Centre d’abonnement

Des informations en temps réel du chef de file de l'industrie TI.
Photo of hands on a keyboard

Security Loopholes on the Other Side of the Firewall

18 Sep 2015 by Howard M Cohen

When most people think about data and network security, they seldom think about physical security. They don’t consider the actions of users beyond their computers. But a look at common, physical scenarios for security loopholes — or if you will, keyholes — below show it’s just as important to lock physical barriers, too.

Is the server closet door locked?

One such situation included representatives from a major corporate customer. The representatives were sitting at the table with an IT Service Provider (ITSP), claiming their company had the best data and network security possible. The ITSP salesperson asked the classic closing question, “If I can show you that your security is not complete, will you award us the security management contract for your network?”

The head of the department, smiling and confident, said, “Certainly.” With that, the salesperson gestured toward a door across from the conference table. 

“That’s your server closet, isn’t it?” When the department head nodded, the salesperson stood up, walked over to the door and opened it. He didn’t have to ask, “Not locked, is it?”

Controlling physical access to your server room should be part of your company’s IT security plan.

Are you still logged onto the network?

Another situation involved a chief security officer (CSO) of another large corporation who brought in an ITSP to attempt to breach his network security. After meeting with the CSO, the ITSP toured the facility.

As he was walking through the halls, he noticed the door to the CEO’s office was open. He walked toward the open door and, when he saw the CEO had already left for the day, entered the room and sat at the CEO’s desk. He immediately noted the CEO’s computer was still switched on and, in fact, logged into the network.

The next morning, the CSO arrived at the office at the usual time and, upon checking his email, found a message from his CEO informing him that his employment had been terminated.

Stunned by the message, he proceeded immediately to the CEO’s office, where he found the CEO chatting with his ITSP. Undeterred, he demanded, “What’s the meaning of this?”

The CEO looked at him quizzically. “What are you talking about?” he asked — to which the CSO immediately replied, “This email, telling me I’m fired.”

“Oh,” said the ITSP. “I sent that. You can ignore it.” But the CSO knew immediately that he couldn’t.

Auto log off, user access security and an employee log-off policy when stepping away from the computer are all critical parts of any company’s IT security plan.

Is there an open door to disaster?

Leaving a server-room door unlocked makes it insecure. Any user with reasonable access privileges that steps away from a logged-in — but unattended — computer also creates an insecure network and data. It is, in fact, all too easy to negate all the investments your customers make in data and network security.

Do you have end-to-end security?

Security must be integrated into every phase of your customer’s data network. Assuring that you provide a complete set of end-to-end security services is good news for your customer because it provides the highest possible level of security for their network and data. It’s also good news for your business, because it expands your scope of services, which always increases your revenue and profitability.

A comprehensive data and network security strategy includes:

  • Written security policy
  • Authentication and authorization
  • Network access control
  • Identity management
  • Encryption of data in transit
  • Intrusion prevention systems
  • Firewall
  • Security Information and Event Management (SIEM)
  • Heuristic behavior-based monitoring
  • Application security
  • Encryption of data at rest in storage

Each of these is a substantial project that will require significant investments of time and budget — but for the customer, the cost is far less than the cost of remedying a breach.

The security experts at Insight can walk you through each of these offerings to help you determine which you will want to implement yourself, and which will require a reliable partner. Contact your Insight representative today for more information at 1.800.INSIGHT.