Data Security

11. Protection Through Hardware

Physical Protection of Hardware

A lot of effort goes into the development of software designed to prevent breaches of security that the actual physical precautions that can be taken are often overlooked.

It is sometimes forgotten, that breaching security defences via the internet takes a certain degree of technical knowledge and skill. Stealing laptops, smart phones and to a lesser extent desktops and using these to attack organisations is a bit easier. There is also the possibility to stealing data by copying it onto USB sticks, CD's or DVD's.

The actual process of maintaining physical security relies upon 3 main components:-

  1. Access Control
  2. Surveillance
  3. Recovery & Testing
Physical Security
Access Control
Access Control

The first step is to create obstacles and place them in the way of potential hackers. The idea is to make it physically difficult for hackers to get anywhere near hardware. So difficult in fact, that it would be easier for them to move onto less well protected targets.

'Hardening' measures include:-

  • Perimeter fencing & secure window and door locks
  • Access control devices: magnetic swipe cards, key fobs etc.
  • Biometric control systems: face recognition, retina scanning, fingerprint and voice recognition.
  • Locking up/down physical hardware.

The next component to physical security involves observing those using the hardware or coming close to it and who may engage in activities like 'shoulder surfing'. As can be imagined, this involves:-

  • Using surveillance cameras inside as well as outside on the perimeter.
  • Using intrusion detection systems.
  • Using heat and smoke detectors.
  • Using blinds where screens and printers may be overlooked.
  • Never leaving visitors unaccompanied.
  • Shred or always secure sensitive paper documents in lockable file cabinets.

Disaster Recovery & Testing
Disaster Recovery

All users should take regular backups or copies of their data. This is particularly important for organisations that keep account or financial data. They should have a comprehensive 'disaster plan' in case the worst should happen and they can get back up and in business again, after data theft, fire, earthquake or even a bombing.

  • There should be frequent and regular backups of data.
  • Backups should be kept in a separate location from the main servers in case they are compromised with a virus or destroyed.
  • Ensure proper insurance is in place to cover physical and business losses in case of natural disaster, accident or damage.
  • Test and practice the disaster plan to check that it works and everybody knows what to do.

Time to add to the developing security plan for Gym 4 Life.

  1. Open up your Security Plan from the previous exercise.
  2. Add a new sub-heading Hardware Protection and use the information on this page to outline a protection plan appropriate for Fit 4 Life gym
  3. Don't be afraid of doing additional research especially in regards to outlining a suitable backup schedule.
  4. Save it and have it checked by your teacher.
Gym 4 Life

Can you now do?

  • Identify two different hardware precautions that could be taken to enhance data security.
  • Explain for each hardware precaution provided how they enhance data security.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee