Page 578 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 578

of copper!) are expensive to implement and cumbersome to use. It is
               arguable that the biggest risk with any monitor is still shoulder surfing

               or telephoto lenses on cameras. The concept that someone can see
               what is on your screen with their eyes or a video camera is known as
               shoulder surfing. Don’t forget shoulder surfing is a concern for
               desktop displays, notebook displays, tablets, and mobile phones.


               Printers

               Printers also may represent a security risk, albeit a simpler one.
               Depending on the physical security controls used at your organization,

               it may be much easier to walk out with sensitive information in
               printed form than to walk out with a flash drive or magnetic media. If
               printers are shared, users may forget to retrieve their sensitive
               printouts, leaving them vulnerable to prying eyes. Many modern
               printers also store data locally, often on a hard drive, and some retain
               copies of printouts indefinitely. Printers are usually exposed on the
               network for convenient access and are often not designed to be secure

               systems. But there are numerous configuration settings that may be
               available depending on the printer model that can provide some
               reasonable level of secure network printing services. These can include
               encrypted data transfer and authentication before printer interaction.
               These are all issues that are best addressed by an organization’s
               security policy.



               Keyboards/Mice
               Keyboards, mice, and similar input devices are not immune to security

               vulnerabilities either. All of these devices are vulnerable to TEMPEST
               monitoring. Also, keyboards are vulnerable to less sophisticated
               bugging. A simple device can be placed inside a keyboard or along its
               connection cable to intercept all the keystrokes that take place and
               transmit them to a remote receiver using a radio signal. This has the
               same effect as TEMPEST monitoring but can be done with much less

               expensive gear. Additionally, if your keyboard and mouse are wireless,
               including Bluetooth, their radio signals can be intercepted.


               Modems
   573   574   575   576   577   578   579   580   581   582   583