Hardware Security – CompTIA Security+ SY0-401: 4.3

Our physical devices need as much security as our operating systems. In this video, you’ll learn how cable locks, safes, and locking cabinets can help keep our systems under our control.

<< Previous Video: Host-based SecurityNext: Host Software Baselining >>

We not only have to think about securing the software and our networks in our environment– these are very virtual things. They’re bits and bytes. And they aren’t something we can physically touch– we also have to protect our hardware, because our hardware systems– our laptops, our mobile devices– these devices are ones that people can take. They can damage. They can create problems for us.

One way to protect some of these more mobile devices, like our laptops, is to get something like a cable lock. This is really temporary security. You might go in the morning and lock your laptop to something solid, lock it to the desk that you’re using, lock it to the leg of the table. So it would be very, very difficult to lift up that table to try to get that laptop out of there. This all works really almost anywhere– if you’re in an airport, if you’re in a hotel, if you’re in a conference room– that way you can leave the laptop there and at least be relatively sure that’s not going to be easy for that laptop to walk away.

Most devices– if you look at the side of your laptops and your mobile devices– there’s a little notch there– it’s a reinforced notch, usually reinforced with metal– that you plug this particular lock in. You turn the key. And it’s now locked in there. It’s not coming out. And it’s a really, really easy way and a very quick way to lock your laptop or mobile device right to a box, to a system, to a table. It’s not going to go anywhere from there.

Obviously, this is not long-term protection. You can see this little cable is very, very thin. They have thicker ones.

But even so, a nice pair of cutters will come in, cut that cable very, very quickly. Some people have become very good at picking these round locks in different ways. There’s plenty of YouTube videos out there that can show you some of those techniques. So this is something where you’re really protecting your laptop to a certain point, but don’t rely on a cable lock to provide long-term security for your laptop. You can’t leave your laptop in one place and expect overnight for it to be there just because you put a cable lock in place.

A more permanent security technique would be to put a safe in place. And this is also a good way to protect your backups and your other media from anybody else gaining access to it, especially when we talk later about encryption technologies and being able to have a certain key available that we decrypt all of your data. You may want to keep that key, that software encryption key, inside a safe in your environment.

So you can also protect your laptops and your hard drives. You get very large safes. You can get smaller safes. And generally, you would get a safe that has a little bit of protection against the elements. They have these fire safe so that if your safe is in a building that has a fire, and it doesn’t get too hot where the safe might be, it’s designed to protect it up to a certain amount of heat.

Also water is a concern, especially in flood areas. You might want to get a safe that is airtight, that would not allow water to leak in to the media that you might have in there. Obviously, these safes are very, very big and very, very heavy, so they become difficult to steal. Our laptops walk away so easily because they’re so light and so small. But if we’ve got the laptop inside this big safe, we can be assured that nobody’s going to be easily walking away with something so big and so heavy.

We also have to be careful about managing the safe combination. We have to think about who would have access to the combination. We have to trust that that combination would not get out to other people.

And then we also have to think about what would happen if we lose the combination. Is the safe one that we can drill into easily? It might damage the safe. And it might take time. But at least we would have access to our media. All of these things combined really create a very, very secure environment if you need to lock something up and protect it over a long period.

If you’ve ever been into any reasonably sized data center, there are a lot of different pieces of equipment in there. And they’re usually managed by different people in the organization. You might have servers that are managed by the server team. You might have firewalls that are managed by the security team. There’s other types of equipment for the phone systems that there may be a completely different telecommunications department that manages all of that responsibility is going to lie with the owner.

And because data centers are generally so open, you might want to consider getting a locking cabinet, so that only your department might have access into this. And if there was anything that was to happen to that hardware, you know that it could only happen by somebody who has that key. You can take these racks, install them side by side, and have multiples there. They all might open with the same key or with different key.

Usually, you have ventilation in these racks in the front and the back. You can see some of these ventilation slots that are here. And, of course, the top and the bottom, there’s ventilation there as well. Sometimes there’s fans. So even though your locking it up, you still can keep air flowing through and keeping all of those systems cool.

By using some of these hardware techniques, we can then be assured that our laptops, our media, and anything else that we have in our environment is going to stay as safe as possible.