Low Tech Hacking: Street Smarts for Security Professionals


Posted on by Ben Rothke

Security guru Bruce Schneier has observed that for those organizations that have incorrectly deployed cryptography, it is akin to putting a big flagpole in front of your facility and hoping that it will stop any attackers from breaking in. Of course, attackers will simply go around the flagpole rather than running into it.

In Low Tech Hacking: Street Smarts for Security Professionals, the authors, all information security veterans bring their collective experience to the printed word and show how low-tech hacks can be just as devastating as a large-scale directed attack.

The authors show how these simple attacks can be obviated by simple technical solutions, and provide numerous examples.

One of the paradigms the book uses is around lock picking.  The author notes that one thing about locks is that after all is said and done, locks don’t change that much.  So too with information security.  Even though there is significant amounts of new technologies abound to catch new sophisticated attacks.  The old school attack vectors of social engineering, poor password practices and more, are often the method in which attacks penetrate networks.

The book provides many tips which the reader can use to protect themselves against many of the most devastatingly simple attacks.  For example, in chapter 2 on physical security, the book details a mini physical security risk assessment you can do.  By focusing on the low-hanging fruit, many of the simply steps the authors suggest can delay the attackers long enough that they decide to try another victim.

The book also provides ample amounts of advice to security staffers that they can use to secure their network.  Much of chapter 4 is around low-tech wireless hacking.  Many networks add wireless access for ease of use.  But that user-friendliness also makes it easy for the attackers to connect to the network and launch their attack.

Overall, Low Tech Hacking: Street Smarts for Security Professional is a value reference for security professionals to use to ensure they are securing their networks adequately, to fend off the average attacker.

The authors have written a book that is light on theory, but heavy on actionable things the reader can quickly do to secure their network.   And that is a very good thing.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security hackers & threats

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs