8.1 Planning for the Forgotten Threats
Surprisingly,
many organizations do not consider physical security to be of the
utmost concern. As an example, one New York investment house was
spending tens of thousands of dollars on computer security measures
to prevent break-ins during the day, only to discover that its
cleaning staff was propping open the doors to the computer room at
night while the floor was being mopped. A magazine in San Francisco
had more than $100,000 worth of computers stolen over a holiday. An
employee had used an electronic key card to unlock the building and
disarm the alarm system; after getting inside, the person went to the
supply closet where the alarm system was located and removed the
paper log from the alarm system's printer.
Other
organizations feel that physical security is simply too complicated
or too difficult to handle properly. No amount of physical security
on the part of the tenants of the World Trade Center could have
protected them from the collapse of their office buildings after the
terrorist attack of September 11, 2001. Likewise, few organizations
have the ability to protect their servers from a nuclear attack. But
it is important not to let these catastrophic possibilities paralyze
and prevent an organization from doing careful disaster planning.
Those organizations that did the best job of restoring operations
after September 11 were the ones that had spent the money to build
and maintain redundant off-site mirror facilities.
Physical security is one of the most frequently forgotten forms of
security because the issues that physical security
encompasses—threats, practices, and protections—are
different for practically every site and organization. Physical
security resists simple treatment in books on computer security, as
different organizations running the identical system software might
have dramatically different physical security needs. To make matters
worse, many popular books on computer system security do not even
mention physical security! Because physical security must be
installed on-site, it cannot be preinstalled by the operating system
vendor, sold by telemarketers, or downloaded over the Internet as
part of a free set of security tools.
Anything that we write about physical security must therefore be
broadly stated and general. Because every site is different, this
chapter can't give you a set of specific
recommendations. It can give you only a starting point, a list of
issues to consider, and suggested procedures for formulating your
actual plan.
8.1.1 The Physical Security Plan
The first step to physically securing your installation is to
formulate a written plan addressing your current physical security
needs and your intended future direction. Ideally, your physical plan
should be part of your site's written security
policy. This plan should be reviewed by others for completeness, and
it should be approved by your organization's senior
management. Thus, the purpose of the plan is for both planning and
political buy-in.
Your security plan should include:
Descriptions
of the physical assets that you are protecting
Descriptions of the physical areas where the assets are located
A description of your security
perimeter—the boundary between the rest of the world
and your secured area—and the holes in the perimeter
The threats (e.g., attacks,
accidents, or natural disasters) that you are protecting against and
their likelihood
Your security defenses, and ways of improving them
The estimated cost of specific improvements
The value of the information that you are protecting
If you are managing a particularly critical installation, take great
care in formulating this plan. Have it reviewed by an outside firm
that specializes in disaster recovery planning and risk assessment.
Consider your security plan a sensitive document: by its very nature,
it contains detailed information on your defenses'
weakest points.
A detailed security plan may seem like overkill for smaller
businesses, some educational institutions, and most home systems.
Nevertheless, simply enumerating the threats and the measures that
you are using to protect against them will serve you well in
understanding how to protect your informational assets. Is fire a
possibility? If so, you may wish to invest in a fireproof safe for
backups (cost: as little as $200), or you may wish to contract with
an off-site backup provider (cost: approximately $20/month per PC).
Is theft a possibility? If so, you may wish to purchase a lock for
your computer (cost: approximately $30). Do you back up your server
but not your desktop PCs? If so, you may wish to make sure that
people in your organization know this, so that they store files on
the file server, and not on their computer's
"desktop."
At the very least, you should ask yourself these five questions:
Does anybody other than you ever have physical access to your
computers?
What would happen if that person had a breakdown or an angry outburst
and tried to smash your system with a hammer?
What would happen if someone in the employ of your biggest competitor
were to come into the building unnoticed?
If there were a fire in your building and the computers were rendered
unusable, would the inability to access these systems cripple or
destroy your organization?
If some disaster were to befall your system, how would you face your
angry users?
If the very idea of planning is repulsive to you, then this aspect
should be delegated to someone in your organization who is more
suited to the task.
8.1.2 The Disaster Recovery Plan
You should have a plan for immediately securing temporary computer
equipment and for loading your backups onto new systems in case your
computer is ever stolen or damaged. This plan is known as a
disaster recovery
plan .
We recommend that you do the following:
Establish a plan for rapidly acquiring new
equipment in the event of theft, fire, or equipment failure.
Test this plan by renting (or borrowing) a computer system and trying
to restore your backups.
If you ask, you may discover that your computer dealer is willing to
lend you a system that is faster than the original system for the
purpose of evaluation. There is probably no better way to evaluate a
system than to load your backup tapes onto the system and see if they
work.
|
Be sure to delete your files and purge the
computer's disk drives of all information before
returning them to your vendor! Simply running
newfs or re-installing the operating system is
not sufficient. Use a tool especially suited to the task.
|
|
8.1.3 Other Contingencies
Beyond the items mentioned earlier, you may also wish to consider the
impact of the following on your operations:
- Loss of phone service or network connections
-
How
will the loss of service impact your regular operations?
- Vendor continuity
-
How important is support? Can you move to
another hardware or software system if your vendor goes out of
business or makes changes you don't wish to adopt?
- Significant absenteeism of staff
-
Will this impact your ability to operate?
- Death or incapacitation of key personnel
-
Can every member of your computer
organization be replaced? What are the contingency plans?
|