3. Wireless access points: Wireless APs provide immediate connectivity to any user within proximity of the network. Wireless attacks by wardrivers (people in vehicles searching for unsecured Wi-Fi networks) are common and have caused significant damage in the past. TJ Stores, owners of Marshalls and TJMaxx, was attacked using this method, and intruders penetrated the company's computer systems that process and store customer transactions including credit card, debit card, check and merchandise return transactions. It's been reported that this intrusion has cost TJ Stores more than $500 million dollars to date.
Wireless APs are naturally insecure, regardless if encryption is used or not. Protocols such as wireless encryption protocol contain known vulnerabilities that are easily compromised with attack frameworks, such as Aircrack. More robust protocols such as wireless protected access (WPA) and WPA2 are still prone to dictionary attacks if strong keys are not used.
What to do: WPA2 Enterprise using RADIUS is recommended along with an AP that is capable of performing authentication and enforcing security measures. Strong, mixed passwords should be used and changed on a fairly frequent basis. Generally, wireless APs are connected for convenience, so it is usually not necessary to have them connected to a working environment.
4. Miscellaneous USB devices: Thumb drives aren't the only USB-connected devices IT needs to be wary of. Many devices are also capable of storing data on common file systems that can be read and written to through a USB or similar connection. Since it isn't the primary function of these devices, they are often forgotten as a potential threat. The fact is, if an endpoint can read and execute data from the device, it can pose just as much of a threat as a thumb drive. These devices include digital cameras, MP3 players, printers, scanners, fax machines and even digital picture frames. In 2008, Best Buy reported that they found a virus in the Insignia picture frames they were selling at Christmas that came directly from the manufacturer.
What to do: Implement and enforce asset control and policies around what devices can enter the environment and when. And then follow that up with frequent policy reminders. In 2008, the Department of Defense developed policies and banned USB and other removable media from entering/exiting their environments.
5. Inside connections: Internal company employees can also inadvertently or intentionally access areas of the network that they wouldn't or shouldn't otherwise have access to and compromise endpoints using any of the means outlined in this article. Maybe the employee "borrows" a co-worker's machine while he's away at lunch. Maybe the employee asks a fellow worker for help accessing an area of the network that he doesn't have access to.
What to do: Passwords should be changed regularly. Authentication and access levels are a must for any employee -- he should only have access to systems, file shares, etc. that are needed to fulfill his duties. Any special requests should always be escalated to a team (not a single user with authority) who can authorize the request.
6. The Trojan human: Like the Trojan horse, the Trojan human comes into a business in some type of disguise. He could be in business attire or dressed like legitimate repairman (appliance, telecom, HVAC). These types of tricksters have been known to penetrate some pretty secure environments, including server rooms. Through our own social conditioning, we have the tendency to not stop and question an appropriately attired person we don't recognize in our office environment. An employee may not think twice about swiping their access card to allow a uniformed worker into their environment for servicing. It can take less than a minute for an unsupervised person in a server room to infect the network.