Develop a physical security plan that
includes a description of your assets, environment, threats,
perimeter, and defenses.
Determine who might have physical access to any of your resources
under any circumstances.
Have heat and smoke alarms in your computer room. If you have a
raised floor, install alarm sensors both above and below the floor.
If you have a dropped ceiling, put sensors above the ceiling, too.
Check the placement and recharge status of fire extinguishers on a
regular basis.
Make sure that personnel know how to use all fire protection and
suppression equipment.
Make sure that the placement and possible use of fire suppression
systems will not endanger personnel or equipment more than is
necessary.
Have water sensors installed above and below raised floors in your
computer room.
Train your users and operators about what to do when an alarm sounds.
Strictly prohibit smoking, eating, and drinking in your computer room
or near computer equipment.
Install carbon monoxide detectors.
Install and regularly clean air filters in your computer room.
Place your computer systems where they will be protected in the event
of an earthquake, explosion, or structural failure. Avoid windows.
Consider the heat and air flow patterns in the room and from the
computers. Avoid placing computers next to walls.
Keep your backups offsite.
Have temperature and humidity controls in your computer room. Install
alarms associated with the systems to indicate if values go beyone a
certain range. Have recorders to monitor these values over time.
Beware of actual insects trying to
"bug" your computers.
Install filtered power and/or surge protectors for all your computer
equipment. Consider installing an uninterruptible power supply, if
appropriate.
Have antistatic measures in place.
Store computer equipment and magnetic media away from your
building's steel structures. These might conduct
electricity after a lightning strike.
Lock and physically isolate your computers from public access.
Consider implementing motion alarms or other protections to protect
valuable equipment when personnel are not present.
Protect power switches and fuses.
Avoid having glass walls or large windows in your computer room.
Protect all your network cables, terminators, and connectors from
tampering. Examine them periodically.
Use locks, tie-downs, and bolts to keep computer equipment from being
carried away. When equipment must be moveable, permanently tag it.
Encrypt sensitive data on your systems.
Have disaster-recovery and business-continuation plans in place.
Consider using fiber optic cable for networks.
Physically protect your backups and test them periodically.
Sanitize media (e.g., tapes and disks) and printouts before disposal.
Use bulk erasers, shredders and incinerators.
Check peripheral devices for local onboard storage that can lead to
disclosure of information.
Consider encrypting all of your backups and offline storage.
Never use programmable function keys on a terminal for login or
password information.
Consider setting autologout on user accounts and
using screensavers with unlock passwords.
