Physical security

From LQWiki
Jump to: navigation, search

Physical security is security in the traditional sense of the word--it means the security of the physical location of your machine. For computer systems, this is usually referring to the accessibility of your hardware to unwanted access. This includes access to a terminal or workstation, access to the internal components of the computer, and access to the building where your computer systems are.

The biggest threat to physical security is social engineering, when an attacker appears as a legitimate authority, or otherwise assumes a role to manipulate the situation to their advantage. Train security guards to request search warrants to anyone who claims official business, and wants access to a sensitive area, and having trusted contacts within existing law enforcement agencies is invaluable when it comes to verifying validity.

Never neglect the security of external phone lines, internal communication systems, and monitoring devices. Many of these lines can be tapped with relative ease, or even have traffic redirected. Physical access to them ought to be made impossible to everyone but an in-house or contracted technician who has been properly logged and identified for your premises.

A practical approach is to gauge by how physically secure a computer is by how important root access is to that machine. If root access on a machine could potentially cripple the IT side of your project--then those machines ought to have the most security measures in place. An excellent example of this is a Kerberos Domain Controller. Physical access should be restricted solely to network administrators who are familiar with Kerberos, as root access to that machine would enable an attacker to have unlimited access throughout your network. For client machines in a network environment--where imaging and network installs are readily available--physical security should be catered to how valuable the data is of each user, and on the ability to move the machine off of the premises without detection.

Another best practice for physical security, or for any security system, is to always be aware of the least secure system. In practice, an extremely restrictive set of iptables means very little if an attacker can just walk in the door and get what he wants off your systems. A bottom-line approach will help prevent attacks.

For data centers, it is recommended that only administrators have access at all--and that security monitoring systems are in place. Monitoring software can aide in physical security by ensuring that computers are turned on and functioning.

An essential part of any security regime is frequent and thorough audits. Give your administrators paid time to attempt to hack into their own systems. Hire an external auditor try to violate your premises undetected. Remember that for all computer security, whatever you are not willing to have tested or potentially violated is always at the greatest risk of exploitation.

Exceptional security is a philosophy, policy, mindset, enforcement, and system that all work in perfect unison.