56 minutes

Video Description

Hardware Security I this lesson we cover Hardware Security and examine many of the resources used to prevent theft of company hardware within and outside the network environment, and preserving the integrity of what the hardware itself contains. We'll look at cable locks and other unauthorized device removal prevention resources. You'll learn about screen protection and password techniques for maintaining the integrity and confidentiality of data that is displayed on the screen and contained on physical hard drive and network drives. [toggle_content title="Transcript"] Now we talk about hardware security. In discussing hardware security, we have to discuss cable locks, safes and locking cabinets. We have infrastructure lying around everywhere in the facility, and if we don't need them moving away, best practice is we use cable locks to lock them down. You want to lock the hardware to the desk to prevent unauthorized moving around or taking away from the facility. It could be just to prevent the re-arrangement of the infrastructure you have, you could use a cable lock. Most likely, we use cable locks for laptop devices, you want to use a cable lock, lock the laptop down to the desk such that unauthorized persons cannot just willingly take the machine away. We use cable locks to prevent devices we don't need moving around, staying put in one place. For example you go to the bank, you use a pen at the bank, you like the pen but there is a chain holding the pen to the desk. This is to prevent you walking away with the pen. We use cable locks to guarantee availability. So you cannot move the device away. You can't leave with the device. We would also use a safe to lock away spares, documents - sensitive documents, we lock them in a safe. We don't just leave them lying around on a desk. If you have some spares, devices maybe tapes and documents that need to be kept safe, best practice is that you lock them up in a safe. And only certain individuals should have access to the code to the safe. If you have a safe and everybody knows the access code to the safe, you might as well not have a safe. We also should have locking cabinets. Our servers, switches, patch panels should be in locking cabinets. If we have these devices in locking cabinets, not just anyone has access to alter configuration on these devices. Locking cabinets should be used for server racks, should be used for patch panels, to prevent unauthorized access and modification of these devices. Somebody having unauthorized access could change the configurations on these devices and this will affect the integrity of devices on the network. Next we talk about mobile devices. Today, we carry around a lot of mobile devices: laptops, phones, tablets. Best practice for these devices is that one, we engage a screen lock. By having a screen lock, if your device is left lying around, nobody can just have unauthorized access because to get past the screen, they need to provide a lock. So the screen lock ensures unauthorized access to the content of your mobile device. We should also practice using a strong password. Some people would just put 0000, 1111 that is not good enough. By using strong passwords it ensures that only you know the password to get in, and it's much stronger than putting in a 4-digit 0-0-0 1-1-1. These days a 4-year-old kid will know to punch in 000, 4 zeros and that's it. Rather we want to use a strong password. Our devices should also support encryption. It is widely known that many devices are lost easily in taxis, left behind in restaurants. And so, if these devices support encryption, everything safe on the mobile device is encrypted. That way, your keys are required before anyone has access. So if you were to lose your device, its stolen, or you misplace it in a taxi or in a restaurant or in a shopping mall, the fact that the content is encrypted, gives assurance that nobody else has access to the content in the device. Encryption is the best form of security for mobile devices. So that whether they are lost, stolen or misplaced, there is assurance that the contents are encrypted and unauthorized access is prevented. We could also use remote wipe. Should you lose your phone we have remote wipe that allows your providers or your device administrators send a script to the phone. That script will either erase the content of the phone or cause damage on the phone is such a way that the contents could not be accessed anymore. And anyone with the phone just has a paper block; you know, a paper weight, that way unauthorized access is prevented. So remote wipe, a script is sent to the phone to nullify the contents of the phone. Devices should also be returned to IT before they are shared between users. Where if you return devices to IT, IT will sanitize. So sanitization is very important. We don't want a device leaving a high cadre person going to a low cadre person, that way there could be a compromise of data. So the devices should be sanitized before they are used by another person. The IT department is responsible for sanitization to ensure no data is left behind on these devices. Best practices that we should also practice voice encryption. In as much as we encrypt our data packets moving on the networks, we should also do voice encryption. These days we use voice solutions like VoIP (Voice over Internet Protocol). It is possible for malicious persons to packet sniff our transmission. So if we do voice encryption, our packets are encrypted as they move on our data lines and it prevents eavesdropping of our communications. And lastly it is best practice to ensure that we also have GPS tracking on our mobile devices. Applications are possible even if we don't have the settings. It is possible to download applications we can enable. If you have an Android device or an Apple device, you can download these applications and configure them such that if anyone were to take away your device it is possible to track these devices at their location; whatever location they are being used at. It is possible to track these devices online. And you could then follow up with the law enforcement to find your devices. However, sometimes some people are able to disable the GPS function. Some other users are able to synchronize pictures being taken on their mobile devices to their e-mail. So even if someone were to disable the GPS feature, pictures being taken on that device could be synchronized to your e-mail and by careful research it is still possible to identify locations where your devices now exist. So this is how we secure our mobile devices and best practice for securing mobile devices. [/toggle_content]

Up Next

Fundamental System Security

Commonly referred to as INFOSEC, refers to the processes and methodologies required to keep information confidential

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor