Securing Peripherals

11 minutes
Share the link to this page
You need to purchase the class to view this lesson.
One-time Purchase
List Price:  $139.99
You save:  $40
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  A$179.52
You save:  A$51.29
List Price:  ৳11,871.62
You save:  ৳3,392.13
List Price:  CA$176.80
You save:  CA$50.51
CHF 88.62
List Price:  CHF 124.08
You save:  CHF 35.45
List Price:  kr855.96
You save:  kr244.57
List Price:  €115.06
You save:  €32.87
List Price:  £102.26
You save:  £29.22
List Price:  HK$1,085.49
You save:  HK$310.16
List Price:  ₹10,223.98
You save:  ₹2,921.34
List Price:  RM566.18
You save:  RM161.78
List Price:  ₦53,126.20
You save:  ₦15,180
List Price:  kr1,183.01
You save:  kr338.02
List Price:  NZ$193.55
You save:  NZ$55.30
List Price:  ₱6,723.08
You save:  ₱1,921.02
List Price:  ₨22,447.39
You save:  ₨6,414
List Price:  S$185.30
You save:  S$52.94
List Price:  ฿4,195.50
You save:  ฿1,198.80
List Price:  ₺1,029.66
You save:  ₺294.20
List Price:  B$728.03
You save:  B$208.02
List Price:  R2,105.83
You save:  R601.70
List Price:  Лв225.56
You save:  Лв64.45
List Price:  ₩153,297.25
You save:  ₩43,802.34
List Price:  ₪446.20
You save:  ₪127.49
Already have an account? Log In


Securing peripherals is a really big deal when it comes to IT security. So I've got a couple of examples laying around here. Now, when we're talking about peripherals, we're talking about anything from a printer to keyboards two mice to displays to even things like security cameras. And in a small way, we're also going to be talking about how smart devices interface with these peripherals as well, because these are big problems when it comes to dealing with these guys. So the exam itself covers a number of different and rather unique objectives when it comes to peripherals. So what I did is I looked at that I kind of organized it in a different way, because you may have lots of different peripherals, but they tend to always have the same problems.

So the first thing I want to talk about is the idea of wired versus wireless peripherals. Now if you're an old guy like me, I actually remember a time when everything was wired. My keyboard was wired, my network was wired, my displays was wired, my sound was wired. A lot more wireless these days. And when you have something that's wired, it is very difficult to create security problems with these devices simply because there's you've got to physically get to the device to do something. Now when it's wireless things change, probably one of the greatest examples is this keyboard mouse that I have in front of me right here.

This is a good old Bluetooth keyboard mouse. So when we're talking about wireless peripherals, the word Bluetooth comes out an awful lot. Bluetooth has been around for 20 some odd years now. It is a complicated, messy protocol. The 802 11 protocol is only about the entire document. The 802 11 document is not even 500 pages, the Bluetooth documentation is almost 3000 pages, and anytime anything's complicated, it tends to be easier to muck it up.

And Bluetooth is no exception to that. Now. There's two terms on the exam that I want to at least make a mention first is called Blue jacking back in the old days, I could take my phone, for example, and it has Bluetooth on it. And I could take this phone, and I could link in, pair up with any other Bluetooth device. And that way I could use whatever that device might be. And I could make long distance phone calls to Africa or whatever I wanted to do.

And we call that blue jacket. Now blue jacking by itself is really rare today, we've had a lot of updates to the Bluetooth standard. So the idea that somebody can just connect into a Bluetooth device is well, I'm not going to say it's impossible, but it's rare in the classic sense. Blue snarfing is a little bit different. Blue snarfing means that I'm actually connecting to a Bluetooth device in order to grab data and steal data and take it whether I'm getting on a personal Area Network, a pan and Bluetooth and accessing files on a smartphone, or if I'm just intercepting data between To pair devices if I'm actually grabbing and stealing data, that's a blue snarf. If I'm just making a connection to try to take advantage of a resource, that's blue Jackie.

Now both of these are pretty much obsolete. However, there are a lot of scenarios with Bluetooth that even up to today have problems. There are little nooks and crannies within the complicated standard, where we can still take control of Bluetooth devices where we can still steal data from that. So while classic blue jacket and classic Blue snarfing are considered obsolete. I assure you that there are plenty of people out there who could easily connect to any device that has bluetooth running. So the big question you have when it comes to any Bluetooth device at all, is number one, do you have to have Bluetooth on my phone here I actually use Bluetooth quite a bit.

And I have to keep it on but I know lots of people they simply turn Bluetooth off they have no Bluetooth connections. Also remember that Bluetooth comes in three different classes. So class one is only about a three foot distance, whereas class three goes way out, or did I get that backwards either way, when you're buying Bluetooth devices, think about distances, this is a big deal. One of the most fun things I used to do to people is I would get a Bluetooth keyboard. And I would just plug the little Bluetooth dongle into the USB on one of my buddies systems and I'd stand way back and I would be able to wreak havoc. Okay, well, I got bored a lot anyway.

What you see today with a lot of Bluetooth things like keyboards and such, they're actually designed to work very, very close by in order to prevent evil guys like me from having fun and messing up your Excel spreadsheets. Now, the other thing about wireless that we need to watch out for isn't so much Bluetooth, but it's actually 802 11. Now we cover this in more detail in other episodes. But for example this multi purpose device right here, multifunction device. This is a printer and a fax machine. And a copier.

And I think it actually makes ice cream cones to this device uses an 802 11 feature called WPS. And WPS is very convenient. what it's designed to do is if you want to connect this guy to an SSID, there's a button on here somewhere here, I'll pretend it's over here because I press that button. And then I can go over to my wireless access point and press a button there. And they will automatically sync together using WPA two personal shared key encryption. That sounds very convenient, doesn't it, press two buttons and you're connected.

Watch other episodes and you'll see the WPS is a big problem. So that's something we really want to avoid. Now the other issue that we run into with peripherals is what I'm going to call hidden Wi Fi. So first of all, if you take a look at this little camera I've got here, I love these amcrest cameras. I use them like crazy, but they've got a problem. Do you see that little slot right there.

That little slot is for a microSD card. Now they can be convenient with these cameras. Because this camera has battery backup or something, and if I can't get a live feed, it will store imagery on that SD card. Now the other thing, if you take a look over at this multifunction device here, you're going to see that this multifunction device also has a bunch of connections, including SD connections on there. The problem with these SD mini SD micro SD is that the SD standard isn't just for storage devices, I can have a Wi Fi SD card, and a great little trick that people love to do is they will go ahead and they'll plug these little tiny SD wireless Nicks into these devices. Now that allows us to do one of two different things.

Number one, they can piggyback on somebody else's wireless network, which may or may not be a problem. But the other thing is that these little SDS really just use that connection as a power source. And they can plug in and make their own wireless access point. And all of a sudden they're grabbing all kinds of data and nobody's got to figure out where it came from, who's looking in these little slots for a little tiny mini or micro SD card and trying to figure out that that's actually a complete functional wireless access point. The last one I want to talk about are displays. And what I'm talking about displays, I mean monitors.

Now I've got one down there, I'm too lazy to pull it up. It's not necessary, because displays in and of themselves are pretty secure devices. The big downside we run into with most displays are those USB ports. When I buy a big display, I always get one with USB because it's convenient. As opposed to making my whole body reach way down onto a system. I can just plug into the side of a monitor, and I've got USB connectivity.

Now these can be a big problem too. The problem that we run into, it's not the monitor so much. It's the USB itself. So I want you to take a second and take a look at this little device right here. Now if you take a peek at it, you'd say Oh, Mike, that's an old school USB stick It's not, it's actually called a rubber duck, what that device does when I can plug it into any system, and it will emulate a keyboard, it can start grabbing data, it will start capturing information. I could have it run scripts, this is a very dangerous, although a lot of fun tool to have around.

You can actually buy these. They're from a organization called hack five, like 30 bucks. And they're a wonderful tool. So I can walk up to a system, plug this in, come back 20 minutes later after I pretended to be the cleaning people or something like that, pull it out, and I can grab all kinds of data. I can steal passwords, whatever it might be. And these displays with their handy little USB connections are a real problem in terms of somebody just being able to plug something in and boom, they've got access to your system.

So what do we do about all this? Well, the problem is is that people don't think about what they're buying. First of all, though, that little camera you saw earlier with that SD card. Did I really need that? Again, we come down to lease functionality in these situations. So somebody like this guy, my answer is going to be if you can buy the device that has, what you need and nothing else of so you want to avoid these backdoors cash, another terrible backdoor to run into a lot.

If you go out and you get these cameras, not not like this, but like little cheapy $80 cameras, and they will have an app that you can install on here. Yeah, unfortunately, all of that information, whatever you're watching on your camera, has also been watched by multiple organizations in China, well documented, but it's not against the law. Because if you read the fine print, where you say, I agree, they tell you they're doing exactly that. nothing illegal about that whatsoever. So don't go bind devices with the unnecessary ports don't go by devices with backdoors you don't need. The other thing you need to think about is turn off unneeded ports.

It's actually very interesting, but on this print Right here, it is trivial. There's one little setting. It's a hardware setting that says, turn off all those ports. So with one little click, I can turn these all off, and you're completely safe. Now we talked about shutting down unnecessary ports in other episodes, but keep in mind with peripherals, it's twice as important. And the last one, and boy, this is a biggie.

When it comes to peripherals, don't forget these things, the patches and updates just like your Windows system, just like your Mac's I can't tell you how many exploits that have taken place over the last few years because people fail to update patches on their cameras on their routers, even on their multifunction devices. You've got to keep everything patched.

Sign Up


Share with friends, get 20% off
Invite your friends to TabletWise learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.