The first level of security in any computer network is physical security. Physical security is important for workstations but vital for servers. Any hacker worth his or her salt can quickly defeat all but the most paranoid security measures if he or she can gain physical access to a server. To protect the server, follow these guidelines:
Lock the computer room.
Give the keys only to people you trust.
Keep track of who has the keys.
Mount the servers on cases or racks that have locks.
Disable the floppy drive on the server. (A common hacking technique is to boot the server from a floppy, thus bypassing the carefully crafted security features of the network operating system.)
Keep a trained guard dog in the computer room and feed it only enough to keep it hungry and mad. (Just kidding.)
There’s a big difference between a locked door and a door with a lock. Locks are worthless if you don’t use them.
Client computers should be physically secure as well. You should instruct users to not leave their computers unattended while they’re logged on. In high-traffic areas (such as the receptionist’s desk), users should secure their computers with the keylock. Additionally, users should lock their office doors when they leave.
Here are some other potential threats to physical security that you may not have considered:
The nightly cleaning crew probably has complete access to your facility. How do you know that the person who vacuums your office every night doesn’t really work for your chief competitor or doesn’t consider computer hacking to be a sideline hobby? You don’t, so you’d better consider the cleaning crew a threat.
What about your trash? Paper shredders aren’t just for Enron accountants. Your trash can contain all sorts of useful information: sales reports, security logs, printed copies of the company’s security policy, even handwritten passwords. For the best security, every piece of paper that leaves your building via the trash bin should first go through a shredder.
Where do you store your backup tapes? Don’t just stack them up next to the server. Not only does that make them easy to steal, it also defeats one of the main purposes of backing up your data in the first place: securing your server from physical threats, such as fires.
If a fire burns down your computer room and the backup tapes are sitting unprotected next to the server, your company may go out of business — and you’ll certainly be out of a job. Store the backup tapes securely in a fireproof safe and keep a copy off-site, too.
Some networks have the servers are in a locked computer room, but the hubs or switches are in an unsecured closet. Remember that every unused port on a hub or a switch represents an open door to your network. The hubs and switches should be secured just like the servers.