Physical Access xli
Introduction
Managing Access
Access control is a key element of a good information management (IM)
security program. Our intent is to give those requiring general knowledge
of access control the necessary background to enhance their reading expe-
rience for our chapters that cover IM security risks and best practices. In
this section, we will cover the essential elements every security administra-
tor needs to know about access control and password management. Some
of the content presented herein has been excerpted from our book Wireless
Operational Security [22] with the permission of Digital Press, an imprint
of Elsevier.
Physical Access
Security managers must be concerned with not only network access, but
also physical access to the IT systems. Even the most secure of systems is
vulnerable to compromise if anyone can walk in, pick up the computer,
and walk out with it. Physical prevention measures must be used in con-
junction with information security measures to create a total solution.
Many people go to great lengths to secure their network from the outside
so that intruders cannot get in, but they are often incredibly lax about
ensuring that data system equipment is safe from direct attacks by people
physically at the machine.
Physical security is important for securing the data center, the network,
and the environment around the equipment. Unless the network is
encrypted, anyone with physical access to the office LAN could potentially
connect network monitoring tools and tap into a corporation’s communica-
tions. Even if encryption is used, physical access to corporate servers and
gateways may allow an attacker to monitor network traffic or compromise
the system in a matter of minutes. If the proper physical countermeasures
are not in place to mitigate some of the biggest risks, such as insertion of
sniffers or other network monitoring devices, then the installation of a
sniffer could result in not just data but all corporate voice and video com-
munications being intercepted. Therefore, it is important to ensure that
adequate physical security measures are in place. Barriers, locks, access con-
trol systems, and guards are the typically the first line of defense.
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
