All companies must pay due attention to their business security. I always say that when it comes down to security, one must neither be permissive, nor paranoic. However, leaving technical considerations aside, it’s all about a common sense approach.
We often hear about IT security and (good) practices one has to comply with. Contrary to popular belief, even if small enterprises consider that they have nothing to hide from the rest of the world, they do have confidential data that must be secured. I am very much familiar with this type of reasoning: “I don’t have much value, thus I will be safe. No one will bother to pick on me”. If I were a (polite) hacker who searches for information on a certain company, I would probably stop when I came across certain protection measures. But this wouldn’t prevent me from obtaining more information on that company from its providers or partners. Although we are not dealing here with restricted information or confidential defense, security must nevertheless be ensured by means of certain good practices. Nobody wants to become the weak link in its clients’ security chain! You should consider information a puzzle, a matrix. You have to find the missing pieces and immediately put them together.
Let’s imagine we had to handle sensitive data. I limit this handling to a well-established environment:
- Choosing a room at the center and not at the periphery of a building
- Choosing a room away from public viewing areas
- Avoiding large windows considered as an open space
These are just a few examples of common sense approaches. I’d want to advise my colleagues to limit their discussion in public spaces (collective transport, train stations, etc.), areas full of eavesdroppers.
Below you have some food for thought as far as online components/electromagnetics are concerned:
1/ The Faraday Cage
It is a metal enclosure which shields equipment against external electromagnetic interference. We enter this cage with a radio. After the door is closed, the radio stops working as its antenna can’t catch any more waves. For this experiment, we also use a pair of twisted copper wires introduced in the filtered openings. When leaving the cage, the radio and our GSM included are picking up signal again!
2/ Propagation of electromagnetic signals
In one corner of a hangar we have a (standard) laptop with a wireless keyboard, and, in the other corner, (not high-quality) electronic equipment in order to analyze the signals and send them to a connected computer. The image below illustrates our configuration.
This environment helps us see the way in which:
the signals sent between the wireless keyboard and its station can be (very!) easily intercepted by third parties. The demonstration is based on a directional antenna connected to a ring that captures the waves on the building electrical network. Piece of cake! It is thus advisable to avoid using wireless keyboards when concerned about security.
the signals emitted by the laptop video card radiate (we mean here compromising parasite signals) and can be transmitted through air, the electrical network and also the central heating system. If the screen is brought very close to the central heating system, the signal emitted by the sources of electromagnetic radiation is available from the heating system. Finally, the signal allows the platform to reconstruct the image on a clear screen. It’s really amazing!
We might as well come up with thousands of arguments: it’s just a demo; when dealing with several screens it becomes even more complicated than that; there are no sensitive data (again!). But this is the reality.
The above-mentioned experiments are not meant to present the “how-to” but make you aware about the importance of good practices. Are things more clear now?
Anyway, I must remind you that before being a technology issue, security is firstly a matter of common sense and education. That is why I strongly recommend you to make your collaborators more aware of these good practices.
Please feel free to contact me for a discussion on this topic.
Check more articles written by Aymeric Libeau, Chief Cloud Officer!