5. Physical Security
Physical security means that you can minimize security
risks by only giving physical access to the system to those who need it.
Typically, users do not need access to the console if your system is a
server. And for workstations with a
monitor, you can use xterm or remote telnet into the system.
The reason you donít want to give users access to the
console is that once they have it, they can halt the system and reboot from
CD-ROM. Once the system is booted
from CD-ROM, they simply mount your disks and change the root password or do
anything else they care to do. Even
if they donít have a bootable CD-ROM handy they can still get into your
Here are a few suggestions that may help you keep your systems physically secure:
∑ Keep the systems and peripherals in a secure area accessible by only those who must access them for administration.
∑ Keep backup tapes also in a secure area.
∑ Use an UPS to keep power constantly available to your systems.
∑ Have a recovery plan for disaster recovery in case the worst happens.
∑ Have a way to detect penetration of the physical area (e.g. swipe cards that log who comes and goes or video cameras)
∑ Check your vendors Ė know who they are and why there are in your area. If a vendor must have root access to work on your system, key it in for them. Donít be shy about asking them to turn the other way while you type. When theyíre done, change the root password anyway. Make sure you understand what they did.