Social engineering is always a fun subject to talk about. It is always interesting to watch companies trying to protect their data from being taken out of the company (e.g. paper copies, physical hard drives or even whole computer). Unfortunately I am still yet to see a company that tries to protect their network from people who bring the equipment into the network – this could be employees, visitors, maintenance workers etc.
Imagine someone bringing a Wi-Fi Access Point and connecting it to your network and hiding it. You can use your imagination on hiding the access point. Access points come in almost any shape and sizes.
Such access point will in most cases allow the "owner" a full access to the network it is connected to, at any time from outside of physical perimeter of the company. In other words, the attacker can sit in a coffee shop across your office on a Sunday afternoon drinking their favorite choice of caffeine-rich drink while data is being copied from your network.
My main question here is – how long will it take for an average company to find such access point?