T/F? While the temperature of ignition, or fire point, depends upon the material, it can be as low as a few hundred degrees.
T/F? There are three methods of data interception: direct observation, interception of data transmission, and mechanical interception
False (Electromagnetic, not mechanical)
T/F? In general, ESD damage to chips produces two types of failures. Immediate & Latent failures
T/F? Vibration sensors fall into the motion sensor category.
False (contact and weight sensor
category)
T/F? True online UPS can deliver a constant, smooth, conditioned power stream to the computing systems.
T/F? There are few qualified and professional agencies that provide physical security consulting and services
T/F? The capacity of UPS devices is measured using the volt output power output rating
T/F? For laptops, there are burglar alarms made up of a PC card or other device that contains a motion detector
T/F? When the door lock fails and the door becomes unlocked, it is a fail secure lock.
T/F? SPS systems provide power conditioning
T/F? Locks can be divided into four
categories based on the triggering process: manual, programmable, electronic, and biometric
T/F? Fire detection systems fall into two general categories: manual and electrical
T/F? Keycard readers based on smart cards are often used to secure computer rooms, communications closets, and other restricted areas
T/F? A wet-pipe
system is usually appropriate in computer rooms
T/F? Telecommuters must use a securable operating system that requires password authentication, such as Windows XP/
Vista/7 or Server 2003/2008.
____ sprinklers are the newest form of sprinkler systems and rely on ultra-fine mists instead of traditional shower-type systems
Computing and other electrical equipment in areas where water can accumulate must be uniquely grounded, using ____ equipment
____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter.
Fire ____ systems are devices installed and maintained to detect and respond to a fire, potential fire, or combustion danger
situation.
____ involves a wide variety of computing sites that are distant from the base organizational facility and includes all forms of telecommuting.
A device that assures the delivery of electric power without interruption is a ____.
One of the leading causes of damage to sensitive circuitry is ____
ESD (electrostatic discharge)
____ sensors project and detect an infrared beam across an area.
Electronic monitoring includes ____ systems.
Closed-circuit television (CCT)
In ____ UPSs, the internal components of the standby models are replaced with a pair of inverters and converters
The most sophisticated locks are ____ locks
____ sensors detect an unusually rapid increase in the area temperature within a relatively short period of time
UPS devices typically run up to ____ VA
Interior walls reach only part way to the next floor, which leaves a space above the ceiling but below the floor of the next level up. This space is called a ____
____ locks can be changed after they are put in service, allowing for combination or key changes without a locksmith and even allowing the owner to change to another access method (key or combination) to upgrade security
By , Senior Editor, Network World |
About |
Layer 8 is written by Michael Cooney, an online news editor with Network World.
Security continues to be one of the top bugaboos to letting employees telecommute. As gas prices have stayed high and the economy continues to drive itself into the ground, telecommuting continues to be a viable and cost-effective way for companies to keep employees connected to the home office, but at what price? Lost laptops? Network hacks? Stolen data?
Certainly telecommuting isn't to blame for all of these seemingly daily occurrences. It is into this environment that the National Institute of Standards and Technology (NIST) recently updated what many consider to be the bible on maintaining teleworker data security.
"In terms of remote access security, everything has changed in the last few years. Many Web sites plant malware and spyware onto computers, and most networks used for remote access contain threats but aren't secured against them," says Karen Scarfone of NIST's Computer Security Division in a release. Above all, an organization's policy should be to expect trouble and plan for it.
While the NIST recommendations are myriad, we have listed here some of the most important items. Should you want to read the actual 42-page NIST release on the subject, go here.
The major NIST recommendations for securing teleworkers include:
Physical security: An organization might require that laptops be physically secured using cable locks when used in hotels, conferences, and other locations where third parties could easily gain physical access to the devices. Organizations may also have physical security requirements for papers and other non-computer media that contain sensitive information and are taken outside the organization's facilities.
Encrypt: Encrypt files stored on telework devices and removable media such as CDs and flash drives. This prevents attackers from readily gaining access to information in the files. Many options exist for protecting files, including encrypting individual files or folders, volumes, and hard drives. Generally, using an encryption method to protect files also requires the use of an authentication mechanism to decrypt the files.
Back up: Ensure that information stored on telework devices is backed up. If something adverse happens to a device, such as a hardware, software, or power failure or a natural disaster, the information on the device will be lost unless it has been backed up to another device or removable media. Some organizations permit teleworkers to back up their local files to a centralized system (like through VPN remote access), whereas other organizations recommend that their teleworkers perform local backups. Teleworkers should perform backups, following their organizations' guidelines, and verify that the backups are valid and complete. It is important that backups on removable media be secured at least as well as the device that they back up. For example, if a computer is stored in a locked room, then the media also should be in a secured location; if a computer stores its data encrypted, then the backups of that data should also be encrypted, NIST says.
Cache cleaning: A computer that is temporarily used for remote access. Some remote access methods perform basic information cleanup, such as clearing Web browser caches that might inadvertently hold sensitive information, but more extensive cleanup typically requires using a special utility, such as a disk scrubbing program specifically designed to remove all traces of information from a device. Many organizations offer their teleworkers assistance in removing information from personally owned devices.
Cleaning the missing: Erase information from missing cell phones and PDAs. If a cell phone or PDA is lost or stolen, occasionally its contents can be erased remotely. This prevents an attacker from obtaining any information from the device. The availability of this service depends on the capabilities of the product and the company providing network services for the product.
Wear protection: Teleworkers need to ensure that they protect their remote access-specific authenticators, such as passwords, personal identification numbers (PIN), and hardware tokens. Such logins should not be stored with the telework computer, nor should multiple authenticators be stored with each other, for example a password or PIN should not be written on the back of a hardware token, NIST states.
Hack attack: Teleworkers should be aware of how to handle threats involving social engineering, which is a general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious.
Get some separation: The most important part of securing most wired home networks is separating the home network from the network's ISP as much as possible, NIST states. If a telework device connects directly to the teleworker's ISP, such as plugging the device directly into a cable modem, then the device becomes directly accessible from the Internet and is at very high risk of being attacked. To prevent this from occurring, the home network should have a security device between the ISP and the telework device. This is most commonly accomplished by using a broadband router or a firewall appliance. This security device should be configured to prevent computers outside the home network from initiating communications with any of the devices on the home network, including the telework device, NIST says.
Again with the encryption: Use strong encryption to protect communications. An industry group called the Wi-Fi Alliance has created a series of product security certifications called Wi-Fi Protected Access (WPA), which include the WPA and WPA2 certifications. These certifications define sets of security requirements for wireless networking devices. Devices with wireless network cards that support either WPA or WPA2 can use their security features, such as encrypting network communications with the Advanced Encryption Security (AES) algorithm.
Know your enemy: Permit access for only particular wireless network cards. Some APs can be configured to allow only specific devices to use the wireless network. This is accomplished by identifying the media access control (MAC) address of each device's wireless network card and entering the MAC address into a list on the AP. Because a MAC address should be unique to a particular network interface, specifying its MAC address in the AP can be helpful in preventing some unauthorized parties from gaining wireless network access.
Get to know SSID: Change the default service set identifier (SSID). An SSID is a name assigned to a wireless AP. The SSID allows people and devices to distinguish one wireless network from another. Most APs have a default SSID-often the manufacturer or product's name. If this default SSID is not changed, and another nearby wireless network has the same default SSID, then the teleworker's device might accidentally attempt to join the wrong wireless network. Changing the SSID to something unusual-not the default value or an obvious value, such as "SSID" or "wireless"-makes it much less likely that a device will choose the wrong network.
Watch those admins: Disable AP administration through wireless communications. Flaws are frequently identified in the administration utilities for wireless APs. If an AP has such a flaw, attackers in the vicinity could reconfigure it to disable its security features or use it to acquire access to the teleworker's home network or the Internet. To prevent such incidents, teleworkers should configure APs so that they can only be administered locally-such as running a cable between a computer and the AP-and not administered wirelessly or otherwise remotely, NIST says.
No slow lanes: For a PC with slow network speed support, such as dial-up access, teleworkers should be cautious when configuring automatic software update features, NIST says. Because many updates are very large, downloading them could consume all the network bandwidth on a slow link for hours at a time. This could make it difficult for teleworkers to send and receive email, access Web sites, and use the network in other ways while the download is occurring. Teleworkers could instead configure the software to download the updates at a time when no one needs to use the PC. Updates should still be performed at least weekly, preferably daily.
Needless net nabobs: By default, most PCs provide several network features that can provide communications and data sharing between PCs. Most teleworkers need to use only a few of these features. Because many attacks are network based, PCs should use only the necessary networking features. For example, file and printer sharing services, which let other computers access a telework PC's files and printers, should be disabled unless the PC shares its files or printers with other computers, or if a particular application on the PC requires the service to be enabled, NIST says.
Secure assistance: Some operating systems offer features that let a teleworker get remote technical support assistance from a coworker, friend, product manufacturer, or others when running into problems with a PC. Many applications are also available that permit remote access to the PC from other computers. Although these features are convenient, they also increase the risk that the PC will be accessed by attackers. Therefore, such utilities should be kept disabled at all times except specifically when needed. The utilities should also be configured to require the remote person to be authenticated, usually with a username and password, before gaining access to the PC.
Layer 8 in a box
Check out these other hot stories:
The first 90-year old in space?
NASA offers $4M in prizes for bold technology that leads to space elevator
Military tags $150M to build advanced space electronics
CVS spanked for customer privacy failures, pays $2.25 million to settle HIPPA violations
Software counterfeiter gets 41 months in prison, loses Ferrari
Space flight fare wars blast off
Researchers tout data buffering, quantum computing style
Last call: Anheuser-Busch IT guy tossed into prison for computer theft
The rocket's red glare: In your backyard?
Prepaid calling card fraudsters must pay $2.25M for cheating on talk time minutes
FAA network hacked
Satellites collide, create major flying junk pile
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Michael Cooney is a Senior Editor with Network World who has written about the IT world for more than 25 years. He can be reached at .
Copyright © 2009 IDG Communications, Inc.