2 Types of Threats Human Intrusion Attackers looking to perform some sort of damage or obtain useful information Natural Disasters* Fire Flood Earthquake/Seismic Vibrations Power Outages/Fluctuations
3 Physical Protection from Human Attackers One example why physical security should be taken very seriously A The Phillips-head only tools you screwdriver need to break into an unsecured PC: Knoppix CD USB Thumbdrive or an external hard drive Knoppix Floppy BIOS password can be bypassed. Remove the machine s hard drive and put it in another machine Reset the BIOS password via jumpers on the motherboard Simply remove the CMOS battery to reset Once accomplished, boot off CD or floppy (in this example, KNOPPIX), and copy.
4 Resetting admin passwords has never been easier Insert the Windows XP installation on a healthy installation Choose to repair the installation While Setup is copying files, simply press Shift+F10 This brings up a console in which the user has administrative rights and can, for example, reset the current administrator s password.
5 Risk Assessment Determine your primary threats and act accordingly A very large company participating in the global market obviously has more at stake than John Q s Computer Store. While their susceptibility of attack is the same, the large company will house more profitable information and technology. FBI statistics indicate that approximately 72% of all thefts, fraud, sabotage, and accidents are caused by a company s own employees. Only about 5% is done by external sources.
6 The How-Tos of Protection Guarding the Outer Perimeter* Disguise Out of sight, out of mind If disguising is not possible High fences Barbed wire Round-the-clock security guard Security Cameras Motion Sensors The ServPath building, located in San Francisco, is a datacenter that houses supernodes for both AT&T and MCI.
7 The Workstations Workstations should ALWAYS be logged off or locked out whenever unattended Screens positioned such that they cannot be seen through the windows Hackers with telescopes to record keystrokes Workstations should be secured and physically locked while unattended Steel cable that runs through the computer case and attaches to an anchor to prevent the tower from being removed
8 Safeguarding the Computer Rooms Keep the doors locked Tuck networking cables out of sight Keep networking cables inaccessible from outside room Secure items in the room according to value Intrusion detection systems Ensure walls extend to the physical ceiling versus ceiling panels Attackers can gain access to the room via scaling the wall Access Control Methods Biometrics Key Card access w/ PIN #s Security Guard presence at all times Watchdogs if the assets merit Security Cameras
9 Control the flow of people in the building Employee and visitor badges Access restricitions to visitors and maintenance Any unscheduled dropoffs or deliveries should be verified with vendors You don t want the wrong people getting in
10 Physical Protection from Natural Disasters Physical security is more than "guns, gates and guards" Risk Assessment Proper security solutions require a proper threat assessment The likelihood of tsunami s is very low in Phoenix
11 Security Mechanisms Fire* Extinguishers Carbon Dioxide Halon Inergen Harmful to Humans Preferred Choice, but very expensive to refill Binds with available oxygen molecules to starve the fire Harmful to the ozone Safer and cleaner alternative to Halon Allows a breathable atmosphere and starvation of the atmosphere without ozone harm
13 Flood/Water Go to the high ground Locate sensitive equipment on the second story or above Don t allow water pipes to run through or around computer room Earthquake/Seismic Vibrations Airports, railroads, major thoroughfares, industrial tools, and road construction are common sources of vibration Common solutions involve supporting the foundation of computers with springs, gel-filled mats, or rubber pads. THE most effective solution: Don t position your data center near a source of seismic vibrations
14 Power Outages/Fluctuations UPS Large solutions available to large power consumption Generator When UPS just isn t enough Extreme Temperature/Humidity Control must be maintained over the environment Larger computers run hotter and thus more susceptible to heat in the room Humidity problems with moisture developing on the inside of the machine Redundant HVAC unit (Heating, Ventilation, and Air Conditioning) that can handle temperature and humidity control of the computer room, sheltered from the weather
339 N. Bernardo Avenue Mountain View, CA 94043 www.airtightnetworks.net Overview With the rapid adoption of Wi-Fi networks by enterprise IT departments everywhere, network security now involves an entirely
DIVAR IP 7000 2U DIP-7080-00N, DIP-7082-8HD, DIP-7083-8HD en Installation Manual DIVAR IP 7000 2U Table of Contents en 3 Table of contents 1 Safety precautions 5 1.1 General safety precautions 5 1.2 Electrical
Cloud Computing A Small Business Guide. Whilst more and more small businesses are adopting Cloud Computing services, it is fair to say that most small businesses are still unsure of what Cloud Computing
IT Security & Audit Policy Page 1 of 91 Prepared by: - Department Of IT, Govt. Of NCT Of Delhi Prakash Kumar - Special Secretary (IT) Sajeev Maheshwari - System Analyst CDAC, Noida Anuj Kumar Jain - Consultant
THE INTERNET DATA VAULT From enterprise-sized corporations, to simple home-based businesses, all companies have information that is important to their success and that needs to be protected. Data storage
your business Keep crime out of it We, the Home Office, have produced this booklet with the business community to reduce crime in small and medium-sized businesses. It provides practical information to
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
Apptix Online Backup by Mozy What is Apptix Online Backup by Mozy? Apptix Online Backup by Mozy is a secure online data backup service. It's a simple, smart, and economical way to protect your data from
WHITE PAPER Network Security: A Simple Guide to Firewalls CONTENTS Why a Firewall Am I Really at Risk?................... 1 What Is a Firewall?......... 2 Types of Attack............ 2 Firewall Technologies........
April 21, 2009 Dines Bjørner: MITS: Models of IT Security: 1 Models of IT Security Security Rules & Regulations: An Interpretation Dines Bjørner Fredsvej 11, DK 2840 Holte, Denmark Presented at Humboldt
Data Security Policy Member of Staff Responsible ICT Team Author: Sunil Pindoria Dated 03/02/2015 Date of next review 03/02/2016 Page 1 CONTENTS INTRODUCTION... 3 MONITORING... 4 BREACHES... 5 DATA SECURITY...
User s Guide M000555-02 Copyright and Trademarks No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying,
1 Is There a Security Problem in Computing? In this chapter: The risks involved in computing The goals of secure computing: confidentiality, integrity, availability The threats to security in computing:
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Widgets, Inc. Network Assessment Report Prepared by: Tech Name, Senior Enterprise Engineer Date: February 10, 2012 The Network Support Company 7 Kenosia Avenue, Suite 2B Danbury, CT 06810 (203) 744-2274
Mac OS X 10.6 Snow Leopard Installation and Setup Guide Read this document before you install Mac OS X. It includes important information about installing Mac OS X. For more information about Mac OS X,
Information Technology in Education Project IT Security In Schools Education Infrastructure Division Education Bureau The Government of the HKSAR www.edb.gov.hk/ited/ revised in May 2007 For enquiry on
Options for backing up your computer Aryeh Goretsky, MVP, ZCSE NOTE: An earlier version of this white paper appeared as a guest blog at The Windows Club website. Table of Contents Both hardware and software
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
Marryatville High School Laptop Handbook 2013 Contents Battery... 3 Charging Your Battery... 3 Premium Battery Warranty... 3 Caring For Your Laptop... 3 Packing Away Your Laptop... 3 Operating Conditions...
5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel Payoff This article reviews the processes that must be documented in a recovery plan for a company's mission-critical
Pros 4 Technology Online Backup Features Introduction Computers are the default storage medium for most businesses and virtually all home users. Because portable media is quickly becoming an outdated and
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
V 1.0 November, 2010 CYBERSECURITY The protection of data and systems in networks that connect to the Internet 10 Best Practices For The Small Healthcare Environment Your Regional Extension Center Contact
Guidelines for smart phones, tablets and other mobile devices Summary Smart phones, tablets and other similar mobile devices are being used increasingly both privately and in organisations. Another emerging
A beginners guide in how to make a Laptop/PC more secure. This guide will go through the common ways that a user can make their computer more secure. Here are the key points covered: 1) Device Password
Risk Control Bulletin Water Damage Prevention A Property Protection Imperative Water is one of the most destructive agents when released into a building. Water erodes surfaces; causes rot and deterioration