- The physical layer is aimed at consolidating the hardware requirements of a network to enable the successful transmission of data.
- Network engineers can define different bit-transmission mechanisms for the physical layer level, including the shapes and types of connectors, cables, and frequencies for each physical medium.
- The physical layer sometimes plays an important role in the effective sharing of available communication resources, and helps avoid contention among multiple users.
- It deals with the mechanical and electrical specifications of the interface and the transmission medium.
Purpose of Physical layer
The physical layer provides the following functions:
- Physical Characteristics of Interfaces and Media
- Representation of Bits
- Data Rate
- Synchronization of Bits
- Line Configuration
- Physical Topology
- Transmission Mode
Assets of Physical Layer
- Registered jack (RJ) 45
- patch panels
- Transmitters and Recievers
Attacks in Physical layer
- Pod Slurping is a technique used by miscreants to steal sensitive data from a system using some simple devices like iPods,USB Sticks,Flash devices and PDAs.
- The miscreants simply plug it into a desktop system, search for the needed files, and copy them to the portable device within few minutes.
- Abe Usher has written a new program called pod slurp, which is designed to be used with an iPod. While this software is only a proof of concept, it should serve as a wakeup call for anyone not yet concerned about the potential threat of these devices.
- Thus, an insider could move between a few dozen workstations and collect over 20,000 files in less than an hour.
- Restrict access to the USB port(s) on a computer system.
- Implement and enforce policies. No USB devices in the office means, no USB devices in the office for ANYONE (including technical staff, managers, etc.).
- Implement the principle of least privilege. Doing so will ensure a user can’t access files which they do not need to access.
- Lock picking is one way to bypass a lock, but is not the fastest way.
- One of the largest site to visit on information on lock picking is TOOOL.
- Although lock picking might not be a pure form of social engineering, physical security is an important aspect of a social engineer’s career.
- Learning how to pick locks can be useful for gaining access to companies, file cabinets, offices or other areas that will hold the information you seek. Practice kits like these can be found all over the web.
- The Most Common ways to manipulate a door lock during a burglary involves lock picking, the best way to eliminate this risk is to install a keyless lock.
- With modern day advancements in technology over the last few years, the digital lock technology has also evolved to the point where keyless locks are now commonly used for homes and as such, serve as a great means of protecting your home locks against lock picking by burglars and intruders.
- There are a wide range of digital locks such as fingerprint locks, pushbutton locks and remote controlled locks that are available on the market from which you can choose from.
Password exfiltration is the unauthorized way of cracking the password from a computer.Such a transfer may be manual and carried out by someone with physical access to a computer or it may be automated and carried out through malicious programming over a network.
- software can be used to monitor access to critical files and stop the processes that try to read them.
- Another good approach is encrypting important files, email, notes, etc., and to require specific software on the mobile device to open sensitive data.
- To prevent data exfiltration, administrators should create strict IT controls for both physical and digital security.
- Portable USB drives pose another big problem. Many new USB drives, such as the Sandisk U3 USB drives, are designed to make program installation easier.
- These devices are recognized as CD-ROM drives and can execute autorun.
- While autorun capabilities are normally restricted to CD-ROMs and fixed disks, these portable storage devices toggle from 1 to 0 during the initial inquire that occurs between the computer and the USB device to indicate that the device is non-removable.
Autorun requires very little work:
- Create a file called autorun.inf in the root of the USB drive.
- Open the autorun.inf file in notepad and write the script
This technique is used during penetration tests to gain insider access to files and systems.
- The best defense for these types of attacks is to disable autorun.
- Bitdefender USB Immunizer,USB Guardian,USB Firewall Tools are used to disable autorun.
- Use Device Manager to scan for hardware changes.
- After your computer scans for hardware changes, it might recognize the USB device that is connected to the USB port so that you can use the device.
To scan for hardware changes, follow these steps:
- Click Start, and type devmgmt.msc in the Start Search box and hit enter.
- Device Manager opens.
- In Device Manager, click your computer so that it is highlighted.
- Click Action, and then click Scan for hardware changes.
- Check the USB device to see whether it is working.
- Computer hardware can be inherently fragile.
- Heat, water, and physical accidents are the biggest threats to a computer’s physical safety.
- Computers should be properly cleaned on a regular basis to keep dust buildup to a minimum Care must also be taken when liquids are used around a computer