Skip to content

Page159

System Defenses

System Defenses are one of the last lines of defense in a defense-in-depth strategy. These defenses assume an attacker has physical access to a device or media containing sensitive information. In some cases, other controls may have failed and these controls are the final control protecting the data.

Asset Tracking

Detailed asset tracking databases enhance physical security. You cannot protect your data unless you know where (and what) it is. Detailed asset tracking databases support regulatory compliance by identifying where all regulated data is within a system. In case of employee termination, the asset database will show exactly what equipment and data the employee must return to the company. Data such as serial numbers and model numbers are useful in cases of loss due to theft or disaster.

Port Controls

Modern computers may contain multiple “ports” that may allow copying data to or from a system. The Universal Serial Bus (USB) is a common example; newer systems usually have multiple USB ports. USB drives can be small (some are smaller than a piece of chewing gum) and inexpensive and may hold dozens of gigabytes or more.

Port controls are critical because large amounts of information can be placed on a device small enough to evade perimeter contraband checks. Ports can be physically disabled; examples include disabling ports on a system’s motherboard, disconnecting internal wires that connect the port to the system, and physically obstructing the port itself.

Ports may also be electronically locked via system policy. Locking ports via Microsoft Windows Active Directory Group Policy is an example of enterprise-level port controls.

Environmental Controls

Environmental controls are designed to provide a safe environment for personnel and equipment. Power, HVAC, and fire safety are considered environmental controls.

Electricity

Reliable electricity is critical for any data center, and is one of the top priorities when selecting, building, and designing a site.

Types of Electrical Faults

Electrical faults involve short- and long-term interruption of power, as well as various cases of low and high voltage. All types of electrical faults can impact availability and integrity. A blackout may affect availability of the system, for example, but can also impact integrity if a hard disk is damaged due to sudden loss of power.

The following are common types of electrical faults:

  • Blackout: prolonged loss of power
  • Brownout: prolonged low voltage
  • Fault: short loss of power
  • Surge: prolonged high voltage
  • Spike: temporary high voltage
  • Sag: temporary low voltage