UC Davis Cyber-Safety Program: Physical Security
If you are a computer user within an academic or administrative department on campus, you may have a Technology Support Coordinator (TSC) who is working to secure your system. Before taking any of the security steps listed below, please check with your TSC.
From the UC Davis Cyber-Safety Program Policy:
Unauthorized physical access to an unattended computing device can result in harmful or fraudulent modification of data, fraudulent email use, or any number of other potentially dangerous situations. In light of these risks, where possible, devices must be configured to "lock" and require a user to re-authenticate if left unattended for more than 20 minutes. Portable storage devices must also not be left unattended and be protected from data theft or unauthorized data modification or deletion. Physical security measures protecting computers hosting critical or sensitive university electronic communication records from theft must also be implemented. The use of data encryption may mitigate the security risks related to a physical security breach.
Servers hosting applications with essential or restricted functions or information must reside in a physically secure location. An annual physical security/risk assessment (http://security.ucdavis.edu/documents/assessmenttool.pdf ) must be completed and reviewed by unit management for each area/room in which such servers are placed. Significant physical security risks identified through the assessment will be communicated by campus units to their respective Dean, Vice Chancellor or Vice Provost via the annual Cyber-safety reporting process.
Information...
What is physical security?
Physical security includes environmental and physical controls that secure and protect the computer and or/network. Examples of environmenatal and physical controls include locks for laptops and doors, and systems for protecting against power surges and excessive heat and humidity.
Many members of the UCD campus study, work, and conduct research in publicly accessible areas. Without physical security measures, those members run the risk of a passerby accessing and recording, removing, or altering confidential information. In addition to system-based measures such as automated screen locking, the site security measures detailed in the Physical and Environmental Security Checklist in the Tools and Resources section below should be applied where applicable to prevent the removal of confidential data from secured areas. Properly utilized data encryption can prevent the loss of data even if a system is compromised or stolen.
Computing systems are also subject to environmental needs, such as for temperature and power. The Physical and Environmental Security Checklist should be used to identify computing risks from power fluctuations, temperature, humidity and lightning.
Tools and Resources...
- Physical Security Checklist for UC Davis departments
- PGP: encryption software has the ability to encrypt sent and stored email, files, or entire disk volumes.
- WinPT: similar to PGP but is based on the freely available GnuPG package.
Campus sysadmins recommend...
- HIPAA Physical Safeguard Standards (PDF)
- HIPAA Security Educational Papers Series
- Windows 2000 Security Configuration Guide (applies to XP as well, scroll down for description of screensaver locking)
- Microsoft
Encrypting File System (EFS)