Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!julius.cs.uiuc.edu!apple!agate!ucbvax!gdr.bath.ac.uk!P.E.Smee
From: P.E.Smee@gdr.bath.ac.uk
Newsgroups: misc.security
Subject: Re: Physical security of terminals
Message-ID: <9012110452.AA27741@ucbarpa.Berkeley.EDU>
Date: 14 Nov 90 11:24:41 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 49
Approved: security@rutgers.edu

We've got several similar terminal rooms.  My first advice would have
to be 'get a good insurance policy'.  However, we don't actually have
much trouble -- here's what we do:

1 - Some equipment is bolted down.  Most, however, is only protected by
a 'limpet' security system.  (You see these in shops -- a little doobry
stuck to the device, and connected by wire and plug to an 'alarm' ring.
The alarm is set off if the limpet is unstuck from the device, or the
wire cut or detached.  It's an n-wire flex using both normally-open and
normally closed switches, not color-coded, so that you would have to be
pretty lucky to be able to defeat them by exposing the inner wires and
shorting across the proper two.

2 - Closed-circuit TV monitor, transmitting back to our campus security
office (rentacops).

3 - All machines clearly and irretrievably marked with University ID.
Unlike marking your home stuff, there are no points for aesthetics.
You can mark the thing up such that removing the marked bits makes them
un-saleable.

4 - Keypad doorlocks.  All our 24-hour terminal rooms have electronic
keypad doorlocks, and attempts to mung them are monitored at the
security office (yet again).  The number is changed monthly, and the
new number is announced only on our 'proper login' hosts.  So, you have
to login to one of our systems during the working day (which means we
basically have password security) in order to find out the number to
use out-of-hours to open the door.  People without login accounts can
get the number by appearing in person, during working hours and with
proper ID, at the Computing Service reception desk.

(One of the other British Universities, I believe Oxford, uses
'card-wipe' door locks, which are opened by a magnetic stripe on
student and staff ID cards.  Whoever this is also uses the technology
as an integrated library card, sports-facility card, ...)

5 - Make sure there is a phone in the room.  This phone MUST be able to
get to police, fire, emergency medical, and university security
numbers, at any time.  (A hot-line to security or the University
operators is fine, if there is someone guaranteed to be there 24 hours
a day.  Otherwise, you need a clever phone or switchboard.)

This 'works', in the sense that most computing equipment stolen from
us is NOT stolen from one of the 24-hour terminal rooms, but rather by
breaking into private offices in some of our more isolated buildings.

-- 
Paul Smee, Computing Service, University of Bristol, Bristol BS8 1UD, UK
 P.Smee@bristol.ac.uk - ..!uunet!ukc!bsmail!p.smee - Tel +44 272 303132