Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux.
Red Hat Enterprise Linux 4: Security Guide
Prev Appendix A. Hardware and Network Protection Next

A.2. Hardware Security

According to a study released in 2000 by the FBI and the Computer Security Institute (CSI), over seventy percent of all attacks on sensitive data and resources reported by organizations occurred from within the organization itself. Implementing an internal security policy is just as important as an external strategy. This section explains some of the common steps administrators and users can take to safeguard their systems from internal exploitation.

Employee workstations, for the most part, are not as likely to be targets for remote attacks, especially those behind a properly configured firewall. However, there are some safeguards that can be implemented to avert an internal or physical attack on individual workstation resources.

Modern workstation and home PCs use a BIOS that controls system resources on the hardware level. Workstation users can set administrative passwords within the BIOS to prevent malicious users from accessing or booting the system. BIOS passwords prevent malicious users from booting the system at all, deterring the user from quickly accessing or stealing information stored on the hard drive.

However, if the malicious user steals the PC (the most common case of theft among frequent travelers who carry laptops and other mobile devices) and takes it to a location where they can disassemble the PC, the BIOS password does not prevent the attacker from removing the hard drive, installing it in another PC without BIOS restriction, and accessing the hard drive to read its contents. In these cases, it is recommended that workstations have locks to restrict access to internal hardware. Specialized security devices, such as lockable steel cables, can be attached to PC and laptop chassis to prevent theft, as well as locks on the chassis itself to prevent internal access. This type of hardware is widely available from manufacturers such as Kensington and Targus.

Server hardware, especially production servers, are typically mounted on racks in server rooms. Server cabinets usually have lockable doors, and individual server chassis also are available with lockable front bezels for increased security from errant (or intentional) tampering.

Enterprises can also use co-location providers to house their servers, as co-location providers offer higher bandwidth, 24x7 technical support, and expertise in system and server security. This can be an effective means of outsourcing security and connectivity needs for HTTP transactions or streaming media services. However, co-location can be cost-prohibitive, especially for small- to medium-sized businesses. Co-location facilities are known for being heavily guarded by trained security staff and tightly monitored at all times.

Prev Home Next
Hardware and Network Protection Up Common Exploits and Attacks

 
 
  Published under the terms of the GNU General Public License Design by Interspire