Wandering Thoughts archives

2023-11-03

Our varying levels of what you could charitably call 'physical security'

As I mentioned way back when I discussed how rogue wireless access points are a bigger risk at universities, one of the unusual things about universities is that we usually don't have anywhere near as much physical security as, say, a typical company does. This is because in practice most university buildings are open to the public, where anyone can walk in the front door (or any of the generally many side doors) and wander through most or all of the halls. This is especially so for the University of Toronto's main campus, which is embedded in the middle of downtown Toronto with Toronto streets running right through it. This doesn't mean we have no physical access control at all; instead, in practice we have a sliding scale of physical security and thus how exposed our networks are.

General purpose hallways and corridors have functionally no access control. Any networks that are available there, either through wireless signals or through stray network jacks, are fully accessible to potential attackers and have to be assumed to be untrusted. You might think that no one would ever put network jacks out in a hallway, but these days a surprising number of things like display screens need a network connection, and often it's desirable to have them out where the public can see them.

Some spaces are behind doors but the doors are normally left open (or at least unlocked), generally with some administrative staff person there to notice and help people who walk in. Anyone with a reasonably good story could probably get some quiet access to network ports exposed in these areas, and of course you could get at localized wireless networks just by having a device in your back pocket as you innocently ask questions and then thank the nice staff person for their help. We also have various meeting rooms, break rooms, and lounges; when not in use these are sometimes closed and sometimes left open, depending on random factors.

Rooms used for graduate student desks are normally behind closed doors (assuming the doors haven't been left open), but some of them are large and highly populated by a varied group of graduate students. In practice you could probably walk in or talk your way in, although there would be some risk of people eyeing you dubiously. Some groups have small areas with a small number of people, where everyone definitely knows each other and new, strange people will probably get at least some questioning; an attacker would need at least social engineering, rather than merely walking in somehow. Some areas are hybrids; we have at least one where a door lets you in to a corridor of mixed space, with a meeting room, a break room, and assorted, generally open-door small graduate student offices for graduate students from various groups, each with a number of people.

(So as an unsurprising broad generalization, the smaller the area involved and the fewer people who work in it, the more physically secure it will probably be in practice.)

Various of our networks run through all of these sorts of spaces, to greater or lesser degrees, and all of this affects what internal network authentication we need. If an internal network is only available in a small area that has good access control as a result of that, it can be relatively open; if we need to track down a responsible person for some device, it's probably not going to be hard. On the other hand, if an internal network is broadly available through all sorts of our space across multiple buildings, including in large and relatively uncontrolled rooms, then as a practical matter we'd better be able to track each device on it back to a person from our own data. Otherwise, at the very least we're doing a lot of hunting simply to find where the thing is.

(This comes up every so often when unfortunate network connection related mistakes are made.)

The ultimate version of 'broad and open access' is our wireless network, since it extends out into the hallways where anyone can be. You have to know the wireless password, but given that we have a large number of people using it, we assume that the password has leaked long ago and can be found if an attacker looks hard enough.

PS: Some of these physical security oddities in our environment are because different professors and groups have different opinions on how open or closed off they want to be. It's much easier for people outside your group to come by and interact with you if your group space has open doors than if they have to knock or wave to get someone's attention. Some groups have historically wanted a very 'open door' policy because they want to cross-connect, and there are professors who absolutely don't want to be stuck behind closed doors. This has unquestionably influenced the general layout of our space and things like how many general use corridors run through it.

sysadmin/OurVaryingPhysicalSecurityLevels written at 23:39:51;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.