WEBVTT

00:00.520 --> 00:06.670
Securing peripherals is a really big deal when it comes to I.T. Security so I've got a couple of examples

00:06.670 --> 00:10.060
laying around here now when we talking about peripherals.

00:10.060 --> 00:17.380
We're talking about anything from a printer to keyboards to mice to displays to even things like security

00:17.380 --> 00:17.950
cameras.

00:17.950 --> 00:23.860
And in a small way we're also going to be talking about how smart devices interface with these peripherals

00:23.920 --> 00:27.760
as well because these are a big problem child when it comes to dealing with these guys.

00:27.770 --> 00:35.140
So the exam itself covers a number of different and rather unique objectives when it comes to peripherals.

00:35.140 --> 00:41.140
So what I did is I looked at that I kind of organized it in a different way because you may have lots

00:41.140 --> 00:44.130
of different peripherals but they tend to always have the same problems.

00:44.140 --> 00:49.250
So the first thing I want to talk about is the idea of wired versus wireless peripherals.

00:49.270 --> 00:54.160
Now if you're an old guy like me I actually remember a time when everything was wired my keyboard was

00:54.160 --> 01:01.660
wired my network was wired my display's was wired my sound was wired a lot more wireless these days

01:01.670 --> 01:08.470
and when you have something that's wired it is very difficult to create security problems with these

01:08.470 --> 01:10.920
devices simply because there's.

01:11.010 --> 01:14.320
You've got to physically get to the device to do something now when it's wireless.

01:14.320 --> 01:14.950
Things change.

01:14.950 --> 01:19.270
Probably one of the greatest examples is this keyboard mouse that I have in front of me right here.

01:19.270 --> 01:26.350
This is a good old Bluetooth keyboard mouse so when we're talking about wireless peripherals the word

01:26.350 --> 01:29.070
Bluetooth comes out an awful lot.

01:29.080 --> 01:32.680
Bluetooth has been around for 20 some odd years now.

01:32.710 --> 01:36.040
It is a complicated messy protocol.

01:36.040 --> 01:40.510
The 10:42 protocol is only about the entire document.

01:40.510 --> 01:43.890
The ATO 211 documents not even 500 pages.

01:43.930 --> 01:48.740
The Bluetooth documentation is almost 3000 pages.

01:48.850 --> 01:53.290
And any time anything complicated it tends to be easier to muck it up.

01:53.290 --> 01:55.150
And Bluetooth is no exception to that.

01:55.150 --> 02:00.610
Now there's two terms on the exam that I want to at least make a mention of first is called Blue jacking

02:01.060 --> 02:07.990
back in the old days I could take my phone for example and it has Bluetooth on it and I could take this

02:07.990 --> 02:14.010
phone and I could link in pair up with any other Bluetooth device.

02:14.230 --> 02:19.930
And that way I could use whatever that device might be and I could make long distance phone calls to

02:20.470 --> 02:22.360
Africa or whatever I wanted to do.

02:22.510 --> 02:24.020
And we called that blue jacket.

02:24.040 --> 02:27.350
Now blue jacking by itself is really rare today.

02:27.400 --> 02:30.100
We've got a lot of updates to the Bluetooth standard.

02:30.100 --> 02:36.430
So the idea that somebody can just connect into a bluetooth device is I'm not going to say it's impossible

02:36.610 --> 02:38.950
but it's rare in the classic sense.

02:39.070 --> 02:42.060
Blue snarfing is a little bit different.

02:42.070 --> 02:49.240
Blue snarfing means that I'm actually connecting to a bluetooth device in order to grab data and steal

02:49.240 --> 02:55.900
data and take it whether I'm getting on a personal area network Appin and Bluetooth and accessing files

02:55.900 --> 03:03.100
on a smartphone or if I'm just intercepting data between two pair devices if I'm actually grabbing and

03:03.100 --> 03:08.980
stealing data that's a blue snarf if I'm just making a connection to try to take advantage of a resource

03:09.340 --> 03:10.620
that's blue jacket.

03:10.720 --> 03:12.550
Now both of these are pretty much obsolete.

03:12.550 --> 03:20.140
However there are a lot of scenarios with Bluetooth that even up to today have problems there are little

03:20.170 --> 03:25.690
nooks and crannies within the complicated standard where we can still take control of Bluetooth devices

03:25.990 --> 03:28.630
where we can still steal data from that.

03:28.630 --> 03:34.360
So while classic blue jacket and classic blue snarfing are considered obsolete I assure you that there

03:34.360 --> 03:38.770
are plenty of people out there who can easily connect to any device that has Bluetooth running.

03:39.010 --> 03:44.320
So the big question you have when it comes to any Bluetooth device at all is number one do you have

03:44.320 --> 03:47.600
to have bluetooth on my phone here.

03:47.680 --> 03:51.550
I actually use Bluetooth quite a bit and I have to keep it on.

03:51.580 --> 03:54.280
But I know lots of people who they simply turn Bluetooth off.

03:54.280 --> 03:56.930
They have no bluetooth connections.

03:56.950 --> 04:03.220
Also remember that Bluetooth comes in three different classes so class one is only about a three foot

04:03.220 --> 04:09.310
distance whereas class 3 goes way out or did I get that backwards either way when you're buying Bluetooth

04:09.310 --> 04:10.420
devices.

04:10.420 --> 04:11.640
Think about distances.

04:11.650 --> 04:12.630
This is a big deal.

04:12.630 --> 04:19.450
One of the most fun things I used to do to people is I would get a Bluetooth keyboard and I would just

04:19.450 --> 04:25.750
plug the little bluetooth dongle into the U.S. be on one of my buddy's systems and I'd stand way back

04:25.990 --> 04:27.950
and I would be able to wreak havoc.

04:28.140 --> 04:28.540
OK.

04:28.580 --> 04:29.370
I got bored a lot.

04:29.400 --> 04:34.180
Anyway what you see today with a lot of Bluetooth things like keyboards and such.

04:34.180 --> 04:39.280
They're actually designed to work very very close by in order to prevent evil guys like me from having

04:39.280 --> 04:42.180
fun and messing up your Excel spreadsheets.

04:42.190 --> 04:48.040
Now the other thing about wireless that we need to watch out for isn't so much Bluetooth but it's actually

04:48.040 --> 04:49.190
Ayro to 11.

04:49.220 --> 04:52.330
Now we cover this in more detail in other episodes.

04:52.330 --> 04:59.860
But for example this multipurpose device right here multifunction device this is a printer and a fax

04:59.860 --> 05:07.150
machine and a copier and I think it actually makes ice cream cones to this device uses an 8 to 11 feature

05:07.150 --> 05:13.840
called WPX and WPX is very convenient what it's designed to do is if you want to connect this guy to

05:13.840 --> 05:16.840
an SS ID there's a button on here somewhere.

05:16.840 --> 05:22.720
Here I'll pretend it's over here and press that button and then I can go over to my wireless access

05:22.720 --> 05:28.780
point and press a button there and they will automatically sync together using WPA to personal shared

05:28.780 --> 05:30.040
key encryption.

05:30.040 --> 05:33.640
That sounds very convenient doesn't it press two buttons and you're connected.

05:33.790 --> 05:36.940
Watch other episodes and you'll see the WPX is a big problem.

05:36.940 --> 05:39.820
So that's something we really want to avoid.

05:39.820 --> 05:45.430
Now the other issue that we run into with peripherals is what I'm going to call hidden Wi-Fi.

05:45.430 --> 05:51.090
So first of all if you take a look at this little camera I've got here and I love these Amyris cameras

05:51.100 --> 05:56.740
I use them like crazy but they've got a problem you see a little slot right there that little slot is

05:56.740 --> 05:58.060
for a micro SD card.

05:58.060 --> 06:02.650
Now they can be convenient with these cameras because this camera has battery backup or something and

06:02.650 --> 06:07.300
if I can't get a live feed It'll store imagery on that SD card.

06:07.300 --> 06:11.380
Now the other thing if you take a look over at this multifunction device here you're going to see that

06:11.380 --> 06:18.130
this multifunction device also has a bunch of connections including SD connections on there.

06:18.130 --> 06:26.010
The problem with these SD mini SD micro SD is that the SD standard isn't just for storage devices.

06:26.080 --> 06:32.860
I can have a Wi-Fi SD card and a great little trick that people love to do is they will go ahead and

06:32.860 --> 06:40.630
they'll plug these little tiny SD wireless NICS into these devices now that allows us to do one of two

06:40.630 --> 06:41.800
different things.

06:41.800 --> 06:47.610
Number one they can piggyback on somebody else's wireless network which may or may not be a problem.

06:47.800 --> 06:53.830
But the other thing is that these little eddies really just use that connection as a power source and

06:53.830 --> 06:58.750
they can plug in and make their own wireless access point and all of a sudden they're grabbing all kinds

06:58.750 --> 07:03.010
of data and nobody's ever going to figure out where it came from who's looking in these little slots

07:03.010 --> 07:10.300
for a little tiny mini or micro SD card and trying to figure out that that's actually a complete functional

07:10.570 --> 07:12.040
wireless access point.

07:13.770 --> 07:17.910
The last one I want to talk about our displays and when I'm talking about displays.

07:17.910 --> 07:23.670
I mean monitors now I've got one down there I'm too lazy to pull up and it's not necessary because displays

07:23.670 --> 07:26.160
in and of themselves are pretty secure devices.

07:26.160 --> 07:31.370
The big downside we run into with most displays are those U.S. ports.

07:31.500 --> 07:36.780
When I buy a big display I always get one with us B because it's convenient as opposed to making my

07:36.780 --> 07:39.340
whole body reach way down onto a system.

07:39.420 --> 07:43.200
I can just plug into the side of a monitor and I've got us connectivity.

07:43.470 --> 07:45.530
Now these can be a big problem too.

07:45.540 --> 07:50.220
The problem that we run into it's not the monitor so much it's the U.S. b itself.

07:50.220 --> 07:55.410
So I want to take a second and take a look at this little device right here.

07:55.410 --> 07:59.950
Now if you take a peek at it you'd say oh Mike that's an old school U.S. beef stick.

08:00.030 --> 08:01.130
It's not.

08:01.170 --> 08:03.500
It's actually called a rubber duck.

08:03.510 --> 08:09.040
What that device does it when I can plug it into any system and it will emulate a keyboard.

08:09.120 --> 08:13.120
It can start grabbing data it will start capturing information.

08:13.170 --> 08:14.740
I could have it run scripts.

08:14.820 --> 08:18.950
This is a very dangerous although a lot of fun tool to have around.

08:19.030 --> 08:25.290
And you can actually buy these they're from an organization called Hack five like 30 bucks and they're

08:25.380 --> 08:27.160
a wonderful tool.

08:27.390 --> 08:33.210
So I can walk up to a system plug this in come back 20 minutes later after I've pretended to be the

08:33.210 --> 08:35.030
cleaning people or something like that.

08:35.190 --> 08:39.850
Pull it out and I can grab all kinds of data I can steal passwords whatever it might be.

08:40.020 --> 08:45.030
And these displays what they're handy little U.S. connections are a real problem in terms of somebody

08:45.030 --> 08:51.140
just being able to plug something in and boom they've got access to your system.

08:51.180 --> 08:52.730
So do we do about all this.

08:52.830 --> 08:56.850
Well the problem is is that people don't think about what they're buying.

08:56.850 --> 09:03.110
First of all though that little camera you saw earlier with the SD card did I really need that.

09:03.160 --> 09:06.060
Again we come down to lease functionality in these situations.

09:06.060 --> 09:13.200
So if somebody like this guy my answer is going to be if you can buy the device that has what you need

09:13.260 --> 09:14.500
and nothing else.

09:14.520 --> 09:19.210
So you want to avoid these back doors cash or other terrible backdoor you run into a lot.

09:19.620 --> 09:26.670
If you go out and you get these cameras not a not like this but like a little cheapie $80 cameras and

09:26.670 --> 09:29.620
they will have an app that you can install on here.

09:29.710 --> 09:35.100
Know unfortunately all of that information whatever you're watching on your camera is also being watched

09:35.100 --> 09:37.410
by multiple organizations in China.

09:37.680 --> 09:42.570
Documented but it's not against the law because if you read the fine print where you say I agree.

09:42.570 --> 09:44.370
They tell you they're doing exactly that.

09:44.380 --> 09:46.450
Nothing illegal about that whatsoever.

09:46.590 --> 09:51.020
So don't go buying devices with the unnecessary ports.

09:51.030 --> 09:54.510
Don't go buy devices with back doors you don't need.

09:54.540 --> 09:58.030
The other thing you need to think about is turn off unneeded ports.

09:58.110 --> 10:01.620
It's actually very interesting but on this printer right here it is trivial.

10:01.620 --> 10:05.910
There's one little setting it's a hardware setting that says turn off all those ports.

10:05.910 --> 10:09.480
So with one little click I can turn these off and you're completely safe.

10:09.480 --> 10:13.200
Now we talk about shutting down unnecessary ports and other episodes.

10:13.200 --> 10:16.420
But keep in mind with peripherals it's twice as important.

10:16.620 --> 10:17.520
And the last one.

10:17.520 --> 10:20.350
Boy this is a biggie when it comes to peripherals.

10:20.400 --> 10:26.710
Don't forget these things need patches and updates just like your Windows system just like your Macs.

10:26.730 --> 10:33.240
I can't tell you how many exploits that have taken place over the last few years because people fail

10:33.240 --> 10:40.990
to update patches on their cameras on their routers even on their multifunction devices.

10:41.010 --> 10:53.550
You've got to keep everything patched.