Designing Home and SME Networks 13 – Network Security – Physical Security

Network security covers a multitude of issues. The last article referred to the security policy. This article discusses the threats posed by people – both from outside and inside – trying to steal your equipment and data and suggests some strategies to counter them.

Physical security

  1. The first issue to address is physical access to your network.
  2. If you’ve a wired network, don’t imagine that it’s necessarily proof against being broken/tapped into:

    • Do you have a live network port in a publicly-accessible room or an unsecured garden shed?
    • Do your childrens’ friends bring their laptops to visit?
    • Do you have a network cable tacked to the outside of your building or passing through an unsecured lobby?

    If so, or if you can think of any other way for unauthorised people to connect equipment to your network, you need to address these issues immediately. At the very least, someone may be using your resources without paying you. At worst, they could download all your confidential data or even erase it from your system…

    • Secure the room/shed or, better, unplug the cable from the router when you’re not using it (a pain, but better than having your private data stolen or corrupted).
    • Keep all cabling inside your secure perimeter.
    • Lay down the law about connecting other people’s computers to your network (see a later article about wi-fi security).
    • Make sure that your personal, private data is secured against being accessed from unauthorised computers connected to your network – most operating systems allow you to set usernames and passwords to control access to individual PCs and this should prevent illicitly connected computers reading your network shares.
    • Ensure that really sensitive data (such as bank or password data) is NEVER kept on a network share: It is best stored on a removable disk/pen drive that’s kept locked away.
    • If you’re really paranoid, set all your software to not remember your passwords to web sites etc. Of course, that means that you’ll have to…
  3. Consider how to stop people walking off with your computers and peripherals
  4. People worry about having TVs, DVD players and other domestic equipment stolen by burglars, but loss of your PC and all its stored data is much more serious, especially if you’ve got your bank or credit card details in a plain-text file on the hard disk! Most portable and desktop computers and many peripherals (such as routers and printers) come with a ‘Kensington lock’ slot: a small slot in the case that allows you to fit a security cable. Use it to attach your equipment to a solid fixing point:

    • Make sure that the cable lock goes through a HOLE – not just round a leg.
    • Make sure that the attached furniture item is HEAVY and LARGE. You can hide a laptop under your coat, but a desk is more obvious…
    • Best of all, provide proper anchors set into the wall or floor.
    • Since cables can be cut, consider using cable locks with alarms incorporated
    • IMPORTANT: Number your locks and keep spare, numbered keys in a secure location, so when the PC user loses the key or quits, you can get your computer back…

    Servers should be properly secured in a locked cabinet or cupboard. They can also be attached with cable locks or proprietary security devices, and the room/cupboard should be fitted with an alarm. As a matter of interest, more and more domestic entertainment devices (such as games consoles and TVs) are also being fitted with security slots. A job lot of cable locks will make loss to burglars less likely (although they may trash them out of pique!).

  5. Stopping visitors and employees stealing your data
  6. Businesses should remember that the greatest threat to your data is from your own employees. Carelessness and accident will be dealt with in a separate article, but employee or visitor theft or deliberate damage falls under the same heading as other break-ins. To reduce the risk of theft by staff or intruders:

    • Keep your data servers locked away in a secure room or cabinet – an alarm is a useful addition
    • Use security cables to secure devices, especially in areas accessible to the public
    • Keep to a minimum the number of staff that have access to the servers
    • Protect your data by using proxies (such as web services) between the front-end the users see and the data. Don’t allow ordinary users to log in to the servers that store your data and files. This helps to prevent wholesale downloads of valuable files and data.

Remember: Enforce your security policy…