Securing Computers and Network Hardware
Organizations must protect their computing and network infrastructure. This includes cabling, telecommunication equipment, and network devices.
There are several methods of physically protecting computer and networking equipment as listed in the figure.
Network equipment should only be installed in secured areas. As well, all cabling should be enclosed within conduits or routed inside walls to prevent unauthorized access or tampering. Conduit is a casing that protects the infrastructure media from damage and unauthorized access.
Access to physical switch ports and switch hardware should be restricted to authorized personnel by using a secure server room and locking hardware cabinets. To prevent the attachment of rogue or unauthorized client devices, switch ports should be disabled through the switch management software.
Factors that determine the most effective security equipment to use to secure equipment and data include:
- How the equipment is used
- Where the computer equipment is located
- What type of user access to data is required
For instance, a computer in a busy public place, such as a library, requires additional protection from theft and vandalism. In a busy call center, a server may need to be secured in a locked equipment room. Server locks can provide physical chassis security by preventing access to power switches, removable drives, and USB ports. Where it is necessary to use a laptop computer in a public place, a security dongle and key fob ensure that the computer locks if the user and laptop are separated. Another tool for physical security is the USB lock which is locked into place in a USB port and requires a key to be removed.
Security policies can be applied to mobile devices in a corporate network through Mobile Device Management software. MDM software can manage corporate-owned devices and Bring Your Own Device (BYOD). The software logs use of devices on the network and determines if it should be allowed to connect, known as onboarding, or not based on administrative policies.
The image shows a door with security keypad entrance. Below the image there is a list of best practices to Securing the Computing and Network Infrastructure: Use webcams with motion-detection and surveillance software. Install physical alarms triggered by motion-detection sensors. Label and install RFID sensors on equipment. Use locking cabinets or security cages around equipment. Fit equipment with security screws. Keep telecommunication rooms locked. Use cable locks with equipment.
Data – Your Greatest Asset
Data is likely to be an organization’s most valuable assets. Organizational data can include research and development data, sales data, financial data, human resource and legal data, employee data, contractor data, and customer data.
Data can be lost or damaged in circumstances such as theft, equipment failure, or a disaster. Data loss or data exfiltration are terms used to describe when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.
Data loss can negatively affect an organization in multiple ways as listed in Figure 1. Losing data regardless of circumstances can be detrimental or even catastrophic to an organization.
Data can be protected from data loss using the methods listed in Figure 2.
Data loss prevention (DLP) is preventing data loss or leakage. DLP software uses a dictionary database or algorithm to identify confidential data and block the transfer of that data to removable media or email if it does not conform to predefined policy.
The page has two figures. Figure 1: The image shows what Data loss can result in: Brand damage/Loss of reputation. Loss of competitive advantage. Loss of customers. Loss of revenue. Legal action resulting in fines and civil penalties. Significant cost and effort to notify affected parties. Significant cost and effort to recover from the breach. Mitigating Data Loss. Protecting Data. Data backups. File and folder permissions. File and folder encryption. Figure 2: an image of a Venn diagram where Protecting data is the intersection of Data Backups, File and Folder Permissions, and File and Folder Encryption.