Protecting hardware is as important, if not more so, than each of the other security methods described in this post. Sadly, protecting hardware is often an afterthought. Servers act as a central repository for large amounts of data, making them, or more specifically their storage, desirable targets. High-profile news stories have highlighted the plight of companies that do not protect their mobile devices, such as laptops, while out of the office. If someone can physically access a computer, it can always be compromised. Given physical access, unauthorized users can install malicious software or various event-tracking and data-capturing services.
To protect hardware, use as many layers of physical protection as possible:
P Restrict access to rooms containing computers that store or access sensitive information. Provide room access only to individuals who must use those computers. If possible, lock the computer in a secure container when it is not in use, or bolt or fasten it to a wall or piece of furniture.
– Take special care with storage units hard drives, tapes, USB Flash drives, and so on. Lock or secure this hardware. If users can install your storage device on another system, they can bypass any safeguards that you have set up. If you cannot guarantee the physical security of a storage device, consider using encryption: FileVault for home folders, or encrypted disk images for other data.
– If you have a mobile device, keep it secure. Lock it up or hide it when it is not in use. When in transit, never leave it in an insecure location. P Consider buying an attaché case or computer bag with a locking mechanism, and lock the equipment in when you are not using it.
– Be aware that a computer left unattended and logged in can be a security risk. To protect your computers from being used when on and unattended, enable a passwordprotected screen saver.