crowmoor.se

In todays newspaper there was an article regarding a fraud attempt using a remote access device physical connected to the computer. Thanks to a resourceful employee the attempt failed. This still opens up for questions regarding where you have your boundries for your trusted computing base. Could you trust your clients anymore when they have contact with internet and could be remote controlled? Even if this attempt was a bit more sophisticated trojans exists with the same functionality, total control. I would suggest that for critical systems client computers should not be allowed to have access to internet at the same time as they are communicating with the system. This could be solve by using for example SSL-VPN or some other solution that limits the network. A firewall is not good enough becuase it often allows outgoing traffic. Port filtering is often circumvented by mascerading the traffic.

In the end of the day you should update your riskanalysis to include physical attempts of computer access inside your buildings and act occording to the result. The days when we could be lax with security is over, sadly.