Preventing Hardware Theft

Preventing Hardware Theft (Full Version)

All Forums >> [Security, AntiVirus, and Patching] >> Best Security Practices

Message

ndaniels -> Preventing Hardware Theft (4/16/2008 1:30:55 PM)
I'm looking for ideas on preventing hardware theft (of primarily desktops) in a corporate environment and am wondering what others are doing. I am more concerned about protection of the physical hardware than data loss, as the systems in question do not store any data of real value. Also, a big consideration in protection options is cost vs. effectiveness. Some ideas: 1.) Physically locking the device to the work area Pros: Relatively inexpensive. Thief would need to take time to pick or cut through the locking device before stealing the computer, making an attempt at theft more obvious and potentially time consuming. Cons: All locks would need to be keyed the same or PC Technicians would need to maintain an inventory of which keys are associated with which device. Also, in the case where all locks are keyed the same, if one key is compromised, all systems are at risk. If handled by combination lock, the combination for every system would need to be changed whenever an employee with knowledge of the combination leaves the organization--and this is most likely a manual process. 2.) Increase surveillance Pros: Increases likelihood of both preventing theft and catching a thief. Cons: Increased cost in both surveillance equipment and staff to support. 3.) Active heartbeat monitoring - implement a system where network connectivity is monitored and, when a computer drops off, an alert is sent Pros: Knowledge of a missing system would be nearly instantaneous. Cons: High likelihood of false positives resulting from users shutting down workstations or PC Technicians moving devices. Potential increase in network utilization. 4.) Tracking system - stolen systems report back to the "mother ship" Pros: Some embed into the BIOS and will report back even after an O/S reinstall. Also, can accommodate remote destruction of data. Cons: Protection may prove expensive for large numbers of computers. Most would require internet connectivity to be detected and recovered. Does not protect systems stolen for the purpose of hardware mining. Thanks for taking the time to read my post. [:D]

ndaniels -> RE: Preventing Hardware Theft (5/7/2008 1:28:57 PM)
quote: Dry contact switches and metallic tape: These systems are inexpensive and commonly used along a perimeter or boundary on door and window frames. For example, if the circuit switch is opened or the metallic tape broken, an alarm is sounded. Miller, Lawrence & Gregory, Peter H. CISSP for Dummies. Indianapolis: Wiley Publishing, 2007 I was reviewing some CISSP books for ideas on applying Physical Security to workstations and came across the above quote. Although a security system using the tools described above may prove difficult to apply to workstation security (especially in a corporate environment), it did give me an idea: The use of RFID or EAS tags (like what is used in retail stores to prevent merchandise theft) placed inside of computer equipment at the time of deployment. Pros: Aside from the installation of the detectors, the protection offered is fairly easy to implement by hiding the tags inside the workstations or equipment. Also, the tags are inexpensive enough to attach to a large volume of equipment and/or components. Cons: Detectors are expensive and would need to be placed at every point of exit, or employees and visitors would need to be restricted to using specific exits. Also, this approach to securing devices could only be taken on equipment which never leaves the facility (like workstations, as opposed to laptops).

hwaldron -> RE: Preventing Hardware Theft (5/15/2008 11:41:56 AM)
Hi - Both posts are EXCELLENT and contain essential elements for physical protection. As noted, physical security is key and a review of SAS-70, ISO-27001, COSO 4.1 and other industry standards are beneficial. http://en.wikipedia.org/wiki/ISO_27001 http://en.wikipedia.org/wiki/COSO http://en.wikipedia.org/wiki/SAS70 A few additional ideas might include: -- Good automated Physical inventory system, followed by annual physical audits to ensure the equipment exists -- Security Awareness training for laptop and mobile users on theft prevention -- Use of card key readers or security badges to get into work areas (if there's a potential for the general public to wander in these areas) -- Tagging all equipment as noted with printed stickers -- Fake video cameras might even make potential thieves think twice -- Make sure shipping and receiving of equipment has iron-clad controls and signoffs

ndaniels -> RE: Preventing Hardware Theft (5/22/2008 5:47:03 PM)
quote: ORIGINAL: hwaldron -- Fake video cameras might even make potential thieves think twice Thanks Harry! I especially like that idea. Those decoys are relatively inexpensive, too.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.2192383