Vous êtes sur la page 1sur 8

Lecture 2 – Physical Security

Physical security refers to measures taken to protect systems, building, and


related supporting infrastructure against damage from accident, fire and
environmental hazard. There are five risks exist in physical security to protect
the computer system, they include interruptions in providing computer
services, physical damage, unauthorized disclosure of information, loss of
control over system integrity, and physical theft.

Computers may be damaged or stolen if they are kept in a public or open area.
For example, someone may walk to the computer and intentionally un-plug the
power or turning off the computer or steal the computers. Then the loss can be
high since valuable information may be stored in the computers. In order to
protect the computer system, consider following list to prevent physical risk.

 Keep the computer / server in a secure building and use a cable with
lock to secure the computer / server in its location.

 Set a password to the screen saver and lock the computer automatically
if it is not used for a set period of time.

 Disable the floppy disk drive as it is where unsuspecting users can


initiate the most harm. Floppy disk drives include the use of
shrink-wrapped software, public domain or shareware packages, and
personal diskettes from home. All of these diskettes may contain
malicious code and should be checked for viruses before being used.

 Run virus checks on the computer or run virus checks on floppy disks
before use if the floppy drive is enable.
 Do not introduce unknown media to the configuration, such as floppy
disks and tapes that may contain sensitive information. In addition,
since access to tapes is not protected by Windows NT, tape devices
should only be installed in server configurations that are physically
protected and do not allow untrusted users to log on. Only removable
media devices that do not support downloadable firmware should be
installed; this protects against the possibility of attacking the system via
insertion of media into such devices.

 The administrator should educate users to always type CTRL+ALT+DEL


before logging on at a computer, even if the logon window already
appears on the screen as this will remove Trojan house program.

4.1.2.4. Internet-Based Threat

All organizations with Internet access are to some extent visible to the outside
world. Utilization of the Internet presents numerous issues and risks that must
be addressed. In the Internet environment, curious student, criminals, agent of
espionage, or curious cyber-surfers can carry out threats. As the use of public
networks for electronic commerce and critical business functions increases,
attacks by criminals and espionage agents will increase. There are five areas of
concern relating to both transactional and system security risks, they are data
privacy and confidentiality, data integrity, authentication, non-repudiation, and
access control.

According to [1], Internet access comprises 57% of attack entry. A third of the
corporate Intranets are hacked by outsiders. Therefore the effective security
software must be used to countermeasures for the possibility of internal or
external network attacks. A number of security software in the market can run
automated security scans against Web servers, firewalls and internal networks.
These programs are generally very effective at identifying weaknesses that may
allow unauthorized system access or other attack against the system. This
software also provides solution to protect the rapidly growing population of
remote and mobile users from hacker attacks and prevents these systems from
being used by hackers to gain back-door access to the corporate network. Most
of these software programs are easier to use, and they provide a quicker way for
administrators to roll out a highly effective solution that works intelligently in the
background, monitoring both inbound and outbound communications. They are
the ideal solutions for securing Internet and network connections.

A Guideline for Computer Lab Planning


The following is a series of steps and questions to work through when creating a proposal
for a computer lab. It is not an expert document; only a guideline. This extracted from
http://www.uwm.edu/IMT/LAN/labplan.html with modification.

Initial Planning

What is the intention of the computer lab or communication server? Is this an


instructional lab for a specific discipline? What are the instructional needs for the lab?
Will there be a instructor's computer podium? Projection? Whiteboard? Special lighting?
Although most of these are covered later, you want to keep the intention of the lab (and
any known futures) in mind as you are planning. For example, have you planned for open
hours in this lab and staffing for those hours?

Environment

Has the room for the lab been selected? What remodeling will be required? Is there
sufficient electrical service? Does the room need painting? Are the environmentals okay
(air conditioning/heating/humidity)? Is the room surrounded by heat vents or registers
which will affect placement of equipment? Note: On dry winter days, static builds up
quickly and can create havoc for printing.

Request estimates from Physical Plant early for any remodeling needs. Also, as soon as
possible, discuss your timetable with them.

Other Physical Plant work you might be requesting: Bolting tables to the floor, lighting
(dimmer switches and/or separate circuits for different lighting needs), rekeying the room
and work required for wiring the room. Be cautious with FIRE, WATER and
SECUIRTY
Layout

There are several sources available for you when planning the layout of the room. If you
would like assistance with planning, check your computer room setup. You can take an
initial look and offer an opinion. We can also steer you to other resources such as I&MT
Classroom Support, other instructional labs for comparison, instructors who use other
instructional labs for opinions, as well as some vendors who specialize in layout, design
and furniture for computer labs. Plan your layout with special accommodations in mind.
Make sure there is a clear and open path to an adjustable height (or raised) table. The
CSC Center can offer expert advice on requirements/recommendations.

Network Operations

In the planning process, you will also want to have Network Operations (NOC) look over
your plans and discuss the best and most efficient way to wire the room. This will vary
based on if the room was already structurally wired (to standards), how much wiring is
needed, and the placement of jacks within the room, location of file server (if applicable),
and where the floor's main distribution room is for wiring. Network Operations will also
look at electronic options to best meet your needs, such as hubs, fast hubs, switches, and
network cards for equipment. All these pieces need to be included in your proposal, in
addition to the labor costs for installation.

To move from planning to doing stage, Network Operations will require a


Telephone/Data Service Order (TSO) completed with the appropriate financial coding to
be billed. This can be completed with a Network Operations staff member during the
planning process.

On the TSO, you can also request a phone line for the lab if desired. Network Operations
can advise you on phones and/or features for your needs.

Furnishings

Purchasing can provide you information for all the contract vendors, as well as general
guidance in purchasing for the lab.

If you plan to carpet, plan early! We learned from experience that this process took much
longer than we expected. Opinions vary on carpeting for labs (carpeting does create static
and dust).

Are there windows in the room? Are you planning for shades or blinds?

Purchasing can provide you with information on furniture: whiteboard(s), storage cabinet
(for consumables), chairs, printer tables, student tables (in constructing our last lab, we
used 30" deep, 48" wide, 27" typing height tables). Think durability!

You'll want a clock (another learned experience).


Hardware and Software

What is proposed and purchased for the lab will depend solely on its purpose. It would be
somewhat irresponsible to include detailed specifications in this document without
knowing the plans for the lab and the needs of the instructors/students (for example, disk
space needs for file servers and individual computers can vary greatly depending on
planned use). The following list provides some general information. Labs planned for
specific disciplines will no doubt have other, more specialized, needs:

HARDWARE:
File Server
Image Scanners
ID Scanner
Instructor's Equipment
PCs
Printers
Projection System
Color Printing w/swipe card (for pay for print)
Network cards (as mentioned in Network Operations)
UPS (Uninterruptible Power Supply for file server)
Zip Drives/Jazz Drives
Lock down cable and locks for computers
Trackballs (for special needs)

SOFTWARE:
Windows 2000, NT or Linux

Network Operating system software


Applications software
Metering software
Security software (this limits the students ability to change
workstation setups)

Some questions: What applications will be run in this lab? Will the lab be fully populated
(meaning will each computer run the software concurrently)? Are there network versions
of the software?

IMPORTANT
When students leave this lab, where will they go to perform assignments? If you expect
the same applications run in the lab to be available in a Campus Computer Lab (CCL),
you may need to purchase extra copies for the CCLs. Funds provided to the campus for
support of CCLs is limited and expenditures are often planned a year in advance
(replacement equipment, high demand software) so funds for additional software are
usually extremely limited.
In addition, "run a program" is not an option available at the CCLs. If a program needs to
run at a lab, you must make arrangements for it to be loaded on the file server with its
own icon. This takes time and needs to be planned with LAN Services.

Installation of the Lab

Do you have departmental personnel who plan to install the file server, software, and
computers for the lab? If not, you can contact LAN Services for an estimate for this
service. LAN Services can only provide this service to a limited number of labs
(especially since labs tend to get installed at the same time of the year and compete for
resources with any CCL work planned by LAN Services). This is a billable service and
the estimate will depend on the complexity of hardware/software.

Support of the Lab

Have you planned for a "computer officer”, lab manager" or "workgroup manager" who
will be responsible for the day-to-day operations of the lab? The workgroup manager is a
term used by LAN Services to represent the departmental person responsible for user
accounts, access rights, loading of server based application software, registering software,
maintaining licenses, coordinating all hardware maintenance required, scheduling
cleaning and maintenance of the room, installing and managing print queues, etc. Beyond
the workgroup manager responsibilities, have you planned for network/server support (if
applicable)? This would be a departmental LAN administrator or a contractual service
provided by LAN Services (again, LAN Services can only accept a limited number of
these contracts with current staff).

Backup

Do you have a backup plan in place for software/files stored on the file server? A mirror
image of what is loaded on each workstation?

Other

Consumables: paper and toner cartridges

Have you thought about replacement costs for this hardware in the future? Most of us
forget this until it hits us.

Others
This web site contains information about alarm, fire and security
http://www.algonet.se/~sru-buy/alarms.htm

Question
1) Why there is a need to perform identification and authentication in
control room?

Identification and authentication is a technical measure that prevents


unauthorized people or unauthorized processes from entering an IT system.
Access control usually requires that the system be able to identify and
differentiate among users. For example, access control is often based on
least privilege, which refers to the granting to users of only those accesses
minimally required to perform their duties. User accountability requires the
linking of activities on an IT system to specific individuals and, therefore,
requires the system to identify users.

2) Where an organization’s application promotes or permits public access,


additional security controls are needed to protect the integrity of the
application and the confidence of the public in the application. Such
controls segregating information made directly accessible to the public
from official organization records and are classified as public access
controls. State public access control.

Public access systems are subject to a greater threat from outside attacks. In
public access systems, users are often anonymous and untrained in the
system and their responsibilities. Attacks on public access systems could
have a substantial impact on the organization’s reputation and the level of
public trust and confidence. Threats from insiders are also greater (e.g.,
errors introduced by disgruntled employees or unintentional errors by
untrained users).

3) What is contingency plan and what should be ensured?

Procedures are required that will permit the organization to continue essential
functions if information technology support is interrupted. These procedures
should be coordinated with the backup, contingency, and recovery plans of
many general support systems, including networks use by the application.
The contingency plans should ensure that interfacing systems are identified
and contingency/disaster planning coordinated.

4) What is Electronic Mail Threat? And why it is dangerous?

Electronic mail (e-mail) is one of the most popular uses of the Internet. With
access to Internet e-mail, people can potentially correspond with any one of
millions of people in the world. However, most of the security attacks are
through email. There are several threats related to the email, they are
dangerous attachments, impersonation, eavesdropping, mail bombing, and
junk e-mail. Each of these threats can cause severe damage to the computer
systems. Thus the security software for the protection of the email system
should be setup. Most the virus scan software in the market provides real-
time scanning engine for all inbound and outbound emails and can effectively
prevent most of the email threats.

hysical checklits – example of CSC