Physical Security Measures

Preventing unauthorized access to resources means that you must first prevent unauthorized access to the physical components that make up the network. This includes user workstations, servers, network cables and devices, and so on. After the network connection leaves your physical area, such as when you connect to an outside Internet provider, you lose control over the physical aspects of the network. At that point, you must rely on other techniques, such as encryption or tunneling, to maintain security. However, the equipment over which you have control should be closely monitored to ensure that no one is tampering with anything in a manner that might serve to defeat the security policy in effect at your site.

Locking the Door

As silly as it might seem, the simple door lock is an often-overlooked security device. You wouldn't leave your front door at home unlocked all the time, would you? The servers in your network that hold valuable or sensitive data should not be sitting out on a desktop or in an unlocked room where anyone can access them. Routers, hubs, switches, and other devices should be similarly protected. Wiring closets and computer rooms should have a lock on them or be protected by some sort of monitoring on a 24-hour basis. If you have a round-the-clock operations staff, you might not need to lock the computer room. But if that staff consists of only one person during any particular period, get a lock for the door! Ideally, access to these secure areas will be tracked and logged, such as through employee badge readers. With very sensitive systems, you may even want to go as far as securing physical access through biometric authorization systems. Biometric systems, though still in their infancy, can help ensure that someone cannot gain access to a secure area simply by borrowing or stealing a physical token.

Backup media, such as tapes or writable CDs, should be treated the same as live data. Don't back up a server or your own personal workstation and then leave the tape cartridge or CD lying on the desk or in an unlocked drawer.

Uninterruptible Power Supply (UPS)

Keeping data secure can mean keeping it out of the hands of those who are not permitted to view it. It also can mean keeping the data safe from corruption. As more and more business-critical information is being committed to electronic form, it is important to take steps to be sure that it is not unintentionally compromised. A good UPS will pay for itself the first time you have to spend days reconstructing a database or reinstalling programs that become unusable due to a power outage or another problem of this sort.

Most computer operating systems have features that will work with a UPS so that the UPS can perform an orderly shutdown when it detects that power has been lost. If you are using a battery-backup UPS that has only a limited supply of power, an orderly shutdown can save a lot of problems when compared to a system crash.

Disposing of Hardware and Media in a Secure Manner

When you upgrade your network and bring in new workstations or servers, it is a generous thing to give employees, or an organization such as a school, your old equipment if it is still usable. However, you should establish a policy which dictates that all hard disks are to be erased and, when appropriate, a legal copy of the operating system reinstalled on it. If you leave important information on a computer you give away, don't be surprised when you see it again.

There is also the legal aspect to this. If you give away an old computer system, do you have the legal right to keep the software packages and install them on a new system? Probably not, unless you have a site license or another license that allows you to do so. For that reason, do not give away a computer that has applications installed on it unless you intend to give away the software packages also.

Disposing of used floppy disks, backup tapes, and tape cartridges also poses a potential security threat. It is better to destroy these information carriers than to give them away without being absolutely sure that you have purged them of any recoverable information. A bulk magnetic eraser can be a good security tool to use before disposing of this kind of stuff.