Category Archives: Physical Security

How should you secure your webcam?

Webcam security is probably something you have never given much thought to. You might have a friend that physically tapes their web cam and think that they are being a bit paranoid, but are they really? Criminals will do anything to make a buck and if they can do that via a webcam do you have any doubt that they would? I read this recent posting on quora that got me thinking about that very question.

It is well established that operating systems and applications of all types are insecure due to the complexity of code and lack of proper security reviews throughout the development and release process. Simply put any vulnerability at the operating system or application layer that grants sufficient privilege to the attacker could lead to the compromise of your web cam. So the possibility definitely exists that someone could compromise your webcam. But to paraphrase a poster on quora what would a hacker gain by doing that? Let’s examine the potential threats

Why would a hacker want to hack a webcam?

Here are just a few possibilities this list is not meant to be exhaustive but just to show you that there is plenty of motivation and potential financial gain by doing so.

  1. To gain access to pictures that can be used for blackmail or financial gain. How much would someone potential pay to keep embarrassing photos out of the public domain? I imagine this could become quite a source of revenue especially if someone in the public eye was the victim of this type of attack. Granted that this is called blackmail and has serious potential legal repercussions but so does hacking and that did not stop the hacker up to this point.
  2. For information to know what is happening in a given location covered by the webcam. This factor comes into play more when a webcam is setup to provide security for a high value location but could also be relevant if a home is particularly pricey or a prime target for physical theft. This one may be of a bit more of a stretch vs. option #1 but is definitely within the realm of possibilities.
  3. To terrorize the person on the other end of the webcam. Lets face it there are some sick and twisted individuals in the world who just like instilling fear in others and causing pain. Imagine the damage they can do if they control your webcam and you have not implemented any kind of security controls over your webcam. 


So what can you do to protect yourself from these webcam security threats?

Suddenly, the person using dark black tape to block their webcam when it is not in use does not seem so paranoid now that we know the evil doers have potential incentive to hack your webcam. I believe a physical security method is the preferred way to deal with this threat especially if you participate in sensitive activities with your webcam. Tape that does not allow the camera to be utilize is a good control here but it is only as effective as your regular usage of it. You must do this every time your webcam is not in use to have effective security.
Another effective method to control webcam security risks is to have a portable web cam vs. a built in one so you can unplug the usb port when it is not in use. If you do not have a built in camera this is the best security option you can employ but once again it is only as effective as your ability to do this every time it is not in use.
There are other important measures you need to take such as keeping your operating systems, internet browsers and other applications like Adobe flash up to date with the most recent versions. This will help minimize the likelihood of your machine being vulnerable to attackers. Minimizing your use of a webcam to situations that would not leave you embarrassed and open to potential blackmail is another important mitigation step that will help protect you even if someone manages to compromise your webcam.
Who would of thought a webcam could have so many security implications?

How to secure your iPad/iPad 2 at a conference or trade show

ipad security for trade shows and conferences

Photo credit: http://www.flickr.com/photos/schargis/

Are you responsible for delivering an important conference or trade show for your company? If so, I know you have a thousand things going through your mind to prepare for the big event but please remember to make information security part of the plan. Failing to account for security could be the difference between a successful event and a disaster. Remember to physically secure your ipads, portable electronic devices, and tv/display units because some attendees think more then the pens and stress reducing squeezy balls are fair game as giveaways.

General Information Security tips for trade shows and conferences

  • Mount/lock all electronic assets down to prevent loss or theft. Choosing one of the attractive options below will allow you to have security and an attractive setup
  • Be careful with the equipment while it is transit in your car or van. If you stop to eat or rest make sure someone has their eyes on the equipment at all times. If you are stopping for the night I advise unloading it into your hotel room.
  • Have a trusted person watch your electronic equipment while it is being moved from your car to the trade show (and vice versa). The equipment is most exposed while in transit
  • If you are capturing attendee’s contact information make sure you are treating the collected information as confidential and ensure the appropriate controls are in place. If you are capturing leads with electronic methods physical security controls recommended below should be used. If you are using business cards or other ways to capture leads also secure the box or container that you are using to collect the information.
  • Inquire with the organizers of the event about the security of the location to help ensure the equipment will be secure when you can not have your eyes on it. (likely thieves would target those without the security controls mentioned below so you will be a less attractive target overall)
  • Do not use USB/storage devices of unknown origin on your electronic devices you bring with you. This is a common way an attacker may seek to infect your systems.

iPad Physical Security Options for Trade Shows/Industrial Users

iPads are beautiful devices to show off your products and company’s electronic presence at a conference or trade show. Prospective customers love the latest technology and gravitate to displays that feature high tech displays. iPads and other portable devices should be attractively mounted as part of your display to prevent theft while at the same time retaining the beauty and usefulness of your showcase.

RAM Mounting System for iPad/iPad2 -Mounting device looks a lot like your typical tv bracket and is a top choice for securing an iPad/iPad2 in a semi-permanent  fashion when the device needs to be featured securely in your display. This high security mount/lock will give you the confidence that your device will not be lost or stolen during your next trade show or conference.

 

Arktis iPad Security Mount Lock. Another option for you to securely feature your ipad or iPad2 device for signature events. The Artkis is a bit more minimalistic then the RAM system listed above but another good option for security on the go.

General Laptop/Desktop Cable locks

Kensington is the most trusted name around for laptop/notebook/desktop cables so I recommend sticking with one of their basic offerings. Two options are either the combination or key lock depending on your preference.

Kensington Key Lock

Kensington Key Lock

 

 

 

 

 

Kensington Notebook Combination Lock

 

 

 

 

 

Other Trade Show/Conference Security Items

Mobile security mount for TVs/Displays – Top rated mobile security cart should be assembled prior to attending the trade show or conference. You can then roll it in easily and mount your tv unit once you arrive simplifying the process. This mount works for tvs/displays between 32-60 inches.

Rolling Trade show tv security mount

 

 

 

 

 

 

 

Security mount for TVs/Displays – If you are looking for a way to secure your tv screens/monitors for your exhibits this stand is a good choice for models between 23-42 inches.

 


 

 

 

 

 

Follow these tips to ensure your next conference or trade show is pulled off without an information security hitch.

Be sure to check out our recommended iPad and iPad 2 screen privacy recommendations


 

 

 

Information Security and Physical Security

Photo Courtesy of http://www.flickr.com/photos/eprater/

Information security is often thought to be very technical in nature and a lot times it is. After all technology is exciting and many people prefer to focus on firewalls, intrusion prevention systems and other state of the art technologies. Physical security is an essential often neglected aspect of information security and it is every bit as important as the more technical aspects. If you neglect implementing adequate physical security measures all of your other efforts can be in vain.

The following are the primary business risks if you fail to implement adequate physical security measures:

  • Disclosure of sensitive business information
  • Theft of your business assets
  • Financial loss for replacing assets
  • Loss of ability to use data that may be critical for sustaining ongoing operations (if no backups are available)
  • Negative publicity if the event is disclosed

So now that you agree it is important what do you need to do? One of the first steps should be to perform a risk assessment so you can document and prioritize based on business risk. This helps you focus your efforts and decide how much you are willing to spend to mitigate certain risks. I will provide a sample risk assessment at a later date to serve as a template but for now here are items to consider when implementing  physical security.

Physical Security Things to Do At Your Business

  1. Control access to your business facility to only allow authorized personnel inside. At the minimum this should mean securing your business at least as much as you do your home. Locked doors, security systems, and  or more advanced control mechanisms like building control devices.
  2. Secure rooms with computer servers and networking equipment in it with an additional level of security. Ideally physical access to these systems should be restricted to individuals that need to access them. In addition, a simple guest log in book is a good way to document who is accessing a security controlled room (of course badge access control is even better but it is all based on your cost/risk tolerance).
  3. Consider using a camera/DVR based security system. I have not yet purchased one but for under 400$ I am looking to get one very soon likely the Defender SN500. This set looks quite nice and is very cost effective for the additional protection it provides.
  4. Utilize cable locks for your desktops, laptops, projectors and network equipment. Physical theft is the greatest threat to these assets so lock it down to get a little more secure.
  5. Lock up sensitive physical files in drawers or cabinets and do the same with portable electronic media such as USB devices or cd/dvds.
  6. Make sure you follow our backup tips to ensure you do not lose critical data in the event of an environmental disaster such as a fire or flood.

Physical Security Things to Do on the Go

Laptop thefts are the biggest risk to your business assets while in transit. Follow these tips to make sure you minimize your likelihood of becoming a victim of laptop theft.

  • Place your laptop in your trunk immediately when leaving work for the day. A majority of laptops stolen from vehicles are stolen because they are visible tempting targets to thieves.
  • Never leave your laptop unattended when it is not locked up. Keep an eye on it at all times much like you would a small child playing in the yard.
  • Consider utilizing a laptop recovery service if you will be storing sensitive information on your machine.
  • When traveling on a plane never check a laptop always carry it on yourself.
  • If you are in a hotel room the best option is to lock your laptop in the in room safe. Next best options include using a cable lock to secure it to some furniture or shelving in the room. A last resort option is to use the do not disturb sign and hide it as best you can as recommended in these tips from Microsoft.
  • If you have to step away for even just a moment ask a trusted person to keep an eye on it for you. If there is no one available take it with you.

In summary, do not neglect physical security as part of your information security program. Doing so will leave you with a false sense of security and an incomplete protection program.