7 Ways to Protect Your Servers
When it comes to IT security, physical security is the foundation for our overall strategy. But some organizations, distracted by the more sophisticated features of software-based security products, may overlook the importance of ensuring that the network and its components have been protected at the physical level.
#1: Lock up the server room
Even before you lock down the servers, in fact, before you even turn them on for the first time, you should ensure that there are good locks on the server room door. The server room is the heart of your physical network, and someone with physical access to the servers, switches, routers, cables and other devices in that room can do enormous damage.
Remember, it’s not just the servers you have to worry about. A hacker can plug a laptop into a hub and use sniffer software to capture data traveling across the network. Make sure that as many of your network devices as possible are in that locked room, or if they need to be in a different area, in a locked closet elsewhere in the building.
#2: Set up surveillance
A video surveillance camera, placed in a location that makes it difficult to tamper with or disable (or even to find) but gives a good view of persons entering and leaving should supplement the log book or electronic access system. They can even be set up to send e-mail or cell phone notification if motion is detected when it shouldn’t be (such as after hours).
#3: Don’t forget the workstations
Hackers can use any unsecured computer that’s connected to the network to access or delete information that’s important to your business. Workstations at unoccupied desks or in empty offices (such as those used by employees who are on vacation or have left the company and not yet been replaced) or at locations easily accessible to outsiders, such as the front receptionist’s desk, are particularly vulnerable.
Disconnect and/or remove computers that aren’t being used and/or lock the doors of empty offices, including those that are temporarily empty while an employee is at lunch or out sick. Equip computers that must remain in open areas, sometimes out of view of employees, with smart card or biometric readers so that it’s more difficult for unauthorized persons to log on.
#4: Keep intruders from opening the case
Both servers and workstations should be protected from thieves who can open the case and grab the hard drive. It’s much easier to make off with a hard disk in your pocket than to carry a full tower off the premises. Many computers come with case locks to prevent opening the case without a key.
#5: Protect the portables
Laptops and handheld computers pose special physical security risks. A thief can easily steal the entire computer, including any data stored on its disk as well as network logon passwords that may be saved. If employees use laptops at their desks, they should take them with them when they leave or secure them to a permanent fixture with a cable lock.
#6: Pack up the backups
Backing up important data is an essential element in disaster recovery, but don’t forget that the information on those backup tapes, disks, or discs can be stolen and used by someone outside the company. Many IT administrators keep the backups next to the server in the server room. They should be locked in a drawer or safe at the very least. Ideally, a set of backups should be kept off site, and you must take care to ensure that they are secured in that offsite location.
Don’t overlook the fact that some workers may back up their work on Cds, USB keys, or external hard disks. If this practice is allowed or encouraged, be sure to have policies requiring that the backups be locked up at all times.
#7: Disable the drives
If you don’t want employees copying company information to removable media, you can disable or remove floppy drives, USB ports, and other means of connecting external drives.
Remember that network security starts at the physical level. All the firewalls in the world won’t stop an intruder who is able to gain physical access to your network and computers, so lock up as well as lock down.
From Tech Republic -Deb Shinder, Author.