Physical access

Physical access is a term in computer security that refers to the ability of people to physically gain access to a computer system. According to Gregory White, "Given physical access to an office, the knowledgeable attacker will quickly be able to find the information needed to gain access to the organization's computer systems and network." [White, Gregory: Security+ Certification All-in-One Exam Guide, McGraw-Hill, 2003, p. 388.]

Attacks and countermeasures

Attacks

Physical access opens up a variety of avenues for hacking [ [http://support.microsoft.com/kb/818200 An attacker with physical access to a computer may be able to access files and other data] , Microsoft.] . Michael Meyers' "Network+ Certification All-in-One Exam Guide" notes that "the best network software security measures can be rendered useless if you fail to physically protect your systems," since an intruder could simply walk off with a server and crack the password at his leisure ["Network+ Certification All-in-One Exam Guide", Michael Meyers, Third Edition, Chapter 17, p. 551, McGraw-Hill Companies, 2004.] . Physical access also allows hardware keyloggers to be installed. An intruder may be able to boot from a CD or other external media and then read unencrypted data on the hard drive [ [http://www.irongeek.com/i.php?page=security/localsamcrack Cracking Windows 2000 And XP Passwords With Only Physical Access] , Irongeek.] . They may also exploit a lack of access control in the boot loader; for instance, pressing F8 while certain versions of Microsoft Windows are booting, specifying 'init=/bin/sh' as a boot parameter to Linux (usually done by editing the command line in GRUB), etc. One could also use a rogue device to access a poorly secured wireless network; if the signal were sufficiently strong, one might not even need to breach the perimeter [http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1238092,00.html Threats to Physical Security] ] .

Countermeasures

IT security standards in the United States typically call for physical access to be limited by locked server rooms, sign-in sheets, etc. Physical access systems and IT security systems have historically been administered by separate departments of organizations, but are increasingly being seen as having interdependent functions needing a single, converged security policy [ [http://www.technewsworld.com/story/54176.html Bridging Physical Access Systems and IT Networks] , David Ting, TechNewsWorld, November 10, 2006.] . An IT department could, for instance, check security log entries for suspicious logons occurring after business hours, and then use keycard swipe records from a building access control system to narrow down the list of suspects to those who were in the building at that time. Surveillance cameras might also be used to deter or detect unauthorized access

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Access control — is the ability to permit or deny the use of a particular resource by a particular entity. Access control mechanisms can be used in managing physical resources (such as a movie theater, to which only ticketholders should be admitted), logical… …   Wikipedia

  • Access (economics) — Access is a catalytic process that enables interactions, contacts and exchanges among people, businesses and nations. An analytical framework to define the drivers and benefits of Access and to quantify the impact of Access on economic growth and …   Wikipedia

  • Physical security — describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts.Elements and designThe… …   Wikipedia

  • Physical information security — is concerned with physically protecting data and means to access that data (apart from protecting it electronically). Many individuals and companies place importance in protecting their information from a software and/or network perspective, but… …   Wikipedia

  • access — access, accession 1. as nouns. The two words are hardly at all interchangeable: accession means arrival or admission, whereas access means the opportunity of arriving or of admission. Accordingly, accession to the throne means becoming sovereign …   Modern English usage

  • Physical Medium Dependent — sublayers or PMDs further help to define physical layer specifications for Fast Ethernet, Gigabit Ethernet and 10 Gigabit Ethernet. These sublayers define physical layer specifications in Gigabit and 10 Gigabit Ethernet transmissions. It is… …   Wikipedia

  • ACCESS.bus — (or A.b) is a peripheral interconnect computer bus developed by Philips in the early 1990s. It is similar in purpose to USB, in that it allows low speed devices to be added or removed from a computer on the fly. While it was in use earlier than… …   Wikipedia

  • Physical Address Extension — In computing, Physical Address Extension (PAE) is a feature to allow (32 bit) x86 processors to access a physical address space (including random access memory and memory mapped devices) larger than 4 gigabytes. First implemented in the Intel… …   Wikipedia

  • Physical Layer — Als OSI Modell (auch ISO OSI Schichtmodell, OSI Referenzmodell; engl. Open Systems Interconnection Reference Model) wird ein Schichtenmodell der Internationalen Standardisierungsorganisation (ISO) bezeichnet. Es wurde als Designgrundlage von… …   Deutsch Wikipedia

  • Physical layer — PHY redirects here. For the drug referred to as Phy, see Methadone. The OSI model 7 Application layer 6 Presentation layer 5 Session layer 4 Transport layer 3 …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.