Latest Threat To Your Corporate Network: Smoking Bans?

from the um...-what? dept

Thu, Feb 15th 2007 8:41am — Mike Masnick

It's amazing what kinds of things people will try to warn you about these days when it comes to computer systems. Following the warning about bird flu potentially taking down the internet now we apparently need to be aware that smoking bans may put company networks at risk. Apparently, over in the UK, they're about to put in place a ban on smoking in workplaces (similar to bans that have been found in the US for many years). So, what's the problem? Turns out those darn smokers leave the back door to their offices open so they can go in and out -- and a crafty criminal can just walk right into the building and plug into the network. Of course, there are a few problems with this. First off, walking directly into an office is pretty risky. While some people can get away with it, it hardly seems like a common practice that your ordinary cybercriminal is going to try. Second, it seems ridiculous to blame the smoking ban for this rather than the people who leave the door open. It's not the fault of the ban, but the workers who can't learn to shut the door properly. Apparently, that doesn't make for such a good headline, though.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Sanguine Dream, 15 Feb 2007 @ 9:02am

Disable their ass!
If there is a smoker that is leaving the door open and someone may get in, then lock them out. Do this on a cold enough winter day and I bet they won't leave it open anymore.
[ link to this | view in chronology ]
Republican Gun, 15 Feb 2007 @ 9:02am

Front Door
The front door is good enough. I took my auntie to the large medical complex down the way and while I was there I noticed a tech accessing a panel that was hidden behind a plant. The tech left the panel off. Over the next few months of taking the auntie to the large medical complex down the way I was tempted to bring a laptop and take a looksey at the network, but then thought that was illegal.
[ link to this | view in chronology ]
Smoker, 15 Feb 2007 @ 9:05am

No they would not leave it open, But you can bet they would find a way to disable the door latch
[ link to this | view in chronology ]
Nicko, 15 Feb 2007 @ 9:26am

Alarm
Sounds like more people need door prop alarms installed.
[ link to this | view in chronology ]
SPR, 15 Feb 2007 @ 9:28am

Open Doors
The obvious solution is to weld the doors shut!!
[ link to this | view in chronology ]
Kyros, 15 Feb 2007 @ 9:31am

Hacking for Dummies in the first chapter recounts how the author had preformed security testing on a building (he was payed by the company to see if their network was secure by attempting to break into it) by walking in the front door, stopping by the security desk, saying he was there to work on the servers - at which point the front desk handed him a clearence badge and brought him to the server room and even logged on at the admin level for him. I don't think it matters if the door is latched or unlatched.
[ link to this | view in chronology ]
- Anonymous Coward, 15 Feb 2007 @ 11:34am
  
  Re: Kyros
  "at which point the front desk handed him a clearence badge and brought him to the server room and even logged on at the admin level for him."
  
  So exactly how many security guards have ADMIN level access on the company network? Hell you want in just become a rent a cop.
  
  Whatever. . .
  [ link to this | view in chronology ]
Enrico Suarve, 15 Feb 2007 @ 9:31am

Change the doors then
If that worries you make the doors easier to use and get back in, or alarm them (even just making a noise after 10 seconds of being held open would help)

Years ago I used to work in a datacentre as a temp and used exactly this method to get in every day for 4 months, rather than stand in line every morning to get my new pass (the company had a farce of a procedure which involved me spending 5 minutes with a security guard every day while he checked various crap)

All went well for ages until we got audited and in the pre-audit someone asked me where my pass was

1st time I had been challenged in 4 months of working in a building of over 500 employees - I'd spent the rest of the time tailgating etc

So yeah if you're convincing you can get away with a LOT once you're in the door ;0)
[ link to this | view in chronology ]
- 566, 15 Feb 2007 @ 9:46am
  
  Security Fusion
  While this item may be over-emphasizing a bit point, it does point to, what I believe is, an emerging security trend - especially in the government space.
  
  Stovepipes of cyber and physical security are being broken-down. Looks like the buzzword is "Security Fusion."
  
  For example, DHS will now have an emergency communications IT component in the next iteration of its TOPOFF exercise. Amazing to think that DHS was doing these large-scale COOP/COG simulations without any this communications component.
  
  E.G.,
  http://www.fcw.com/article97613-02-08-07-Web
  [ link to this | view in chronology ]
Anonymous Coward, 15 Feb 2007 @ 9:46am

You non-smokers are such asses
[ link to this | view in chronology ]
Chronno S. Trigger, 15 Feb 2007 @ 10:26am

I have to ask
Wheres the ban exactly? Is it that there not allowed to smoke in the building, or is it there not allowed to smoke at all? I ask because if they ban smoking all together then this isn't a problem because people are not going in and out.
[ link to this | view in chronology ]
Angry Rvethead, 15 Feb 2007 @ 10:27am

Bah!
All I can say is I never smoked cigarettes until they implemented smoking bans. Starting at about 12, I smoked cigars here and there. But in my late teens, they implemented a smoking ban at my college. Not being 21, I couldn't go to a bar and have my stogie, and I wasn't about to stand outside in a Vermont winter for 2 hours toking my Upmanns. Plus th cold air throws the taste off. So I started smoking premium cigarettes. I'm hella pissed Davidoff stopped importing his line :-( I miss the Magnums.
[ link to this | view in chronology ]
Paul, 15 Feb 2007 @ 10:27am

Duh?
"Apparently, that doesn't make for such a good headline, though."

Apparently not, because you are still using a misguided headline.
[ link to this | view in chronology ]
dorpus, 15 Feb 2007 @ 10:34am

Stealth Nicotine
Unless you chew tobacco, of course. The new varieties come in pouches that don't leave tobacco leaves in the mouth.
[ link to this | view in chronology ]
- Iain, 15 Feb 2007 @ 12:26pm
  
  Re: Stealth Nicotine
  Those are called "bandits" or as we referred to them in high school: "training dip".
  [ link to this | view in chronology ]
par-4, 15 Feb 2007 @ 10:59am

In Calabasas, California, a small city in Los Angeles County banned public smoking completely. You're not allowed to smoke anywhere in public even if you're by yourself with no one around you. Absurb I tell you.
[ link to this | view in chronology ]
_Jon, 15 Feb 2007 @ 11:31am

Given that the smokers will be standing 6' from the back door, I find it hard to believe that a hacker will be able to walk past them and into the building.

The front door security guard may be a dork, but most of us geeks know who we work with. We may be lazy - and not want to fix the mess a hacker makes - but we aren't stupid.
[ link to this | view in chronology ]
- Enrico Suarve, 15 Feb 2007 @ 1:15pm
  
  Re:
  Maybe you aren't but plenty are trust me
  
  In case you're interested the real trick is to be smoking a cigarette yourself and be stubbing it out as they open the door to come out
  
  Hold it open for them once they've turned the knob
  
  I guarantee you very few people will stop you if you look confident enough - just another smoker going back in
  [ link to this | view in chronology ]
Anonymous Coward, 15 Feb 2007 @ 1:04pm

I think their might be some confusion here. Smoking bans have been in place for many years in the work place, except for bars, restaurants and private clubs.

What we are implementing now in the UK is a total ban on smoking anywhere in an enclosed public space. This means that all public places, including all pubs, restaurants, bars and private members clubs, will be smoke free from Summer 2007.

And to be honest it's about time. These bans have been in place in other European countries for some years now but the UK just doesn't want to lose tax money from tobacco, just in case people decide to quit smoking.
[ link to this | view in chronology ]
mikey, 15 Feb 2007 @ 2:13pm

silly
I'm a smoker, so I'm not a fan of smoking bans, but I can understand the want for them, I guess. Anyways, this claim of smokers leaving the back door open as a security problem is just out there.

I mean, if a company has a weak enough security system that people can just walk in and have access to everything, then they have more serious things to worry about anyway. Looking to blame smokers leaving the doors open (and attended even) shouldn't be the first place to look. If these "security experts" were experts, they would know that modern offices use RFID badges, not just for the back (or any other) door but also for access to equipment rooms.
[ link to this | view in chronology ]
Ben Robinson, 16 Feb 2007 @ 2:53am

This is Silly
Whilst it's true that a legal smoking ban in enclosed public spaces is due to come into force here in the UK in a few months the fact is that smoking in the workplace has been banned at a company level in most places for years. I can't remember the last time i went to somehwere that is a place of work, where you could smoke.
[ link to this | view in chronology ]
Ryan Coleman, 17 Feb 2007 @ 7:36pm

"While some people can get away with it, it hardly seems like a common practice that your ordinary cybercriminal is going to try."

It's actually very common in office towers etc. to have people walk in & grab latops/wallets etc. during office hours with people present - and this is in places where the only access is via passcode.

I've been surprised over the years how many times I've been in an office of another company and basically given free-roam over the space, including being let back into secure doors by simply knocking on the glass and simply saying "I'm just in a meeting down the hall".
[ link to this | view in chronology ]