Smokers may be the weak IT security link

A UK security company warns that smokers may be a weak link for IT security, leaving doors open that could let in intruders to connect to the company network.

Where there's smoke, there's a door. A U.K. security company is warning that smokers may impact IT security, leaving open doors that could let in intruders who could abuse a company's network.

It may sound slightly far-fetched. But a penetration tester from NTA Monitor Ltd., a company based in Rochester, England, gained access to a professional services company outside London that way, said Roy Hills, technical director.

The company hired NTA to test if it was possible to get inside the premises without proper identification, Hills said. The penetration tester waited until the smokers finished their break, then slipped in through the unlocked door, which wasn't the main one but publicly accessible.

The tester -- who skirted past other employees by saying the IT department had sent him -- made his way to a meeting room, where he hooked up his laptop to the company's VOIP (voice over Internet Protocol) network, Hills said. The tester could have launched a denial-of-service attack or intercepted phone calls.

However, the VOIP network was segregated from the company's data network, a wise precaution IT managers can take, Hills said.

"It's much more dangerous if you can get on to the data network, copy data and be gone," Hills said.

Regulations that create smoke-free buildings or zones in some areas of the U.S. and Europe have driven smokers outside. In the U.K., a ban on smoking in buildings and facilities used by the public will come into effect in April in Wales and Northern Ireland, and in July in England. Scotland banned public smoking in March 2006. The ban includes smoking in train stations, restaurants and pubs, among other places.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?