Session 6 Lesson Plan
Intro to Session
Register
What is covered in this session
Software and network security: encryption techniques, eg public and private key; call back; handshaking; diskless networks; use of backups; audit logs; firewall configuration; virus checking software; use of virtual private networks (VPN); passwords; levels of access to data; software updating
Biometrics: retinal scans; fingerprint; other, eg voice recognition
Physical locks
There is a need to secure mobile devices such as laptops if you look closely at a laptop, you will see a small slot, into which you can fit a padlocked chain. Fitting a chain ensures that mobile technology is not so mobile. Many lock and key systems in buildings operate on a.Master/submaster system. There are a series of keys for individual doors, groups of doors and for the whole building. The network manager may have a submaster key for all of the server and communication rooms
When keys are issued to employees, most organisations keep a log of who has what key and what it accesses.
Household and car keys can be reproduced at high street key cutters. However, the lock and key systems used by many organisations are unique, often with only one set for the building in question.
Digital keypads may reduce the cost of the reproduction of keys and can be reprogrammed at regular intervals, but these cannot prevent access by observation — when the key code is observed — or by colleagues passing on the code to others.
While having a high-quality lock and key system is essential, it has no value if the surrounding environment is vulnerable. Unauthorised access can be gained through unlocked windows (even on upper floors), via unmanned side doors, through walls (most interior walls are plaster, which is not difficult to penetrate), over ceilings (in a building with suspended ceilings, security is an issue) or by damaging the door and/or breaking the lock.
So, lock and key security relies on the quality of the environment it is supporting. In some critical areas, it may be necessary for the walls, doors, windows and ceiling space to be reinforced and possibly alarmed.
Exercise 1 Finding some biometic locks
Exercise 2 Using Biometrics
Access Control
These are a variation on lock and key systems and are often used in conjunction with staff and visitor identification systems. Instead of using keys to access areas of a building, the system relies on personnel using swipe cards or dongles as keys. There are several advantages of access control systems:
• the system can log personnel entering and exiting buildings (which means they can also be used to monitor the time-keeping and attendance of employees)
• each key can be programmed, which means personnel can be allowed/denied access to any area on a `door by door' level
• records can be maintained on who has used what
door, with secure and critical areas open to scrutiny • when an employee leaves the organisation, if they do
not return their key, it can be disabled
• the keys can be reprogrammed when an employee changes role within the organisation.
Most swipe cards and dongle systems contain no information, only a unique ID (like a MAC address on a network card). The access information is kept on a central server which manages the access control system. Naturally, if these keys fall into the wrong hands, before anyone becomes aware of this, they can be used to gain access. To overcome this, some systems work in partnership with CCTV or key code systems, which record who has entered the area as well as creating a secondary security mechanism.
Exercise 3 Swipe Cards
Homework