Someone with access to a layer below the one at which the security mechanisms are implemented is in a position to subvert protection. The lowest layer one can get to is the physical one. Bluntly switching off power or disconnecting a component from the network may be extremely efficient to prevent detection of an attack, but may also be detected by the security management system. More sophisticated means exist to get hold of information on computer resources, making use of radiation of electronic components for instance. Such passive attacks are extremely hard to counter because they cannot be traced easily. Moreover such an attack is most likely to be performed by insiders, making it an even tougher problem. The only countermeasure is to secure the infrastructure.
The
bottom
line
is:
be
sensible.
Use
documented
products,
be
careful
and
beware
of
a
false
sense
of
security.
Think
before
you
act
and
look
for
feedback.
Be
sceptical
about
your
protection
or
about
the
claims
of
vendors
of
software
and
equipment.
And
most
of
all:
plan
your
actions.