Computer Protection Program at Berkeley Lab

Emergencies | Site Index | Contact Us


	CPP Home

	Contacts

	Policy Guidelines

	Minimum Security Requirements

	Employee Guidelines

	Computer Protection Agreement

	RPM

	DOE Notice to Users

	Scan Information

	System Procedures

	Tools & Services

	ALERTS

	Recent CPP Actions

	News & Articles

	CPP Intranet

POLICY GUIDELINES

Physical Security for IT Assets

All employees, guests, and collaborators share in the responsibility to protect the Laboratory's information assets and resources. Physical security of IT assets is an important component of this responsibility. Physical security provides the first line of defense in cyber security - someone who can steal your machine - or sit down at it and start working - represents as much potential disruption to your work or data as cyber incidents do.

Here are some guidelines to assist you with physical security.

1. Adopt a graded approach.

Physical security of IT resources at LBNL should follow a graded appraoch. Use additional caution with those devices that contain information where the confidentiality, integrity, or availability of the information is of greater importance. Take reasonable steps to protect your devices like locking your workspace after hours, placing laptops in inconspicuous locations when unattended in your office, home, or hotel room, and using additional measures such as laptop-locks and computer-locks where appropriate.

Links: Hardcore SANS Info on IT Physical Security, Microsoft Suggestions

2. Use Caution with Portable Devices

Portable devices such as laptops, CDs, and USB memory keys are easily lost and are often an attractive target for thieves looking for the device - or the information it contains. Never store Protected Information on a portable device or assume that information on your laptop or USB thumb drive are "safe". Assume that portable devices will eventually be lost or destroyed.

Links: US CERT Tips, Do not let this happen at LBL

Cafe Laptop Thefts: Be Alert!
A small but troubling number of incidents of laptops being stolen from cafes have been happening around the Bay Area. Typically, the user is working on their system at an outdoor or indoor table and the laptop is grabbed and stolen. In one incident, the victim provided no resistance but was nevertheless stabbed by the assailant. Be alert to your surroundings - laptops are one of the few multi-thousand dollar items most people would leave out on a table in public! Of course, never risk your personal safety protecting your laptop. As always, don't store anything on your personal computer that you can't live without and don't ever store protected personal information. Always report the theft of any LBNL equipment or information immediately to the Security and Emergnecy Operations Group.

Previous Alerts:
CompNews on integrating physical and IT safeguards.>>more>>

3. Ensure adequate protection against environmental threats

In a graded manner, ensure that you have identified physical threats in your workplace and have considered the impact of the loss of your systems (for instance, from an earthquake) on your research or other work. Adequate backups may mitigate some of this risk. For information about IT's backup service offerings, visit the backups website.

4. Use Appropriate Technical Controls

Easy technical controls include screen saver timeouts and BIOS passwords which prevent someone with physical access to your system from easily accessing its data. Likewise, encryption of your portable or desktop device provides a strong additional safeguard since loss of the device does not mean an exposure of the data. However, you should familiarize yourself with the potential pitfalls of file and disk encryption. Ensure that at least two people have recovery capabilities for your system if you encrypt it and ensure that your keys and passphrases are appropriately protected. Ensure you also familiarize yourself with the behavior of whatever encryption system you are using. For instance, in Windows, copying an encrypted file to an unencrypted location, will decrypt the file. For more information, contact cppm@lbl.gov
Links: CPP Encryption Pages, Windows Best Practices for Encryption

5. Talk to your facilities manager or property representative if you have any additional concerns about Physical Security. You can also contact cppm@lbl.gov for a referral.