Where there's smoke, there's a door. A U.K. security company is warning that smokers may impact IT security, leaving open doors that could let in intruders who could abuse a company's network.
It may sound slightly far-fetched. But a penetration tester from NTA Monitor Ltd., a company based in Rochester, England, gained access to a professional services company outside London that way, said Roy Hills, technical director.
The company hired NTA to test if it was possible to get inside the premises without proper identification, Hills said. The penetration tester waited until the smokers finished their break, then slipped in through the unlocked door, which wasn't the main one but publicly accessible.
The tester -- who skirted past other employees by saying the IT department had sent him -- made his way to a meeting room, where he hooked up his laptop to the company's VOIP (voice over Internet Protocol) network, Hills said. The tester could have launched a denial-of-service attack or intercepted phone calls.
However, the VOIP network was segregated from the company's data network, a wise precaution IT managers can take, Hills said.
"It's much more dangerous if you can get on to the data network, copy data and be gone," Hills said.
Regulations that create smoke-free buildings or zones in some areas of the U.S. and Europe have driven smokers outside. In the U.K., a ban on smoking in buildings and facilities used by the public will come into effect in April in Wales and Northern Ireland, and in July in England. Scotland banned public smoking in March 2006. The ban includes smoking in train stations, restaurants and pubs, among other places.