Security hardware helps prevent security breaches and loss of data or equipment. Physical security access control measures include locks, video surveillance, and security guards. Card keys secure physical areas. If a card key is lost or stolen, only the missing card must be deactivated. The card key system is more expensive than security locks, but when a conventional key is lost, the lock must be replaced or re-keyed.
Network equipment should be mounted in secured areas. All cabling should be enclosed in conduits or routed inside walls to prevent unauthorized access or tampering. Conduit is a casing that protects the infrastructure media from damage and unauthorized access. Network ports that are not in use should be disabled.
Biometric devices, which measure physical information about a user, are ideal for highly secure areas. However, for most small organizations, this type of solution is expensive.
The security policy should identify hardware and equipment that can be used to prevent theft, vandalism, and data loss. Physical security involves four interrelated aspects: access, data, infrastructure, and the physical computer.
There are several methods of physically protecting computer equipment, as shown in Figures 1 and 2:
- Use cable locks with equipment.
- Keep telecommunication rooms locked.
- Fit equipment with security screws.
- Use security cages around equipment.
- Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment.
- Install physical alarms triggered by motion-detection sensors.
- Use webcams with motion-detection and surveillance software.
For access to facilities, there are several means of protection:
- Card keys that store user data, including level of access
- Biometric sensors that identify physical characteristics of the user, such as fingerprints or retinas
- Posted security guard
- Sensors, such as RFID tags, to monitor equipment
Use locking cases, cable locks, and laptop docking station locks to protect computers from being moved. Use lockable hard drive carriers and secure storage and transport of backup media to protect data and media theft.
Protecting Data While in Use
For users that need to access sensitive network resources, a token can be used to provide two-factor authentication. A token can be hardware type, such as a pin card, shown in Figure 3, or a software type, such as a soft token program, as shown in Figure 4. The token is assigned to a computer and creates a unique code at certain times. When users access a network resource, they enter a PIN and a number displayed by the token. The number displayed by the token is created from a calculation made with its internal clock and a random number encoded on the token at the factory. This number is authenticated against a database that knows the token’s number and can calculate the same number.
The information on computer screens can be protected from prying eyes with a privacy screen. A privacy screen is a panel that is often made of plastic. It prevents light from projecting at low angles, so that only the user looking straight on can see what is on the screen. For example, on an airplane, a user can prevent the person sitting in the next seat from seeing what is on a laptop screen.
The Right Security Mix
Factors that determine the most effective security equipment to use to secure equipment and data include:
- How the equipment is used
- Where the computer equipment is located
- What type of user access to data is required
For instance, a computer in a busy public place, such as a library, requires additional protection from theft and vandalism. In a busy call center, a server may need to be secured in a locked equipment room. Where it is necessary to use a laptop computer in a public place, a security dongle, shown in Figure 5, ensures that the system locks if the user and laptop are separated.