Company surroundings
- The entrance to the company premises should be restricted to only authorized access
- The following is the checklist for securing the company surroundings:
o Fences
o Gates
o Walls
o Guards
o Alarms
Premises
- Premises can be protected by:
o Checking for roof / ceiling access through AC ducts
o Use of CCTV cameras with monitored screens and video recorders
o Installing intruder system
o Installing panic buttons
o Installing burglar alarms
o Windows and door bars
o Deadlocks
Reception
- The reception area is supposed to be a busier area than other area of the firm with the number of entering and exiting
- The reception area can be protected by the followings:
o Files, documents, removable media, etc. Should not be kept on the reception desk.
o Reception desk should be design to discourage inappropriate access to the administrative area by non-staff member.
o Computer screen should be positioned in such a way that people cannot observe the screen near the reception desk.
o Computer monitor, keyboard, and other equipment at the reception desk should be locked whenever the receptionist in way from the desk and they should be logged off after office hours.
Server
- The server, which is the most important factor of any networks, shoul be given a high level of security
- The server room should be well-lift
- The server can be secured by the followings means:
o Server should not be used day-to-day activities
o It should be enclosed and locked to prevent any physical movement
o DOS should be removed from Windows Server as an intruder can boot the server remotely by DOS.
o Disable booting from the floopy disk and CD-ROM drive on the server or if possible, avoid having this drive on the the server.
Workstation area
- This is the area where a majority of employees work
- Employees should be educated about physical security
- The workstation can be physically secured by taking the following steps:
o Use CCTV
o Screens and PCs should be locked
o Workstation layout design
o Avoid removable media drives
Wireless Access Points
- If an intruder successfully connects to the firm’s wireless access points, then he is virtually inside the LAN like any other employee of the firm
- To prevent such unauthorized access, the wireless access points should be secured
- The following guidelines should be followed:
o WEP encryption should be followed
o SSID should not be revealed
o Access points should be password protected to gain entry
o Passwords should be strong enough so that they cannot be easily cracked
Other equipment
- Other equipment, such as fax, and removable media
o Such equipment should be secured by following these steps:
§ Fax machines near the reception area should be locked when the receptionist is not at the desk
§ Faxes obtained should be filed properly
§ Modems should not have auto answers mode enabled
§ Removable media should not be placed in public places, and corrupted removable media should be physically destroyed
Access control
- Access control is used to prevent unauthorized access to any highly sensitive operationa areas
- The types of access controls are:
o Separation of work areas
o Biometric access control
o Entry cards
o Man traps
o Faculty sign-in procedures
o Identification badges
Wiretrapping
- Wiretrapping is the action of secretly listening to other people’s conversation by connecting a listening device to their telephone
- Wiretrapping is a device can interpret these patterns as sound
- You can do few things to make sure that no one is wiretrapping:
o Inspect all the data carrying wires routinely
o Protect the wires using shielded cables
o Never leave any wire exposed
Remote Access
- Remote access is an easy way for an employee of a firm to work from any place outside the company’s physical boundaries
- Remote access to the company’s networks should be avoided as much as possible
- It is easy for attacker to remotely access the company’s network by compromising the employee’s connection
- The data being transferred during the remote access should be encrypted to prevent eavesdropping
- Remote access is more dangerous than physical access as the attacker is not in the vicinity, and the probability of catching him is less
-mVn18-
