Network Physical Security in San Francisco Bay Area

Activsupport's Guideline for physically securing servers

This document covers the basics of physical security in a network environment. The aspects covered hereafter are guidelines for physically securing your computing environment and to harden your servers/stations within your network. Some points may not be necessary depending on the needs and budget of the organization. However, to achieve and maintain the highest level of security in your environment, these following points should be considered seriously.
 
Most of the points mentioned below primarily apply to servers. Some of them, however, can be applied to workstations as well. 

Physical security
 -> Physically securing the servers 
Servers must be placed in a locked room
If needed, protect the room using electronic card access, thus recording any access to the room. 
Provide temperature and humidity controls to avoid any equipment damage. 
Install a UPS on any server and its associated software to allow an automatic server shutdown when there is a power outage.
If no hardware-based RAID system is installed in servers, there should be at least a software-based RAID system installed. If needed, use surveillance cameras. 
Lock CPU case and ensure key is protected. Make a backup key and keep this key in a safety deposit box (outside the office). The server room should be arranged in a way that people outside the room cannot see the keyboard (thus seeing users/admin passwords). 
Any unused modem must be disabled/removed. 
No password evidence around the system (or under keyboard!). 
Any documentation concerning LAN settings, telecom equipments settings. 
Important user IDs and passwords should be kept in a safe/restricted location. 
Only a limited number of people should have access to the server room (no maintenance person should be allowed in these rooms). 
Keep track of your computer inventory (e.g. laptops are often stolen without company knowledge).
 
-> Protect the system from undesirable booting 
Boot sequence in BIOS must be modified. The hard drive must be setup first and the floppy thereafter. 
If possible, modify the BIOS settings so that the key sequence to access the BIOS is not displayed during the boot up sequence. 
On mission-critical servers, floppies and CD-ROM could be disabled or even removed physically to provide the highest level of physical security. 
BIOS password must be set using a hard-to-guess method. (Good length, mixed letters and numbers) 

-> Set up storage protection for back-up tapes
Back-up tape drive and tapes must also be located into a secured room. 
Secure off-site storage system for back- up tapes.
Note: The information contained on the tapes is crucial information for the company. Therefore, files being backed up can be encrypted on tapes to ensure maximum confidentiality.

Conclusion:
This document covers security from a physical perspective. However, this is far from being a complete analysis for a secured network. Besides physical security, Activsupport recommends having strong security policies, one penetration test per year and an internal audit of the systems in the clients network. 

For more information about Activsupports complete security offer, please browse our security section. For straight answers to all your VPN questions we recommend reading our VPN FAQ. If you have any questions with regard to your network physical security please feel free to contact us.