Posted by: Ken Harthun
Intrusion detection, physical security, Security, Security practice
Physical security is something we often take for granted, but it can be just as important as cyber security. One of my clients recently called to say that some suspicious files had suddenly appeared on one of their servers. Naturally, I investigated, but I couldn’t find any breach in the firewall or any indication in the IDS logs that the network had been hacked from outside.
After spending a couple of hours digging around in the server logs, I finally dug into the registry and found that the files had apparently come from a USB device that had been plugged into the server around 9:30 pm on the day in question. Since only three people have access to the servers–myself, the IT Manager and the Controller–and none of us were guilty, I had to suspect that someone had gained unauthorized access to the server room.
Sure enough, the IT Manager recalled leaving early on an emergency the day of the incident and with a sheepish grin told me, “I guess I forgot to lock the door.”
We now have an electronic combination lock on the door and only the three of us have the code. The door automatically locks itself three seconds after it’s opened, so “forgetting” isn’t an option.
Lesson learned. Fortunately, the files were benign.