infrastructure considerations. So So those were kind of you were talking about, you know, the outside the physical perimeter having, you know, things like fences, locks protecting, you know, events, that type of thing, trying to just protect the outside
of the building. So now and then and then visitors. That's kind of like getting in,
ah, little bit getting into the initial entrance. And now we're talking about, you know, the actual infrastructure within, within a building, you know, how do you go about protecting it or what? Do you actually want to protect things like routers, switches, access points, fax machines and telephones? Those are all things that
an organization you may want to consider locking down, putting certain controls in place to ensure that you only authorized staff can access those things. Um
so things, for example, like using encryption and strong passwords on wireless access points Just talked about, you know, wireless security, hacking on you know why it's important to have strong passwords on the a. P ease
keeping network infrastructure in a lot cabinet, so preventing
individuals. So even if let's say someone does get past the external perimeter, someone does get passed in whatever controls are in place, toe control, visiting visitors into a building.
So even if they get past those layers, you know, locking down network infrastructure to prevent someone you know, just being able to pull again to a hub or switch and a hop right onto the network, you know, you know, keeping that equipment and a locked, locked cabinet, or, as Joe was talking about earlier,
preventing someone from plugging a rogue a p
on into in your building and then just leaving
free access for them to get back into your network anytime, anytime they want.
Locking fax machines were not monitored by receptionists. You never know what kind of information is gonna be coming over facts. So controlling you locking those up or, you know, some some devices actually have
controls in place, like copiers or fax machines, where you actually need to use a pen or a password to to unlock them. So, for example, like with printers there, some printers actually over here at the university When Ugo and print to a computer cluster,
you go ahead and send, you know, whatever document you're working on, you send it to the print queue. And then when you go to the printer, you actually have to input password or a pin, and then that will release your document from the print you and actually will print it out. So it prevents things like if you are printing you not,
you know, classified documents but
but sensitive documents that contain sensitive information that you wouldn't want someone else looking at. It prevents people from your performing a simple attack of just walking by and just grabbing what's ever in whatever is sitting in the printer things, things like that. And then, you know, considering use of pin codes when darling from
from internal phones.
you know, just because you receive just because the help desk receives a call from your phone doesn't necessarily mean that's, you know that's you. Now, in a good organization, you know, they know they I t and help. This should have controls in place to prevent someone from
just calling up and saying,
uh, you know, hey, my, I left my security token at home. Can you can you just issue me, you know, a temporary a temporary password to get onto the onto the network, you know, a good, you know. Good help. This will have controls in place. Such as,
though, they'll call and leave that on. You're a temporary password on your voicemail. So that even though if someone calls up and says, Hey, this is you know, Joe Schmo, I need my password reset. They'll actually have something in place toe make you access some kind of system
toe. Authenticate yourself
on, then and then, you know, preventing removable media are just keeping removable media locked up. So just not in this kind of goes in the same vein of, ah, clean desk policy. So not just leaving documents out on the desk. If you're working with removable media thumb drives,
removable hard drives, CDs, that type of thing,
having them, you know, locked up when they're not being in use on, then you're removing modems or disabling auto answer capabilities.
Tighten up your drive policy
based on some of the virus activity from last year. So here it seeing you. Ah, here it will.
here. It s C I I don't believe so. Dennis,
I didn't hear anything. Now on then and then over it seem u a t University? Um,
probably probably not.
So you know, servers, you know, they're not usually there. They are a critical component of company's network infrastructure. So, you know, they should definitely order afforded protections, you know, just certain controls that could be put in place. Toa protect servers
avoiding servers for day to day activities. I mean, that just goes,
you know, without without saying, you know, if you have a server, Web server, a mail server, that kind of thing, you want it to be dedicated to that kind of activity. That's not just for physical security. That's a you know, that's just the best practice, you know, in general,
enclosing the server and locked cabinet to prevent movement, not just prevent movement, but also to prevent actual access to it on. And then, you know, removing drives, disabling USB ports, preventing someone from going in. And, you know, accessing the server from you
pulling off an attack. Such a CZ,
using a bootable Lennox CD popping in the CD drive power cycling the machine. And then all of sudden, you know they have access, you know, t the files and the resource is on that server serving might be locked down with respect to okay, It has, you know, has a password on it. But, you know, that password
you know, if it's just new operating system password
that could be easily, easily bypassed just by doing, you know, something simple as a you know, pie recycling machine and booting it from, ah, a bootable live CD such as Lennox
and then minerally minimally labeling servers so that you know people can't glean or in for information about that service function. It's It's a little bit of security through through obscurity, but nonetheless you, definitely. If you have
servers that have critical functions,
sensitive information on it, you know, there's no reason to actually to go about and, you know, an advertiser,
other other security considerations.
So you know, employees they spend, you know, a majority of their time on the work station. They're the ones that have.
They're constantly accessing. The network that have access to resource is within, so it's definitely it's very important to have controls in place toe help them, you know, they are kind of like the 1st 1st line of defense.
So, you know, educating employees about what about physical security issues
and why they're important explaining to people about, you know, concepts such as, you know, piggy backing. You know what it is? Why, why It's important that, um, you know, if you're walking into the building and someone's coming in behind you, you know Thio,
I assume that, you know, they work there or they're authorized toe to go into the building or whatever area that you're in, you know, just explaining why that is a threat to, you know, the organisation's security.
He's in close, some monitoring different work spaces, you know, avoiding removal, media and drives. It's kind of a common theme on designing work areas, so employees air unable to eavesdrop and see the monitors of other employees so preventing against things such a CZ shoulder surfing attacks