VERMONT COMPUTERS STOLEN FROM HIGH SCHOOL The Times Argus Online - 20 computers stolen from school lab20 computers stolen from school lab
March 20, 2004

ASSOCIATED PRESS

SOUTH BURLINGTON - Police on Friday were investigating the theft of tens of thousands of dollars of computer equipment from the South Burlington High School.

A teacher discovered the empty computer lab on Thursday morning.

Between two and four thieves broke into the school and then the computer lab between midnight and 4 a.m. Thursday, said South Burlington police Cpl. Diane Reynolds.

The thieves made off with 20 iMacs and Gateway computers, 12 computer monitors, two networking hubs and a projector, Reynolds said.

The items - worth more than $20,000 - were stolen from a room in the foreign-language wing, Principal Patrick Burke said.

Reynolds said she has several suspects, all of whom are in their late teens or early 20s and students at the school. She interviewed one suspect Thursday and planned to talk to another one on Friday, she said.

Some evidence from the scene was sent to a lab for fingerprint and DNA analysis, Reynolds said.

The theft will affect studies at the school, Burke said. The computers had special software for studying and communicating in foreign languages, he said.

"That lab is used every period of the day, and teachers build their lesson plans weeks in advance in anticipation of using that lab," the principal said. "It's a bigger loss educationally than the money."

There are markings on the computers that identify them as property of South Burlington High School, and police know the serial numbers of the machines, Reynolds said. She cautioned people to be wary of anyone selling used computers.

Anyone with information about the theft is asked to call South Burlington police at 846-4111 or Champlain Valley Crime Stoppers at 864-6666

LAS VEGAS ISC WEST 2004 ISC EXPO/West is North America's premier security eventIt's a rapidly evolving world ­and security is THE priority. To position your company for success, you need to be informed. Seek out the latest technology, identify cutting-edge trends, and take home insights you can apply now.

Mark your calendar for the International Security Conference West.


Save the Date!
Conference:
March 30th
8am - 4pm
March 31st
9am - 5pm
April 1st
9am - 5pm

Exhibits:
March 31st
10am - 5pm
April 1st
10am - 5pm
April 2nd
10am - 3pm

UK JUNIOR SCHOOL ROBBED OF COMPUTERS AND HARD DRIVES Ripley Today
The thieves stole three computer hard-drives at around 7.30pm last Wednesday, and it is suspected that if it were not for the school's alarm system, more equipment would have been taken.
Headteacher Stephen Booth, said: "The pupils are extremely upset about it. It is a violation of their space."
During the raid, the thieves caused considerable damage to the Church Street school by forcing external and internal doors.
They also dropped a further five computers on the hall floor as they hurriedly made their getaway. School staff and pupils are now anxiously waiting to discover if these machines are still in working order.
Mr Booth added: "One of the features of this school is that we have a nice computer suite. We were meant to have classes in the suite on Thursday, but the theft meant that this class couldn't go ahead.
"Although we are covered by insurance, our premiums keep going up. This means we will be out of pocket as a school. Money that should have been spent on other things will now have to go towards the insurance. It is just not fair."
School governor, Paul Smith, said: "The people that commit these crimes are taking resources from schools that take a lot of effort and funding to provide. While these machines are being replaced, it means pupils are without a useful resource. It is very upsetting for everybody involved and I urge anyone with information to contact the police."
The computers that the thieves stole were Dell Optiplex GX240 models. These are a distinctive black and grey colour. The thieves only stole the hard-drive base units, they left the accompanying keyboards, monitors and mice.
Alfreton's Community Safety Officer, PC Bob Lee, said: "This incident is very distressing for the children and it's very disruptive to the school place.
"The incident happened fairly early in the evening and I am pretty sure there would have been a car involved. We would like to hear from anyone who saw vehicles leaving the vicinity."
If you have any information on this incident, please call Derbyshire police on 0845 123 33 33 or call



18 March 2004

UTAH INTERNAL COMPONENTS STOLEN FROM COMPUTERS AT ACCOUNTING FIRM The Salt Lake Tribune -- Private information stolen from Utah computersAccountant David Saunders was shocked by what he found when he arrived at his office in Providence, near Logan, early this week.
Burglars had cut the power and telephone lines into the building housing the offices of Saunders & Wangsgard. Once inside, they carefully opened the company's computers and stripped out the internal processors and hard drives.
"They took some cash, too, but it looks like what they were really after was the computers," Saunders said.
The missing computer hard drives contain private financial information -- bank account numbers, routing codes and Social Security information -- for approximately 2,000 of Saunders & Wangsgard's clients -- a large percentage of whom had filed their tax returns electronically the past several years.
Now, Saunders fears many of his clients may fall victim to identity theft.
"We've sent out letters to all of our clients warning them about what has happened and urging them to contact the credit bureaus -- Equifax, Experian and TransUnion -- so they can have a fraud watch put into place," Saunders said.
At the suggestion of law enforcement, Saunders & Wangsgard also urges its clients to consider changing their bank account numbers
The Federal Trade Commission three weeks ago reported that 42 percent of the fraud complaints it received last year were related to identity theft. It noted 1,326 Utahns fell victim to identity theft last year.

The Cache County Sheriff's Office is still investigating the case and checking on potential leads.
Lt. Von Williamson, a Sheriff's Office spokesman, said burglars ordinarily steal the entire computer. "That is what makes this case unique," he said. "Whoever broke in took the time to open up the computers so they could just take the hard drives."
Williamson suggested businesses that have critical information stored on their office computers should buy alarm systems with battery backups. If burglars cut power lines before breaking in, the alarm still sounds and law enforcement personnel can still be contacted.
"Except even that wouldn't have done us any good," Saunders said. "Whoever broke in cut right through an inch and a half of power and telephone lines all at once."

CONNECTICUT COMPUTERS STOLEN FROM HIGH SCHOOL Shore Line Times03/17/2004

Police are investigating the theft of 10 computers from Daniel Hand High School, which reportedly occurred between March 5 and March 7.
Of the 10 computers stolen, nine were laptop computers that had been placed in a storage room, and one was a desktop computer from another area.
The desktop computer is valued at approximately $1,000, but police did not know the estimated value of the laptops.
Madison police Lt. Bob Stimpson said he did not know how the theft of the desktop computer was discovered. Stimpson confirmed that a teacher discovered the laptops missing.
As for how the thieves entered the building and made off with the computers, Stimpson said police had no details at this time.
"All I can tell you for sure is there was no forced entry into that particular room," said Stimpson.
According to Stimpson, police believe that the school burglary is not related to the recent rash of car thefts that occurred at the beginning of the month.

OREGON COMPUTERS STOLEN .: Corvallis Gazette-Times :. News: "

COMPUTERS STOLEN: 8 a.m., 1000 block Northeast Circle Boulevard. Citizen reported a major theft from a storage area located at Hewlett-Packard Co. Seven Compaq laptop computers and numerous computer peripherals were taken."

BURGLARY: 8:44 a.m., 1400 block Southwest 35th Street. Official at Westland Middle School reported someone broke into the school and stole a Compaq computer, two Ohaus portable digital scales and a Panasonic digital camera with a long macro lens

UNITED STATES SyNET ANNOUNCES NEW LAPTOP ANTI THEFT TRACKING SOFTWARE PRODUCT
Back to Document List



SyNET Announces Widespread Availability of Laptop Anti-Theft Software, "nTracker";
Self-Contained Software Tracks Stolen or Lost Laptops

Copyright 2004 Market Wire, Incorporated.
All rights reserved.
Market Wire
March 15, 2004 Monday

SyNET Electronics, an emerging leader in digital security and networking software solutions for consumers and home and small office environments, announced the immediate availability of its flagship product "nTracker," a laptop anti-theft software package. At an affordable $49.95, nTracker installs in any PC laptop easily and quickly, acts as a tracking mechanism for lost or stolen mobile PCs, and also provides encrypted security for all selected data and files.
Once installed, nTracker monitors use internally without any "Big Brother" outside oversight. After three unauthorized password attempts, nTracker immediately locks the laptop and displays a continuous warning message and sounds an alert alarm that the machine has been lost or stolen. When the machine is connected to the Internet through any connectivity method (dial-up, cable modem, DSL, T1, or wireless modem), nTracker sends an email containing the IP location of the machine for retrieval or law enforcement intervention.



At Last, a Simple and Inexpensive Anti-Theft Solution
"I am very excited about making SyNET nTracker available for users of mobile PCs -- particularly laptops -- to track, protect, and finally recover both their expensive devices and the even more valuable information stored on them," said Harry Rhim, CEO and President of SyNET Electronic Inc. "Retailers and distributors are also excited about offering this unique product that uses email as a cost-effective, digital mobile security system to retrieve lost or stolen equipment. SyNET nTracker inexpensively addresses the anti-theft and data security worries that concern most of laptop and mobile PC users. It's like having your very own personal security guard on duty 24/7 right inside your mobile machine."

Over a million laptops are reported lost or stolen each year, and according to the FBI fewer than 2% are ever recovered. nTracker could change those statistics dramatically. As soon as triple password failure occurs, nTracker encrypts all-important files and data, displays warning screens, and sounds an alarm. Any attempt to connect to the Internet results in immediate tracking because nTracker automatically sends an email to a pre-assigned address identifying the location of the missing machine.

Invisible, Undetectable, Compatible, and Simple to Use

Only the user knows that nTracker is protecting the laptop. The program is totally invisible and is undetectable by any other applications, even by anti-virus protection programs. Fully compatible with all Windows operating systems, nTracker survives upgrades without the need for reinstallation. Installation takes mere minutes, and is simple and fool-proof.

"Today nTracker is protecting laptops across North America," said Rhim. "We are very excited to announce that, by the end of the year, we will have the capability to protect a great many more mobile devices, including PDAs, hand scanners, and Blackberries. SyNET gives fair warning: thieves of mobile computing devices better find another line of work."

At $49.95, SyNET's nTracker is available now for shipping in any quantity directly from the company (www.SyNET.biz). It is now selling at nationwide retail stores such as Micro Center, J&R Music World and through Navarre, a major distributor for all resellers across the US and Canada. By April 2, 2004 nTracker will be available at many of the major retailer stores across the US and Canada and wherever consumer software is sold.

VIRGINIA GTSI FORMS PHYSICAL SECURITY ALLIANCE Copyright 2004 Post-Newsweek Business Information, Inc.
Newsbytes
March 15, 2004, Monday

GTSI Corp. has joined with 17 other security-related technology firms to develop a set of advanced physical security products and services for civilian and military agencies and local and state governments, the company said today.
The Chantilly, Va.-based information technology company said the Physical Security Alliance will provide security systems consulting services, physical security products and solutions, and managed security and systems integration services.

The announcement comes as legions of security technology firms are aggressively vying for lucrative local and federal government security contracts for IT systems and physical security services.
But with many companies offering different and incompatible solutions, agencies and organizations that require their products are calling for integrated security systems with a consistent set of solutions, said Arpad Toth, GTSIs senior technologist and founder of PSA.

Within the private sector, the physical security industry is relatively fragmented with no industrial alliance to provide [services], Toth said.

Toth said he expects around 40 companies to be involved in the alliance by midyear because of the complexity of the industry with 15 product categories and 80 individual products. All firms that join PSA must meet the alliances certain certification requirements.

The members of the alliance are: DMJM Technology of Arlington, Va. ISR Solutions Inc. of Chantilly, Va. Lenel Systems International Inc. of Pittsford, N.Y. Equis Corp. of Chicago BNX Systems Corp. of Vienna, Va. Cisco Systems Inc. Defense Group Inc. of Falls Church, Va. DigitalPersona Inc. of Redwood City, Calif. Griffid LLC of Fort Lee, N.J. Intel Corp. NetBotz Inc. of Austin, Texas ObjectVideo Inc. of Reston, Va. Panasonic Inc. Seneca Inc. of North Syracuse, N.Y. StorageTek Corp. of Louisville, Colo. Trident Tek Inc. of Gaithersburg, Md. videoNEXT of Arlington, Va.

The companies will tailor-make security-related tech products and services for their customers. First, a group of high-level system designers and architects will determine specific system requirements for each customer, then a second group of architects will develop the systems and solutions, Toth said.

GTSI hopes to benefit from its existing alliances with local, state and federal governments by offering them value-added system integration services for physical security and force protection through PSA, Toth said.

Reported By Washington Technology, http://www.washingtontechnology.com

INDIANA STATE UNIVERSITY COMPUTERS STOLEN Indiana Statesman - Computers stolen from admissions office at ISUBy Beth White
Indiana Statesman
March 17, 2004


Approximately $10,000 of computer equipment was stolen from the ISU's Office of Admissions over the weekend, said Bill Mercier, ISU's director of Public Safety.

Three computers and one scanner were stolen sometime between 4 p.m. Friday and Monday morning.

Office of Admissions Director Ron Brown said anything saved on the computers' hard drives would be lost.

"I don't think they [the perpetrator] would actually be able to gain access to what's on the hard drives," Brown said.

Brown said nothing of value is saved on the hard drives. He said mostly e-mail communications, form letter templates and forms for inter-campus documents were saved on them.

Brown doubted anyone would be able to gain access to the hard drives anyway because of passwords and codes.

Mercier said Public Safety is investigating a few leads. He would not release a copy of the police report because he said the investigation is still on going.

On the Public Safety Web site,http://www.indstate.edu/pubsafety/crimealerts.htm, a crime alert is posted regarding the recent computer thefts.

Mercier said a number of computers have recently been stolen on campus, but said he would have to do some research to get actual numbers.

The Web-site describes a suspect as a 6-foot-3 inch black male with black hair and brown eyes. The suspect is described as approximately 53-years-old with bad teeth and commonly posing as an ISU custodian, pushing a trash tote, and wearing a Facilities Management hat.

Public Safety requests anyone seeing a male fitting this description contact them as soon as possible by calling 237-5555 or 911. Do not approach him.

MILWAUKEE COMPUTERS STOLEN JS Online: Police News from Milwaukee - South
A computer, camera, video system and video game were stolen March 8 from a home in the 3600 block of S. Taylor Court.

Money, a camcorder, camera, computer, chain, rings and sunglasses were stolen sometime from Feb. 2 to March 9 from a residence in the 1200 block S. 26th St

A computer tower was stolen from Giros Nuevo Leon, 1004 W. National Ave., on March 8 or 9. Entry was gained by prying open a door

CALIFORNIA LAPTOPS STOLENMercury News | 03/16/2004 | Police Blotter: "COMMERCIAL BURGLARY Someone pried open a door at Marcus & Millichap, 2626 Hanover St., and removed four laptop computers. The theft was reported about 8:45 p.m. Friday"

WASHINGTON VANCOUVER CRU DATAPORT TECHNOLOGY INTRODUCED CRU-DataPort Introduces Built-in Data Encryption on Select Removable Hard Drive Enclosures
FOSE 2004

VANCOUVER, Wash.--(BUSINESS WIRE)--March 16, 2004--
Private, Public Sector Now Can Have Military-Level Protection Of Sensitive Computer Data

CRU-DataPort(TM), a developer of computer data security and storage devices since 1986, announced the availability of its first removable hard drive enclosures with built-in data encryption. Encryption DataPorts, available in DES and Triple DES (TDES) versions, help prevent unauthorized access to sensitive computer data.

Private and public sector organizations that deal with sensitive or confidential information -- such as government agencies, hospitals and medical offices, and financial institutions -- now can have affordable military-level protection of their computer data with Encryption DataPorts. The new removable drive enclosures completely encrypt all data going to the disk drive, including the file allocation table and virtual memory. They feature a custom-designed, high-speed processor that encrypts data before it reaches the IDE hard drive and requires a unique electronic key -- with several customizable key management options -- for user authentication and data access.

"At no other time in the history of IT has protecting information from viruses, unlawful disclosure, thieves and hackers been as critical," said Jon Johnson, director of sales and marketing for CRU-DataPort. "DataPort removable drive enclosures have always allowed our customers to easily take their data off-line and now, with the added security of encryption, that data can be secure when you're away from the PC, while the drive is being transported, or even if the entire computer is stolen."

Encryption DataPorts utilize a cryptographic engine certified by the National Institute of Standards and Technology (NIST) and Communications Security Establishment (CSE) and are compatible with any operating system that supports IDE hard drives. Their 100 percent silicon-based technology will not degrade system performance and is dramatically faster than PCMCIA, Smart Card and software solutions, processing data at up to 1.6 gigabytes per second. The products are available in 40-bit and 64-bit DES versions and 128-bit and 192-bit Triple DES (TDES) versions, the latter of which are encryption levels approved by FIPS (Federal Information Processing Standards Publication Series) for use by U.S. government agencies.

CRU will display its Encryption DataPorts at booth #3735 at the upcoming FOSE government information technology trade show, March 23-25, 2004, at the Washington Convention Center in Washington, DC. For more information or to arrange an appointment, please contact Jon Johnson at 360-816-1740 or jjohnson@cru-dataport.com.

UTAH BYU COMPUTER THEFT RING BROKEN VIA EVOCAM TECHNOLOGYEvological: "EvoCam Catches Thieves!
We are extremely pleased to announce that EvoCam was used successfully in a surveillance operation to catch thieves at Brigham Young University. Check it out!"

UTAH TV NEWS REEL BRIGHAM YOUNG UNIVERSITY COMPUTER THEFT RING BROKEN VIA EVOCAM EvoCam Catches Thieves!
We are extremely pleased to announce that EvoCam was used successfully in a surveillance operation to catch thieves at Brigham Young University. Check it out! http://msed.byu.edu/tlsc/theft

MONTREAL COMPUTERS STOLEN FROM SCHOOLCBC Montreal - Police chase takes byte out of crimeWeb Posted | Mar 15 2004 07:53 AM EST

Police chase takes byte out of crime
MONTREAL - Three suspects are in custody Monday following a police chase that began at a Park Extension school and ended with stolen computers flung from the speeding vehicle.


When police officers showed up at the school on de l'Epée Street Sunday night, the three suspects took off in their car, drove east on Highway 40, and then south on Highway 25.

Montreal police spokesman Ian Lafrenière said that's when they began throwing stolen computer equipment out of their vehicle.

"They were literally dropping the computers out the window," he said.

Lafrenière said the suspects were likely trying to get rid of evidence and slow down the police cars that were in pursuit.

The driver of the car lost control at the Louis H. Lafontaine hospital, and that's where police caught up with them.

Lafrenière said the three face charges of break-and-enter, possession of stolen goods, and provoking a police chase.

VENTURE CAPITAL IN THE COMPUTER SECURITY AREA ON THE RISE KansasCity.com - The Kansas City Star, breaking local news, sports, entertainment, businessProtect or perish

FIRMS COMPETE IN MARKET TO SHORE UP WEB'S SAFETY

By Dan Lee

Mercury News


Start-ups rushing to develop Internet security seem to be popping up almost as fast as the latest computer virus.

Companies are spending more to protect their computer networks from worms, viruses, hackers and other increasing Internet attacks. At the same time, venture capital investment in all sorts of security start-ups has spiked in recent months.

But the outlook for these fledgling companies is, well, anything but secure.

Some fail. Others survive as small, private companies. A precious few hit the big payday -- being snapped up by a large high-tech company, or cashing in on an initial public stock offering. Only about 5 percent of security start-ups do well enough to ever land the IPO or big acquisition payoff, according to the Gartner Group.

The trick for customers and investors is trying to sort the true innovators from those latching on to a tech trend.

``For any good idea, there are still too many start-ups getting financed,'' said Ted Schlein, partner with venture firm Kleiner Perkins Caufield & Byers. ``You want to make sure you're finding a large, rapidly growing marketplace that is under-served.''

Three Silicon Valley computer security start-ups -- Reconnex, PassMark Security and ServGate Technologies -- are among those attempting to carve a niche in one of high tech's hottest areas. Worldwide computer security sales are forecast to reach $45 billion in 2007, up from about $19 billion in 2002, according to market research firm IDC.

Reconnex has designed a hardware appliance to stop leaks and security breaches -- accidental or malicious -- from employees within companies. ServGate has bundled anti-virus, anti-spam and other security features onto an appliance to protect small businesses or branch offices of larger companies from outside threats. PassMark Security has created a personalized icon to assure customers that a bank or e-commerce Web site is authentic, and not part of a ``phishing'' scam designed to steal passwords or account information.

All three companies stress the simplicity of using their products, but each faces challenges as well.

``There's definitely an opening'' for a company like Reconnex, said John Pescatore, vice president of Internet security for market research firm Gartner Group. But, he added, companies tend to worry about cracking down on employee behavior less when the economy heats up.

He said verification systems such as PassMarks are a ``cool thing,'' but that they could be more of an interim solution as user-authentication technology evolves.

Pescatore said ServGate faces stiff competition from others, including networking giant Cisco Systems and security provider NetScreen Technologies, which is being acquired by Juniper Networks. But he said ServGate has done well building sales in emerging Internet markets such as China.

Executives and analysts predict a wave of consolidation among computer security companies, with the industry looking to start-ups for innovative products and services that are easy to use or help simplify already complex computer systems.

``Most security companies in the past two years, their exit strategy is acquisition, not IPO,'' said Pescatore.

And the race for the big money may get more intense.

The National Venture Capital Association said it does not track investing in specific industry niches of start-ups. But venture funding of start-ups with ``Internet security'' in their business description soared from $49 million in the first half of 2003 to $125 million in the second half of the year, according to the NVCA.

``It's hard to make money in a lot of areas of security, and there are a lot of entrants,'' said Earl Perkins, vice president of security and risk strategies at research firm Meta Group.

Yet, he added in an e-mail interview, ``there are a few jewels still to be had.''

NEW YORK COMPUTERS STOLEN FROM SCHOOL The Oneida Daily DispatchThe village of Canastota Police arrested Joshua A. Johnson, 19 and his brother Jordan M. Dyer, 17, both of 7984 North Main Street in Canastota, after they allegedly confessed to using keys stolen from Canastota High School to enter and steal property.

The two brothers, both seniors at the school, are accused of stealing over $14,000 worth of computer-related equipment.


On March 1, Canastota High School reported the theft of computer related equipment totaling $13,193.16. The school security system revealed a Chevrolet van in the area multiple times when the burglary occurred. A school maintenance worker identified a similar vehicle parked suspiciously at the school after normal hours days later and provided the Canastota Police with the identity of the driver.

UNITED KINGDOM ARTICLE ON WAN SECURITY ISSUES ZDNet UK - Special Reports - WAN lockdown
WAN lockdown


Rupert Goodwins


You might think your company network is secure, but care needs to be taken to ensure that all computers - including those used by employees at home and on the move - are equally secure.


Among the estimated half-million computers infected with the Blaster worm by the end of August, many tens of thousands were behind corporate firewalls specifically configured to prevent that class of attack. The vulnerability was the WAN -- remote users connected via VPN to a LAN, tunnelling in to the protected network as trusted nodes.


WANs are the proof that if you cast your net wide enough, you'll catch something nasty. The industry is realising that while networks confined to company premises can be controlled using the normal mix of security procedures, a different management policy is required to secure any system where remote users have access to corporate resources. While the classic model of WAN nodes connected over VPN treats them as members of whatever local network they connect to, it ignores the reality that the same computers have another life when not connected, one where they can be very vulnerable indeed.


However, this will not stop the basic problem that to be productive, a remote user must have some form of privileged access to the corporate network and that any attack software running on their PC will acquire those privileges. You must ensure that all remote PCs that connect to the work WAN have up-to-date virus scanning, a properly configured personal firewall, and that strong policies exist to encourage the users to act responsibly. Remote management is essential, and some form of encryption of data local to the user should be considered: PCs can be stolen, and laptops lost. If a computer has corporate information on it, it's part of the WAN even when not connected and must be managed.

MIAMI LAPTOP STOLEN FROM CLASSROOM The Miami Herald | 03/14/2004 | Dry-ice bombs explode at Sunrise school: "School laptop stolen: The Broward County school district reported the theft of a Dell Latitude CPI laptop computer from a classroom at Pioneer Middle School, 5350 SW 90th Ave., between 3:30 p.m. Feb. 8 and 3:50 p.m. Feb. 25. It was valued at $2,000."

CANADA INFOSECURITY CONFERENCE JUNE 1 - 3rd TORONTO InfosecCanadaLocated in Toronto, the business capital of Canada, Infosecurity Canada is the one event sponsored by independent knowledgeleaders at the front lines of information security. With a 360-degree perspective on today’s critical information security issues, the Infosecurity Canada Conference & Exhibition is the ideal forum for all information asset stakeholders, security experts and practitioners to exchange real-world concerns and solutions, and learn about the most current best practices, policies, procedures and products.

Attend Infosecurity and :

Find Wireless, IDS, and Vulnerability Management Solutions
Gather information on the newest products and services that will create secure and reliable access to your data
Obtain information on how to create and implement more effective policies
Exchange ideas with colleagues and industry experts in the field of information security
Find out about the issues shaping the future of information security
Discover the information security products that can reduce incident that result in liability
Safeguard your information assets
For Sponsorship/Exhibiting Opportunities contact:
J. Michael Alessie
Sales Manager
(203) 840-5387 malessie@reedexpo.com

UNITED STATES CERT COORDINATION CENTER Allow only appropriate physical access to computers

Allow only appropriate physical access to computers.
In addition to the steps you take to prevent inappropriate electronic access to a computer, you should also strive to allow only appropriate physical access. What this means can vary depending on the locations of computers—whether they are in locked offices or in open-plan space, for example.

Physical access also includes activities such as installing or removing hardware.

Why this is important
If unauthorized persons can physically access a computer, the integrity of that system is at considerable risk. If a system is connected to internal networks, then intruders can access resources in a way that bypasses all of your network perimeter defenses.

To preserve the confidentiality and availability of data, you must prevent the computer and its storage media from being removed from the facility by unauthorized persons.

If new hardware, such as a modem, is installed it may create new electronic access paths to the computer and make your network available to intruders.

How to do it
Prevent installation of unauthorized hardware and modification of authorized hardware.
Installation of new hardware can lead to security problems in several ways:


Installing a modem allows a direct connection from the computer to the public telephone network, which may then permit electronic access into your network from anywhere in the world, bypassing your perimeter defenses.

Installing a removable-media storage device or printer makes it easy to copy information and carry it away from your site.

Installing a boot device that precedes the authorized device in the boot sequence allows the computer to be restarted in a configuration that bypasses your security precautions.
You should lock the computer case, if possible. This may require third-party locking devices such as keys, cables, or racks. If a key is used, ensure that the key is protected, yet still accessible to authorized users. Make a backup key and protect it in a secure offsite location.

You may also want to remove or disable the external connectors on the computer.

Deploy the computer in a secure facility.

Deploying the computer in a secure facility helps to prevent unauthorized access to the computer, theft, and destruction. Methods of secure deployment may include using surveillance cameras or placing the computer in a locked room that uses controlled physical or electronic access which is recorded. Pay special attention to controlling the access of vendors, contractors, and other visitors.

As a general rule, do not deploy network servers in an individual's office.

Locate the computer so unauthorized viewing of the monitor and keyboard cannot occur.

Provide additional shielding against electronic eavesdropping or interference, if required.

Secure the network wiring and other network connection components.

For security purposes, ensure that the network cabling is not placed in a physical location where it can be easily accessed. Note that this requires you to trade the convenience of access for network maintenance for greater security.

Policy considerations
Your organization's security policy for networked systems should


specify who is or is not allowed to install new hardware or modify existing hardware in a computer

specify the circumstances under which users may or may not use storage devices with removable media

specify the circumstances under which users may take storage media or printed information away from your site

require that network servers be deployed in physically secure locations

specify the circumstances under which third parties (vendors, service providers) are permitted to physically access your systems and how such access is to occur. 1
Other information
If you need to protect against unauthorized monitoring, eavesdropping, or interference of electronic emanations coming from your computing equipment, you may need to consider physical protection technologies such as TEMPEST (Transient Electromagnetic Pulse Emanation Standard). Refer to http://www.dewsite.com/fyeo/tempest.html#Government and http://www.eskimo.com/~joelm/tempest.html for further information on TEMPEST.



--------------------------------------------------------------------------------

Footnotes
1 Refer to the module Security of Information Technology Service Contracts [Allen 98].


[back to top] [full list of modules, practices, and implementations]


--------------------------------------------------------------------------------
Copyright 2000 Carnegie Mellon University.

See the conditions for use, disclaimers, and copyright information.

CERT® and CERT Coordination Center® are registered in the U.S. Patent and Trademark office.
This page was last updated on June 12, 2000.

FLORIDA FOLLOW UP ARTICLE ON PHYSICAL SECURITY ISSUES FROM SECURE FLORIDA WEBSITE Secure Florida
Physical Security
Secure Florida’s mission is to provide you with information and resources for protecting your cyber assets. However, we must always realize that any adequate computer security system begins with proper physical security.

The greatest firewall software in the world is not going to protect your data if your server is stolen.


In deciding on sufficient physical security, the goal is the same as with sufficient cyber security: try to make it so difficult to break in that the would-be criminal decides it’s just not worth it. This is called “hardening the target” – not only do you make it difficult to get into, but you also make it appear so formidable that no one even tries.

Click here http://www.crimewise.com/library/biztest.html for a Business Security Test that can assist you in assessing the level of your own security.


--------------------------------------------------------------------------------

Click here http://www.cert.org/security-improvement/practices/p074.html for some further tips on sensible physical security for your computers and network.


--------------------------------------------------------------------------------

The following are links to products that can help protect your system’s physical security:

http://www.secureservices.com/

http://www.securitykit.com/pc_security_kits.htm

http://www.secucomputer.com/

FLORIDA SECURITY WEBSITE JOINS WITH FDLE TO EDUCATE FLORIDA POPULATION ON ISSUES OF CYBERSECURITYSecure FloridaNetwork Security
“If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.”
--Richard Clarke, Special Advisor to the President


Network security is a complex issue. Traditionally, only well-trained and experienced experts have been responsible for the security of computer networks. As more and more people become regular computer users, there is an increased need for people to understand the basics of security in a networked environment. The information on this page, and throughout the rest of this section, was put together with the basic computer user in mind, explaining network security solutions for the non-professional.


--------------------------------------------------------------------------------

To help ensure the network security of your home or business, take the necessary precautions outlined in the three guidelines below.

“There are two kinds of computer users: those who have lost data and those who will.”
--Dr. Roger C. Schlobin


Internet Connection
If your business has a broadband Internet connection (T1, DSL, Cable), your network may be vulnerable to intrusion (see the "Dangers and High Speed" section at this link). You can easily protect your network with firewall software. Firewalls are utilized to identify users that attempt to access your computer network. Those with authorization are allowed to enter; others are not.

E-mail System
To ensure that a third party does not intercept your company’s e-mails, always make sure that you have the right address before clicking “send.” An incorrectly typed e-mail address can put your information in the wrong hands. Furthermore, encrypt highly confidential e-mail messages with an encryption program. Encrypted e-mails can be read only by people holding the code, usually only the sender and the recipient.

Website
The company that hosts your website has control over how secure it is. Before you hire an outside company to host your website, evaluate the safety of their server. Make sure they use security technology, such as Secure Sockets Layer (SSL), that can secure e-commerce data. Ensure that they perform security audits regularly. Furthermore, a web hosting company should keep computer hardware physically locked up in order to prevent theft of the hardware itself.

AUSTRALIA PARLIAMENT OFFICES OF CHIEF MINISTER ROBBED NEWS.com.au | Thief on loose in Parliament (March 15, 2004): "Thief on loose in Parliament
March 15, 2004

POLICE are investigating the theft of thousands of dollars worth of cash and computer equipment from Parliament House.

All the thefts have occurred on the fifth floor, where the offices of the Chief Minister Clare Martin, her seven ministers and 85 staff are.
Last night, police confirmed they were investigating the thefts.
Detectives have interviewed staff on the fifth floor about the thefts"