The perfect Trojan horse

When network spies can hide in power strips, network security takes a turn toward the impossible

Page 2 of 2

How many companies can afford to outfit every location with active Wi-Fi sniffers that may or may not detect the presence of a new Wi-Fi network? Or lock down every switch port unless and until someone requests that it be made available? Even then, a Power Pwn could be plugged inline between a switch port and a PC, functioning as a bridge, and assume the MAC address of the PC on the other end to evade MAC-based controls. Beyond even that, barring an endeavor to encase every office and site in a Faraday cage, 3G wireless access will always be there. It's a fool's errand.

It seems to me the only way to be 100 percent sure that a device like this could not be used to penetrate your network would be to shut down the network. There's just no good way to protect against the Swiss Army knife of network penetration at the present time.

Ultimately, what does this mean for network security? Those institutions that have requirements to be protected against any possible intrusion will wind up spending enormous sums of money to combat devices like this. Those Faraday cages will be installed. Wi-Fi, GSM, and CDMA scanners will be installed and monitored, and big money will hit the budget for even deeper network monitoring and alerting tools that may be able to come up with network fingerprints for known devices like the Power Pwn.

For most companies, it means drawing a line in the sand -- not against potential threats, but against our security efforts. Beyond that line, we throw up our hands and admit we are unprotected. We can protect against a lot of things, but there's simply no way that most budgets can support what it would take to deal with this type of subterfuge.

As time has passed, the cat and mouse game of computer and network security has been a fairly even fencing match. Where there's a parry, there's a riposte. However, it seems that those who can afford to strike back are dwindling in number, and ultimately, that may turn the match into the favor of the hackers.

This story, "The perfect Trojan horse," was originally published at InfoWorld.com. Read more of Paul Venezia's The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies