Know Your Physical Security Vulnerabilities to Avoid Hacks - dummies

Know Your Physical Security Vulnerabilities to Avoid Hacks

By Kevin Beaver

Whatever your computer- and network-security technology, practically any hack is possible if an attacker is physically in your building or data center. That’s why looking for physical security vulnerabilities and fixing them before they’re exploited is important.

In small companies, some physical security issues might not be a problem. Many physical security vulnerabilities depend on such factors as

  • Size of the building

  • Number of buildings or sites

  • Number of employees

  • Location and number of building entrance and exit points

  • Placement of the data centers and other confidential information

Literally thousands of possible physical security vulnerabilities exist. The bad guys are always on the lookout for them — so you should look for these vulnerabilities first. Here are some examples of physical security vulnerabilities:

  • No receptionist in a building to monitor who’s coming and going

  • No visitor sign-in or escort required for building access

  • Employees trusting visitors because they wear vendor uniforms or say they’re in the building to work on the copier or computers

  • No access controls on doors or the use of traditional keys that can be duplicated with no accountability

  • Doors propped open

  • IP-based video, access control, and data center management systems accessible via the network with the default user ID and password

  • Publicly accessible computer rooms

  • Software and backup media lying around

  • Unsecured computer hardware, especially laptops, phones, and tablets

  • Sensitive information being thrown away in trash cans rather than being shredded or placed in a shred container

  • CDs and DVDs with confidential information in trash cans

When these physical security vulnerabilities are exploited, bad things can happen. All it takes to exploit these weaknesses is an unauthorized individual entering your building.