1 - 3 IT Essentials II v2.0 - Lab 14.1.8 Copyright  2002, Cisco Systems, Inc. Lab 14.1.8: Security Checklist Estimated Time: 30 minutes Objective Upon completion of this lab, the student will analyze school computer security policies and offer suggestions for improvement. Equipment The following item is needed to complete this exercise: • Pencil Scenario The school computing environment must be reviewed with an emphasis on security. The initial procedures for the review have already been completed. Procedures Answer the following questions to better assess the level of security at the school. Step 1 List any measures taken to protect the premises against external intruders, such as guards, cameras, fences, and secure parking areas. __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ List any features used to secure the building, such as security doors, locked windows, and guards. __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ List the ways in which access to sensitive areas is controlled, such as by using keys, combination locks, and proximity readers. __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ List the people who control access to the sensitive areas of the building. 2 - 3 IT Essentials II v2.0 - Lab 14.1.8 Copyright  2002, Cisco Systems, Inc. __________________________________________________________________ Is there a security alarm on the building? Is there a separate alarm in the sensitive areas within the building? __________________________________________________________________ __________________________________________________________________ How frequently is access to sensitive areas reviewed? Is it reviewed monthly, semi- annually, annually, or never? __________________________________________________________________ Are key card control measures in place for departing employees? __________________________________________________________________ Are all production servers secured within a controlled access area? __________________________________________________________________ Are all production servers secured within a locked rack? ________________________ Are the cases on all production servers locked? Is access to the keys controlled? __________________________________________________________________ Is removable media kept secured at all times? Where is this media secured? Is it secured in a desk, locked cabinet, next to the server, or offsite? __________________________________________________________________ How recently have the physical security measures been audited? Was it an internal or external audit? Were any deficiencies corrected? __________________________________________________________________ If a card reader system is being used, how often is usage monitored? By whom? __________________________________________________________________ How easy is it to get on a computer connected to the network? __________________________________________________________________ Step 2 Are there any problems with the computer environment security? If so, list the problems and possible solutions. __________________________________________________________________ __________________________________________________________________ 3 - 3 IT Essentials II v2.0 - Lab 14.1.8 Copyright  2002, Cisco Systems, Inc. __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ Troubleshooting The IT department should be up to date on all security measures. They should know which personnel can access the main office and the sensitive equipment areas. Reflection Security is a very important part of the computing world. Which companies are most likely to have very high security measures in place? __________________________________________________________________ __________________________________________________________________ Is the security of the school sufficient? Why or why not? __________________________________________________________________ __________________________________________________________________ __________________________________________________________________ . Lab 14.1.8: Security Checklist Estimated Time: 30 minutes Objective Upon completion of this lab, the student will analyze school computer security policies. on security. The initial procedures for the review have already been completed. Procedures Answer the following questions to better assess the level of security