Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Penetration Testing and Van Eck Scanning

Re: [PEN-TEST] Penetration Testing and Van Eck Scanning

From: Rob Shein <rshein_at_mail.wash.averstar.com>
Date: Wed, 8 Nov 2000 11:08:03 -0500

If I understand the laws correctly (and I am NOT a lawyer, thank god),
construction of a Van Eck device is illegal in the U.S. The concept behind
the law is similar to the law regarding ownership or construction of bugging
devices. Frankly, I don't see how viable it really is for a typical
commercial enterprise to go sufficiently TEMPEST-compliant to thwart this
form of surveillance. If they're a small business, it's too expensive for
their budget, and if it's a large business, it's too difficult to cast the
net that wide and be sure that some high-level manager doesn't circumvent
the controls because he doesn't want to deal with the inconvenience or cost.

> -----Original Message-----
> From: Penetration Testers [mailto:PEN-TEST_at_SECURITYFOCUS.COM]On Behalf
> Of Johann van Duyn
> Sent: Wednesday, November 08, 2000 10:45 AM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: [PEN-TEST] Penetration Testing and Van Eck Scanning
>
>
> Just a thought I had while on a nicotine-and-caffeine break:
>
> Has anyone ever done a bit of Van Eck (aka TEMPEST) surveillance
> as part of
> a penetration test, just to show people what can be seen from a van in the
> corporate parking lot when the security attendant is on his lunch break?
> That could provide a few hot debates in boardrooms, especially if one were
> to tune in to the Internet browsing habits of a few senior directors...
>
> Has anyone done it, or had/seen it done (esp. outside of a military
> environment)? Are there any good references around re. proposed civilian
> standards for 'safety' from Van Eck scanning? And where would one look
> around either for people who do that type of surveillance, or the
> equipment
> to do that with.
>
> And, finally, if this is not the right forum for such discussions, could
> anyone in the know point me to such?
>
> Very ta,
>
> +----------------
> | Johann van Duyn BA, MCSE, BCP-ISS
> | Network Manager: The Appleton Group Ltd
> | johann.vanduyn_at_appleton.com
> | tel. +27 21 7998026
> | cel. +27 82 4588472
> | fax. +27 21 7944677
> +----------------
>
> "Many that live deserve death. And some that die deserve life.
> Can you give
> it to them? Then do not be too eager to deal out judgement. For even the
> very wise cannot see all ends."
> -- Gandalf, in "Lord of the Rings" by JRR Tolkein
>
>
> ***The Appleton Group Ltd***
>
> This message, including any attachments, is intended only for the
> individual
> or institution to which it is addressed and may contain
> information that is
> privileged, confidential or prohibited from disclosure or
> unauthorized use.
> If the recipient of this transmission is not the intended
> recipient, you are
> hereby notified that any use, reproduction dissemination, copying,
> disclosure, modification, distribution and/or publication of this email
> message or any of its attachments other than by its intended recipient is
> strictly prohibited by the sender. If you have received this message in
> error, please notify The Appleton Group Ltd immediately at
> postmaster_at_appleton.com and destroy the message and all copies thereof in
> your possession.
>
> ****************************
>
Received on Nov 09 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos