Time
56 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Hardware Security I this lesson we cover Hardware Security and examine many of the resources used to prevent theft of company hardware within and outside the network environment, and preserving the integrity of what the hardware itself contains. We'll look at cable locks and other unauthorized device removal prevention resources. You'll learn about screen protection and password techniques for maintaining the integrity and confidentiality of data that is displayed on the screen and contained on physical hard drive and network drives. [toggle_content title="Transcript"] Now we talk about hardware security. In discussing hardware security, we have to discuss cable locks, safes and locking cabinets. We have infrastructure lying around everywhere in the facility, and if we don't need them moving away, best practice is we use cable locks to lock them down. You want to lock the hardware to the desk to prevent unauthorized moving around or taking away from the facility. It could be just to prevent the re-arrangement of the infrastructure you have, you could use a cable lock. Most likely, we use cable locks for laptop devices, you want to use a cable lock, lock the laptop down to the desk such that unauthorized persons cannot just willingly take the machine away. We use cable locks to prevent devices we don't need moving around, staying put in one place. For example you go to the bank, you use a pen at the bank, you like the pen but there is a chain holding the pen to the desk. This is to prevent you walking away with the pen. We use cable locks to guarantee availability. So you cannot move the device away. You can't leave with the device. We would also use a safe to lock away spares, documents - sensitive documents, we lock them in a safe. We don't just leave them lying around on a desk. If you have some spares, devices maybe tapes and documents that need to be kept safe, best practice is that you lock them up in a safe. And only certain individuals should have access to the code to the safe. If you have a safe and everybody knows the access code to the safe, you might as well not have a safe. We also should have locking cabinets. Our servers, switches, patch panels should be in locking cabinets. If we have these devices in locking cabinets, not just anyone has access to alter configuration on these devices. Locking cabinets should be used for server racks, should be used for patch panels, to prevent unauthorized access and modification of these devices. Somebody having unauthorized access could change the configurations on these devices and this will affect the integrity of devices on the network. Next we talk about mobile devices. Today, we carry around a lot of mobile devices: laptops, phones, tablets. Best practice for these devices is that one, we engage a screen lock. By having a screen lock, if your device is left lying around, nobody can just have unauthorized access because to get past the screen, they need to provide a lock. So the screen lock ensures unauthorized access to the content of your mobile device. We should also practice using a strong password. Some people would just put 0000, 1111 that is not good enough. By using strong passwords it ensures that only you know the password to get in, and it's much stronger than putting in a 4-digit 0-0-0 1-1-1. These days a 4-year-old kid will know to punch in 000, 4 zeros and that's it. Rather we want to use a strong password. Our devices should also support encryption. It is widely known that many devices are lost easily in taxis, left behind in restaurants. And so, if these devices support encryption, everything safe on the mobile device is encrypted. That way, your keys are required before anyone has access. So if you were to lose your device, its stolen, or you misplace it in a taxi or in a restaurant or in a shopping mall, the fact that the content is encrypted, gives assurance that nobody else has access to the content in the device. Encryption is the best form of security for mobile devices. So that whether they are lost, stolen or misplaced, there is assurance that the contents are encrypted and unauthorized access is prevented. We could also use remote wipe. Should you lose your phone we have remote wipe that allows your providers or your device administrators send a script to the phone. That script will either erase the content of the phone or cause damage on the phone is such a way that the contents could not be accessed anymore. And anyone with the phone just has a paper block; you know, a paper weight, that way unauthorized access is prevented. So remote wipe, a script is sent to the phone to nullify the contents of the phone. Devices should also be returned to IT before they are shared between users. Where if you return devices to IT, IT will sanitize. So sanitization is very important. We don't want a device leaving a high cadre person going to a low cadre person, that way there could be a compromise of data. So the devices should be sanitized before they are used by another person. The IT department is responsible for sanitization to ensure no data is left behind on these devices. Best practices that we should also practice voice encryption. In as much as we encrypt our data packets moving on the networks, we should also do voice encryption. These days we use voice solutions like VoIP (Voice over Internet Protocol). It is possible for malicious persons to packet sniff our transmission. So if we do voice encryption, our packets are encrypted as they move on our data lines and it prevents eavesdropping of our communications. And lastly it is best practice to ensure that we also have GPS tracking on our mobile devices. Applications are possible even if we don't have the settings. It is possible to download applications we can enable. If you have an Android device or an Apple device, you can download these applications and configure them such that if anyone were to take away your device it is possible to track these devices at their location; whatever location they are being used at. It is possible to track these devices online. And you could then follow up with the law enforcement to find your devices. However, sometimes some people are able to disable the GPS function. Some other users are able to synchronize pictures being taken on their mobile devices to their e-mail. So even if someone were to disable the GPS feature, pictures being taken on that device could be synchronized to your e-mail and by careful research it is still possible to identify locations where your devices now exist. So this is how we secure our mobile devices and best practice for securing mobile devices. [/toggle_content]

Video Transcription

00:04
we talk about hardware security.
00:07
In discussing hardware security, we have to discuss, um, kay. Bollocks. Safe on locking cabinet.
00:13
We have infrastructure lying around everywhere in the facility on if we don't need them moving away. Best practices. We use cable locks to lock them down. You want to lock them along the hardware to the desk
00:27
toe, prevent
00:28
unauthorized
00:30
moving around or taking away from the facility.
00:35
It could be just to prevent the rearrangement off the infrastructure you have. You could use a cable. Look,
00:41
most of it
00:43
likely we use cable logs for laptop devices.
00:47
You want to use the cable? Look, look the laptop down to the desk so that
00:52
on the thrice person's gonna just willingly take the machine away.
00:56
We use cable looks to prevent
00:58
devices we don't need moving around. Staying put in one place,
01:03
for example. You go to the bank, you use a pen at the bank you like depend, but there's a chain holding the pen to the desks. This is to prevent you walking away with the pet. We use cable looks, toe guarantee availability so
01:19
you cannot move the device away. You can't live with the device
01:25
We would also use their safe
01:26
to lock a way. Spares documents, sensitive documents. We lock them in the safe. We don't just leave them lying around on a desk.
01:36
If you have some spares, devices may be tapes and documents that need to be very kept safe.
01:45
Best practices that you lock them up in the safe on only certain individuals or
01:49
should have access to the code to the safe. If you have a safe and everybody knows the access code to the safe, you might as well not have a safe.
02:00
We also should have locking cabinets.
02:02
I will sell of us, um,
02:07
switches.
02:07
Watch. My nails
02:09
should be in looking cabinets if we have these devices in locking cabinets, not just anyone has access to alter configuration on these devices.
02:21
Looking companies should be used for Sabah rocks.
02:24
She'll be used for parts finals
02:28
toe prevent unauthorized access on modification off these devices. Somebody having unauthorized access could change the configuration on these devices, and this would affect the integrity
02:39
off devices on the network.
02:42
Next we talk about mobile devices.
02:45
Today we carry around a lot of mobile devices laptops,
02:49
phones, tablets,
02:52
best practice for these devices is that one. We engage a screen look
02:57
by having a screen log. If your devices left lying around,
03:04
nobody can just have unauthorized access because toe get past the screen, they need to provide a look.
03:12
So the screen look Asia's
03:14
unauthorized access to the contents of your mobile device.
03:17
We should also practice using a strong password. Some people would just put 00001111 That is not good enough.
03:27
By using strong passwords, it ensures that only you know the possible to get in
03:31
on. It's much stronger than putting in the four digits. 000111
03:38
These days, a four year old kid will know punching 000
03:42
four zeros, and that's it. Rather, we want to use a strong password.
03:46
Our device issued also support encryption.
03:52
It is widely known that many devices are lost easily in taxis left behind in restaurants
03:58
on. So if these devices support encryption, everything saved on the mobile devices encrypted That way, your keys are required before anyone has access, so if you were to lose your device, it's stolen or you misplace it in a taxi or in a restaurant or in a shopping mall.
04:15
The fact that the content is encrypted gives assurance
04:18
that nobody else has access to the content in the device.
04:23
Encryption is the best form of security for mobile devices, so that whether they are lost, stolen or misplaced, there's assurance that the content encrypted and on authorized access is prevented.
04:36
We could also use remote wife.
04:39
Sure, you lose your phone.
04:42
We have remote wipe that allows your providers or your device administrators send a script to the phone. That script will. Either you raise the content of the phone or fizzy caused damage or the phone in such a way that the contents could not be accessed anymore.
05:00
That anyone with a point
05:02
just has a paper block. You know, people wait
05:06
that way. No unauthorized access is prevented. So remote. Wipe.
05:12
It's scripted, say
05:14
to the phone
05:15
toe. Nullify the contents of the phone
05:17
device issued Also be returned toe I t. Before they are shared between users
05:24
where if you return devices toe, i t. I t will sanitize. So sanitization is very important. We don't want a device living a hike it as person going to a locator person. That way there could be a compromise off of data,
05:39
so the devices should be sanitized before they are used by another person. The department is responsible for sanitization to ensure no data is left behind on these devices.
05:50
Best practices that we also should practice voice encryption.
05:55
Inasmuch as we encrypt our that our pockets moving on the networks,
05:59
we should also do voice encryption. These days we use voice solutions like V O I p voice over Internet protocol.
06:06
It is possible for malicious presents to sniff pocket sniff our transmissions. So if we do voice encryption
06:15
our pocket encrypted as they move on our data lines on it prevents eavesdropping on our communications
06:25
and lastly,
06:28
it is best practice to a show. We also have GPS tracking on our mobile devices. Applications are possible. Even if we don't have the sentence, it is possible to download applications which we can enable.
06:41
If you have android device on Apple device, you can download this applications on configure them such that if anyone were to take away your device, it is possible to track these devices
06:53
at their location, whatever location they're being used, that it is possible to track these devices online on dhe. You could then follow up with a law enforcement toe. Find your devices.
07:03
Um, however,
07:05
sometimes some people ableto disable the GPS function.
07:11
Uh, well, somewhat. I use us able to synchronize pictures being taken on their mobile devices to their email.
07:18
So even if someone were to disable the GPS feature
07:23
pictures being taken on that device could be synchronized to your email on bear. Careful research. It is still possible toe identify locations where your devices now exist. So this is how we secure our mobile devices. Best practice for securing mobile devices.

Up Next

Fundamental System Security

Commonly referred to as INFOSEC, refers to the processes and methodologies required to keep information confidential.

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor
Instructor