Protecting Physical Assets Part 2

00:00

welcome back to acid security course, and in this lesson, I'm going toe. Continue talking about how to protect physical assets,

00:08

and in this lesson, I'm going to talk about just how the correct idea equipment on the physical side.

00:16

So when we talk about idea carpentry, just recalculate the types of fighting equipment, which are we going to talk about protecting? So first of all is

00:26

desktop PCs

00:28

and because of their size and, uh, the way they're there,

00:34

contained in the end of the office space,

00:37

they're hardly to be stolen unless somebody physically breaks into the office space, comes with the truck or when, and then start stealing PC's.

00:48

But that part is not focus of what we're talking in this course. So this is part of physical security, and the physical security is one completely different

00:59

field. And, uh, it's not so important from for from I t standpoint. But what is important from my standpoint, is that the configuration of the PC isn't change. So if somebody manages to sneak in the office or if it's a disgruntled employee or whatever,

01:19

they can take parts from the PC. For example, if a PC has eight gigabytes of RAM. It's usually

01:25

to the modules for gigabytes. So if there are 100 pieces in the in the office and they take one of these, PC will still work. They will, sometimes low slightly, works likely slower,

01:40

but they will work. But if you don't have anything to track it, you you might be ripped off without even noticing for quite a while.

01:52

The rial subject off I t security in terms off physical protection, our mobile devices. So no, by noble PC's tablets and mobile phones,

02:02

because they can be lost and they can be stolen. And there are two different approaches when you try to protect them from. Actually, they're not. Don't go to different approaches. There is one single approach, but two different things you're looking for in case if they're lost or if they're stolen.

02:23

As for service and networking equipment, they are usually saved a sit in in the server room unless they're not, in which case they should be.

02:32

But the situation in which they can be stolen is when when there is some kind of emergency. For example, if there's an air freight going on and everybody's leaving the building which is not so likely. But if there is a fire alarm, everybody will leave the building

02:51

and then the server room might stay

02:54

open.

02:55

Uh, it's usually why did, by having the door automatically close when they are

03:04

when there is nobody holding them. But also, there should be some kind of sensor checking if there are people inside the server room. And if there is nobody there and there is some kind of emergency you went happening inside the office,

03:21

then these or should be locked with some additional security. Usually the doors of server room are secured with some kind off card key or physical walk.

03:34

Uh, but there should be additional step to security if there is some kind off emergency situation happening off course, the main priority is to keep people safe. So if there is somebody in that room

03:49

or you are not sure if there is somebody in the room, no additional procedure should be there. So this person should be able to get out

03:57

easily.

03:59

Um, the other

04:00

component of fighting equipment our printers, network scanners, copiers, multi function devices, especially those that sit in the whole Andi, sometimes not sometimes but in quite a lot of cases, they were stolen by people pretending to be a repair crew,

04:20

and they come in this year on. We cannot repair it on site. We have to take it to the Service

04:26

Depot

04:28

and they just walk with it outside. So sometimes these things have deals and they could be just pushed, pushed outside. So it's Ah,

04:38

it's a thing.

04:40

Uh, if nobody's

04:42

careful enough in your company of security people, people at the reception, this might happen, but you should at least have a track off what has happened?

04:50

So we come to the

04:54

first thing about protecting right equipment, and it's some kind of asset management software. And basically, asset management software is a piece of software that usually sits on one of your servers. Or if you have just one on your server

05:09

and that software is there to track her old devices, I T devices in the company.

05:15

It's usually not happening because sometimes these Softwares air built just attract, for example, PC's. They could be no books. They can be desktop PC's, but, for example, printers, it's usually happening that people are using a difference off there for for

05:34

printing devices.

05:35

In those cases, you need both of them and these Softwares there should be able tow truck if they're there. If some device goes off line, it should be able to

05:47

notify some administrator about that.

05:51

And let me just show you, in short, how one of these Softwares work there. Quite a lot of them on the market. Some of them are really expensive, some of their free. Some of them can come with the operating system on the server itself.

06:10

But let's see just one example and how it can track the devices and what's inside devices.

06:17

Okay, so this is the example off

06:23

Asset Management's after this one. I'm showing you is called spice words there, quite a lot of them available on the market. Some of them are free. Some of them are paid. This one is hosted locally Sona Server that is hosting this thing network.

06:39

But the access to the Spice Works server is through Web interface through a browser. So this is the main consul off the Spice Works Asset Management tool. And what you

06:56

you can see here are the list of the devices that are

07:00

on the network in order for device to be seen here. It has toe have agent installed,

07:09

which is sending information to the server.

07:12

And here you can see the general information about the device so you can see the manufacturer. You can see the model device type, which is laptop. You have the purchase date, and when you click on configuration,

07:30

you see that this device has

07:31

core I seven processor. It has eight gigabytes of memory, and it has Windows 10 pro operating system anti viruses

07:44

Kaspersky

07:46

anti virus. So let's look at the other machine, some other machines. So let's choose, for example, this one.

07:57

And when you look at this one, it has been those defenders, so default with those anti virus. It has four gigabytes of memory,

08:07

and what we can do for each of these devices is Quicken notes. Here and here. We have the original configuration of this device, so it should have eight gigabytes of RAM. It should have one SST 240 plus

08:24

one hard driver is cereal 80 a drive

08:28

of 500 gigabytes, and it should have Woodrow 600 BC I express graphics card.

08:37

So when you click on configuration here, we can see that the hard drives air here. The size of the difference in size, you see, is because of the former thing. You see the

08:50

description of the devout, the network interface, and essentially everything thinks you. This the why should have is there except eight gigabytes of memory. So we can see now that this device has been tempered. Now, if the administrator or somebody from

09:11

service grew did that on purpose,

09:13

then it should be here in the notes. But because it isn't, we can now say, for example, that somebody has taken for gigabytes of RAM out of this machine.

09:26

So thistle is the way the asset management can monitor desktop machines, notebook machines.

09:37

Okay, you have seen how the software works, and you have seen, for example, that it can see all devices on the network. You can. You have seen how it shows the last time the server has been communicating with the rice

09:54

and you have also seen that we can see the exact configuration of the device

09:58

it's achieved by installing three agent on on PC, so we can see what the device, the West name, where it's located and of course, what's the configuration? So you can also see that when you have the supposed configuration and there is a difference between that

10:16

and what is actually in the device, the administrator can see these things and act appropriately. So

10:24

try to

10:26

notice when the change has happened and

10:30

and toe to see when somebody took some memory, for example,