142 lines
6.7 KiB
Plaintext
142 lines
6.7 KiB
Plaintext
|
Introduction to Physical Security and Security of Services
|
||
|
|
||
|
Jennifer Vesperman
|
||
|
|
||
|
jenn@linuxchix.org
|
||
|
|
||
|
2002-02-24
|
||
|
Revision History
|
||
|
Revision 0.1 2002-02-17 Revised by: MEG
|
||
|
Converted from text file. Modified wording.
|
||
|
Revision 0.2 2002-02-24 Revised by: MEG
|
||
|
Conforming to LDP standards. Added abstract.
|
||
|
|
||
|
|
||
|
How does an individual or organisation assure their Internet services such as
|
||
|
websites are available? This article discusses techniques for assuring
|
||
|
physical security of hardware and methods of making sure the servers run and
|
||
|
have Internet access.
|
||
|
|
||
|
-----------------------------------------------------------------------------
|
||
|
Table of Contents
|
||
|
1. Introduction
|
||
|
1.1. Copyright Information
|
||
|
1.2. Overview
|
||
|
1.3. Physically Securing the hardware
|
||
|
|
||
|
|
||
|
2. Physical security of networks
|
||
|
3. Power
|
||
|
4. Network Access
|
||
|
|
||
|
1. Introduction
|
||
|
|
||
|
1.1. Copyright Information
|
||
|
|
||
|
Copyright (c) 2002 by Jennifer Vesperman. This material may be distributed
|
||
|
only subject to the terms and conditions set forth in the Open Publication
|
||
|
License, v0.4 or later (the latest version is presently available at [http://
|
||
|
www.opencontent.org/openpub/] http://www.opencontent.org/openpub/).
|
||
|
-----------------------------------------------------------------------------
|
||
|
|
||
|
1.2. Overview
|
||
|
|
||
|
If an intruder gets physical access to a computer, they can easily gain
|
||
|
access to the information stored on the computer. Methods range from simply
|
||
|
tucking the computer under their arm and walking off with it to collect the
|
||
|
data at leisure, to using a 'rescue disk' or some other method of starting
|
||
|
the computer with no passwords, to removing the hard drive and starting it on
|
||
|
their own computer, with full access to the information stored on the drive.
|
||
|
|
||
|
Most operating systems have some method of starting the computer with no
|
||
|
passwords - this is intentional, because most organisations will lose or
|
||
|
forget a critical password at some time. This can only be done when
|
||
|
physically at the computer, however - the operating system designers rely on
|
||
|
the user being aware of this fact, and securing the computer room.
|
||
|
|
||
|
There are methods, in most operating systems, of disabling the 'no password'
|
||
|
start - if you choose to implement them, be extremely careful and document
|
||
|
the passwords well. But secure the copy of the passwords.
|
||
|
-----------------------------------------------------------------------------
|
||
|
|
||
|
1.3. Physically Securing the hardware
|
||
|
|
||
|
Keep any computers which have sensitive information away from the general
|
||
|
public. Use common sense - locked doors, locked windows and security systems
|
||
|
are all readily available. Your local police department is likely to have
|
||
|
up-to-date advice on realistic security for your area.
|
||
|
|
||
|
There are specialist devices available for attaching computers to desks, or
|
||
|
for locking computer cases closed. If you (or your local police department)
|
||
|
feel that that is warranted for your system, buy them and apply them. Just
|
||
|
remember that you also need to prevent an intruder from actually reaching the
|
||
|
computer in the first place - information can be stolen without moving the
|
||
|
computer itself.
|
||
|
-----------------------------------------------------------------------------
|
||
|
|
||
|
2. Physical security of networks
|
||
|
|
||
|
Networks can be easier to secure - if there is a single computer (or a small
|
||
|
group of computers) which hold the sensitive information, those are the
|
||
|
computers which must be physically secured. Other computers can be left less
|
||
|
secure, provided the network itself is secure and the unsecured computers
|
||
|
don't have sensitive information on them - such as network passwords.
|
||
|
|
||
|
In 'big business' the computers which store the sensitive information are
|
||
|
often kept in a special computer room, in a secured building. In small
|
||
|
business or home environments, keep these separate - don't use them as
|
||
|
regular computers. Make certain they're behind the scenes somewhere, away
|
||
|
from customers.
|
||
|
-----------------------------------------------------------------------------
|
||
|
|
||
|
3. Power
|
||
|
|
||
|
There are two issues with power supply. One is the matter of power smoothing,
|
||
|
preventing sudden surges or drops in supply, and the other is supply itself.
|
||
|
Blackouts and brownouts can cause the computers to shut down suddenly, losing
|
||
|
any information stored only in short-term memory (RAM). Sudden surges or
|
||
|
drops in supply can cause physical damage to computer components, if they are
|
||
|
bad enough.
|
||
|
|
||
|
Power smoothing is only needed in some areas. Local computer experts will be
|
||
|
able to tell you if your area's supply is prone to surges and dips, and can
|
||
|
offer advice on whether you need surge protectors or power smoothers.
|
||
|
However, if you buy a UPS (uninterruptible power supply), most have power
|
||
|
smoothing built in.
|
||
|
|
||
|
A UPS (uninterruptible power supply) is used to protect against sudden loss
|
||
|
of power. It's somewhat of a misnomer, as it doesn't itself provide power -
|
||
|
it is essentially a large battery that charges itself from the power main.
|
||
|
The computers are plugged into the UPS, and if the mains power cuts out, the
|
||
|
UPS provides enough power for the computers to shut themselves down and save
|
||
|
all their information.
|
||
|
|
||
|
Most UPSes will signal the computer when the main power cuts out. Get your
|
||
|
local computer expert to ensure that yours does (preferably before you buy
|
||
|
it), and ensure that your computer is set up to respond to that signal.
|
||
|
|
||
|
If you want a truly uninterruptible supply, there are companies in existence
|
||
|
which would be happy to sell you a power generator that cuts in automatically
|
||
|
when mains power cuts out, and a UPS-like device to handle the cutover to the
|
||
|
generator.
|
||
|
-----------------------------------------------------------------------------
|
||
|
|
||
|
4. Network Access
|
||
|
|
||
|
Network access, such as internet access, tends to be at the mercy of large
|
||
|
organisations which run the local internet 'backbones' (the main routes).
|
||
|
Even if you buy your connection through a small provider, their own
|
||
|
connection is usually with one of the larger organisations.
|
||
|
|
||
|
The reliability of your local providers can be a significant issue to the
|
||
|
success of your business - or it might not be, depending on what your
|
||
|
business is. If it is important to have reliable access, you might want to
|
||
|
either write reliability (and penalties) into your contract with them, or to
|
||
|
have two different providers, who themselves, preferably, are connected to
|
||
|
two different backbones.
|
||
|
|
||
|
If you have the two providers, you will probably need to have a specialist
|
||
|
configure your network so that in the event of one provider failing you, your
|
||
|
network automatically cuts over to the other. And that when the first resumes
|
||
|
connectivity, the network routing switches back to a dual-route.
|