Lecture 2 – Physical Security

Physical security refers to measures taken to protect systems, building, and related supporting infrastructure against damage from accident, fire and environmental hazard. There are five risks exist in physical security to protect the computer system, they include interruptions in providing computer services, physical damage, unauthorized disclosure of information, loss of control over system integrity, and physical theft.

Computers may be damaged or stolen if they are kept in a public or open area. For example, someone may walk to the computer and intentionally un-plug the power or turning off the computer or steal the computers. Then the loss can be high since valuable information may be stored in the computers. In order to protect the computer system, consider following list to prevent physical risk.

  • Keep the computer / server in a secure building and use a cable with lock to secure the computer / server in its location.
  • Set a password to the screen saver and lock the computer automatically if it is not used for a set period of time.
  • Disable the floppy disk drive as it is where unsuspecting users can initiate the most harm. Floppy disk drives include the use of shrinkwrapped software, public domain or shareware packages, and personal diskettes from home. All of these diskettes may contain malicious code and should be checked for viruses before being used.
  • Run virus checks on the computer or run virus checks on floppy disks before use if the floppy drive is enable.
  • Do not introduce unknown media to the configuration, such as floppy disks and tapes that may contain sensitive information. In addition, since access to tapes is not protected by Windows NT, tape devices should only be installed in server configurations that are physically protected and do not allow untrusted users to log on. Only removable media devices that do not support downloadable firmware should be installed; this protects against the possibility of attacking the system via insertion of media into such devices.
  • The administrator should educate users to always type CTRL+ALT+DEL before logging on at a computer, even if the logon window already appears on the screen as this will remove Trojan house program.

4.1.2.4. Internet-Based Threat

All organizations with Internet access are to some extent visible to the outside world. Utilization of the Internet presents numerous issues and risks that must be addressed. In the Internet environment, curious student, criminals, agent of espionage, or curious cyber-surfers can carry out threats. As the use of public networks for electronic commerce and critical business functions increases, attacks by criminals and espionage agents will increase. There are five areas of concern relating to both transactional and system security risks, they are data privacy and confidentiality, data integrity, authentication, non-repudiation, and access control.

According to [1], Internet access comprises 57% of attack entry. A third of the corporate Intranets are hacked by outsiders. Therefore the effective security software must be used to countermeasures for the possibility of internal or external network attacks. A number of security software in the market can run automated security scans against Web servers, firewalls and internal networks. These programs are generally very effective at identifying weaknesses that may allow unauthorized system access or other attack against the system. This software also provides solution to protect the rapidly growing population of remote and mobile users from hacker attacks and prevents these systems from being used by hackers to gain back-door access to the corporate network. Most of these software programs are easier to use, and they provide a quicker way for administrators to roll out a highly effective solution that works intelligently in the background, monitoring both inbound and outbound communications. They are the ideal solutions for securing Internet and network connections.

A Guideline for Computer Lab Planning

The following is a series of steps and questions to work through when creating a proposal for a computer lab. It is not an expert document; only a guideline. This extracted from with modification.

Initial Planning

What is the intention of the computer lab or communication server? Is this an instructional lab for a specific discipline? What are the instructional needs for the lab? Will there be a instructor's computer podium? Projection? Whiteboard? Special lighting? Although most of these are covered later, you want to keep the intention of the lab (and any known futures) in mind as you are planning. For example, have you planned for open hours in this lab and staffing for those hours?

Environment

Has the room for the lab been selected? What remodeling will be required? Is there sufficient electrical service? Does the room need painting? Are the environmentals okay (air conditioning/heating/humidity)? Is the room surrounded by heat vents or registers which will affect placement of equipment? Note: On dry winter days, static builds up quickly and can create havoc for printing.

Request estimates from Physical Plant early for any remodeling needs. Also, as soon as possible, discuss your timetable with them.

Other Physical Plant work you might be requesting: Bolting tables to the floor, lighting (dimmer switches and/or separate circuits for different lighting needs), rekeying the room and work required for wiring the room. Be cautious with FIRE, WATER and SECUIRTY

Layout

There are several sources available for you when planning the layout of the room. If you would like assistance with planning, check your computer room setup. You can take an initial look and offer an opinion. We can also steer you to other resources such as I&MT Classroom Support, other instructional labs for comparison, instructors who use other instructional labs for opinions, as well as some vendors who specialize in layout, design and furniture for computer labs. Plan your layout with special accommodations in mind. Make sure there is a clear and open path to an adjustable height (or raised) table. The CSC Center can offer expert advice on requirements/recommendations.

Network Operations

In the planning process, you will also want to have Network Operations (NOC) look over your plans and discuss the best and most efficient way to wire the room. This will vary based on if the room was already structurally wired (to standards), how much wiring is needed, and the placement of jacks within the room, location of file server (if applicable), and where the floor's main distribution room is for wiring. Network Operations will also look at electronic options to best meet your needs, such as hubs, fast hubs, switches, and network cards for equipment. All these pieces need to be included in your proposal, in addition to the labor costs for installation.

To move from planning to doing stage, Network Operations will require a Telephone/Data Service Order (TSO) completed with the appropriate financial coding to be billed. This can be completed with a Network Operations staff member during the planning process.

On the TSO, you can also request a phone line for the lab if desired. Network Operations can advise you on phones and/or features for your needs.

Furnishings

Purchasing can provide you information for all the contract vendors, as well as general guidance in purchasing for the lab.

If you plan to carpet, plan early! We learned from experience that this process took much longer than we expected. Opinions vary on carpeting for labs (carpeting does create static and dust).

Are there windows in the room? Are you planning for shades or blinds?

Purchasing can provide you with information on furniture: whiteboard(s), storage cabinet (for consumables), chairs, printer tables, student tables (in constructing our last lab, we used 30" deep, 48" wide, 27" typing height tables). Think durability!

You'll want a clock (another learned experience).

Hardware and Software

What is proposed and purchased for the lab will depend solely on its purpose. It would be somewhat irresponsible to include detailed specifications in this document without knowing the plans for the lab and the needs of the instructors/students (for example, disk space needs for file servers and individual computers can vary greatly depending on planned use). The following list provides some general information. Labs planned for specific disciplines will no doubt have other, more specialized, needs:

HARDWARE:
File Server
Image Scanners
ID Scanner
Instructor's Equipment
PCs
Printers
Projection System
Color Printing w/swipe card (for pay for print)
Network cards (as mentioned in Network Operations)
UPS (Uninterruptible Power Supply for file server)
Zip Drives/Jazz Drives
Lock down cable and locks for computers
Trackballs (for special needs)

SOFTWARE:
Windows 2000, NT or Linux

Network Operating system software
Applications software
Metering software
Security software (this limits the students ability to change workstation setups)

Some questions: What applications will be run in this lab? Will the lab be fully populated (meaning will each computer run the software concurrently)? Are there network versions of the software?

IMPORTANT
When students leave this lab, where will they go to perform assignments? If you expect the same applications run in the lab to be available in a Campus Computer Lab (CCL), you may need to purchase extra copies for the CCLs. Funds provided to the campus for support of CCLs is limited and expenditures are often planned a year in advance (replacement equipment, high demand software) so funds for additional software are usually extremely limited.

In addition, "run a program" is not an option available at the CCLs. If a program needs to run at a lab, you must make arrangements for it to be loaded on the file server with its own icon. This takes time and needs to be planned with LAN Services.

Installation of the Lab

Do you have departmental personnel who plan to install the file server, software, and computers for the lab? If not, you can contact LAN Services for an estimate for this service. LAN Services can only provide this service to a limited number of labs (especially since labs tend to get installed at the same time of the year and compete for resources with any CCL work planned by LAN Services). This is a billable service and the estimate will depend on the complexity of hardware/software.

Support of the Lab

Have you planned for a "computer officer”, lab manager" or "workgroup manager" who will be responsible for the day-to-day operations of the lab? The workgroup manager is a term used by LAN Services to represent the departmental person responsible for user accounts, access rights, loading of server based application software, registering software, maintaining licenses, coordinating all hardware maintenance required, scheduling cleaning and maintenance of the room, installing and managing print queues, etc. Beyond the workgroup manager responsibilities, have you planned for network/server support (if applicable)? This would be a departmental LAN administrator or a contractual service provided by LAN Services (again, LAN Services can only accept a limited number of these contracts with current staff).

Backup

Do you have a backup plan in place for software/files stored on the file server? A mirror image of what is loaded on each workstation?

Other

Consumables: paper and toner cartridges

Have you thought about replacement costs for this hardware in the future? Most of us forget this until it hits us.

Others

This web site contains information about alarm, fire and security

Question

1)Why there is a need to perform identification and authentication in control room?

Identification and authentication is a technical measure that prevents unauthorized people or unauthorized processes from entering an IT system. Access control usually requires that the system be able to identify and differentiate among users. For example, access control is often based on least privilege, which refers to the granting to users of only those accesses minimally required to perform their duties. User accountability requires the linking ofactivities on an IT system to specific individuals and, therefore, requires the system to identify users.

2) Where an organization’s application promotes or permits public access, additional security controls are needed to protect the integrity of the application and the confidence of the public in the application. Such controls segregating information made directly accessible to the public from official organization records and are classified as public access controls. State public access control.

Public access systems are subject to a greater threat from outside attacks. In public access systems, users are often anonymous and untrained in the system and their responsibilities. Attacks on public access systems could have a substantial impact on the organization’s reputation and the level of public trust and confidence. Threats from insiders are also greater (e.g., errors introduced by disgruntled employees or unintentional errors by untrained users).

3)What is contingency plan and what should be ensured?

Procedures are required that will permit the organization to continue essential functions if information technology support is interrupted. These procedures should be coordinated with the backup, contingency, and recovery plans of many general support systems, including networks use by the application. The contingency plans should ensure that interfacing systems are identified and contingency/disaster planning coordinated.

4)What is Electronic Mail Threat? And why it is dangerous?

Electronic mail (e-mail) is one of the most popular uses of the Internet. With access to Internet e-mail, people can potentially correspond with any one of millions of people in the world. However, most of the security attacks are through email. There are several threats related to the email, they are dangerous attachments, impersonation, eavesdropping, mail bombing, and junk e-mail. Each of these threats can cause severe damage to the computer systems. Thus the security software for the protection of the email system should be setup. Most the virus scan software in the market provides real-time scanning engine for all inbound and outbound emails and can effectively prevent most of the email threats.

hysical checklits – example of CSC