121 lines
8.2 KiB
HTML
121 lines
8.2 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Plan physical workstation security" />
|
||
|
<meta name="abstract" content="This topic describes the security risks and recommendations for workstations." />
|
||
|
<meta name="description" content="This topic describes the security risks and recommendations for workstations." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysec.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanphysecsysdoc.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanphyprintersec.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="planphystationsec" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Plan physical workstation security</title>
|
||
|
</head>
|
||
|
<body id="planphystationsec"><a name="planphystationsec"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Plan physical workstation security</h1>
|
||
|
<div><p>This topic describes the security risks and recommendations for
|
||
|
workstations.</p>
|
||
|
<p>You might want all users to be able to sign on at any available workstation
|
||
|
and perform all authorized functions. However, if you have workstations that
|
||
|
are either very public or very private, you might want to ensure that unauthorized
|
||
|
users do not access functions on those workstations.</p>
|
||
|
<div class="p"><strong>Risks associated with workstations</strong><dl><dt class="dlterm">Using a workstation in a public location for unauthorized purposes</dt>
|
||
|
<dd>If people outside your company can easily access locations, they could
|
||
|
potentially see confidential information. If a system user leaves a workstation
|
||
|
signed on, someone from outside the company might be able to walk up and access
|
||
|
confidential information. </dd>
|
||
|
<dt class="dlterm">Using a workstation in a private location for unauthorized purposes</dt>
|
||
|
<dd>A workstation located in a private location gives an intruder the opportunity
|
||
|
to spend long hours trying to circumvent your security without being observed.</dd>
|
||
|
<dt class="dlterm">Using the playback function or a PC signon program on a display station
|
||
|
to circumvent security measures</dt>
|
||
|
<dd>Many display stations have a record and playback function, that allows
|
||
|
users to store frequently used keystrokes and repeat them by pressing a single
|
||
|
key. When you use a personal computer as a workstation on the system, you
|
||
|
can write a program to automate the signon process. Because users frequently
|
||
|
use the signon process , they might decide to store their user IDs and passwords,
|
||
|
rather than typing them every time they sign on.</dd>
|
||
|
</dl>
|
||
|
</div>
|
||
|
<p><strong>What to do to keep your workstation secure</strong></p>
|
||
|
<p>You need to identify which workstations might pose a security risk. The
|
||
|
following information suggests ways to keep your workstation secure. Record
|
||
|
your choices on the Workstations and Printers section of the <a href="rzamvphysecplanworksheet.htm#physecplanworksheet">Physical
|
||
|
Security Planning worksheet</a>. Also see <a href="#planphystationsec__workstation_example">Example: Physical security planning form—workstations and printers</a>.</p>
|
||
|
<div class="p"><ul><li>Avoid placing workstations in very public or private locations.</li>
|
||
|
<li>Remind users that recording a password in a display station or in a PC
|
||
|
program violates system security.</li>
|
||
|
<li>Require users to sign off before leaving a workstation.</li>
|
||
|
<li>Take measures, such as using the inactive timer system values (WINACTITV
|
||
|
and QINACTMSCQ), to prevent users from leaving workstations in public locations
|
||
|
without signing off the system.</li>
|
||
|
<li>Restrict access to vulnerable workstations: <ul><li>Permit only user profiles with limited function.</li>
|
||
|
<li>Prevent people with security officer or service authority from signing
|
||
|
on at every workstation using the QLMTSECOFR system value.</li>
|
||
|
<li>Restrict users from signing on at more than one workstation at the same
|
||
|
time using the QLMTDEVSSN system value.</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>Restrict *CHANGE authority to printers and other devices.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<div class="section" id="planphystationsec__workstation_example"><a name="planphystationsec__workstation_example"><!-- --></a><h4 class="sectiontitle">Example: Physical security planning
|
||
|
form—workstations and printers</h4>
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Physical
|
||
|
security planning form: Workstations and printers</caption><thead align="left"><tr><th colspan="4" valign="top" id="d0e78">Workstations and printers</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody><tr><td valign="top" width="25%" headers="d0e78 ">Workstation or printer name</td>
|
||
|
<td valign="top" width="25%" headers="d0e78 ">Its location or description</td>
|
||
|
<td valign="top" width="25%" headers="d0e78 ">Security exposure</td>
|
||
|
<td valign="top" width="25%" headers="d0e78 ">Protective measures to be taken</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">DSP06</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Loading docks</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Too public</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Automatic signoff. Limit functions that can
|
||
|
be completed at the workstation.</kbd></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">RMT12</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Remote sales office</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Too private</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Do not let security officer sign on there.</kbd></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">PRT01</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Accounting office</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Confidential information, such as price
|
||
|
lists, could be seen.</kbd></td>
|
||
|
<td valign="top" width="25%" headers="d0e78 "><kbd class="userinput">Place printer in a locked room. Remind users
|
||
|
to pick up confidential output within 30 minutes.</kbd></td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanphysec.htm" title="This topic describes physical security, the key tasks for planning physical security, and explains why these tasks are important.">Plan physical security</a></div>
|
||
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzamvplanphysecsysdoc.htm" title="This topic describes the importance of securing important system documentation and storage media. Emphasis placed on storing these items in two locations, both on-site and offsite.">Plan physical security for system documentation and storage media</a></div>
|
||
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzamvplanphyprintersec.htm" title="This topic describes the risks and recommendations for securing printers and printer output.">Plan physical security for printers and printer output</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|