The Spy in Your Server Room

CorinneI writes "Your business's private information may not be as safe as you think — especially when you take into account how many people pass through your office's revolving door on a daily basis. That's why many companies hire TraceSecurity employees to test the security of their systems — operations that usually involve TraceSecurity personnel talking their way into offices in order to gain access to server rooms and sensitive customer information. PC Magazine was invited along to cover a recent TraceSecurity operation."

#1 cause is underpaid IT staff.

[Lumpy]

first server room access should be limited to a very short list. and nobody on that list should be so underpaid they would stupidly let someone in there without at least 2 sets of eyes on them.

All they prove is that IT departments are not only underpaid but under staffed.

the second thing they prove is that the security staff is also underpaid and understaffed. Sorry but my first shot is to ask what company they are from, then google it to find the phone number. I never call the number given by the person or on their badge or paperwork.

There are lots of other ways. also you don't need access to the server room to install a rogue AP and gain a wireless cracking point. one hidden nicely under the a desk on the 2nd floor corner office is a better place.

Re:#1 cause is underpaid IT staff.

[Aladrin]

"I never call the number given by the person or on their badge or paperwork."

Would you similarly distrust the number given to you from the email that was sent and appeared to be from management? I know I would assume that if the number differs from the public one on the web, it's because we have a corporate plan and have priority support from them. I -do- distrust anyone who claims to be X and give me the phone number to prove it. WAY too easy to fake.

"There are lots of other ways. also you don't need access to the server room to install a rogue AP and gain a wireless cracking point. one hidden nicely under the a desk on the 2nd floor corner office is a better place."

You do if the network is secured properly. Especially if they bothered to have 2 networks.

Re:#1 cause is underpaid IT staff.

[surprise_audit]

Around here, even people *on* the access list don't get to go into the server room without a phone call to the guard from elsewhere in the building. Heck, you can't even get into the building without an access card, or someone going to the guard shack to check you in.

On the other hand, it wouldn't be too hard for a disgruntled IT worker to set up a WAP for someone to gain access, but I suspect the signal would be a bit hard to pick up through concrete walls and across 500 feet of parking lot...

CmdrTaco

[u38cg]

When you say you refuse to allow advertising masquerading as articles, I believe that's your intention, but really - what else is this?

Re:Penetration testing is next to useless

My university (in central London) just installed revolving doors at some entrances to reduce tailgating. In peak hours they're like normal revolving doors, but outside those times (i.e. evening, night, weekends) you have to unlock the door with a university ID card. Each wave of the card lets only one person through, you can't tailgate -- the door locks, and you can only go back out. I don't know how successful they'll be at reducing tailgating (there used to be card-activated sliding doors), but I think they'll be effective.

Re:Slashvertisement!

Yep. This poseter created a brand new user id (CorinneI) and linked it directly to www.pcmag.com, too. What a crock.

Re:Slashvertisement!

[Frosty+Piss]

As I've pointed out in the past, there are a number of high profile consumer computer mags that get an amazingly (and suspicious) free ride here at Slashdot.