IT – Security 101 – Part 1: Physical Security

it security, information security

This series will try and describe the typical security flaws found at businesses which are not IT oriented and really don’t need to be coming from the manufacturing industry.

 

We will look at the security requirements and risk encountered at each of these levels:

  • Physical access
  • Network security
  • Software used
  • Remote users and contractors
  • People factor

As a rule of thumb at every level the AAA model has to work, not implemented, but actually work!  If you are unfamiliar with AAA here is a two minute read on this topic by a trusted provider in the security market: https://www.fortinet.com/resources/cyberglossary/aaa-security

While some might not even consider physical security as part of IT security it is important to walk through it and at the end hopefully consider it better when solidifying an IT infrastructure. Let’s image this scenario: A company has a large premises with one office for computer workers and several production areas. The company has a large comms room in the main office but also small cabinets for network elements and backup in the production areas. Door access is controlled by RFID fobs and an entry level camera system is present at most locations of this site. Now let’s break it down per elements and the biggest threat to each.

RFID fobs: 

While they were innovative 30 years ago, today even a 13 year old with an RFID reader can clone a lost or misplaced one. The company had an incident where one of the maintenance workers left one in the smoking area which over night was found by a bad actor who was only looking at first for scrap metal but soon found himself with access to all the expensive tools storage. Companies should consider replacing these with more AAA friendly solutions like fingerprint or face recognition solutions which send out alerts for access outside business hours. To add to the troubles the fob could not be disabled until Monday when the only person who knew how to do it was at the office. If you are serious about your security consider a managed solution for a specialised company in this area. Not only you offload responsibility to professionals but now you have someone to call at 1AM.

Authorization of personel: 

If you inherited tens of years of bad access management the best solution is to start with a greenfield environment. Yes, many say there is different approaches but almost never do these resolve all issues. In this case access was granted to all doors to everyone, including the IT comms rooms and other sensitive areas and a good majority of fobs had no owner “Cleaner 1″,”Cleaner 2″,”Tech 12”, etc. Start off fresh and ensure each “entry point” has an owner who needs to approve access. For example to the IT room it should be only the IT manager or CIO that can grant access and not the yard manager. In fact not even the security company without the prior approval of those responsible for this area.

CCTV:

Rule of thumb: Never go cheap! You will soon come to regret it when law enforcement advises you there is nothing they can do further due to the lack or poor quality of footage. Have heard this one too many times. More importantly do not store the video footage on-site. Some might say it’s ok to store it in a high secure area. Most companies will not have fire-suppression, extensive water protection, etc. today a Cloud based storage CCTV solution is under 100euros per month. Just go for it! No more harddisks, DVRs, lost remote controls, cables, software upgrades, etc.

Now how does all this affect IT security? IT security starts with physical security. Having easily accessible network ports, wi-fi, hardware that can be stolen and IT rooms means no matter how many millions one pumps into fancy cyber-security features it means nothing in todays world where social engineering and corporate espionage is a multi-billion business.

More examples to follow as we go along…

Author:
Povestea mea a început in 2007 când am emigrat pentru a-mi continua studiile in Dublin, Republica Irlandeză. Apoi peste un deceniu am avut plăcerea de a lucra in IT pentru companii precum: fabrica renumită de bere Guinness, Aeroportul din Dublin, cel mai mare furnizor de gaz și departamentul de justiție din Republica Irlandeză, ca inginer de sisteme IBM, Citrix cu focus pe virtualizare, securitate si telecomunicații. Prin această afacere încerc ca toată experiența mea din diaspora și al asociațiilor mei o coagula in cea mai frumoasă experiență pentru clienții noștri. Un mod de lucru si interacțiune diferit, un upgrade față de stilul impersonal practicat de competitorii noștri. Fapt și dovedit deja prin scorul de satisfacție obținut de la clienții existenți din străinătate, unul fiind cel mai mare reciclator cu peste 300 de angajați în toată lumea. Dezvoltatori în India, tehnicieni din Polonia, toți colaborând cu succes folosind tehnica de calcul implementată de la zero de ITVolks. Succesul clienților noștri este singura opțiune la ITVolks!

Hai să discutăm

Sunați-ne sau completați formularul de mai jos și vă vom contacta. Ne străduim să răspundem la toate întrebările în termen de 24 de ore în zilele lucrătoare.

    Cu acordul dumneavoastră, folosim cookie-urile în vederea evaluării și analizării cotei de utilizare a paginii de internet, a personalizării în funcție de interesele dumneavoastră și pentru a vă oferi mesaje promoționale și informații relevante.

    Alegeți ce cookie-uri să fie autorizate.
    Puteți schimba aceste setări oricând.

    Cookie-uri necesare sa functioneze site-ul:

    • Esențial: Ține minte setările permisiunilor de cookie
    • Esențial: Permite sesiunile de cookie
    • Esențial: Autentifică logarea dvs. în contul de utilizator

    Prin acceptarea acestor cookies permiteti site-ului sa:

    • Analiză: Ține evidența locației și regiunii bazat pe IP
    • Analiză: Ține evidența timpului petrecut pe fiecare pagină
    • Analiză: Crește calitatea datelor din funcția de statistică