Lesson 9: Physical-Layer Security
So far we've discussed protecting information and systems in logical terms. This lesson goes down to the foundation: the physical layer. Physical access to hardware bypasses encryption, firewalls, and every other logical control — making it the 'Weakest Link' that every other defense rests on.
In brief: no encryption protects a stolen server, and no firewall stops an attacker already in the server room. Physical harm affects all three CIA principles, so effective security requires physical controls (people, assets, facilities) alongside logical ones.
- Weakest Link Principle
- A breach at the physical layer bypasses encryption and firewalls; full physical access usually leads to full compromise, regardless of how strong the logical defenses are.
- Physical Threat Model (4 types)
- Four categories of physical attack goals: Interruption, Interception, Modification, and Fabrication.
- TEMPEST
- A standard for preventing electromagnetic-radiation leakage from screens, cables, and circuits, which could allow covert remote eavesdropping without touching the equipment.
- Evil Maid Attack
- An attacker with brief physical access to an unattended laptop (e.g. in a hotel room) installs malware, a rootkit, or a tiny hardware implant.
- TPM & Full Disk Encryption
- A TPM (Trusted Platform Module) is a hardware chip on the motherboard that holds the encryption key for full-disk encryption (e.g. BitLocker), so stealing the disk alone doesn't expose the data.