To protect your information from falling into the wrong hands, you not only need to worry about the software security but also consider physical security as a necessary step. And if your server with all installed security software is stolen from its premises? In such a scenario, all of your important and sensitive data will be lost and committed even after taking all software security measures. Therefore, the physical security of a system is important as well as the security of the software.
Physical security refers to protecting physical assets or computer / unauthorized physical access hardware. Threats can be caused by the company’s own employees. Important documents or hardware of your company can be sold by greed for a fraction of the actual cost of the item to rival companies or others who may benefit from it.
The physical security of their assets is relatively easy to accomplish. The three principles of physical security are:
- Installation / Local Insurance: The first principle is the safety of the place where it is kept your computer / hardware. You can strengthen protection by prohibiting the transition from unauthorized site, installing security systems, surveillance alarms, locking systems, adding extra ports to the site and limiting access to sensitive areas of business. In addition, you can set passwords for each electronic door, double its security staff or hire security guards for your office.
- Detect Theft: The second principle of physical security is to detect the theft on regular basis. It is important that you know if something is missing and that the loss occurred. The theft can be detected using surveillance cameras. They also allow you to find out who was involved in the theft. Recording through these cameras can also be used as evidence in court, as everyone knows.
- Recover Theft: The third principle of physical security is to make recovery plans from a theft and return to their normal business. For example, if one of your critical servers is destroyed or bank account details are stolen, then how long will it take you to get back to their normal business? Recovery theft involves great deal of planning, thinking, and testing. Good practice and always keep a copy of all important documents (backup) away from the business district, in a safe place.
Scanning Vulnerability scanning is a process on your system, application or network whose purpose is to find vulnerable agents or weaknesses. The vulnerability scanning tools let you discover the system or devices on your network if they are with compromised security. Once you know the weaker areas, you can fix them. However, if a vulnerability scan is done in your network by another person then that person can use it against you. It is therefore important that you use the scan before this person use against you first. The vulnerability scanning can be of two types:
- Active Vulnerability scanning: This is a proactive approach that an organization uses to correct all types of system guitar by monitoring core functionality. It includes scanning tools that require constant attention and vigilance and specific focus areas. Sometimes a product is configured to prevent particular situations. For example, the use of USB drives on a network.
- Passive Vulnerability scanning: This is a passive approach in which the security staff of a company monitors system security. For example, includes monitoring of operating systems in use, scan the LAN for the incoming and outgoing traffic, determining the services that are available, and determining the parts of the system / network that are vulnerable to security threats.
You can use both types of vulnerability scanning on your system / network to eliminate risks that can possibly be exploited by attackers.
Social engineering is a type of attack in which instead of interacting directly with a software, the attacker tries to exploit human behavior in people who might by chance disclose any important or confidential information. The attacker gain the trust of important people and handles performing actions that compromise the safety of the network. For example, a person using social engineering can try to win the trust of an employee who is authorized to access the network and make that person reveal to you any confidential information as the credentials (username / password) of the company.
This tutorial discussed various aspects of information security. Such as security software, hardware, security policies and was also approached about the security processes, security measures and security implementations to protect data from a company or person. I greatly appreciate those who took the trouble to read, I hope you have learned. Remember that this is only an introduction to this extraordinary area. Good studies!