Physical Security

The most secure operating system and network in the world is of only limited use if a hacker (or disgruntled employee) can walk up to your server and access it physically. With physical access to a computer, there are a lot of things an unethical person could do—from simply turning the system off, to booting from a floppy and wiping the hard drive clean (or stealing data), to actually making off with the hardware.

The absolute first requirement of computer security is physical security. At a minimum, you should take the following precautions. Evaluate your own environment and security requirements to determine what additional steps, such as biometric or smart card controls, might be appropriate.

• Place servers in a locked server room. Only those with a demonstrated need should have access to the key or combination. A system that tracks when and by whom the room was entered is preferred.
• Use case locks on your servers and don't leave the keys in them.
• Place network hubs, routers, and switches in a locked cable room or wiring closet.
• Restrict floppy drive access to administrators only on servers, or remove the floppy drive if it's not necessary.
• Set a BIOS password on all systems to prevent unauthorized access to the BIOS or booting to an insecure operating system.
• Change the operating system selection timeout period to 0 so that Windows boots automatically.
• Install case locks on client systems or publicly accessible systems.