Computer Security Revisited: Physical Security
Neal S. Jamison
Every system administrator must contend with computer
computer systems become increasingly networked and internetworked,
administrators must be constantly aware of the threat
of someone attempting
to break in or to corrupt data. Accordingly, almost
every book or
journal written about UNIX administration discusses
some facet of
security. However, there is a very dangerous omission
in most of these:
they ignore physical security.
Theft of computers and computer components has become
problem. Statistics compiled by the National Stolen
show that theft in 1992 involved over 700,000 computers
over $800 million in losses -- and these are only the
were reported. The registry also reports that individual
such as RAM, hard disks, and CPU chips are being lifted
than entire PCs.
As client/server networks that utilize x86 personal
implemented and as UNIX migrates to the x86 desktop,
administrators find themselves responsible for more
than just traditional
UNIX machines. As users become more aware of their computing
and as computer platforms at work more closely resemble
the home PC,
computer theft will become more prevalent.
You can take several steps to minimize your risk as
a system administrator,
or to give yourself a better chance of recovering stolen
in the event that this does happen.
Securing Your Systems
1. Put the user in charge.
When you place a system on a user's desk, tell the
user that he/she is responsible for that system.
2. Inventory everything.
You must know exactly what you have. Keep a database
that records a description of every component in each
should include serial numbers, manufacturer part numbers,
replacement value, etc. Every time a change is made
to the system,
make sure that this database gets updated. If something
your chances of recovery are much greater if you can
what was stolen. Organizations such as the National
Registry can help recover stolen parts, but only if
serial numbers are recorded. How many of us actually
open each and
every computer and record that information?
3. Re-inventory often.
Inform users that there will be a periodic check
of the equipment. This does not have to make users feel
are not trusted -- it can also function as a monthly
A number of tools can help you manage a re-inventory.
management tools will let you know if a system has been
or even if the configuration has changed. A simple implementation
of this is the UNIX command rup. rup polls all hosts
on the local
network, returning a value for that host similar to
that of uptime.
If you check this regularly, you can easily see if a
been recently taken down. If you find that this has
the system to ensure that there is not a problem.
4. Secure the computer and its components as much as
Many vendors now sell devices that not only tether
equipment to the furniture, but can also prevent unwelcome
the computer. An investment of less than $100 per workstation
small when compared to replacing costly components.
Many computer manufacturers are using computer cases
that can be locked.
If you have this capability, use it. Leaving the key
in the lock on
the user's desk will only provoke anyone who is tempted.
keys and keep them in a safe place.
Replace the screws in the computer case with special
an uncommon tool for removal. If a would-be thief cannot
a case without damaging it, he/she may be deterred.
want their action to go unnoticed.
If your cases cannot be locked, you can purchase special
"security" labels that, once removed, leave
a residue and
cannot be reused . Each of these labels has a serial
number that can
be tracked in the database mentioned above. Place one
of these over
a seam in the computer case. Once these labels are in
place, the re-inventory
mentioned above is reduced to simply "swapping
the user and glancing down to ensure that the numbered
label is intact.
5. Limit access.
Most offices keep valuable equipment behind locked
doors to keep outsiders away. But some control must
be exercised over
employees also. Keep track of who has access to rooms
equipment is used or stored. Maintain a log of who is
hours and on weekends. If a magnetic ID card lock is
used and a theft
takes place over a weekend, it is easy to find out who
was in the
office during the period in question.
While we all like to think that our users are honest,
citizens, the truth is that some of them are not. Computer
hit close to home for me, when three PCs on a client/server
that I was responsible for were pilfered. Replacing
the parts was
almost as expensive as throwing out the remains and
new computers. Had I used some of the above practices,
could have been prevented.
When computers are pilfered, everyone pays. System administrators
pay because of the unnecessary headache. The users pay
the increased security hassles and possible downtime
in their network.
The organization as a whole pays, because replacing
is not cheap, and often when a hard drive disappears,
so may valuable
or proprietary data. When theft takes place, everyone
is a suspect.
It is your job to minimize the risk and ensure that
environments remain intact.
About the Author
Neal S. Jamison is a consultant with Quality Consulting
Inc. of McLean, VA. He is currently on contract in Hawaii
as the System
Administrator/Engineer of a large UNIX-based document
He holds a B.S. in Computer Science from Virginia Polytechnic
and State University and is actively pursuing his M.S.
Systems from Hawaii Pacific University. He has been
working with various
UNIX systems for over 8 years.