Physically protecting a computer presents many of the same problems that arise when protecting typewriters, jewelry, and file cabinets. Like a typewriter, an office computer is something that many people inside the office need to access on an ongoing basis. Like jewelry, computers are very valuable, and very easy for a thief to sell. But the real danger in having a computer stolen isn't the loss of the system's hardware but the value of the loss of the data that was stored on the computer's disks. As with legal files and financial records, if you don't have a backup - or if the backup is stolen with the computer - the data you have lost may well be irreplaceable. Even if you do have a backup, you will still need to spend valuable time setting up a replacement system. Finally, there is always the chance that stolen information itself, or even the mere fact that information was stolen, will be used against you.
Your computers are among the most expensive possessions in your home or office; they are also the pieces of equipment that you can least afford to lose.
To make matters worse, computers and computer media are by far the most temperamental objects in today's home or office. Few people worry that their television sets will be damaged if they're turned on during a lightning storm, but a computer's power supply can be blown out simply by leaving the machine plugged into the wall if lightning strikes nearby. Even if the power surge doesn't destroy the information on your hard disk, it still may make the information inaccessible until the computer system is repaired.
Power surges don't come only during storms: one of the authors once had a workstation ruined because a vacuum cleaner was plugged into the same outlet as the running workstation: when the vacuum was switched on, the power surge fatally shorted out the workstation's power supply. Because of the age of the computer involved, it proved to be cheaper to throw out the machine and lose the data, rather than attempt to salvage the hardware and information stored on the machine's disk. That was an expensive form of spring cleaning!
There are several measures that you can take to protect your computer system against physical threats. Many of them will simultaneously protect the system from dangers posed by nature, outsiders, and inside saboteurs.
Computers are extremely complicated devices that often require exactly the right balance of physical and environmental conditions to properly operate. Altering this balance can cause your computer to fail in unexpected and often undesirable ways. Even worse, your computer might continue to operate, but erratically, producing incorrect results and corrupting valuable data.
In this respect, computers are a lot like people: they don't work well if they're too hot, too cold, or submerged in water without special protection.
Computers are notoriously bad at surviving fires. If the flames don't cause your system's case and circuit boards to ignite, the heat might melt your hard drive and all the solder holding the electronic components in place. Your computer might even survive the fire, only to be destroyed by the water used to fight the flames.
You can increase the chances that your computer will survive a fire by making sure that there is good fire-extinguishing equipment nearby.
In the late 1980s, Halon fire extinguishers were exceedingly popular for large corporate computer rooms. Halon is a chemical that works by "asphyxiating" the fire's chemical reaction. Unlike water, Halon does not conduct electricity and leaves no residue, so it will not damage expensive computer systems.
Unfortunately, Halon may also asphyxiate humans in the area. For this reason, all automatic Halon systems have loud alarms that sound before the Halon is discharged. Halon has another problem as well: after it is released into the environment, it slowly diffuses into the stratosphere, where it acts as a potent greenhouse gas and contributes to the destruction of the ozone layer. Halon is therefore being phased out and replaced with systems that are based on carbon dioxide (CO2), which still asphyxiate fires (and possibly humans), but which do not cause as much environmental degradation.
Here are some guidelines for fire control:
Many modern computers will not be damaged by automatic sprinkler systems, provided that the computer's power is turned off before the water starts to flow (although disks, tapes, and printouts out in the open may suffer). Consequently, you should have your computer's power automatically cut if the water sprinkler triggers. Be sure that the computer has completely dried out before the power is restored. If your water has a very high mineral content, you may find it necessary to have the computer's circuit boards professionally cleaned before attempting to power up. Remember, getting sensitive electronics wet is never a good idea.
Because many computers can now survive exposure to water, many fire-protection experts now suggest that a water sprinkler system may be as good as (or better) than a CO2 system. In particular, a water system will continue to run long after a CO2 system is exhausted, so it's more likely to work against major fires. They also are less expensive to maintain, and less hazardous to humans.
If you choose to have a water-based sprinkler system installed, be sure it is a "dry-pipe" system. This keeps water out of the pipes until an alarm is actually triggered, rather than having the sprinkler heads pressurized all the time. This may save your system from leaks or misfortune.
Be sure that your wiring, in addition to your computers, is protected. Be certain that smoke detectors and sprinkler heads are appropriately positioned to cover wires in wiring trays (often above your suspended ceilings), and in wiring closets.
Smoke is very good at damaging computer equipment. Smoke is a potent abrasive and collects on the heads of magnetic disks, optical disks, and tape drives. A single smoke particle can cause a severe disk crash on some kinds of older disk drives without a sealed drive compartment.
Sometimes smoke is generated by computers themselves. Electrical fires - particularly those caused by the transformers in video monitors - can produce a pungent, acrid smoke that can damage other equipment and may also be a potent carcinogen. Several years ago, a laboratory at Stanford had to be evacuated because of toxic smoke caused by a fire in a single video monitor.
An even greater danger is the smoke that comes from cigarettes and pipes. Such smoke is a health hazard to people and computers alike. Smoke will cause premature failure of keyboards and require that they be cleaned more often. Nonsmokers in a smoky environment will not perform as well as they might otherwise, both in the near term and the long term; and in many locales, smoking in public or semi-public places is illegal.
Here are some guidelines for smoke control:
Most dust is electrically conductive. The design of many computers sucks large amounts of air and dust through the computer's insides for cooling. Invariably, a layer of dust will accumulate on a computer's circuit boards, covering every surface, exposed and otherwise. Eventually, the dust will cause circuits to short and fail.
While some parts of the world are subject to frequent and severe earthquakes, nearly every part of the world experiences the occasional temblor. In the United States, for example, the San Francisco Bay Area experiences several earthquakes every year; a major earthquake is expected within the next 20 years that may be equal in force to the great San Francisco earthquake of 1906. Scientists also predict an 80% chance that the eastern half of the United States may experience a similar earthquake within the next 30 years: the only truly unknown factor is where it will occur. As a result, several Eastern cities have enacted stringent anti-earthquake building codes. These days, many new buildings in Boston are built with diagonal cross-braces, using construction that one might expect to see in San Francisco.
While some buildings collapse in an earthquake, most remain standing. Careful attention to the placement of shelves and bookcases in your office can increase the chances that your computers will survive all but the worst disasters.
Here are some guidelines for earthquake control:
If you need to operate a computer in an area where there is a risk of explosion, you might consider purchasing a system with a ruggedized case. Disk drives can be shock-mounted within a computer; if explosion is a constant hazard, consider using a ruggedized laptop with an easily removed, shock-resistant hard drive.
Here are some basic guidelines for explosion control:
As with people, computers operate best within certain temperature ranges. Most computer systems should be kept between 50 and 90 degrees Fahrenheit (10 to 32 degrees Celsius). If the ambient temperature around your computer gets too high, the computer cannot adequately cool itself, and internal components can be damaged. If the temperature gets too cold, the system can undergo thermal shock when it is turned on, causing circuit boards or integrated circuits to crack.
Here are some basic guidelines for temperature control:
Sometimes insects and other kinds of bugs find their way into computers. Indeed, the very term bug, used to describe something wrong with a computer program, dates back to the 1950s, when Grace Murray Hopper found a moth trapped between the relay contacts on Harvard University's Mark 1 computer.
Insects have a strange predilection for getting trapped between the high-voltage contacts of switching power supplies. Others seem to have insatiable cravings for the insulation that covers wires carrying line current and the high-pitched whine that switching power supplies emit. Spider webs inside computers collect dust like a magnet.
Motors, fans, heavy equipment, and even other computers can generate electrical noise that can cause intermittent problems with the computer you are using. This noise can be transmitted through space or nearby power lines.
Electrical surges are a special kind of electrical noise that consists of one (or a few) high-voltage spikes. As we've mentioned, an ordinary vacuum cleaner plugged into the same electrical outlet as a workstation can generate a spike capable of destroying the workstation's power supply.
Here are some guidelines for electrical noise control:
Lightning generates large power surges that can damage even computers whose electrical supplies are otherwise protected. If lightning strikes your building's metal frame (or hits your building's lightning rod), the resulting current on its way to ground can generate an intense magnetic field.
Here are some guidelines for lightning control:
Vibration can put an early end to your computer system by literally shaking it apart. Even gentle vibration, over time, can work printed circuit boards out of their edge connectors, and integrated circuits out of their sockets. Vibration can cause hard disk drives to come out of alignment and increase the chance for catastrophic failure - and resulting data loss.
Here are some guidelines for vibration control:
Humidity is your computer's friend - but as with all friends, you can get too much of a good thing. Humidity prevents the buildup of static charge. If your computer room is too dry, static discharge between operators and your computer (or between the computer's moving parts) may destroy information or damage your computer itself. If the computer room is too humid, you may experience condensation on the computer's circuitry, which can short out and damage the electrical circuits.
Here are some guidelines for humidity control:
Water can destroy your computer. The primary danger is an electrical short, which can happen if water bridges between a circuit-board trace carrying voltage and a trace carrying ground. A short will cause too much current to be pulled through a trace, and will heat up the trace and possibly melt it. Shorts can also destroy electronic components by pulling too much current through them.
Water usually comes from rain or flooding. Sometimes it comes from an errant sprinkler system. Water also may come from strange places, such as a toilet overflowing on a higher floor, vandalism, or the fire department.
Here are some guidelines for water control:
To detect spurious problems, you should continuously monitor and record your computer room's temperature and relative humidity. As a general rule of thumb, every 1,000 square feet of office space should have its own recording equipment. Log and check recordings on a regular basis.
In addition to environmental problems, your computer system is vulnerable to a multitude of accidents. While it is impossible to prevent all accidents, careful planning can minimize the impact of accidents that will inevitably occur.
People need food and drink to stay alive. Computers, on the other hand, need to stay away from food and drink. One of the fastest ways of putting a keyboard out of commission is to pour a soft drink or cup of coffee between the keys. If this keyboard is your system console, you may be unable to reboot the computer until the console is replaced (we know this from experience).
Food - especially oily food - collects on people's fingers, and from there gets on anything that a person touches. Often this includes dirt-sensitive surfaces such as magnetic tapes and optical disks. Sometimes food can be cleaned away; other times it cannot. Oils from foods also tend to get onto screens, increasing glare and decreasing readability. Some screens (especially some terminals from Digital Equipment Corporation) are equipped with special quarter-wavelength antiglare coatings: when touched with oily hands, the fingerprints will glow with an annoying iridescence. Generally, the simplest rule is the safest: Keep all food and drink away from your computer systems.
In many modern office buildings, internal walls do not extend above dropped ceilings or beneath raised floors. This type of construction makes it easy for people in adjoining rooms, and sometimes adjoining offices, to gain access.
Here are some guidelines for dealing with raised floors and dropped ceilings:
Here are some guidelines for dealing with air ducts:
Although glass walls and large windows frequently add architectural panache, they can be severe security risks. Glass walls are easy to break; a brick and a bottle of gasoline thrown through a window can do an incredible amount of damage. Glass walls are also easy to look through: an attacker can gain critical knowledge, such as passwords or information about system operations, simply by carefully watching people on the other side of a glass wall or window.
Here are some guidelines for dealing with glass walls:
Computer vandalism is often fast, easy, and very expensive. Sometimes, vandalism is actually sabotage presented as random vandalism.
In principle, any part of a computer system - or the building that houses it - may be a target for vandalism. In practice, some targets are more vulnerable than others. Some are described briefly in the following sections.
Several years ago, 60 workstations at the Massachusetts Institute of Technology were destroyed in a single evening by a student who poured Coca-Cola into each computer's ventilation holes. Authorities surmised that the vandal was a student who had not completed a problem set due the next day.
Computers that have ventilation holes need them. Don't seal up the holes to prevent this sort of vandalism. However, a rigidly enforced policy against food and drink in the computer room - or a 24-hour guard - can help prevent this kind of incident from happening at your site.
Local and wide area networks are exceedingly vulnerable to vandalism. In many cases, a vandal can disable an entire subnet of workstations by cutting a single wire with a pair of wire cutters. Compared with Ethernet, fiber optic cables are at the same time more vulnerable (because sometimes they can be more easily damaged), more difficult to repair (because fiber optics are difficult to splice), and more attractive targets (because they often carry more information).
One simple method for protecting a network cable is to run it through physically secure locations. For example, Ethernet cable is often placed in cable trays or suspended from ceilings with plastic loops. But Ethernet can also be run through steel conduit between offices. Besides protecting against vandalism, this practice protects against some forms of network eavesdropping, and may help protect your cables in the event of a small fire.
Some high-security installations use double-walled, shielded conduit with a pressurized gas between the layers. Pressure sensors on the conduit break off all traffic or sound a warning bell if the pressure ever drops, as might occur if someone breached the walls of the pipe. It important that you physically protect your network cables. Placing the wire inside an electrical conduit when it is first installed can literally save thousands of dollars in repairs and hundreds of hours in downtime later.
Many universities have networks that rely on Ethernet or fiber optic cables strung through the basements. A single frustrated student with a pair of wirecutters or a straight pin can halt the work of thousands of students and professors.
We also have heard stories about fiber optic cable suffering small fractures because someone stepped on it. A fracture of this type is difficult to locate because there is no break in the coating. Be very careful where you place your cables. Note that "temporary" cable runs often turn into permanent or semi-permanent installations, so take the extra time and effort to install cable correctly the first time.
In addition to cutting a cable, a vandal who has access to a network's endpoint - a network connector - can electronically disable or damage the network. Ethernet is especially vulnerable to grounding and network-termination problems. Simply by removing a terminator at the end of the network cable or by grounding an Ethernet's inside conductor, an attacker can render the entire network inoperable. Usually this event happens by accident; however, it can also happen as the result of an intentionally destructive attack.
All networks based on wire are vulnerable to attacks with high voltage. At one university in the late 1980s, a student destroyed a cluster of workstations by plugging the thin-wire Ethernet cable into a 110 VAC wall outlet. (Once again, the student wanted to simulate a lightning strike because he hadn't done his homework.)
Unless your computer is used by the military or being operated in a war zone, it is unlikely to be a war target. Nevertheless, if you live in a region that is subject to political strife, you may wish to consider additional structural protection for your computer room.
Alternatively, you may find it cheaper to devise a system of hot backups and mirrored disks and servers. With a reasonably fast network link, you can arrange for files stored on one computer to be simultaneously copied to another system on the other side of town - or the other side of the world. Sites that cannot afford simultaneous backup can have hourly or nightly incremental dumps made across the network link. Although a tank or suicide bomber may destroy your computer center, your data can be safely protected someplace else.
Because many computers are relatively small and valuable, they are easily stolen and easily sold. Even computers that are relatively difficult to fence - such as DEC VaxStations - have been stolen by thieves who thought that they were actually stealing PCs. As with any expensive piece of equipment, you should attempt to protect your computer investment with physical measures such as locks and bolts.
If your computer is stolen, the information it contains will be at the mercy of the equipment's new "owners." They may erase it. Alternatively, they may read it. Sensitive information can be sold, used for blackmail, or used to compromise other computer systems.
You can never make something impossible to steal. But you can make stolen information virtually useless - provided that it is encrypted and that the thief does not know the encryption key. For this reason, even with the best computer-security mechanisms and physical deterrents, sensitive information should be encrypted using an encryption system that is difficult to break. We recommend that you acquire and use a strong encryption system so that even if your computer is stolen, the sensitive information it contains will not be compromised.
Portable computers present a special hazard. They are easily stolen, difficult to tie down (they then cease to be portable!), and often quite easily resold. Personnel with laptops should be trained to be especially vigilant in protecting their computers. In particular, theft of laptops in airports is a major problem.
Note that theft of laptops may not be motivated by greed (resale potential) alone. Often, competitive intelligence is more easily obtained by stealing a laptop with critical information than by hacking into a protected network. Thus, good encryption on a portable computer is critical. Unfortunately, this encryption makes the laptop a "munition" and difficult to legally remove from many countries (including the U.S.).
Different countries have different laws with respect to encryption, and many of these laws are currently in flux. In the United States, you cannot legally export computers containing cryptographic software: one solution to this problem is to use an encryption product that is manufactured and marketed outside, as well as inside, your country of origin. First encrypt the data before leaving, then remove the encryption software. After you arrive at your destination, obtain a copy of the same encryption software and reinstall it. (For the U.S. at least, you can legally bring the PC back into the country with the software in place.) But U.S. regulations currently have exemptions allowing U.S.-owned companies to transfer cryptographic software between their domestic and foreign offices. Furthermore, destination countries may have their own restrictions. Frankly, you may prefer to leave the portable at home!
We hope your computer will never be stolen or damaged. But if it is, you should have a plan for immediately securing temporary computer equipment and for loading your backups onto the new systems. This plan is known as disaster recovery.
We recommend that you do the following:
If you ask, you may discover that your computer dealer is willing to lend you a system that is faster than the original system, for the purpose of evaluation. There is probably no better way to evaluate a system than to load your backup tapes onto the system and see if they work. Be sure to delete and purge the computer's disk drives before returning them to your vendor.
Beyond the items mentioned earlier, you may also wish to consider the impact on your computer center of the following: