About Us  |  Services  | Recruitment  |  Advertise  | Contact

 

Computer Network Defence Ltd

IDS & IPS Products
Scanning Products
VPN & Firewall Products
Forensics Solutions
Content Protection
Training Courses
Raw Packets
Bug Sweeping / TSCM
Miscellaneous
Home
Home User Advice
Security Threat Console
Mailing List
Alert Services
Security Cartoons
TEMPEST
Bug Sweeping
Merchandising
Services


TEMPEST FAQ
 Why bother going to the trouble of hacking a computer, when you can reconstitute the same data remotely by tuning into the electromagnetic emanations.  There has been a lot of speculation regarding the TEMPEST phenomenon of late, either scare-mongering by TEMPEST consultants or dangerous comments about there being no risk from well meaning but inexperienced individuals.   I hope to provide realistic guidance on how to assess and counter the risk, the information provided is by no means extensive and has been severely edited


What does TEMPEST stand for?
 What is TEMPEST?
 Is my data under threat from a TEMPEST attack?
 How can I defend my data?
 Why are VDUs most at risk from attack?
 Will using LCD screens offer protection?
 How can I reduce the risk from my VDU's being attacked?
 Are you telling me everything I need to know?

What does TEMPEST stand for?

TEMPEST is not an acronym, though words have been used to fit TEMPEST that sound almost plausible

What is TEMPEST?

Data passing through circuitry and mechanical devices produce electromagnetic emanations, by tuning into these emanations the data can be reconstituted.  Traditionally TEMPEST only applied to emanations where the reconstituted the data could be classed as compromising over a certain level of CLASSIFICATION.  These days the term TEMPEST seems to apply to any data that can be reconstituted using the electromagnetic output.  That's all I'm prepared to say, others have put some comprehensive explanations on the Net, a search will find them.

Is my data under threat from a TEMPEST attack?

TEMPEST attacks don't come cheap, consider the following and then ask yourself whether someone would find your data that valuable

Equipment, TEMPEST testing equipment doesn't come cheap, myths about using Radio Shack receivers are unfounded.  Furthermore, TEMPEST equipment vendors are restricted in whom they can sell their products to.

Training, TEMPEST training takes many weeks and believe me, each week feels like an eternity, in addition to the training you need experience and lots of it.  Training isn't given to just anyone, TEMPEST testers are usually "checked out" to ensure that they are unlikely to be subverted to the "dark side" prior to starting training.  Therefore your tester won't come cheap.

Opportunity, The attacker must be in range to carry out the spatial or line attack, therefore there must be an adjacent room, building or parking lot that you cannot check on a regular basis

Time, An attack can take a long time

So is your data that valuable that anyone would carry out the above in order to attack you?

How can I defend my data?

Separation, Put as much distance between the target and the possible attack locations as possible, this applies to both spatial and line borne attacks

Click Here To Go To The Top Of The Page

How can I best achieve separation?

1.   Identify data that is under sufficient threat of attack, identify equipment that is used to process this data include lines, mains, VDUs, printers hubs etc.
2.   Identify possible attack locations
3.   Reduce attack locations, carry out routine checks of empty offices, restrict parking in the vicinity of the building especially for vans etc
4.   Where possible group your target equipment together in a location as far from the attack locations as possible

Shielding, You can shield individual equipment or entire rooms/buildings, shielding is very expensive and beyond the scope of this document

Filtering, Any lines attached to the equipment could be at risk therefore identify any signal/control or mains lines and filter them.  Low/no cost solutions include fibre optics and UPS, there are other examples but I'll leave that to your common sense.

Why are VDUs most at risk from attack?

VDU's repeat the same information at around 85 times per second (depending on the refresh rate)

Will using LCD screens offer protection?

Yes and no ;o)  LCD screens themselves in theory emit less than a VDU however recent EMC controls have greatly reduced emanations from VDUs, the result is that often the graphics card will be the greatest source of compromise.

How can I reduce the risk from my VDU's being attacked?

Use a screensaver to frustrate attacks, use monitors from reputable vendors that meet EMC standards. If you are very paranoid use soft fonts that are harder to reconstitute.

Are you telling me everything I need to know?

No, I'm merely trying to help you assess the risk and put in place some interim countermeasures.  If you are a Government or Military agency seek advice from your TEMPEST authority.

Click Here To Go To The Top Of The Page

 

Computer Network Defence Ltd
Information Security Consultancy and Recruiting
 enquiries@securitywizardry.com 

Copyright © 2004 Computer Network Defence Ltd. All Rights Reserved.

PO Box 2680, Corsham, Wiltshire, SN13 0ZR, UK
Phone       0870 3219014
International +44 (0) 1225 811806