2. Physical Security
Not all attacks on your organization'
data come across the network
Many companies focus on an “iron-clad” network
security, but that does not protect them from physical
assault or theft of data.
3. Physical Security
An example of this would be the recent identity theft
incident at the Department of Veterans Affairs, which
began with the theft of a company laptop.
4. Physical Security
Increased importance
Given the trend toward smaller, more lightweight PC
components, physical security is growing increasingly
important.
It’s important to implement a physical access control
program in a company and strictly enforce the measures.
5. Physical Security
Attackers : Two Categories
Outside the company
From within the company
6. Physical Security
Impact of an attack
These attackers can often cause systems to fail, and
they can compromise password-protected computers by
using a removable hard drive to gain access.
Attackers can directly access networks by adding or
rearranging the connections, and they can easily steal
physical objects if they're already on the inside.
7. Physical Security
Preventing Outside attackers
Natural barriers: landscape and terrain
Fencing: type and construction
Walls and ceiling construction: high risk areas
Gate facilities: security checkpoints
8. Physical Security
Preventing Outside attackers
Frequency of patrols and security checks
Door and window locations and security devices used
Reception areas: location and control of entry
Employee surveillance and vigilance
Parking areas: entrance/exit, access to facility
10. Physical Security
Preventing attackers from within
Ex: Disgruntled or greedy employers or contactors.
It’s important to implement a physical access control
program in a company and strictly enforce the measures.
If an attacker has physical access to a system they can
wreak havoc.
11. Physical Security
Guidelines for restricting personal access:
Create a badge program that includes an employee picture
and possibly color-code specific areas of access.
Make it a policy to question anyone who doesn't have a
visible ID badge.
Escort, observe, and supervise guests for their entire visit.
12. Physical Security
Guidelines for restricting personal access:
Don't allow anyone – including vendors, salespeople, etc. – to
connect personal laptops (or any other computing device) to the
network.
Don't allow anyone to add hardware or software to computers
without proper authorization.
Watch out for "tailgaters." These people wait for someone with
access to enter a controlled area (such as one with a locked door)
and then follow the authorized person through the door.
Tailgaters enter without using their own key, card key, or lock
combination.
14. Physical Security
Guidelines for protecting information and equipment access:
Place monitors and printers away from windows and areas where
unauthorized persons could easily observe them.
Shred or otherwise destroy all sensitive information and media
when it's no longer necessary.
Don't leave documents unattended at fax machines or printers.
Require all users to log off or power down workstations at the
end of the working day.
15. Physical Security
Guidelines for protecting information and equipment access:
Lock up portable equipment (e.g., laptops, PDAs, media,
memory sticks) out of sight in a safe storage place overnight.
Don't allow the removal of computers or storage media from
the work area or facility without ensuring that the person
removing it has authorization and a valid reason.
Provide locks or cables to prevent theft, and lock computer
cases.
18. Physical Security
Strong Rooms / Server Room
This hardware contains highly sensitive information and access
privileges that affect a company’s data system.
Only a select few administrators should have access to this room.
19. Physical Security
Strong Rooms / Server Room
The room should have increased security mechanisms to
prevent unauthorized entry.
There should be camera/personnel surveillance on the
entrance to ensure security.