Beefing Up Your Physical Security


Let me begin with a quote from Apple engineer Scott Collins: “You should be exactly as paranoid as it is cost-effective to be.” Many of the concepts described in this chapter are adopted from publicly available descriptions of the physical security measures used to protect U.S. nuclear weapons. That doesn’t mean you need the same level of security. A careful and honest assessment of the risks you face can help you decide how much money you should spend on physical security and where you should apply it. It doesn’t make any sense to go out and buy an expensive, high-tech lock for your front door if your back door has no lock at all.

Securing the Environment

The obvious place to start improving your physical security is with the location and environment of your servers. When I say “servers,” this includes not only your Microsoft Exchange servers, but also your Active Directory domain controllers and global catalogs, certificate authorities, and other computers that provide services to Exchange.

Providing Physical Access Controls

First, consider where your computers are physically located. Are they in secure areas or in public view? Your goal for location security is to put the machines somewhere that is difficult or impossible for unauthorized people to enter. Accordingly, the rooms in which you locate your servers should ideally have one or two solid, lockable, fireproof doors that can be observed from the outside. Don’t call attention to your security areas by posting big signs that say “This Is a Secure Area” or anything similar—that just highlights targets of interest.

Within a secured area, consider further separation of systems based on the teams that administer them. If you cannot place different classes of systems in different rooms with different access controls, consider cages within the room or locks on racks. This computer-in-a-cage model is common at Internet service providers (ISPs) and hosting companies, because they don’t want customer X to have physical access to any other customers’ machines. You can do the same if your security environment warrants.

If you can afford to use an electronic lock that keeps an audit trail of who enters and leaves the room, and when, so much the better. Consider augmenting this with a time-lapse camera or some other recording device that provides visual records to go along with the lock’s audit trail. No matter how you do so, it’s important to control who can enter the room. Keep records so that you know who has the key or combination needed to enter the room, and be vigorous about changing the lock or combination at regular intervals and when people on the access list lose their access.

Alarms can be powerful additions to your security configuration; they give you an unattended way to monitor when someone goes in or out. In the same vein, some sites depend on surveillance cameras that continually record activity in sensitive areas; other sites prefer smaller, less intrusive cameras that take snapshots of who’s opening and closing access doors.

Environmental Security

Access control is important, but so is the environment of the server room. First, when staging systems inside your well-protected room, keep them away from windows, radiators, water pipes, or other potential sources of damage. Because computers must be maintained within a range of temperature and humidity conditions, in most cases you’ll need additional cooling for spaces that have lots of servers, especially if you’re using high-density rack-mount systems or storage arrays. Be sure that you have a mechanism in place to protect your hardware if the cooling system fails, particularly in hot climates. Depending on where you live, and where in your building your servers are located, you might want to consider other types of environmental warning systems. For example, if your servers are in the basement, a flood alarm might not be a bad idea; in cold climates, a low-temperature warning can be useful. A dehumidifier might be useful if you’re in a damp climate, but be careful: if the air gets too dry, you’ll have more static electricity than is healthy for your servers.

Note

Notice that I haven’t said much about client workstations—that’s because you normally don’t have any control or influence over their location. They have to be located where users are. There are some practical tips for securing user workstations that I cover in Chapter 13, “Securing Outlook,” and the next section explains some measures that are equally useful for clients and servers.

Electrical power is another potential source of damage. Because Exchange uses transaction logs, it is relatively likely to survive an unplanned power outage without damage to your Exchange data, but why take chances? Use uninterruptible power supply (UPS) units on all your servers. They’re not very expensive, and they provide terrific peace of mind. Make sure that your power is properly conditioned and that you’re getting the correct voltage and frequency; if not, call your utility provider. If you live in an area that’s prone to severe weather, a whole-building surge suppressor is a valuable addition as protection against lightning-induced power spikes.

Finally, a word about fire. Large data centers usually have computer-friendly fire suppression systems using Halon or one of its replacements (see http://www.halcyon.com/NAFED/HTML/Halonalt.html for a list). These systems, however, are expensive and they require periodic maintenance, so smaller facilities aren’t likely to have them. If you’re in a small office, you’re likely to have fire suppression systems intended to save human lives, but not necessarily to save computer hardware. If you can’t get adequate fire suppression, at least be sure to keep good backups in an offsite location, and keep your fire insurance up to date. (You can supplement your offsite storage with a fire-rated media vault. Ordinary safes might or might not be fireproof, but they aren’t insulated well enough to keep media from melting. Even a media vault will succumb to very hot or long-burning fires, so don’t use a vault as your only means of media storage.)

Securing Your Hardware

Access control is only the first layer of defense; it helps keeps your servers from being damaged or compromised by environmental factors or people. However, a second line of defense is necessary; you have to make your hardware physically secure to the extent that you can. This involves protecting the physical integrity of the computer case, protecting components from tampering, and reducing the ability of an attacker to gain control over the hardware or data if access control protection doesn’t work to keep him or her away.

First, be aware of the physical security features that are probably built into your servers, desktops, and laptop computers:

  • Most desktop systems and towers have lock attachment points. Use these to physically lock the case to prevent attackers from opening the case and stealing components from the machine or tampering with the motherboard jumpers.

  • If you’re using rack-mounted servers or storage units, their cabinets are almost certainly lockable. Keep them locked, and keep good control over the keys. Bear in mind that most vendors use a small number of different keys, so beware—lots of other people might already have keys to your server.

  • For desktops and laptops, use cable-type security locks. These locks attach to a small slot in the frame of the computer and anchor it to something large, heavy, or hard to steal. These locks are particularly valuable for laptops or small desktops like the Compaq Evo or Sony Vaio series, because they can easily be hidden in a briefcase or other container.

  • On laptops, turn off the infrared port until you’re ready to actually use it.

  • Mark your equipment, outside and inside. The U.S. Department of Education suggests using fluorescent paint on the backs of computers and monitors, because it can’t easily be removed or covered up. This might be overkill, but you should certainly mark equipment in some way that allows you to prove ownership. Put identification inside the case, too, so that you can prove ownership even if a thief covers or removes your external markings.

These measures will help protect your machines against gross physical threats, particularly theft. What about protection against attacks that involve logging on or connecting to computers without authorization? There are some things you can do to protect yourself there, too:

  • Use the Syskey utility, which is available in Microsoft Windows NT 4 and later, to secure the local accounts database, local copies of Encrypting File System (EFS) encryption keys, and other valuables that you don’t want attackers to have access to. (See Microsoft Knowledge Base article Q143475 for more details on setting up Syskey.) Microsoft Windows 2000 turns Syskey on by default, but you can optionally require it to use a password floppy, without which the machine cannot be booted.

  • Configure the BIOS not to boot from the floppy drive. This makes it harder for an intruder to remove passwords and account data from your system’s disks, because the machine won’t boot from the floppy without reconfiguration. In some cases, you might want to remove the floppy drive altogether. Many high-security sites remove all removable media drives from their machines.

  • Always lock your machine when you walk away from it. In less than 30 seconds, an attacker can share the entire contents of your locally mounted volumes—try it on your own computer to see how long it takes!

  • Use EFS to encrypt sensitive folders on your machine. You can’t use it to encrypt Exchange data directly, but you can use it to protect configuration documents and other valuables. EFS is simple for end users to configure and use, but there are some fine points to using it in enterprise deployments that are outside the scope of this book. Microsoft’s TechNet has plenty of EFS- related information, though.

  • If you’re worried about data theft, be careful of machines that have removable media drives. CD-RW and writable DVD drives are quite common; even though they’re relatively slow, an attacker who can work undisturbed for 10 minutes or so can steal a healthy volume of data.

A Few Words About Laptops

Laptops are a blessing and a curse: they are now small and powerful enough to allow us to work where we want, when we want. However, their very portability and power makes them dangerous. They’re easily damaged and easily stolen, and as more users switch over to using laptops as desktop replacements, the value of data on them is increasing. There is relatively little that you can do to truly secure laptops, because you can’t completely protect them against damage or theft. You can, however, increase the security of your laptops by using the measures already discussed in this chapter, particularly EFS encryption and security cables. In addition, remember that not all of the networks your users might connect to are trustworthy; make sure that portable machines have adequate antivirus software and that users are sensitive to the risks of disclosing their account credentials on the road.




Secure Messaging with Microsoft Exchange Server 2000
Secure Messaging with Microsoft Exchange Server 2000
ISBN: 735618763
EAN: N/A
Year: 2003
Pages: 169

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net