12. Physical Security
"Physical security" is almost everything that happens before you (or an attacker) start typing commands on the keyboard. It's the alarm system that calls the police department when a late-night thief tries to break into your building. It's the key lock on the computer's power supply that makes it harder for unauthorized people to turn the machine off. And it's the surge protector that keeps a computer from being damaged by power surges.
This chapter discusses basic physical security approaches. It's designed for people who think that this form of security is of no concern. Unfortunately, physical security is an oft-overlooked aspect of security that is very important. You may have the best encryption and security tools in place, and your UNIX systems may be safely hidden behind a firewall. However, if you cheerfully hire an industrial spy as your system administrator, and she walks off with your disk drives, those other fancy defenses aren't much help.
12.1 One Forgotten Threat
Surprisingly, many organizations do not consider physical security to be of the utmost concern. One New York investment house was spending tens of thousands of dollars on computer security measures to prevent break-ins during the day, only to discover that its cleaning staff was propping open the doors to the computer room at night while the floor was being mopped. In the late 1980s, a magazine in San Francisco had more than $100,000 worth of computers stolen over a holiday: an employee had used his electronic key card to unlock the building and disarm the alarm system; after getting inside, the person went to the supply closet where the alarm system was located and removed paper from the alarm system's log printer.
Physical security is one of the most frequently forgotten forms of security because the issues that physical security encompasses - the threats, practices, and protections available - are different for practically every different site. Physical security resists simple treatment in books on computer security, as different organizations running the identical system software might have dramatically different physical-security needs. (Many popular books on UNIX system security do not even mention physical security.) Because physical security must inherently be installed on-site, it cannot be pre-installed by the operating system vendor, sold by telemarketers, or FTP 'ed over the Internet as part of a free set of security tools.
Anything that we can write about physical security must therefore be broadly stated and general. Because every site is different, this chapter can't give you a set of specific recommendations. It can only give you a starting point, a list of issues to consider, and a procedure for formulating your plan.
12.1.1 The Physical Security Plan
The first step to physically securing your installation is to formulate a written plan addressing your current physical security needs and your intended future direction - something we discussed in Chapter 2, Policies and Guidelines . Ideally, such a plan should be part of the site security policy, and should include:
If you are managing a particularly critical installation, you should take great care in formulating this plan. Have it reviewed by an outside firm that specializes in disaster recovery planning and risk assessment. You should also consider your security plan a sensitive document: by its very nature, it contains detailed information on your defenses' weakest points.
Smaller businesses, many educational institutions, and home systems will usually not need anything so formal; some preparation and common sense is all that is usually necessary, although even a day of a consultant's time may be money well spent.
Some organizations may consider that many of the ideas described in the following sections are overkill. Before you come to this conclusion, ask yourself five questions: