1 / 13

The Impact of Physical Security on Network Security

The Impact of Physical Security on Network Security. Chapter 5. Security Problem. Physical access negates all other security measures. If an intruder can get physical access to the facility, computers or the servers within an organization, then various attacks can be planned.

lixue
Download Presentation

The Impact of Physical Security on Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Impact of Physical Security on Network Security Chapter 5

  2. Security Problem • Physical access negates all other security measures. • If an intruder can get physical access to the facility, computers or the servers within an organization, then various attacks can be planned. • Access to open Ethernet jack: if access to Ethernet jack can obtained, then unauthorized computers running malicious software's, can be connected to the network. Thus, causing potential damage.

  3. Security Problem • Bootdisk: is a floppy drive or a CD-R/DVD-R that can be used to boot/ start the computer. The bootdisk prepares the hard disk to load the operating system onto the RAM. • Bootdisk will help the intruder to get all the files in the hard disk. If the files have read access, then the files can be saved on other media to perform offline cracking attacks. If the files have write access, then the intruder can change the contents of the file.

  4. Security Problem • Drive Imaging: is the process of making an exact image/ copy of the hard disk, and saving it on another media. • This process is used in computer forensics. Where an exact image of the hard disk is created without changing or modifying the original copy. • Typically, a bootdisk is used to boot a computer, and then run the drive imaging software.

  5. Security Problem • Physically stealing the computer/server: if an intruder has physical access, then one of the simplest attacks could be stealing the computer or the server.

  6. Physical Security Safeguards • These are some steps that can be taken to mitigate (reduce) the risk to information systems from a physical threat. • Policies and Procedures. • Access Controls • Authentication.

  7. Policies and Procedures • The effectiveness of the policies and procedures depends on the culture of an organization • Polices and Procedures can relate to the areas of computers or the users. • Use of peripheral devices like the floppy disk & CD-R/DVD-R should be disabled on the computers that do not need it.

  8. Policies and Procedures • Use of USB devices should be restricted. • BIOS password should be set so that an intruder cannot change the boot sequence. • In order to prevent the stealing of servers and computers, the access to the server room should be restricted and locked. • Critical data should only reside on the secured servers, not on personal laptops and desktops.

  9. Policies and Procedures • Organization culture plays a critical role in providing security. • Organizations should adopt the “security culture.” • Security awareness programs for the staff and the security personals should be initiated. • New employees should go through a background check before access to critical data can be granted.

  10. Access Control • Access to critical IS systems should be closely monitored, and access should be given only to the authorized employees. • Some common forms of access controls are • Layered access. • Access Cards. • Closed Circuit Television Systems (CCTV).

  11. Access Control

  12. Authetication • Authentication is the process of by which a user proves that they are who they are. • Common types of authentication are • Access tokens • Example Keys and locks • Smart cards • Example access cards • Biometrics • Fingerprint reader • Multiple-factor authentication • Combination of multiple authentication methods

  13. Access Controls • Biometrics are efficient, but very expensive to install. • Biometrics have 2 common problems • False positive: When a biometric is scanned and allows access to someone who is not authorized. • Example: Two people have similar finger prints, and the system thinks they are the same person. • False negative: When a system denies access to someone who is authorized. • Example: employee having a Band-Aid on a finger.

More Related