly associated with password cracking, but applicable to physical security.
  • Example: forcing doors or windows open to gain access.
  • Evaluate data center security against brute force access.

• RFID Cloning:

  • RFID is used in access badges and key fobs.
  • Cloning an access badge is straightforward and cheap (under $50 on Amazon).
  • Quick duplication process - read a card and copy it in seconds.
  • Documented cases of RFID duplication in public places (e.g., trains).
  • Solution: Multi-factor authentication provides additional security.

Environmental Attacks

• Power Disruption:

  • An attacker can turn off power to a data center without entry.

• HVAC System Exploitation:

  • HVAC systems often lack robust security.
  • Attackers can turn off cooling, causing the system to overheat and shut down.

• Fire Suppression System:

  • Manipulating the fire suppression system can cause a denial of service.

Conclusion

• Importance of considering physical and environmental security measures.
• Multiple layers of security (e.g., multi-factor authentication) are essential to protect systems.