Security guru Bruce Schneier has observed that for those organizations that have incorrectly deployed cryptography, it is akin to putting a big flagpole in front of your facility and hoping that it will stop any attackers from breaking in. Of course, attackers will simply go around the flagpole rather than running into it.
In Low Tech Hacking: Street Smarts for Security Professionals, the authors, all information security veterans bring their collective experience to the printed word and show how low-tech hacks can be just as devastating as a large-scale directed attack.
The authors show how these simple attacks can be obviated by simple technical solutions, and provide numerous examples.
One of the paradigms the book uses is around lock picking. The author notes that one thing about locks is that after all is said and done, locks don’t change that much. So too with information security. Even though there is significant amounts of new technologies abound to catch new sophisticated attacks. The old school attack vectors of social engineering, poor password practices and more, are often the method in which attacks penetrate networks.
The book provides many tips which the reader can use to protect themselves against many of the most devastatingly simple attacks. For example, in chapter 2 on physical security, the book details a mini physical security risk assessment you can do. By focusing on the low-hanging fruit, many of the simply steps the authors suggest can delay the attackers long enough that they decide to try another victim.
The book also provides ample amounts of advice to security staffers that they can use to secure their network. Much of chapter 4 is around low-tech wireless hacking. Many networks add wireless access for ease of use. But that user-friendliness also makes it easy for the attackers to connect to the network and launch their attack.
Overall, Low Tech Hacking: Street Smarts for Security Professional is a value reference for security professionals to use to ensure they are securing their networks adequately, to fend off the average attacker.
The authors have written a book that is light on theory, but heavy on actionable things the reader can quickly do to secure their network. And that is a very good thing.