Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 2: Low tech vulnerabilities: Phy... > Internal auditors are your friends - Pg. 68

Internal auditors are your friends 47 SPOT CHECK THOSE DROP CEILINGS On several occasions, we used our social engineering skills to get into buildings and then install a sniffer in the telecommunications hub for that floor. I recommend that all companies have their building maintenance teams perform a spot check above all suspended ceilings at least twice each year. We have been amazed at some of the things that we found up there while we were conducting the penetration test. You may even stumble into a security vulnerability you weren't even aware of. There is one thing we learned about telecommunications and wiring throughout buildings. Wires just never seem to go away! This was especially true in multi-tenant buildings. In many cases, the office space was in use by another company or orga- nization that had different needs from the current company occupying the same space. There was only one occasion where I can remember finding something in the drop ceiling that we believed was placed there for covert reasons. On another occasion, we found undocumented phone line extensions that were apparently used by a former tenant. They were not disconnected, and one of those lines was con- nected to a phone in a secure conference room. The people who had hired us to con- duct this test were very surprised to learn that. It was our opinion at the conclusion of