|
Dynamic Security adds location considerations to the security
landscape. Dynamic security prevents local log-ins by authorized personnel if the system shows they are not
physically on campus.
Location-based Dynamic Security is especially effective against
Wi-Fi hacker threats. Wi-Fi probably represents the great potential for security breaches and mischief.
Wi-Fi Threat
A savvy Wi-Fi hacking expert boasts to skeptics who do are
unaware of the Wi-Fi threat:
Let me take a moment to revel in the ignorance.
Please, open up your home network. Let me drive by, or if you're on a hill, let me point a nice yagi at your
window from a half mile away. Let me zombify your home box. Let me lift your license keys for your software. Let
me snag your account numbers from Quicken. Your identity and property data from turbotax will fetch enough coin
to make it worth my time. Let me pound gigs of expensive pirate software up to Usenet from your fixed IP, and
drag gigs of illegal bondage, snuff, and child porn films back down. Let me install a darknet client on your box
and make you into another 10GB stop on the unseen parts of the info highway until you re-install Windows to get
rid of the slowdown. Just because you're not the target of a major heist doesn't mean you won't get mugged in a
way that makes you out to be a perp.
And another explains
I agree with the first comment. Once you have
access to their C drive, you can pretty easily put your own executable in their startup directory. Off the top
of my head I'd say that you can easily get a key-logger from the usenet, or a P2P network (or write your own -
they are not all that difficult to write). You only need the user to enter their credit card info to buy
something online. Also, there is spyware that records what sites you visit. I would imagine it just wouldn't be
terribly difficult to write one that looks for online bill payment sites for the major banks. People who do
online stock trading, tend to end up wiring money from a bank account every now and then. That would be an
exploitable event. Once money is wired, there is really no easy way to get it back. There are banks on British
Isles that have treaties with the US that can be used to have some additional funds wired. Heck, if the PC still
has a modem, you can make their PC dial a pay phone line. If you don't believe that this can happen, please
leave you your PC open to me and we'll donate anything I get minus expenses to charity. I haven't used Turbo
Tax, but I would imagine that you could get a lot of useful info from its datafile as well.
Dynamic Security Meets the Threat
With Dynamic Security, it is not enough for a hacker to hijack the Wi-Fi airwaves and
enter the network with a legitimate employee’s credentials. In fact, with Dynamic Security, the hacker has to
physically enter the organizational campus and steal the identity of the very same employee who owns those
credentials. Furthermore, the hacker has to be sure that the real employee is not on campus, because the same
employee entering twice will generate an alarm.
Dynamic Security adds a location-based
security layer that manages access rights depending on the actual physical location of the employee or monitored
subject.
|
