Physical security By Ola Abd el-latif Abbass Hassan

There are many people should made accountable For security Physical security prevent unauthorized access Physical measures taken to protect Personnel and Assets Technicalmeasures taken to protect system (services and information technology element) Operational measures taken to protect from threats

Other equipment Access control Computer equipment maintenance Wiretapping Remote access Physical security check list Building surroundings Premises Reception Server Workstation area Wireless access points

Building surroundings The entrance to the building should be restricted to only authorized access Gats, Walls, Guards, Alarm should be secure

Premises Premises should be protected by CCTV Cameras with monitored screen and video recorded Intruder system Panic buttons Burglar alarms

Reception Reception must be design to keep file and document far from people in put every thing in order Receptionist must be careful to close desk and lock PCs after office hours

Server Servers is most important issues for any network it must be well lit Server should not be used day to day activities Remove DOS to prevent booting the server remotely Disable booting from floppy disk Avoid having any removable media or CD-ROM drive

Workstation area Workstation area where the majority of employee works It must be design well and use CCTV cameras The monitors and PCs must be locked

Wireless access points So simple to any intruder to act like any employee if he connected the company LAN by wireless access point So there are some rules must be followed WEP encryption SSID should not be revealed Every user has password to connect Password must be strong to prevent cracking

Other equipment like fax and removable media Fax must be locked if it is near reception removable media should not be in public place

Access control Access control used to prevent unauthorization access to work area there are many type of access control such as Separation of work area Biometric access control Entry cards Man traps Faculty sign-in procedures Identification badges

Biometric Identification Techniques Biometric devices consist of Reader or scanning devices Software that convert the scanned information to digital form Location for the data to be analyzed so we can save and comparison data Many methods use biometric devices such as Fingers prints Face scan Iris scan Voice recognition

Fingers prints Unique Surface of a finger used to identify person Iris scan Analysed the colored part of the eye retinal scanning Analysed the layer of blood vessels at the back of the eye Vein structure Thickness and location of veins Biometric Identification Techniques

Authentication Mechanism Authentication Mechanism challenge : biometric Fingerprints can be facked, face recognition can be tricked, rentail scan can hinder if the user does not focus on given point, iris scan very expensive So you must use a traditional password system Includes mechanisms such as challenge – response list, smarts card

Smart Cards It is a plastic card embedded microchip that loaded with data which identify the person and his authorization like personnel identification numbers Security token It is a small hardware that the owner carries to authorized access area or access network

Computer equipment maintenance The AMC company personnel should not left alone when they come for a maintenance

Wiretapping The action of secretly listing to other people’s conversation by device that interpret theses pattern as sound How to prevent wiretapping Inspect all data carrying wires routinely Using shield cables Never leave wire exposed

Remote access The employee can access remotely to company the network The most important reasons to avoid Remote access Easy for attack The data must be encrypted while transferring