Physically Secure Your Network
Underestimating the importance of physical security can be a fatal mistake. Popping open the cover of a server is easy. After a hacker is inside, pulling a hard disk takes only seconds, and the organization's data is out the door.
Consider another scenario. With some UNIX variants, possessing the boot disk is like having the key to the castle. If disgruntled employees get a boot disk and gain access to a server's 3.5" drive or CD-ROM drive, they can erase all data on that server or gain access to the root console, opening the door to the entire system.
The same scenario can occur with NT systems that have FAT partitions. Disgruntled employees can easily boot these systems with a DOS disk. Microsoft designed NTFS partitions to prevent such intrusions. However, utilities are now available (such as ntfsdos.exe) that let users boot NT with NTFS.
So what can you do to prevent this type of abuse? Common sense dictates placing servers in a secured room or locking components into place. More sophisticated solutions include the use of smart cards, fingerprint scanners, and digital signatures. Using BIOS-level passwords is another line of defense. And don't forget to disable hardware components when you aren't using them
Internet FAQ top