The Impact of Physical Security on Network Security

Chapter 5

Physical access negates all other security measures.

If an intruder can get physical access to the facility, computers or the servers within an organization, then various attacks can be planned.

Access to open Ethernet jack: if access to Ethernet jack can obtained, then unauthorized computers running malicious software's, can be connected to the network. Thus, causing potential damage.

Security Problem

Bootdisk: is a floppy drive or a CD-R/DVD-R that can be used to boot/ start the computer. The bootdisk prepares the hard disk to load the operating system onto the RAM.

Bootdisk will help the intruder to get all the files in the hard disk. If the files have read access, then the files can be saved on other media to perform offline cracking attacks. If the files have write access, then the intruder can change the contents of the file.

Security Problem

Drive Imaging: is the process of making an exact image/ copy of the hard disk, and saving it on another media.

This process is used in computer forensics. Where an exact image of the hard disk is created without changing or modifying the original copy.

Typically, a bootdisk is used to boot a computer, and then run the drive imaging software.

Security Problem

Physically stealing the computer/server: if an intruder has physical access, then one of the simplest attacks could be stealing the computer or the server.

Security Problem

These are some steps that can be taken to mitigate (reduce) the risk to information systems from a physical threat. ◦ Policies and Procedures.◦ Access Controls◦ Authentication.

Physical Security Safeguards

The effectiveness of the policies and procedures depends on the culture of an organization

Polices and Procedures can relate to the areas of computers or the users.

Use of peripheral devices like the floppy disk & CD-R/DVD-R should be disabled on the computers that do not need it.

Policies and Procedures

Use of USB devices should be restricted.

BIOS password should be set so that an intruder cannot change the boot sequence.

In order to prevent the stealing of servers and computers, the access to the server room should be restricted and locked.

Critical data should only reside on the secured servers, not on personal laptops and desktops.

Policies and Procedures

Organization culture plays a critical role in providing security.

Organizations should adopt the “security culture.”

Security awareness programs for the staff and the security personals should be initiated.

New employees should go through a background check before access to critical data can be granted.

Policies and Procedures

Access to critical IS systems should be closely monitored, and access should be given only to the authorized employees.

Some common forms of access controls are◦ Layered access.◦ Access Cards.◦ Closed Circuit Television Systems (CCTV).

Access Control

Access Control

Authentication is the process of by which a user proves that they are who they are.

Common types of authentication are◦ Access tokens

Example Keys and locks◦ Smart cards

Example access cards◦ Biometrics

Fingerprint reader◦Multiple-factor authentication

Combination of multiple authentication methods

Authetication

Biometrics are efficient, but very expensive to install.

Biometrics have 2 common problems◦ False positive: When a biometric is scanned and allows access to

someone who is not authorized. ◦ Example: Two people have similar finger prints, and the system

thinks they are the same person. ◦ False negative: When a system denies access to someone who is

authorized. ◦ Example: employee having a Band-Aid on a finger.

Access Controls