security protection hardware
TRANSCRIPT
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 1/15
http://docstore.mik.ua/orelly/networking/puis/index.htm
12.2 Protecting Computer Hardware
Physically protecting a computer presents many of the same problems that arise when protecting
typewriters, jewelry, and file cabinets. Like a typewriter, an office computer is something thatmany people inside the office need to access on an ongoing basis. Like jewelry, computers are
very valuable, and very easy for a thief to sell. But the real danger in having a computer stolen
isn't the loss of the system's hardware but the value of the loss of the data that was stored on the
computer's disks. As with legal files and financial records, if you don't have a backup - or if the
backup is stolen with the computer - the data you have lost may well be irreplaceable. Even if you do have a backup, you will still need to spend valuable time setting up a replacement system.
Finally, there is always the chance that stolen information itself, or even the mere fact thatinformation was stolen, will be used against you.
Your computers are among the most expensive possessions in your home or office; they are also
the pieces of equipment that you can least afford to lose.[1]
[1] We know of some computer professionals who say, "I don't care if the thief steals mycomputer; I just wish that he would first take out the hard drive!" Unfortunately, you can rarely
reason in this manner with would-be thieves.
To make matters worse, computers and computer media are by far the most temperamental
objects in today's home or office. Few people worry that their television sets will be damaged if they're turned on during a lightning storm, but a computer's power supply can be blown out
simply by leaving the machine plugged into the wall if lightning strikes nearby. Even if the
power surge doesn't destroy the information on your hard disk, it still may make the informationinaccessible until the computer system is repaired.
Power surges don't come only during storms: one of the authors once had a workstation ruined
because a vacuum cleaner was plugged into the same outlet as the running workstation: when the
vacuum was switched on, the power surge fatally shorted out the workstation's power supply.
Because of the age of the computer involved, it proved to be cheaper to throw out the machineand lose the data, rather than attempt to salvage the hardware and information stored on the
machine's disk. That was an expensive form of spring cleaning!
There are several measures that you can take to protect your computer system against physicalthreats. Many of them will simultaneously protect the system from dangers posed by nature,
outsiders, and inside saboteurs.
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 2/15
12.2.1 The Environment
Computers are extremely complicated devices that often require exactly the right balance of
physical and environmental conditions to properly operate. Altering this balance can cause your
computer to fail in unexpected and often undesirable ways. Even worse, your computer might
continue to operate, but erratically, producing incorrect results and corrupting valuable data.
In this respect, computers are a lot like people: they don't work well if they're too hot, too cold,
or submerged in water without special protection.
12.2.1.1 Fire
Computers are notoriously bad at surviving fires. If the flames don't cause your system's case andcircuit boards to ignite, the heat might melt your hard drive and all the solder holding the
electronic components in place. Your computer might even survive the fire, only to be destroyed
by the water used to fight the flames.
You can increase the chances that your computer will survive a fire by making sure that there isgood fire-extinguishing equipment nearby.
In the late 1980s, Halon fire extinguishers were exceedingly popular for large corporate
computer rooms. Halon is a chemical that works by "asphyxiating" the fire's chemical reaction.
Unlike water, Halon does not conduct electricity and leaves no residue, so it will not damageexpensive computer systems.
Unfortunately, Halon may also asphyxiate humans in the area. For this reason, all automatic
Halon systems have loud alarms that sound before the Halon is discharged. Halon has another
problem as well: after it is released into the environment, it slowly diffuses into the stratosphere,where it acts as a potent greenhouse gas and contributes to the destruction of the ozone layer.
Halon is therefore being phased out and replaced with systems that are based on carbon dioxide
(CO2), which still asphyxiate fires (and possibly humans), but which do not cause as muchenvironmental degradation.
Here are some guidelines for fire control:
• Make sure that you have a hand-held fire extinguisher by the doorway of your computer
room. Train your computer operators in the proper use of the fire extinguisher. Repeat the
training at least once a year. One good way to do this is to have your employees practice
with extinguishers that need to be recharged (usually once every year or two). However,don't practice indoors!
• Check the recharge state of each extinguisher every month. Extinguishers with gauges
will show if they need recharging. All extinguishers should be recharged and examined
by a professional on a periodic basis (sometimes those gauges stick in the "full"
position!).
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 3/15
• If you have a Halon or CO2 system, make sure everyone who enters the computer room
knows what to do when the alarm sounds. Post warning signs in appropriate places.
• If you have an automatic fire-alarm system, make sure you can override it in the event of
a false alarm.
• Ensure that there is telephone access for your operators and users who may discover afire or a false alarm.
Many modern computers will not be damaged by automatic sprinkler systems, provided that the
computer's power is turned off before the water starts to flow (although disks, tapes, and printouts out in the open may suffer). Consequently, you should have your computer's power
automatically cut if the water sprinkler triggers.[2] Be sure that the computer has completely
dried out before the power is restored. If your water has a very high mineral content, you mayfind it necessary to have the computer's circuit boards professionally cleaned before attempting
to power up. Remember, getting sensitive electronics wet is never a good idea.
[2] If you have an uninterruptible power supply, be sure that it is automatically disconnected,too.
Because many computers can now survive exposure to water, many fire-protection experts nowsuggest that a water sprinkler system may be as good as (or better) than a CO2 system. In
particular, a water system will continue to run long after a CO2 system is exhausted, so it's more
likely to work against major fires. They also are less expensive to maintain, and less hazardous tohumans.
If you choose to have a water-based sprinkler system installed, be sure it is a "dry-pipe" system.
This keeps water out of the pipes until an alarm is actually triggered, rather than having the
sprinkler heads pressurized all the time. This may save your system from leaks or misfortune.[3]
[3] We know of one instance where a maintenance man accidentally knocked the sprinkler headoff with a stepladder. The water came out in such quantity that the panels for the raised floor
were floating before the water was shut off. The mess took more than a week to clean up.
Be sure that your wiring, in addition to your computers, is protected. Be certain that smokedetectors and sprinkler heads are appropriately positioned to cover wires in wiring trays (often
above your suspended ceilings), and in wiring closets.
12.2.1.2 Smoke
Smoke is very good at damaging computer equipment. Smoke is a potent abrasive and collects
on the heads of magnetic disks, optical disks, and tape drives. A single smoke particle can causea severe disk crash on some kinds of older disk drives without a sealed drive compartment.
Sometimes smoke is generated by computers themselves. Electrical fires - particularly those
caused by the transformers in video monitors - can produce a pungent, acrid smoke that can
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 4/15
damage other equipment and may also be a potent carcinogen. Several years ago, a laboratory at
Stanford had to be evacuated because of toxic smoke caused by a fire in a single video monitor.
An even greater danger is the smoke that comes from cigarettes and pipes. Such smoke is ahealth hazard to people and computers alike. Smoke will cause premature failure of keyboards
and require that they be cleaned more often. Nonsmokers in a smoky environment will not perform as well as they might otherwise, both in the near term and the long term; and in many
locales, smoking in public or semi-public places is illegal.
Here are some guidelines for smoke control:
• Do not permit smoking in your computer room or around the people who use the
computers.
• Install smoke detectors in every room with computer or terminal equipment.
• If you have a raised floor, mount smoke detectors underneath the floor as well.
• If you have suspended ceilings, mount smoke detectors above the ceiling tiles.
Get a Carbon-Monoxide Detector!
Carbon monoxide (CO) won't harm your computer, but it might silently kill any humans in the
vicinity. One of the authors of this book was nearly killed in February 1994 when his home
chimney became plugged and the furnace exhaust started venting into his house. Low-cost
carbon monoxide detectors are readily available. They should be installed wherever coal, oil, or gas-fired appliances are used.
If you think this doesn't apply to your computer environment, think again. Closed office
buildings can build up strong concentrations of CO from faulty heater venting, problems withgenerator exhaust (as from a UPS), or even a truck idling outside with its exhaust near the building air intake.
12.2.1.3 Dust
Dust destroys data. As with smoke, dust can collect on the heads of magnetic disks, tape drives,
and optical drives. Dust is abrasive and will slowly destroy both the recording head and themedia.
Most dust is electrically conductive. The design of many computers sucks large amounts of air
and dust through the computer's insides for cooling. Invariably, a layer of dust will accumulateon a computer's circuit boards, covering every surface, exposed and otherwise. Eventually, thedust will cause circuits to short and fail.
Here are some guidelines for dust control:
• Keep your computer room as dust free as possible.
• If your computer has air filters, clean or replace them on a regular basis.
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 5/15
• Get a special vacuum for your computers and use it on a regular basis. Be sure to vacuum
behind your computers. You may also wish to vacuum your keyboards.
• In environments with dust that you can't control well, consider getting keyboard dust
covers to use when the keyboards are idle for long periods of time. However, don't
simply throw homemade covers over your computers - doing so can cause the computer
to overheat, and some covers can build up significant static charges.
12.2.1.4 Earthquake
While some parts of the world are subject to frequent and severe earthquakes, nearly every part
of the world experiences the occasional temblor. In the United States, for example, the San
Francisco Bay Area experiences several earthquakes every year; a major earthquake is expectedwithin the next 20 years that may be equal in force to the great San Francisco earthquake of
1906. Scientists also predict an 80% chance that the eastern half of the United States may
experience a similar earthquake within the next 30 years: the only truly unknown factor is whereit will occur. As a result, several Eastern cities have enacted stringent anti-earthquake building
codes. These days, many new buildings in Boston are built with diagonal cross-braces, using
construction that one might expect to see in San Francisco.
While some buildings collapse in an earthquake, most remain standing. Careful attention to the placement of shelves and bookcases in your office can increase the chances that your computers
will survive all but the worst disasters.
Here are some guidelines for earthquake control:
• Avoid placing computers on any high surfaces - for example, on top of file cabinets.
• Do not place heavy objects on bookcases or shelves near computers in such a way that
they might fall on the computer during an earthquake.
• To protect your computers from falling debris, place them underneath strong tables.
• Do not place computers on desks next to windows - especially on higher floors. In an
earthquake, the computer could be thrown through the window, destroying the computer,
and creating a hazard for people on the ground below.
• Consider physically attaching the computer to the surface on which it is resting. You can
use bolts, tie-downs, straps, or other implements. (This practice also helps deter theft of the equipment.)
12.2.1.5 Explosion
Although computers are not prone to explosion, the buildings in which they are located can be -
especially if a building is equipped with natural gas or is used to store flammable solvents.
If you need to operate a computer in an area where there is a risk of explosion, you mightconsider purchasing a system with a ruggedized case. Disk drives can be shock-mounted within a
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 6/15
computer; if explosion is a constant hazard, consider using a ruggedized laptop with an easily
removed, shock-resistant hard drive.
Here are some basic guidelines for explosion control:
•
Consider the real possibility of explosion on your premises. Make sure that solvents, if present, are stored in appropriate containers in clean, uncluttered areas.
• Keep your backups in blast-proof vaults or off-site.
• Keep computers away from windows.
12.2.1.6 Temperature extremes
As with people, computers operate best within certain temperature ranges. Most computer
systems should be kept between 50 and 90 degrees Fahrenheit (10 to 32 degrees Celsius). If the
ambient temperature around your computer gets too high, the computer cannot adequately coolitself, and internal components can be damaged. If the temperature gets too cold, the system can
undergo thermal shock when it is turned on, causing circuit boards or integrated circuits to crack.
Here are some basic guidelines for temperature control:
• Check your computer's documentation to see what temperature ranges it can tolerate.
• Install a temperature alarm in your computer room that is triggered by a temperature that
is too low or too high. Set it to alarm when the temperature gets within 15-20 degrees (F)
of the limits your system can take. Some alarms can even be connected to a phone line,
and can be programed to dial predefined phone numbers and tell you, with a synthesizedvoice, "your computer room is too hot."
• Be careful about placing computers too close to walls, which can interfere with air circulation. Most manufacturers recommend that their systems have 6 to 12 inches of open space on every side. If you cannot afford the necessary space, lower the computer's
upper-level temperature by 10 degrees Fahrenheit or more.
12.2.1.7 Bugs (biological)
Sometimes insects and other kinds of bugs find their way into computers. Indeed, the very term bug, used to describe something wrong with a computer program, dates back to the 1950s, when
Grace Murray Hopper found a moth trapped between the relay contacts on Harvard University's
Mark 1 computer.
Insects have a strange predilection for getting trapped between the high-voltage contacts of switching power supplies. Others seem to have insatiable cravings for the insulation that covers
wires carrying line current and the high-pitched whine that switching power supplies emit.
Spider webs inside computers collect dust like a magnet.
12.2.1.8 Electrical noise
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 7/15
Motors, fans, heavy equipment, and even other computers can generate electrical noise that can
cause intermittent problems with the computer you are using. This noise can be transmitted
through space or nearby power lines.
Electrical surges are a special kind of electrical noise that consists of one (or a few) high-voltage
spikes. As we've mentioned, an ordinary vacuum cleaner plugged into the same electrical outletas a workstation can generate a spike capable of destroying the workstation's power supply.
Here are some guidelines for electrical noise control:
• Make sure that there is no heavy equipment on the electrical circuit that powers your
computer system.
• If possible, have a special electrical circuit with an isolated ground installed for each
computer system.
• Install a line filter on your computer's power supply.
• If you have problems with static, you may wish to install a static (grounding) mat aroundthe computer's area, or apply antistatic sprays to your carpet.
• Walkie-talkies, cellular telephones, and other kinds of radio transmitters can cause
computers to malfunction when they are transmitting. Especially powerful transmitters
can even cause permanent damage to systems. Transmitters have also been known to
trigger the explosive charges in some sealed fire- extinguisher systems (e.g., Halon). All
radio transmitters should be kept at least five feet from the computer, cables, and peripherals. If many people in your organization use portable transmitters, you should
consider posting signs instructing them not to transmit in the computer's vicinity.
12.2.1.9 Lightning
Lightning generates large power surges that can damage even computers whose electricalsupplies are otherwise protected. If lightning strikes your building's metal frame (or hits your
building's lightning rod), the resulting current on its way to ground can generate an intense
magnetic field.
Here are some guidelines for lightning control:
• If possible, turn off and unplug computer systems during lightning storms.
• Make sure that your backup tapes, if they are kept on magnetic media, are stored as far as
possible from the building's structural steel members.
• Surge suppressor outlet strips will not protect your system from a direct strike, but may
help if the storm is distant. Some surge suppressors include additional protection for
sensitive telephone equipment; this extra protection may be of questionable value in most
areas, though, since by law, telephone circuits must be equipped with lightning arresters.
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 8/15
• In remote areas, modems are still damaged by lightning, even though they are on lines
equipped with lightning arresters. In these areas, modems may benefit from additional
lightning protection.
12.2.1.10 Vibration
Vibration can put an early end to your computer system by literally shaking it apart. Even gentle
vibration, over time, can work printed circuit boards out of their edge connectors, and integrated
circuits out of their sockets. Vibration can cause hard disk drives to come out of alignment andincrease the chance for catastrophic failure - and resulting data loss.
Here are some guidelines for vibration control:
• Isolate your computer from vibration as much as possible.
• If you are in a high-vibration environment, you can place your computer on a rubber or
foam mat to dampen out vibrations reaching it, but make sure that the mat does not block
ventilation openings.
• Laptop computers are frequently equipped with hard disks that are better at resisting
vibration than are desktop machines
• Don't put your printer on top of a computer. Printers are mechanical devices; they
generate vibrations. Desktop space may be a problem, but a bigger problem may be theunexpected failure of your computer's disk drive or system board.
12.2.1.11 Humidity
Humidity is your computer's friend - but as with all friends, you can get too much of a good
thing. Humidity prevents the buildup of static charge. If your computer room is too dry, staticdischarge between operators and your computer (or between the computer's moving parts) may
destroy information or damage your computer itself. If the computer room is too humid, you may
experience condensation on the computer's circuitry, which can short out and damage the
electrical circuits.
Here are some guidelines for humidity control:
• For optimal performance, keep the relative humidity of your computer room above 20%
and well below the dew point (which depends on the ambient room temperature).
• In environments that require high reliability, you may wish to have a humidity alarm that
will ring when the humidity is out of your acceptable range.
• Some equipment has special humidity restrictions. Check your manuals.
12.2.1.12 Water
Water can destroy your computer. The primary danger is an electrical short, which can happen if
water bridges between a circuit-board trace carrying voltage and a trace carrying ground. A short
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 9/15
will cause too much current to be pulled through a trace, and will heat up the trace and possibly
melt it. Shorts can also destroy electronic components by pulling too much current through them.
Water usually comes from rain or flooding. Sometimes it comes from an errant sprinkler system.Water also may come from strange places, such as a toilet overflowing on a higher floor,
vandalism, or the fire department.
Here are some guidelines for water control:
• Mount a water sensor on the floor near the computer system.
• If you have a raised floor in your computer room, mount water detectors underneath the
floor and above it.
• Do not keep your computer in the basement of your building if your area is prone to
flooding, or if your building has a sprinkler system.
• Because water rises, you may wish to have two alarms, located at different heights. The
first water sensor should ring an alarm; the second should automatically cut off power toyour computer equipment. Automatic power cutoffs can save a lot of money if the flood
happens off-hours, or if the flood occurs when the person who is supposed to attend to
the alarm is otherwise occupied. More importantly, cutoffs can save lives: electricity,
water, and people shouldn't mix.
12.2.1.13 Environmental monitoring
To detect spurious problems, you should continuously monitor and record your computer room's
temperature and relative humidity. As a general rule of thumb, every 1,000 square feet of office
space should have its own recording equipment. Log and check recordings on a regular basis.
12.2.2 Preventing Accidents
In addition to environmental problems, your computer system is vulnerable to a multitude of accidents. While it is impossible to prevent all accidents, careful planning can minimize the
impact of accidents that will inevitably occur.
12.2.2.1 Food and drink
People need food and drink to stay alive. Computers, on the other hand, need to stay away fromfood and drink. One of the fastest ways of putting a keyboard out of commission is to pour a soft
drink or cup of coffee between the keys. If this keyboard is your system console, you may beunable to reboot the computer until the console is replaced (we know this from experience).
Food - especially oily food - collects on people's fingers, and from there gets on anything that a person touches. Often this includes dirt-sensitive surfaces such as magnetic tapes and optical
disks. Sometimes food can be cleaned away; other times it cannot. Oils from foods also tend to
get onto screens, increasing glare and decreasing readability. Some screens (especially some
terminals from Digital Equipment Corporation) are equipped with special quarter-wavelength
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 10/15
antiglare coatings: when touched with oily hands, the fingerprints will glow with an annoying
iridescence. Generally, the simplest rule is the safest: Keep all food and drink away from your
computer systems.[4]
[4] Perhaps more than any other rule in this chapter, this rule is honored most often in the breach.
12.2.3 Physical Access
Simple common sense will tell you to keep your computer in a locked room. But how safe is that
room? Sometimes a room that appears to be quite safe is actually wide open.
12.2.3.1 Raised floors and dropped ceilings
In many modern office buildings, internal walls do not extend above dropped ceilings or beneath
raised floors. This type of construction makes it easy for people in adjoining rooms, andsometimes adjoining offices, to gain access.
Here are some guidelines for dealing with raised floors and dropped ceilings:
• Make sure that your building's internal walls extend above your dropped ceilings - so that
intruders cannot enter locked offices simply by climbing over the walls.
• Likewise, if you have raised floors, make sure that the building's walls extend down to
the real floor.
12.2.3.2 Entrance through air ducts
If the air ducts that serve your computer room are large enough, intruders can use them to gain
entrance to an otherwise secured area.
Here are some guidelines for dealing with air ducts:
• Areas that need large amounts of ventilation should be served by several small ducts,
none of which is large enough for a person to traverse.
• As an alternative, screens can be welded over air vents, or even within air ducts, to
prevent unauthorized entry (although screens can be cut).
• The truly paranoid administrator may wish to place motion detectors inside air ducts.
12.2.3.3 Glass walls
Although glass walls and large windows frequently add architectural panache, they can be severe
security risks. Glass walls are easy to break; a brick and a bottle of gasoline thrown through awindow can do an incredible amount of damage. Glass walls are also easy to look through: an
attacker can gain critical knowledge, such as passwords or information about system operations,
simply by carefully watching people on the other side of a glass wall or window.
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 11/15
Here are some guidelines for dealing with glass walls:
• Avoid glass walls and windows for security-sensitive areas.
• If you must have some amount of translucence, consider walls made of glass blocks.
12.2.4 Vandalism
Computer systems are good targets for vandalism. Reasons for vandalism include:
• Intentional disruption of services (e.g., a student who has homework due)
• Revenge (e.g., a fired employee)
• Riots
• Strike-related violence
• Entertainment for the feebleminded
Computer vandalism is often fast, easy, and very expensive. Sometimes, vandalism is actually
sabotage presented as random vandalism.
In principle, any part of a computer system - or the building that houses it - may be a target for vandalism. In practice, some targets are more vulnerable than others. Some are described briefly
in the following sections.
12.2.4.1 Ventilation holes
Several years ago, 60 workstations at the Massachusetts Institute of Technology were destroyed
in a single evening by a student who poured Coca-Cola into each computer's ventilation holes.Authorities surmised that the vandal was a student who had not completed a problem set due the
next day.
Computers that have ventilation holes need them. Don't seal up the holes to prevent this sort of vandalism. However, a rigidly enforced policy against food and drink in the computer room - or
a 24-hour guard - can help prevent this kind of incident from happening at your site.
12.2.4.2 Network cables
Local and wide area networks are exceedingly vulnerable to vandalism. In many cases, a vandal
can disable an entire subnet of workstations by cutting a single wire with a pair of wire cutters.Compared with Ethernet, fiber optic cables are at the same time more vulnerable (because
sometimes they can be more easily damaged), more difficult to repair (because fiber optics are
difficult to splice), and more attractive targets (because they often carry more information).
One simple method for protecting a network cable is to run it through physically secure
locations. For example, Ethernet cable is often placed in cable trays or suspended from ceilings
with plastic loops. But Ethernet can also be run through steel conduit between offices. Besides
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 12/15
protecting against vandalism, this practice protects against some forms of network
eavesdropping, and may help protect your cables in the event of a small fire.
Some high-security installations use double-walled, shielded conduit with a pressurized gas between the layers. Pressure sensors on the conduit break off all traffic or sound a warning bell if
the pressure ever drops, as might occur if someone breached the walls of the pipe. It importantthat you physically protect your network cables. Placing the wire inside an electrical conduit
when it is first installed can literally save thousands of dollars in repairs and hundreds of hours indowntime later.
Many universities have networks that rely on Ethernet or fiber optic cables strung through the
basements. A single frustrated student with a pair of wirecutters or a straight pin can halt thework of thousands of students and professors.
We also have heard stories about fiber optic cable suffering small fractures because someone
stepped on it. A fracture of this type is difficult to locate because there is no break in the coating.
Be very careful where you place your cables. Note that "temporary" cable runs often turn into permanent or semi-permanent installations, so take the extra time and effort to install cable
correctly the first time.
12.2.4.3 Network connectors
In addition to cutting a cable, a vandal who has access to a network's endpoint - a network
connector - can electronically disable or damage the network. Ethernet is especially vulnerable togrounding and network-termination problems. Simply by removing a terminator at the end of the
network cable or by grounding an Ethernet's inside conductor, an attacker can render the entire
network inoperable. Usually this event happens by accident; however, it can also happen as the
result of an intentionally destructive attack.
All networks based on wire are vulnerable to attacks with high voltage. At one university in the
late 1980s, a student destroyed a cluster of workstations by plugging the thin-wire Ethernet cable
into a 110VAC wall outlet. (Once again, the student wanted to simulate a lightning strike because he hadn't done his homework.)
12.2.5 Defending Against Acts of War and Terrorism
Unless your computer is used by the military or being operated in a war zone, it is unlikely to be
a war target. Nevertheless, if you live in a region that is subject to political strife, you may wish
to consider additional structural protection for your computer room.
Alternatively, you may find it cheaper to devise a system of hot backups and mirrored disks andservers. With a reasonably fast network link, you can arrange for files stored on one computer to
be simultaneously copied to another system on the other side of town - or the other side of the
world. Sites that cannot afford simultaneous backup can have hourly or nightly incrementaldumps made across the network link. Although a tank or suicide bomber may destroy your
computer center, your data can be safely protected someplace else.
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 13/15
12.2.6 Preventing Theft
Because many computers are relatively small and valuable, they are easily stolen and easily sold.
Even computers that are relatively difficult to fence - such as DEC VaxStations - have been
stolen by thieves who thought that they were actually stealing PCs. As with any expensive piece
of equipment, you should attempt to protect your computer investment with physical measuressuch as locks and bolts.
RAM Theft
Figure 12.1: SIMMs (standard inline memory modules) are vulnerable to theft
In recent years, businesses and universities have suffered a rash of RAM thefts. Thieves enter
offices, open computers, and remove some or all of the computer's RAM. Many computer
businesses and universities have also had major thefts of advanced processor chips.
RAM and late-model CPU chips are easily sold on the open market. They are untraceable. And,
when thieves steal only some of the RAM inside a computer, many weeks or months may pass
before the theft is noticed.
Remember, high-density RAM modules and processor cards are worth substantially more thantheir weight in gold. If a user complains that a computer is suddenly running more slowly than it
did the day before, check its RAM, and then check to see that its case is physically secured.
12.2.6.1 Physically secure your computer
A variety of physical tie-down devices are available to bolt computers to tables or cabinets.
Although they cannot prevent theft, they can make theft more difficult.
12.2.6.2 Encryption
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 14/15
If your computer is stolen, the information it contains will be at the mercy of the equipment's
new "owners." They may erase it. Alternatively, they may read it. Sensitive information can be
sold, used for blackmail, or used to compromise other computer systems.
You can never make something impossible to steal. But you can make stolen information
virtually useless - provided that it is encrypted and that the thief does not know the encryptionkey. For this reason, even with the best computer-security mechanisms and physical deterrents,
sensitive information should be encrypted using an encryption system that is difficult to break.[5]We recommend that you acquire and use a strong encryption system so that even if your
computer is stolen, the sensitive information it contains will not be compromised.
[5] The UNIX crypt encryption program (described in Chapter 6, Cryptography ) is trivial to break. Do not use it for information that is the least bit sensitive.
12.2.6.3 Portables
Portable computers present a special hazard. They are easily stolen, difficult to tie down (theythen cease to be portable!), and often quite easily resold. Personnel with laptops should be
trained to be especially vigilant in protecting their computers. In particular, theft of laptops inairports is a major problem.
Note that theft of laptops may not be motivated by greed (resale potential) alone. Often,
competitive intelligence is more easily obtained by stealing a laptop with critical information
than by hacking into a protected network. Thus, good encryption on a portable computer iscritical. Unfortunately, this encryption makes the laptop a "munition" and difficult to legally
remove from many countries (including the U.S.).[6]
[6] See Chapter 6 for more detail on this.
Different countries have different laws with respect to encryption, and many of these laws arecurrently in flux. In the United States, you cannot legally export computers containing
cryptographic software: one solution to this problem is to use an encryption product that is
manufactured and marketed outside, as well as inside, your country of origin. First encrypt thedata before leaving, then remove the encryption software. After you arrive at your destination,
obtain a copy of the same encryption software and reinstall it. (For the U.S. at least, you can
legally bring the PC back into the country with the software in place.) But U.S. regulations
currently have exemptions allowing U.S.-owned companies to transfer cryptographic software between their domestic and foreign offices. Furthermore, destination countries may have their
own restrictions. Frankly, you may prefer to leave the portable at home!
12.2.6.4 Minimizing downtime
We hope your computer will never be stolen or damaged. But if it is, you should have a plan for immediately securing temporary computer equipment and for loading your backups onto the new
systems. This plan is known as disaster recovery.
7/28/2019 Security Protection Hardware
http://slidepdf.com/reader/full/security-protection-hardware 15/15
We recommend that you do the following:
• Establish a plan for rapidly acquiring new equipment in the event of theft, fire, or
equipment failure.
• Test this plan by renting (or borrowing) a computer system and trying to restore your
backups.
If you ask, you may discover that your computer dealer is willing to lend you a system that is
faster than the original system, for the purpose of evaluation. There is probably no better way to
evaluate a system than to load your backup tapes onto the system and see if they work. Be sure todelete and purge the computer's disk drives before returning them to your vendor.
12.2.7 Related Concerns
Beyond the items mentioned earlier, you may also wish to consider the impact on your computer
center of the following:
• Loss of phone service or networks. How will this impact your regular operations?
• Vendor going bankrupt. How important is support? Can you move to another hardware or
software system?
• Significant absenteeism. Will this impact your ability to operate?
• Death or incapacitation of key personnel. Can every member of your computer
organization be replaced? What are the contingency plans?