Physical layer attacks

In the OSI model, the physical layer is the most elemental one, is responsible for relating software logic with physical devices or mediums that can transmit signals in any form.

This is the lowest component of the model, and for that, attacking actions requires physical access in a certain way for succeeding. In cases of wireless network presence, the attack should be perpetuated in a radius location for accessing coverage, for this case, this is not a matter of contact, but of reach.

This is not the type of attack that requires high skills in some cases, this is more focused on negligence.

Let’s start with vandalism and catastrophes, the fact is that there’s nothing to talk about vandalism itself, this raged actions can be detected if control access and surveillance in many forms are applied, the most common components for this, are biometric solutions, video surveillance, physical security offers, alarms, etc.

On the other way, catastrophes are the ones related to natural disasters most of the time, this is focused on how your infrastructure (as a whole) can protect against nature, for example, you can prevent performing installations in flood zones, or, implementing fire detection systems for electronic devices, just to name a few.

Some other things like the isolation of administration equipment, server room conditioning, and remote accessibility are just of few of the complementary actions for achieving physical security in a good way.

Let’s move on to the second common thing found in a company building, wifi connections, this can be part of the attacks too. You can minimize range coverage to just the required, and perform different configurations for avoiding common/default transmission settings.

Another possible attack vector is the signal Jammers, and AFAIK there’s no way for mitigating this kind of attack, you are exposed to a faulty disponibility of the service.

What to do for Wifi protection?

1. You need to keep your administration ports and creds inaccessible for non-authorized people
2. Avoid network-mirrors usage, these ones can replicate the whole network traffic without any kind of authorization
3. In the case of Wifi networks, use a proper encryption mechanism and strong password policies.

If you want to secure your home network, check this guide that I wrote for SOHO connections.

There are more wifi-related around, the wireless connectivity actually requires a complete post for just the very basics, this is a completely different world.

Great.

Another common physical attack is the Hub-inserting.

This consists of using a communication device inside a target network, as an intruder, with a practical goal of performing sniffing techniques. This attack requires physical access to do so and can be undetected at an administrative level.

In a simple text diagram, the Hub is placed between routers or switches, something like

[Internet] -> [Router] <- [Attacking Hub] -> [Switch] -> Device 1 … N

The hub-inserting countermeasures can be summarized in three main ones.

1. You cannot identify HUB devices
2. You can try to find connected devices in the OS network service, most of the time won’t be visible if they are in a complete passive state.
3. Modern switches can identify if a physical port is in the presence of one or many hubs, depending on the configuration, the connection will be enabled, for the network propagation won’t happen.

What can conclude from this? The switch configuration is a must-do for avoiding unwanted connections. A proper network configuration is mandatory.

There’s a lot of material out there. Physical security is a huge topic but is not my strongest skill. My intention was to give you a starting point on what can be done for attacking the physical layer on the OSI model.

I will complement this post with more information, links, and more resources based on the network’s cybersecurity scope.

More to come, stay tuned.