133
15
information technology
and Security
TRUETT GRAHAM RICKS
With the prevalence of computers in the workplace, and businesses
integrating more and more technical systems, dependence has been
created on computers and technical systems. is dependence makes
computers and technical systems an easy target for those looking to
gain access to a business’s data. With businesses storing the majority of
data on systems with access to the Internet, also meaning there is access
from the Internet to those systems, it is critical to do everything pos-
sible to protect that data. In recent times, data breaches such as those of
major retailers resulting in theft of the data of millions of individuals,
and even data breaches of government sources leaking data have served
to show the importance of data and information security. Such data
breaches not only expose sensitive information, but also can damage
relationships with clients whose data may be exposed.
e level of security required by any network is wholly depen-
dent on the type of data contained on the network. ere is a large
Contents
Workstations 134
Software 135
Hardware 137
Network 139
People 143
Special Considerations for Cloud Computing 144
Summary 144
Software 145
Hardware 145
Network 145
Endnotes 146
134
PhysiCal seCurity and safety
difference in the necessary level of protection on a network for a law
office than there would be for a florist. When analyzing the infor-
mation security of a business, the audit is typically in three parts:
workstations, network equipment, and people. ese three areas are
essential to the security of technical systems. is chapter will look
at these areas and the most important elements of each for a business
owner or manager to be aware of.
Workstations
When performing a security audit of a business, the first on-site
task is to check the workstations. e security of workstations is the
most basic level of security, one that any business should consider
important. In the case of an attack on a business, the workstations
are the most common target. In a business, workstations are gener-
ally plentiful, and they tend to be easy to physically access. ey
also have a few inherent weaknesses that make them easy targets
for those looking to gain unauthorized access to a network. ere
are free tools readily available online which allow someone with a
very basic knowledge of computers to wipe a password for a local
user account in a few short minutes. is is an act that allows unre-
stricted access to the computer. One very important thing to con-
sider is that an attack on a local computer is not limited to someone
sitting down at the computer and using it. An act as simple as
inserting a hardware keystroke logger between the keyboard and
computer or even a simple USB flash drive inserted in the back of
a computer can transfer information or give access to unauthorized
persons.
When checking the security of a workstation, it is important to
begin with the most obvious and easy-to-correct issues first. e
task is not just closing all of the holes, but closing as many as fast as
you can. If closing one security hole takes an hour of work but there
are five other holes that can be plugged in the same amount of time,
always start by closing the five holes. It is important to remember
there is a careful balance that must take place between closing big
holes and closing multiple holes; for this reason, most technicians will
work from easiest to hardest to close.

Get Physical Security and Safety now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.