One of the major risks in today’s increasingly mobile environment is the physical theft of devices. From an information perspective, mobile devices contain all sorts of sensitive information and, depending upon the identity of the user, may even allow access to other, more sensitive resources, such as database servers or network security controls. Learn about the use of hardware security controls, such as cable locks, safes and locking cabinets.
- [Instructor] Security professionals spend a lot of their time protecting the confidentiality, integrity, and availability of information. And that makes sense, because information is often an organization's most valuable asset. One of the major risks in today's increasingly mobile environment is the physical theft of devices. From an information perspective, mobile devices contain all sorts of sensitive information, and depending upon the identity of the user, may even allow access to other more sensitive resources, such as database servers or network security controls.
Security professionals often use encryption to protect the contents of devices against theft. Even if a thief gains hold of a lost or stolen device, he or she won't have access to any of the sensitive information stored on that device, if it's encrypted. This limits the damage incurred by a loss or theft. Sure, you've still lost a computing device worth hundreds or thousands of dollars, but you don't have the additional loss of sensitive information or access. We should still look, however, at ways that we can protect the organization from the financial loss of a portable computing device.
This is a little bit tricky, because portable devices were intended to be, well, portable. The same ease of moving them around that appeals to users makes them easy targets for theft. Fortunately, there are a few things that you can do to protect your devices against theft. First, most modern laptops come with built in slots for inserting a special locking cable, like the one shown here. The cable itself is steel reinforced and very difficult to cut through, especially if the thief is operating in an environment where power tools would draw attention.
The only way to remove the lock from the laptop is with the corresponding key. If your laptops don't have this locking slot, manufacturers also produce cable locks that use super glue to permanently affix themselves to a device. One important note: you have to think carefully about what's on the other end of the locking cable. You want to lock it to a wall mount or other very secure location that isn't easily removed. I once saw someone loop the other end of a laptop lock around a table leg.
A thief could simply lift up the corner of the table, slide the cable off the leg, and then steal the laptop with the locking cable still attached. If you need to store laptops or other sensitive items while they're not in use, a traditional safe may be a good alternative for you. Safes often come with the added benefit of being waterproof and/or fireproof, providing protection in the event of a flood or fire. That's a nice side benefit of protecting against theft. If you don't need all of the security offered by a safe, and are just trying to protect against casual thieves, you may also consider a locking cabinet, such as the one shown here.
These cabinets are portable, allowing you to move them around a facility, and contain features specifically designed for mobile devices. First, they have a power distribution system that allows you to plug in one electric plug for the entire cabinet, and then charge all of the devices stored inside. The cabinets are also vented to allow the removal of heat generated by the charging process. These cabinets are often found in schools where a set of laptops are shared between classrooms, and then charged overnight while the school is closed.
One final physical security measure you should take is the use of identifying tags on your devices. These tags, such as the one shown here, provide clear instructions on how to return the device if it is found, and leave an indelible tattoo on the device if someone attempts to remove them. They serve two important purposes. First, if an employee loses a device, and an honest person finds it, they have clear, easy instructions on how to return the device. Second, the tattoo limits the resale value of the device on the black market and deters theft.
These hardware security mechanisms are an important way that you can save your organization from financial loss resulting from lost or stolen devices.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security