Physical Security - Another potential threat to your enterprise

It is often said that physical security is one of the first considerations in a layer defence model.

In this case we are talking about how all servers, routers, switches and hubs should be physically protected by, for example, being locked in a specific server room. However, is it really that secure?

Consider the following scenarios. Your organisation manages several important servers.

As the system administrator, you do the right thing and have these precious cornerstones of your IT infrastructure locked away in the designated server room where only certain administrators and hardware technicians are allowed access.

Disaster Stories From The Server Room No problems here – this is the right and proper thing to do. So why is it that if I wanted to I could write a book entitled Disaster Stories from the Server Room. A few real life stories from this fictional title might include:-

• The Day The IT Administrator Accidentally Turned off the Wrong Server

It is a very easy mistake to make, there are so many servers. You are having a problem with a server that won’t shutdown or reboot, so you physically hit the on/off button but whoops – it’s the wrong server!

• How a Rogue IT Admin Hacked into a Secure Server

No matter what type of security you have implemented on a server, immediately there is physical access, the data and programs on that server can easily be compromised by booting into an alternative operating system either via floppy disk, CDROM or USB device.