Physical security is as important as data security. When a computer is taken, the data is also stolen. It is important to restrict access to premises using fences, door locks, and gates. Protect the network infrastructure, such as cabling, telecommunication equipment, and network devices, with the following:
- Secured telecommunications rooms, equipment cabinets, and cages
- Cable locks and security screws for hardware devices
- Wireless detection for unauthorized access points
- Hardware firewalls
- Network management system that detects changes in wiring and patch panels
Disabling AutoRun
Another method of hardware security is to disable the AutoRun feature of the operating system. AutoRun automatically follows the instructions in a special file called autorun.inf when it is found on new media. AutoPlay is different from AutoRun. The AutoPlay feature is a convenient way to automatically identify when new media, such as optical disks, external hard drives, or thumb drives, are inserted or connected to the computer. AutoPlay prompts the user to choose an action based on the content of the new media, such as run a program, play music, or explore the media.
On Windows, AutoRun is executed first, unless it is disabled. If AutoRun is not disabled, it follows the instructions in the autorun.inf file. On Windows Vista and Windows 7, AutoRun is not allowed to bypass AutoPlay. However, on Windows XP, AutoRun bypasses AutoPlay and might launch an application without prompting the user. This is a security risk because it can automatically run a malicious program and compromise the system, so it is recommended to disable AutoRun.
To disable AutoRun in Windows XP, follow these steps:
Step 1. Select Start > Run.
Step 2. Type regedit and click OK.
Step 3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom.
Step 4. Double-click AutoRun. In the Value Data text box, type 0 and click OK, as shown in Figure 1.
Step 5. Close the Registry Editor.
Step 6. You might have to log out and then log back in for this change to take effect.
Two-factor Authentication
Computer equipment and data can be secured using overlapping protection techniques to prevent unauthorized access to sensitive data. An example of overlapping protection is using a password and a smart card to protect an asset. This is known as two-factor authentication, as shown in Figure 2. When considering a security program, the cost of the implementation has to be balanced against the value of the data or the equipment to be protected.