Chapter 5: Physical and Operational Security

Previous page
Table of content
Next page

Overview

If a bad guy has unrestricted physical access to your computer, it s not your computer anymore.

”Law #3 of the Ten Immutable Laws of Security

One of the least expensive, yet most productive, ways to improve your computer and network security involves studying the physical and operational environments that your computers inhabit. The reason that strengthening physical and operational security gives you more bang for the buck is simple: if an attacker can get physical access to a machine, he or she can do any number of things, ranging from stealing the entire machine to planting Trojans to using them to mount attacks on other systems. Fortunately, restricting that access is easy and cheap, and physical security measures are generally straightforward. Operational security (OPSEC) changes require a little more work, because they usually involve changing people s habits and the culture surrounding information disclosure. However, over time these efforts can pay off, too. This chapter presents an overview of some of the physical security measures used in places like nuclear weapons facilities, U.S. Army bases, and large corporate data warehouses; you can pick and choose the ones that make sense for you to apply.

Note  

Interestingly enough, many of the principles you first read about in Chapter 1, Security Buzzwords, also apply to physical security: authentication, auditing, and access control are the linchpins of effective physical security. You ll probably see other parallels as well.

The key principle of physical and operational security is defense in depth. You cannot assume that any single measure, like a locked door or an alarm system, will stop a determined intruder, especially if he or she is an employee. Instead, your security capability comes from having multiple security layers in series, all of which an attacker must penetrate to gain access to a system. These layers should be designed as if each was the only one you had, and you should ask yourself whether the design and implementation of each layer is sufficient to stop the kinds of attacks it protects against. For physical threats, your defensive layers include physical security, environmental security, and access control; different kinds of threats result in a different set or configuration of security layers.



Previous page
Table of content
Next page
Secure Messaging with Microsoft Exchange Server 2003
Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)
ISBN: 0735619905
EAN: 2147483647
Year: 2004
Pages: 189
Authors: Paul Robichaux
BUY ON AMAZON
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Microsoft VBScript Professional Projects
802.11 Wireless Networks: The Definitive Guide, Second Edition
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy