06 Feb Information Security Part 1: Physical Layer Security
Things you can do today to secure your network
We often ask our customers if they knew they would be compromised tomorrow, what would they do differently today to prevent an information security breach.
Usually it is the high profile cyber security attacks of some of the world’s largest organizations like Heartland Payment Systems, Department of Veterans Affairs, Home Depot, and Target that people pay the most attention to. While we do learn a lot from these incidents, we highly recommend that our customers look out for attacks that are more likely to impact their business tomorrow.
Our four-part series about Information Security, written by Solutions Architect, Alan Bunyard, addresses practical and proactive ways that you can prevent some of the most common information security mistakes that are likely to occur. Part one of this series covers four basic practices that can help you protect the physical layer of your environment.
These recommendations may seem simple, but you wouldn’t believe how often our engineers encounter what you’re about to read.
Lock the door
Your janitor doesn’t need the key; he can store his mop buckets somewhere else. How often does this happen to the small/medium-sized business (SMB) or even large enterprises? Too often. We have seen network equipment retrofitted into an old building where it must share space with the janitor’s closet, filing cabinets of patient records, or even an actual toilet stall. If you must put equipment in a room like this, place it in a locking cabinet to prevent tampering.
Disable or restrict unused ports
Don’t heat unused network ports without cause. It may simplify configuration and reduce support calls a bit, but it allows anyone with access to your building the chance to come in and play on your network. This is especially true if you’re not running any security measures up the stack in L2/L3/L4-7. If you want to heat every drop and run advanced network access control, hats off to you: Your organization either has a great budget for security automation or ample time to micromanage port security.
If you have cameras, use them correctly
Believe it or not, many businesses do not put their cameras in a location that will actually increase security, they are blocked by an exit sign or facing a wall. Businesses also fail to check and see if their cameras are actually working, so do this occasionally. Don’t make the mistake of being too trusting, most tampering will be done by someone who has building access that you might even recognize. If you don’t have cameras, consider getting them. They are a cheap investment that makes your data and network significantly safer.
Manage your mobile devices
Enforce your security policies concerning mobile devices. A stolen notebook computer or cell phone gives an attacker time to think about how they will access your data or network – best to have the option to remote wipe when necessary. If you’re an SMB, there’s even some free options you can utilize if you have a very small number of devices. Enforcing basic security policies and the ability to remotely wipe them makes up for the difficulty in tracking the physical security of these mobile devices if they are lost or stolen.
Writer: Alan Bunyard, Solutions Architect for Pinnacle Business Systems
Look for Information Security Part 2: Datalink Layer coming soon! Part two will focus on what you should be thinking about and doing to protect the datalink layer of your network. Don’t have time to wait for Alan’s next article? Contact us for more information and learn about our end-to-end information security solutions and services. Email us at firstname.lastname@example.org or call 1.866.PINNACLE.
Information Security 4-part Series
- Information Security Part 1: Physical Layer Security
- Information Security Part 2: Datalink Layer Security
- Information Security Part 3: Network/Transport Layer Security
- Information Security Part 4: Application Layer Security (Layers 5-7)