In: Categories » Computers and technology » Data security » Physical Security when networking
|
It's actually pretty easy to practice due diligence with physical security. You've just got to be meticulous and consistent, and take it seriously. Pretend that someone could burglarize you personally if you're not careful. It might help to pretend that you live in New York. In all seriousness, physical security is where the battle can easily be lost—although it can't be totally won with just physical safeguards. Little things like the ability to reboot a server from a floppy, or finding an unused username on a printout—or even finding a tape with a copy of a security database on it—make an intruder's job easier. Let's make it hard. Here are some "DOs" and "DON'Ts" that will make your job a little easier, an intruder's life a little harder, and your data a little more secure: DOs · DO lock every wiring closet—and keep them locked. · DO use switches rather than hubs, especially for LAN segments that have administrative users on them. (They still must be physically secure to ensure that someone can't access the switch and packet sniff via port mirroring.) · DO change locks or door passcodes immediately when employees leave. · DO erase hard drives, flash, and so on, when you take them out of service. Nobody's going to remember to do it before the surplus auction, and all sorts of passwords and/or sensitive data might be on them. · DO erase old backup tapes before disposing of them. · DO write nonsense data to magnetic media when you are erasing it. Dropping a partition table is NOT good enough. (Degaussing is okay, though.) · DO use a paper shredder. Don't laugh. Dumpster diving is more common than you think. · DO lock your server cabinets when you're not using them. · DO restrict or forbid the use of modems on desktops; they are the number one method of bypassing your organization's security checkpoints. · DO make sure that any "road" laptop or PDA has appropriate data protection software and hardware installed before deployment. · DO consider whether user access to floppy disks or other removable media make sense for your environment; they constitute a possible bypass of your security checkpoints. · DO consider the use of smart cards/token-based security devices rather than passwords for administrative users or sensitive systems. Many operating systems now support token-based authentication in addition to passwords. · DO remember that your phone PBXs also must be secured. DON'Ts · DON'T send off-site backups to unsecured locations. · DON'T give keys to vendors. Let them in to do their work, and then politely wave bye-bye when they leave. · DON'T allow anyone other than key personnel ad hoc access to the data center. · DON'T share wire closets with user-oriented peripherals such as printers. · DON'T put servers into unsecured areas. · DON'T leave server keys attached to the back of a server. Believe it or not, other people will think of this, too. · DON'T let cleaning people—or other untrusted service people—into secured areas without an escort. · DON'T store any sensitive data on user hard drives—if you must, think about hard drive encryption products. · DON'T discuss passwords or other sensitive information over unsecured channels such as cell phones, 800Mhz radios, or instant messaging. · DON'T put consoles, keypads, or administrative workstations near windows.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....
2. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...
3. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...
4. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...
6. How to protect against Hostile Web Pages and Scripting
The dangers of Trojans and viruses are well known. However, many computer users are completely unaware of the dangers involved in viewing Web pages. Through scripting languages, Web page operators can upload and download files to your device (PC/PDA). They can also install mini-programs or grab information from you that can be used to destroy or take over your computer. Every time you go to a Web page, you actually download the full document to your computer. This includes all text, pictures, and even any code that is r...
7. Features of Windows Encrypting File System (EFS)
• Only available on Windows 2000 and Windows XP operating systems using NTFS partitions and volumes. (NTFS v5). • Encryption is transparent to the user. • Uses public-key encryption. Using a public key from the user’s certificate encrypts keys that are used to encrypt the file. The list of encrypted fileencryption keys is kept with the encrypted file and is unique to it. When decrypting the file encryption keys, the file owner provides a private key that only he has. ...