Computer Security Revisited: Physical Security

Neal S. Jamison

Every system administrator must contend with computer security. As computer systems become increasingly networked and internetworked, administrators must be constantly aware of the threat of someone attempting to break in or to corrupt data. Accordingly, almost every book or journal written about UNIX administration discusses some facet of security. However, there is a very dangerous omission in most of these: they ignore physical security.

Theft of computers and computer components has become a significant problem. Statistics compiled by the National Stolen Computer Registry show that theft in 1992 involved over 700,000 computers and totaled over $800 million in losses -- and these are only the cases that were reported. The registry also reports that individual components such as RAM, hard disks, and CPU chips are being lifted more frequently than entire PCs.

As client/server networks that utilize x86 personal computers are implemented and as UNIX migrates to the x86 desktop, traditional UNIX administrators find themselves responsible for more than just traditional UNIX machines. As users become more aware of their computing environment, and as computer platforms at work more closely resemble the home PC, computer theft will become more prevalent.

You can take several steps to minimize your risk as a system administrator, or to give yourself a better chance of recovering stolen equipment in the event that this does happen.

Securing Your Systems

1. Put the user in charge. When you place a system on a user's desk, tell the user that he/she is responsible for that system.

2. Inventory everything. You must know exactly what you have. Keep a database that records a description of every component in each computer. This should include serial numbers, manufacturer part numbers, estimated replacement value, etc. Every time a change is made to the system, make sure that this database gets updated. If something gets stolen, your chances of recovery are much greater if you can determine exactly what was stolen. Organizations such as the National Stolen Computer Registry can help recover stolen parts, but only if the component serial numbers are recorded. How many of us actually open each and every computer and record that information?

3. Re-inventory often. Inform users that there will be a periodic check of the equipment. This does not have to make users feel that they are not trusted -- it can also function as a monthly maintenance check.

A number of tools can help you manage a re-inventory. Certain network management tools will let you know if a system has been powered off, or even if the configuration has changed. A simple implementation of this is the UNIX command rup. rup polls all hosts on the local network, returning a value for that host similar to that of uptime. If you check this regularly, you can easily see if a computer has been recently taken down. If you find that this has occurred, check the system to ensure that there is not a problem.

4. Secure the computer and its components as much as possible. Many vendors now sell devices that not only tether equipment to the furniture, but can also prevent unwelcome entry to the computer. An investment of less than $100 per workstation is very small when compared to replacing costly components.

Many computer manufacturers are using computer cases that can be locked. If you have this capability, use it. Leaving the key in the lock on the user's desk will only provoke anyone who is tempted. Label these keys and keep them in a safe place.

Replace the screws in the computer case with special screws requiring an uncommon tool for removal. If a would-be thief cannot easily open a case without damaging it, he/she may be deterred. Most burglars want their action to go unnoticed.

If your cases cannot be locked, you can purchase special holographic "security" labels that, once removed, leave a residue and cannot be reused . Each of these labels has a serial number that can be tracked in the database mentioned above. Place one of these over a seam in the computer case. Once these labels are in place, the re-inventory mentioned above is reduced to simply "swapping howdys" with the user and glancing down to ensure that the numbered label is intact.

5. Limit access. Most offices keep valuable equipment behind locked doors to keep outsiders away. But some control must be exercised over employees also. Keep track of who has access to rooms where computer equipment is used or stored. Maintain a log of who is working after hours and on weekends. If a magnetic ID card lock is used and a theft takes place over a weekend, it is easy to find out who was in the office during the period in question.

Conclusion

While we all like to think that our users are honest, law-abiding citizens, the truth is that some of them are not. Computer theft recently hit close to home for me, when three PCs on a client/server network that I was responsible for were pilfered. Replacing the parts was almost as expensive as throwing out the remains and purchasing three new computers. Had I used some of the above practices, this theft could have been prevented.

When computers are pilfered, everyone pays. System administrators pay because of the unnecessary headache. The users pay because of the increased security hassles and possible downtime in their network. The organization as a whole pays, because replacing stolen components is not cheap, and often when a hard drive disappears, so may valuable or proprietary data. When theft takes place, everyone is a suspect. It is your job to minimize the risk and ensure that your computer environments remain intact.

About the Author

Neal S. Jamison is a consultant with Quality Consulting Services, Inc. of McLean, VA. He is currently on contract in Hawaii as the System Administrator/Engineer of a large UNIX-based document imaging system. He holds a B.S. in Computer Science from Virginia Polytechnic Institute and State University and is actively pursuing his M.S. in Information Systems from Hawaii Pacific University. He has been working with various UNIX systems for over 8 years.