So there's all these "high risk" countries out there now. The ones where you have to worry about hackers and all manner of espionage. One of the "highest" risk countries is China and, lucky us, we have a delegation from China visiting our new office (today is our second day in the new location). As a result I've been working a lot with our tech security group to ensure that we're doing everything we can to complete a safe visit. What, you might ask, goes into such a thing? Well, below is a brief list of just some of the things we've done to ensure that our area is secure, and our boardroom doesn't end up with information being stolen from it.
- So the first weapon that we use against things of this nature is education. We sat down with the executives who will be attending this meeting, and went through with them some of the "hows" and "whys" of what we were recommending. Some of the recommendations given to them were obvious: don't bring gadgets into the room. Turn off bluetooth. Never EVER accept a jump drive and insert it into your pc. The last of those recommendations actually did raise some eyebrows - simply because it's challenging to NOT accept a jump drive if they're told it "has a presentation on it" without offending folks who are our visitors. Hence step #2.
- Preparation of a "loaner" laptop. So this is something we do a lot for our folks when they have presentation. We setup a loaner laptop for them, so that they can continue using their own laptop while the meeting is ongoing. In this case, we don't even want their laptops in the room, nor do we want to risk anyone from the delegation utilizing this loaner to get access to our network. So we put on a non-admin account, after uninstalling both the ethernet and wireless adapters. Is it possible they could still somehow get those turned back on? Possibly, but that's why we took step 3 which I'll get to in a moment. We also installed a security suite that runs invisibly in the background and allows us to see literally every single thing going on with the laptop remotely. We can see running processes, websites visited, credentials entered - literally everything. The security folks also took what they call a "gold image" of the laptop: a full forensic image of everything on the machine with a base build. This will be compared to another forensic image to be taken immediately following the meeting. At that point, obviously, just to be extra safe the drive will be completely wiped back to zero, and then rebuilt again.
- While we can't disable the wifi in the area, as there are other executive offices around, we did take the step of disabling all of the ethernet ports in the room. Since security will be escorting these folks to and from the conference room, it's really their only opportunity. However, JUST IN CASE they, say, want to go into one of the nearby empty offices to "make a call" we went ahead and disabled those jacks as well.
- Our security goon squad is going to be hanging out in the control room for the conf room the meeting will be in. They have a whole butt-ton of gear in there, much of which I don't understand, but the general gist is that they are monitoring every bit of wifi or cellular data to go in or out of the room. They actually surveyed by mac address all activity from yesterday and are able to filter those nodes out of their reporting. Pretty cool stuff. Oh and if for some reason the delegation says they need to get online, we have a stripped down ipad ready to go with tethering.
There was a whole lot more done, but I found the process fascinating - hopefully some of you folks will find it interesting too :)