Security Management Guide (G06.24+, H06.03+)
Concerns for the System Administration Team
Security Management Guide—522283-008
7-10
Physical Security
Physical Security
Weakness in the physical security of your computer installation can provide an easy
avenue of intrusion. The following paragraphs discuss some of the more common
areas where you should be concerned about physical security.
The Computer Room
Access to the equipment in the computer room can provide ample opportunity for both
system intrusion and accidental or malicious system damage. Limit access to the
computer room according to the guidelines of your security policy.
The System Console
If your system has an system console, protect it by leaving it locked. An intruder can
use an unlocked system console to bring the system down or change values through
the debugger. A locked system console is no more threatening to system security than
any other terminal, so it can be used as a user terminal. Like other user terminals,
however, the system console can display sensitive information, so precautions that
apply to user terminals also apply to the system console. Avoid leaving the system
console logged on as a privileged ID and avoid leaving the key within reach of an
intruder. For additional security, rekey your system console with a unique key. Initially,
all system consoles use the same key.
The Remote Maintenance Interface (RMI)
For systems with an RMI, be sure the remote maintenance password is enabled and is
known only to those responsible for maintaining the system. In especially sensitive
environments, disable the RMI when you are not diagnosing the system.
The Computer Cabinet
Protect the computer cabinets from accidental damage and deliberate malicious acts.
Access to computer cabinets might allow an intruder to bring down certain processors
or peripherals. Anyone with access to the computer cabinets and the appropriate key
could perform a system load.
The Printers
Intruders can get the information they need for a break-in by examining the output of
system printers. For example, user account numbers, telephone access numbers and
codes, and even privileged passwords might be printed on publicly accessible printers.
Printed copies of electronic mail can also provide names that enable intruders to
deceive others into presuming the legitimacy of the requests intruders make for
information.
If your printers print sensitive information, make sure that each piece of output is
delivered only to its proper recipient.