Physical Security: Locking Your Doors

Previous page
Table of content
Next page

The first level of security in any computer network is physical security. I'm amazed when I walk into the reception area of an accounting firm and see an unattended computer sitting on the receptionist's desk. Often, the receptionist has logged on to the system and then walked away from the desk, leaving the computer unattended.

Physical security is important for workstations but vital for servers. Any good hacker can quickly defeat all but the most paranoid security measures if they can gain physical access to a server. To protect the server, follow these guidelines:

  • Lock the computer room.

  • Give the key only to people you trust.

  • Keep track of who has the keys.

  • Mount the servers on cases or racks that have locks.

  • Disable the floppy drive on the server.

    A common hacking technique is to boot the server from a floppy, thus bypassing the security features of the network operating system.

  • Keep a trained guard dog in the computer room and feed it only enough to keep it hungry and mad. (Just kidding.)

REMEMBER 

There's a big difference between a locked door and a door with a lock. Locks are worthless if you don't use them.

Client computers should be physically secure:

  • Instruct users to not leave their computers unattended while they're logged on.

  • In high-traffic areas (such as the receptionist's desk), users should secure their computers with the keylock, if the computer has one.

  • Users should lock their office doors when they leave.

Warning 

Here are some other threats to physical security that you may not have considered:

  • The nightly cleaning crew probably has complete access to your facility. How do you know that the person who vacuums your office every night doesn't really work for your chief competitor or doesn't consider computer hacking to be a sideline hobby? You don't, so consider the cleaning crew to be a threat.

  • What about your trash? Paper shredders aren't just for Enron accountants. Your trash can contain all sorts of useful information: sales reports, security logs, printed copies of the company's security policy, even handwritten passwords. For the best security, every piece of paper that leaves your building via the trash bin should first go through a shredder.

  • Where do you store your backup tapes? Don't just stack them up next to the server. Not only does that make them easy to steal, it also defeats one of the main purposes of backing up your data in the first place: securing your server from physical threats, such as fires. If a fire burns down your computer room and the backup tapes are sitting unprotected next to the server, your company may go out of business and you'll certainly be out of a job. Store the backup tapes securely in a fireproof safe and keep a copy off-site, too.

  • I've seen some networks in which the servers are in a locked computer room, but the hubs or switches are in an unsecured closet. Remember that every unused port on a hub or a switch represents an open door to your network. The hubs and switches should be secured just like the servers.



Previous page
Table of content
Next page
Networking For Dummies
Networking For Dummies
ISBN: 0470534052
EAN: 2147483647
Year: 2004
Pages: 254
Authors: Doug Lowe
BUY ON AMAZON
Qshell for iSeries
Metrics and Models in Software Quality Engineering (2nd Edition)
The .NET Developers Guide to Directory Services Programming
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
A Practitioners Guide to Software Test Design
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy