LT G E I I

UNIVERSITE DES MASCAREIGNES

Introduction to Physical Security
Most people think about locks, bars, alarms, and uniformed guards when they think
about security. While these countermeasures are by no means the only precautions
that need to be considered when trying to secure an information system, they are a
perfectly logical place to begin. Physical security is a vital part of any security plan
and is fundamental to all security efforts, since without it, information security,
software security, user access security, and network security, are considerably more
difficult, if not impossible, to initiate. Physical security refers to the protection of
building sites and equipment (and all information and software contained therein)
from theft, vandalism, natural disaster, manmade catastrophes, and accidental
damage (e.g.,from electrical surges, extreme temperatures, etc). It requires solid
building construction, suitable emergency preparedness, reliable power supplies,
adequate climate control, and appropriate protection from intruders.

Purpose of securing a network:

Physical security is an important component of the protection of corporate
information. The ability to gain physical access to servers and network equipment
not only can allow all the information to be downloaded, but it can create an opening
that
hackers
can
continue
to
use
for
years
to
come.
Gaining physical access to a server provides direct access to the servers hard
drives and the ability to reboot the server. Intruders can use this fact to install a new
version of the operating system and grant themselves access to every file on the
server.
Once intruders have access to the file system, they can extract a password file that
contains the usernames and passwords of every user on the system. This file
typically contains encrypted passwords for users; however, there are a variety of
tools that will break the encryption on these files to reveal the password of every
user on the system.
There are many potential threats that can cripple a system. For this reason, we
should not overlook physical security for our UDM network system.

Securing network at UDM

Page 2

UNIVERSITE DES MASCAREIGNES

The UDM network:

The student UDM network consists of:
1. Linux Server is connected to a CISCO 2921 router for internet
2. Main Switch to Linux Server (B105)
3. Server room (B107) (8 port Switch)
4. B (214) (24 port Switch)
5. B (215) (24 port switch)
6. Library (24 port Switch)
7. C21 and C22
8. Wifi access point at the canteen.

Survey carried out:

2. Main Switch to Linux Server (B105) (16 port Switch)

According to the picture above, the switch in the room B 105 is well secured, the only
drawback is that in the room the is no CCTV system surveillance.

Securing network at UDM

Page 3

UNIVERSITE DES MASCAREIGNES

3. Server room B (107):

Figure 1

From the pictures above in fig 1, I concluded that the server room is not properly
secured as:
I.
II.
III.
IV.
V.
VI.

The UTP cables have not been properly wired.

There is a locking cabinet to protect the switch from water, but it is of no use
since due to improper wiring the locking cabinet cannot be closed.
The main door of room 107 remains open all the time, so intruders might have
access.
No alarm system or video surveillance available inside the room.
A workstation and defective equipments are found in the server room.
The server room must not have windows to outdoors which can be a potential
threat to hackers.

Securing network at UDM

Page 4

UNIVERSITE DES MASCAREIGNES

4. Room (B 214) (24 port Switch)
According to the survey carried out in room (B214), as shown in the pictures below, I
concluded that:
I.
II.
III.
IV.
V.

The wiring has not been correctly performed as locking cabinet cannot be
closed porperly.
No CCTV surveillance in the room.
No fire alarms.
No ventilation system.
Data cable and power cable in the same cable tray, this should not be the
case.

According to IEE regulations, data and power cable must not be on the same
cable tray.

Securing network at UDM

Page 5

UNIVERSITE DES MASCAREIGNES

5. Room B215
Although, the switch is mounted on the wall, locking cabinet has not been used,
hence the probabilty of the switch being stolen is high. According to the picture
below, wiring of data cables needs to be done properly.

Securing network at UDM

Page 6

UNIVERSITE DES MASCAREIGNES

6. Library (24 port Switch)

Securing network at UDM

Page 7

UNIVERSITE DES MASCAREIGNES

The library is not properly physically secured as it should be:
(i) Power cable is exposed on the surface.
(ii) Data cabling have not been installed correctly.
(iii)
No locking cabinets or restricted area for the wifi.
(iv)
No CCTV camera focusing on the users.
(v) The switch is exposed in an area that can be damaged incase of flooding.
(vi)
The wifi has been placed near a window without a locking cabinet,
hence the potential of theft is alarming.
7. Room C21 and C22

According to the picture above, the room C21 and C22 have some drawbacks as:
I.
II.
III.

Switch and router are exposed which could be a potential harm in case of
theft or natural disaster.
Although the switch and router are not found in locking cabinets, it should be
at least at a certain height.
No proper wiring and this could cause inconveniences if someone tries to
unplug the RJ45 plug.

WIFI ACCESS POINT AT THE CANTEEN:

Securing network at UDM

Page 8

UNIVERSITE DES MASCAREIGNES

The router is found above near the window. According to me it is not a strategical
location, since it is visible to the public. Hence this may attract thieves or hackers.

Securing network at UDM

Page 9

UNIVERSITE DES MASCAREIGNES

Conclusion of the survey carried out:
According to the survey carried out on the physical security of the student network, I
have concluded that this network is not properly well secured. This may cause
serious harm to our network either by natural calamities or human activities in the
long run. In order to prevent these attacks some factors must be considered such as:
1. Lock up the server room
The server room is the heart of a physical network, and someone with physical
access to the servers, switches, routers, cables and other devices in that room can
do enormous damage. We should take into consideration that the server room is
properly locked.
2. Set up surveillance
Locking the door to the server room is first good step, but someone could break in,
or someone who has authorized access could misuse that authority. A log book for
signing in and out is the most elemental way of setting up the surveillance. But it has
a lot of drawbacks. A person with malicious intent is likely to just bypass it.
A video surveillance camera, placed in a location that makes it difficult to tamper with
or disable (or even to find) but gives a good view of persons entering and leaving
should supplement the log book or electronic access system. Surveillance cams can
monitor continuously, or they can use motion detection technology to record only
when someone is moving about. They can even be set up to send e-mail or cell
phone notification if motion is detected when it shouldn't be (such as after hours).
3. Use rack mount servers
Rack mount servers not only take up less server room real estate; they are also
easier to secure. Although smaller and arguably lighter than (some) tower systems,
they can easily be locked into closed racks that, once loaded with several servers,
can then be bolted to the floor, making the entire package almost impossible to
move, much less to steal. Also there must be a specific rack mount for
telecommunication wires, so that power cables are not mixed with data wires,

4. Wiring system of data cables :

All the data connections should be precisely connected, that is they must be cut to
the appropriate length and well wired in the locking cabinet, so that the door can be
nicely closed. Whenever the data cables are onto the surface of the walls, it should
be enclosed in a trunking. Cables, plugs, and other wires must be protected from
foot traffic: Tripping over loose wires is dangerous to both personnel and equipment.
Securing network at UDM

Page 10

UNIVERSITE DES MASCAREIGNES

5. Keep intruders from opening the case

Locking cabinets, routers and switches must be at a certain height, so that intruders
might not have access to networking devices. All routers and wifi must be put in an
enclosed locking cabinet otherwise be put into restricted places.

6. Regular monitoring.
Regular monitoring and analysing of security logs helps detect any unauthorized
intrusion attempts on the network. It is also wise to regularly review logs and assess
any data leaks and insider threats that may be present.

7. The need for UPS

Even though our uniniversity is equppied with a generator, incase of power failure,
the need of an online UPS is essential since switchover time can be as long as 60
seconds incase of a powerfailure. Hence where an unexpected power disruption
could cause injuries, fatalities, serious disruption or data loss.

Securing network at UDM

Page 11