Category Archives: Physical Security

Information about physical security in regards to computers and networks

Why is physical security important

You can have your computers and networks safely secured against attacks from the outside. But if someone can gain physical access to your computers, it does not matter that your computers have been configured securely. Here is a short article explaining why physical security is important.

Computer and network security is not just configuring computers and networks so that they are secure. It is also very important that your computers and network equipment are stored in a secure place. Needless to say, if someone steals your computer, you have a big problem. Theft of hardware is one reason to make sure that your computers and network equipment are stored in a secure location. But an attacker can also be more subtle than just walk away with the equipment. Damaging equipment can be done quickly and switching off the power or pressing the reset button is easily done, sometimes even done by accident.

But if an attacker gets physical access to your computer, he or she can also boot it from a USB device or CD and get administrator/superuser access to the computer. Fortunately, you can protect you against such attacks. Apart from making sure that only authorized staff has access to the computers, they can generally be configured to not by default boot from USB or CD devices. Most computers let you also to password-protect the BIOS so that no changes to the configuration can be done without knowing the password.

Note that you just need to give a selected few people physical access to the computers, keyboards and monitors can be placed outside the secure room where the computers reside. Physical access to the network also gives an attacker the chance to connect a packet sniffer to the network which can collect username and password, to be used for attacks later on.

If you have backups onsite, make sure that they are stored in a secure place. Otherwise, someone could copy the backups without anyone noticing. The backup could then be used to extract sensitive data. It is possible to encrypt backups but make sure to use strong encryption, nowadays processing power is cheap and what used to be strong encryption may be relatively easy to crack by using brute-force methods.

If you want to protect your computers at home, the main threat is theft. Backups make sure that you don’t lose your important documents if your computer is stolen. Just make sure to store the backups in a secure place, not next to the computer. But if you have sensitive data on your computers, you have a problem. It is very convenient to store all passwords in your computer and some people even store credit card and bank account information on their computers.

Passwords should never be stored directly on a computer, use utilities that save your passwords in encrypted form and requires you to know one single password to access all your other passwords. You can save the encrypted passwords on a USB stick which is much easier to protect than a computer.

If you really have sensitive data stored on your computer, you should use programs that encrypt the whole hard drive. The Windows password at start up gives you no security, the disk can just be placed in another computer and then all data on the disk is accessible. Just remember that if you forget the password that was used for encrypting the data, it can be very expensive to recover the data. Another possibility is to use biometric readers. But beware that biometric security devices have some disadvantages and are not considered secure by some security experts. The main problem is that the biometric tests can not be too strict. For example, a finger print reader has to accept relatively close matches, otherwise a small scratch could prevent you from accessing your data for several days. But this fault tolerance also lowers the security of the system. Here you can learn more about biometrics in computer security.