Get a glimpse inside Roberta Bragg's new book "Hardening Windows systems" with this series of book excerpts. This excerpt from Chapter 1, "An immediate call to action," offers a quick overview on how to secure systems, starting with your own laptop and PDA. Click for the complete book excerpt series or purchase the book.
Physically secure all systems
Start with your own system. If it's a laptop, do you cable-lock it at each place you use it? If you move about, even in your own buildings, do you take the time to secure it? When you travel, do you leave it unlocked in the hotel room? When you must leave the laptop in a hotel room, what data is on the hard drive? With most laptops, the hard drive can be removed even if the computer is cable-locked. The value of the data may be many times higher than the value of the computer. If data on the laptop is sensitive, perhaps you can remove the hard drive and carry it with you, or lock it in the hotel safe when you want to leave the laptop locked in the room.
What about your PDA? What's on it that would be damaging if lost? If your computer is a desktop, who can physically access it? Can it be stolen? The hard drive removed? From the data center to the traveling laptop, physical security is weak. Why would an attacker bother crafting code to break into your systems when all she has to do is steal them? Why penetrate your network defenses when she can walk by and insert a CD-ROM with malignant code on it? Or use her USB data-storing wristwatch to steal data?
Keep servers locked up. Remove CD-ROMs and floppies from computers in public are as. Provide traveling laptop users with cable locks. Make sure those with access to the data center don't allow others in. Don't prop open doors; don't allow "tailgating," the process where someone follows an authorized person into the data center. Teach security guards to look for contraband. (Picture-taking phones should be banned from many locations.)
Click for the next excerpt in this series: Keep secrets.
Click for book details or purchase the book.