Attention to the reasons for hardware hacking
In terms of the insider risk problem, special attention is paid to the hardware hacking problem mainly because the internal stealing by the insider is completely different from external invasion by the hacker. The insider is very familiar with data security and file database environment in the enterprise. Usually, the insider has a certain right to read or edit relevant files. Besides, as the insider is an internal personnel, he or she has the necessity to exchange data. On the contrary, the external hacker may need to leverage analysis and infiltration layer by layer and necessarily steal data after mastering the environment of the enterprise or organization. This process takes a long time. However, the hacker or spy has an opportunity to bribe the internal personnel (insider) to achieve the purpose of stealing data. At this time, the insider becomes the risky role.
It is not uncommon that the headhunter endeavors efforts to bribe the insider to obtain data for the purpose of assisting with rapid development of the competitor and throws himself or herself into the lap of the competitor in the consideration of high price and bonus for the purpose of seeking possible development. Usually there is the relevant security management system in the original company. Many layers of barriers are installed from the firewall to end devices. However, engineering R&D personnel with professional skills in combination with external stealing devices will become the channel through which important data of the enterprise are leaked.
As a professional endpoint protection company, we must more explicitly master the technical channel for the combination between these devices and endpoint protection and implement verification and necessary protection. Only by doing so can a good information security endpoint protection product be provided to the customer. On the other hand, relevant information security personnel of the enterprise should master the features of relevant devices and stealing by the devices and further verify the intensity of overall security protection of the enterprise. The combination of both measures is the perfect method for attacking and defense.
Analysis of invasive routes of devices
Many special devices seem difficult to invade, but actually this is not the case. They share the same and identical operational principle and the military class stealing devices may not necessarily be purchased. For example, some network devices for MITM or HID stealing devices can simulate the same effects via Raspberry Pi. Some special devices cannot be directly exported from a foreign country and must be purchased by a buying agent. The price of these devices is relatively high due to the attention from the controlling government. As a defender for information security, it is a necessary process to perform relevant verification and tests and further increase the security intensity of X-FORT regardless of the performance of the devices.
Additionally, the methods for using such devices are not single. Some devices are used via the Internet, while some are simulated as other devices. For the insider stealing data, a USB storage device is not the unique channel. Relevant monitoring and attention can be easily bypassed by simulating the USB storage device as a network card or a keyboard or mouse. Of course, the integrated application of Internet protocols is another channel. Therefore, it is a very important preparation measure to pay attention to the stealing of relevant devices at any time.
It was heard that large technology companies in Taiwan dispatched personnel to pay attention to the information of relevant devices at digital product shopping center, 3C shopping center and on the Internet at any time and their purpose was nothing but to prevent data stealing because loss of relevant data would be transformed as the stress for the survival of the enterprise. By doing so, their objective was very explicit and risk prevention can be realized. Recently, the ant program of NSA leveraged a USB connector which was modified as an network attack device. This indicates that both the attacker and defender need to keep alert and attach importance to relevant problems correlated with hardware hacking devices.