The importance of setting up physical security within your own network
Posted on 8 August 2016 by Beaming SupportHelpful tips on building and maintaining a secure network and systems to protect against internal threats
Much importance is (rightly) placed upon protecting networks from external threats with the use of firewalls and permissions, etc. However, preventing attacks that may come from internal threats (such as physical threats from unknown computers, visitors and staff connecting to the network) is just as important as any network security measures you have already implemented, such as firewalls. Both are important to stop attackers gaining access to your systems and protect your data from exposure or corruption.
Below are six tips to help keep physical security as tight as possible:
1. Have a separate network for guest users
A internal threat does not have to come with malicious intentions. Imagine you invite members of the public in for an open day. Your guest network needs to be completely separate to your company network because anyone connecting to it could innocently transfer malware to your systems. . You can achieve this with your IT team or simply install a separate connection and a wireless access point for guests
2. Secure wall ports
As the BYOD (Bring your own device) trend becomes more popular, then protecting your physical infrastructure from patch ports – switches becomes more important. Visitors and staff may assume that they can plug into a spare wall port or unplug a printer etc. in order to try and use their own device. If the local network has pre-patched ports with no security, they could instantly expose their compromised device to your network, bringing a threat internally and bypassing your external firewalls instantly. Many switches have port security options available and it is worth documenting and setting up each switch port in areas of the building which may be open to the visitors.
3. Lock server rooms and work stations
Audit server room access and lock workstations to desks. Server rooms are often unoccupied areas and should be locked to prevent anyone removing equipment with data on it, or allowing them access to the hardware. This prevents both accidental damage which can be hard to trace and malicious, intentional damage.
4. Secure backups
Keep another set of backups off site or remotely so you are protected if the worst was to happen to your building. Make sure the backup system is un-linked from the network after finishing its backup procedure. There have been many cases of malware destroying backups as they have been left attached to the existing network.
5. Disable USB drives
It is often interactions with websites, files and email attachments which open the gate for viruses to get onto a system. USBs used in other people’s system e.g. home computers or public computers can easily become infected and used to carry a virus. The best policy is to inform staff not to use USB sticks, though this can go one step further by disabling the USB drives of employees’ computers.
6. Complete an audit and review
Documenting procedures that protect your network on a physical level is just as important as documenting and reviewing your existing firewall rules on routers. You are not only securing against intentional physical attacks but accidental exposure of your network.
Need more guidance on cyber security?
Beaming’s Business Guide to Cyber Security will help you identify weak spots in your business and gives practical guidance on protecting against cyber attacks.