Network security covers a multitude of issues. The last article concerned security policy. This article looks at the threats posed by people, both outside and inside, trying to steal your computer and data, and suggests some strategies to counter them.
physical security
- The first issue to address is physical access to your network.
- Do you have a live network port in a public access room or unsecured garden shed?
- Do your children’s friends bring their laptops to visit?
- Do you have a network cable connected to the outside of your building or walk through an unsecured hallway?
- Secure the room/shed or, better yet, unplug the cable from the router when you’re not using it (an annoyance, but better than having your private data stolen or corrupted).
- Keep all wiring within your secure perimeter.
- Set the law on connecting other people’s computers to your network (see a later article on Wi-Fi security).
- Make sure your personal and private data is protected from access from unauthorized computers connected to your network; Most operating systems allow you to set usernames and passwords to control access to individual PCs and this should prevent illicitly connected computers from reading your network shares.
- Make sure that really sensitive data (such as bank details or passwords) is NEVER stored on a network share – it’s better to store it on a removable disk/pen drive that is kept under lock and key.
- If you’re really paranoid, set all your software to not remember your passwords for websites, etc. Of course, that means you’ll have to…
- Consider how to prevent people from leaving with your computers and peripherals
- Make sure the cable lock goes through a HOLE, not just around a pin.
- Make sure the attached cabinet is HEAVY and LARGE. You can hide a laptop under your coat, but a desk is more obvious…
- Best of all is to provide suitable anchors in the wall or floor.
- Since cables can be cut, consider using cable locks with built-in alarms
- IMPORTANT: Number your locks and keep spare numbered keys in a safe place, so that when the PC user loses the key or is locked out, they can recover their computer…
- Stop visitors and employees stealing your data
- Keep your data servers locked in a secure room or cabinet; an alarm is a useful addition
- Use security cables to secure devices, especially in areas accessible to the public
- Keep the number of staff that have access to servers to a minimum
- Protect your data by using proxies (such as web services) between the front end that users see and the data. Do not allow ordinary users to log in to the servers that store your data and files. This helps prevent bulk downloads of valuable files and data.
If you have a wired network, don’t imagine that it’s necessarily break-proof or access-proof:
If so, or if you can think of any other ways for unauthorized people to connect computers to your network, you should address these issues immediately. At a minimum, someone may be using your resources without paying you. In the worst case, they could download all your sensitive data or even delete it from your system…
People worry about thieves stealing TVs, DVD players, and other home equipment, but the loss of your PC and all of its stored data is much more serious, especially if you have your bank or credit card details on file. plain text on the hard drive! Most laptop and desktop computers and many peripherals (such as routers and printers) come with a ‘Kensington lock’ slot: a small slot in the case that allows you to attach a security cable. Use it to attach your gear to a solid fixing point:
Servers must be properly secured in a locked cabinet or cupboard. They can also be connected with cable locks or proprietary security devices, and the room/closet must be equipped with an alarm. As a matter of interest, more and more home entertainment devices (such as game consoles and televisions) are also equipped with security slots. A bunch of cable locks will make losses less likely for thieves (although they may tear them apart out of spite!).
Companies must remember that the biggest threat to their data comes from their own employees. Carelessness and accident will be covered in a separate article, but theft or willful damage to employees or visitors is included under the same heading as other break-ins. To reduce the risk of theft by staff or intruders:
Remember: Enforce your security policy…