Eavesdropping, a problem then and now.

Then and Now

In the 17th century, an eavesdropper was someone who stands at the eavesdrop (where the water drops, i.e., next to the house) so as to hear what is said within. Carved wooden figure by Henry VIII had built into the eaves (overhanging edges of the beams in the ceiling) of Hampton Court to discourage unwanted gossip or dissension from the King's wishes and rule, to instigate paranoia and fear, and demonstrate that everything said there was being overheard; literally, that the walls had ears.

Today, eavesdropping can also be done, over telephone lines, email, and other methods of instant messaging considered private. (If a message is broadcast, it is not considered eavesdropping.) VoIP communications software is also vulnerable to electronic eavesdropping via infections such as trojans.  While the eaves is not often the location of overheard conversations, the inter-office, adjoining cube, outside of office, and in more public places like common areas of office kitchens, restaurants, reception areas and coffee machines areas are still where some of the information that should not be shared is gathered by passerby's.

Attack Types

  • Passive Attacks - These attacks happen with no modification of the content of fabrication of the communication being transmitted.  In this case, eavesdropping is used to learn the contents or other information from the communication including transfer patterns, traffic flows, formatting and the direction of information.
  • Active Attacks - When a modification of the content and/or participation in the communication occurs, to impersonate legitimate parties, modify the content in transit, and launching denial of service attacks. Examples of these may follow a passive attack to ensure that the attacker can accurately impersonate or modify the content of the communication without being detected as a false source. A denial of service attacks takes advantage of the TCP protocol and uses the "listening" stage of the data transfer to overload the listening endpoint until it is unusable.

Tools of Eaves Dropping

Eavesdropping is relatively easy to perform and mostly impossible to detect when in done a passive form.  By default, so many communications are transmitted in clear text and very little security is offered in the common transmission medium.  The tools available to attackers include network sniffers, protocol analyzers, elevated privileges and port mirroring.  But without anything too sophisticated, with the right equipment, it is even possible to eavesdrop from a miles away (just picture a silenced cell phone left in an area believed to be secure.)

Wireless transmission

The proliferation of wireless technology and IT expectation of being unplugged and yet able to perform normal business is a common expectation in many corporate environments.

  • Signal hiding techniques - Turn off SSID broadcasting by wireless access points.  Assign cryptic names to SSID's.  Reduce signal strength to the lowest level that still provides requisite coverage.  Locate wireless access points in the interior of the building, away from the windows and exterior walls.
  • Encryption - Effective against eavesdropping to the extent that the encryption keys are secured.

Solutions

There is no one solution, but an assessment of the enterprise communications that should remain secure is a great start.  Knowing what information is shared and by what means will need to be assessed first.  The mediums of transmission can always have a layered of security applied to them, but it is up to the leadership level to decide how much easy of transmission and information should take place as a balance to the risk of too much information being shared in a manner that can be intercepted by an eavesdrop.  Consulting with your security professional or getting an independent security consultant to evaluate your business is a wise investment in protecting your data.

Leave a Reply

Your email address will not be published. Required fields are marked *