The
location of the information processing function has an impact on security
system design.
1. Access versus security
Access control is another important countermeasure to provide network security.
This is achieved by identifying the privileges of a user to access
information or use the services provided by elements of the network and to
administer the operation of the process to insure that the user can only
access and use what he or she has been granted permission.
Various security products have been developed to protect sensitive data stored on
microcomputers. These products, sometimes called environment control
packages, provide for encryption (encoding) and system/file access control
but, also, password protection and audit trail capability. In most cases
the program must reside on a hard disk and a system manager must control
passwords and system specifications. The program may actually control the
entire system operation from logon to logoff.
A typical product of this type would include these functions:
Boot Protection – Intruders are not able to bypass the hard disk and boot
the system from drive A.
Password Verification – Each user must enter a password before access to the
system is permitted.
User Segregation – While all users may be able to use any program on the
disk, each user’s personal files are inaccessible to others.
Definable User Lockout – Users may be restricted from using programs not
essential to their jobs.
Data Encryption – Data encryption for individual files or for all files
may be selected.
Audit Trail – The audit trail can be customized to include unauthorized
access attempts and all system manager functions.
2. Rooms, Doors, Windows, Keys
a. Location and Construction
Evaluate potential locations for the computer room. Consider the importance of
having direct access from the outside and the need to protect windows.
Decide if windows should have bars or electronic detection devices.
Should there be a system to control keys and other access devices?
For example, a particular situation might require heavy doors with dead bolts. If the
doors are not new, they should have new locks. Seal windows at ground
level or protect them with metal bars. Additionally, consider alarms and
detection devices.
b. Computer Room Access.
Depending on organizational need, restrict access to rooms containing microcomputers to
specifically authorized personnel. Consider special precautions for stand
alone computers, e.g., those on an employees desk. Resource sharing
systems, remote terminals should be available only to selected individuals.
This access may be controlled by one or more of the following:
- Locked doors;
- Posted guards;
- Other approved restraints.
c. Physical Control
Protect microcomputers with lockable equipment enclosures, lockable power
switches, fasteners, and securing devices. Consider devices such as those
that sound an alarm when equipment is moved or disconnected from a wall
socket.
One example of an advanced device, such as one used by the Department of the Navy,
employs a crystal oscillator with various broadcasting frequencies
embedded in the microcomputer. Antennas located throughout the area can be
used to track any movement of the microcomputer.
Standardized inventory and control forms may be used throughout any organization
interested in controlling hardware, software, or data. These forms
should contain information about the location of the microcomputer, who is
responsible, and any changes made since the original installation.
Centrally record the physical location and configuration of each
microcomputer.
Some standard devices normally associated with a microcomputer, such as a mouse,
internal cards and wires, do not lend themselves well to the above
procedures. These devices might be subject to external controls, such as
check-out, removal from the machine on a daily basis, etc.
It is particularly important to protect floppy disks from contaminants,
unauthorized access, destruction and damage. Procedures should ensure that
all diskettes (floppy disks), be labeled before use and stored in a secure
place when not in use. One method of protecting diskettes against theft is
to hide a signaling device (such as those used in libraries) in the jacket
cover of the floppy.
- One should locate the media library in an area secure from explosion or
other dangers.
- Recall that security includes backup file systems at a secondary location for
both the programs and the associated documentation. Essential
programs, software systems, and associated documentation of programs
in the library are located in a locked vault or a secured area.
B. Environment
Control
of the environment a fundamental issue in information security.
1. Radio Frequency Interference (RFI)
All
electronic equipment produce radiation and emanations of varying
frequencies. Take care that the computer will operate in the environment
that contains emanations from other electronic devices and that the computer
will not interfere with other electronic devices.
If
care is not taken, RFI may be received outside the computer facility and, by
sophisticated means, be used to determine the nature of the data being
processed by the computer.
2.
Cooling
While
a personal computer is somewhat insensitive to its environment, some
attention to the environment will prolong the life and increase the safety
of data stored in the machine. A rule of thumb to apply when considering the
physical environment is, “If you are comfortable, the computer is
comfortable.”
3.
Cabling
Cables
should be routed to minimize both RFI and unauthorized personnel. Cables and
Cableways should be protected from both fire and water damage.
4.
Power Surges and Brownouts.
Computers
are susceptible to sudden surges or drops in electrical line voltage.
Depending on the importance of the data being processed, efforts should be
made to shield the computer from these variations. Electronic devices
ranging from inexpensive surge processors to uninterruptible power supplies
are available to provide the level of protection required.