Designing Physical Network Security
Network security covers a multitude of issues. This article discusses the threats posed
by people - both from outside and inside - trying to steal your equipment and data and
suggests some strategies to counter them.
1. The first issue to address is physical access to your network.
If you've a wired network, don't imagine that it's necessarily proof against being broken⁄tapped into:
• Do you have a live network port in a publicly-accessible room or an unsecured garden shed?
• Do your childrens' friends bring their laptops to visit?
• Do you have a network cable tacked to the outside of your building or passing
through an unsecured lobby?
If so, or if you can think of any other way for unauthorised people to connect equipment
to your network, you need to address these issues immediately. At the very least, someone may
be using your resources without paying you. At worst, they could download all your confidential
data or even erase it from your system.
• Secure the room⁄shed or, better, unplug the cable from the router when
you're not using it (a pain, but better than having your private data stolen or corrupted).
• Keep all cabling inside your secure perimeter.
• Lay down the law about connecting other people's computers to your network.
• Make sure that your personal, private data is secured against being accessed
from unauthorised computers connected to your network - most operating systems allow you to set
usernames and passwords to control access to individual PCs and this should prevent illicitly
connected computers reading your network shares.
• Ensure that really sensitive data (such as bank or password data) is NEVER
kept on a network share: It is best stored on a removable disk/pen drive that's kept locked away.
• If you're really paranoid, set all your software to not remember
your passwords to web sites etc. Of course, that means that you'll have to.
2. Consider how to stop people walking off with your computers and peripherals.
People worry about having TVs, DVD players and other domestic equipment stolen by burglars,
but loss of your PC and all its stored data is much more serious, especially if you've got
your bank or credit card details in a plain-text file on the hard disk! Most portable and desktop
computers and many peripherals (such as routers and printers) come with a "Kensington lock"
slot: a small slot in the case that allows you to fit a security cable. Use it to attach your
equipment to a solid fixing point:
• Make sure that the cable lock goes through a HOLE - not just round a leg.
• Make sure that the attached furniture item is HEAVY and LARGE. You can hide
a laptop under your coat, but a desk is more obvious...
• Best of all, provide proper anchors set into the wall or floor.
• Since cables can be cut, consider using cable locks with alarms incorporated
• IMPORTANT: Number your locks and keep spare, numbered keys in a secure
location, so when the PC user loses the key or quits, you can get your computer back.
Servers should be properly secured in a locked cabinet or cupboard. They can also
be attached with cable locks or proprietary security devices, and the room/cupboard should
be fitted with an alarm. As a matter of interest, more and more domestic entertainment devices
(such as games consoles and TVs) are also being fitted with security slots. A job lot of cable
locks will make loss to burglars less likely (although they may trash them out of pique!).