Lab 14.1.8: Security Checklist

Lab 14.1.8: Security ChecklistEstimated Time: 30 minutesObjectiveEquipmentScenarioProceduresStep 1Upon completion of this lab, the student will analyze school computer security policiesand offer suggestions for improvement.The following item is needed to complete this exercise:• PencilThe school computing environment must be reviewed with an emphasis on security. Theinitial procedures for the review have already been completed.Answer the following questions to better assess the level of security at the school.List any measures taken to protect the premises against external intruders, such asguards, cameras, fences, and secure parking areas.______________________________________________________________________________________________________________________________________________________________________________________________________List any features used to secure the building, such as security doors, locked windows,and guards.______________________________________________________________________________________________________________________________________________________________________________________________________List the ways in which access to sensitive areas is controlled, such as by using keys,combination locks, and proximity readers.______________________________________________________________________________________________________________________________________________________________________________________________________List the people who control access to the sensitive areas of the building.1 - 3 IT Essentials II v2.0 - Lab 14.1.8 Copyright © 2002, Cisco Systems, Inc.

__________________________________________________________________Is there a security alarm on the building? Is there a separate alarm in the sensitive areaswithin the building?____________________________________________________________________________________________________________________________________How frequently is access to sensitive areas reviewed? Is it reviewed monthly, semiannually,annually, or never?__________________________________________________________________Are key card control measures in place for departing employees?__________________________________________________________________Are all production servers secured within a controlled access area?__________________________________________________________________Are all production servers secured within a locked rack? ________________________Are the cases on all production servers locked? Is access to the keys controlled?__________________________________________________________________Is removable media kept secured at all times? Where is this media secured? Is it securedin a desk, locked cabinet, next to the server, or offsite?__________________________________________________________________How recently have the physical security measures been audited? Was it an internal orexternal audit? Were any deficiencies corrected?__________________________________________________________________If a card reader system is being used, how often is usage monitored? By whom?__________________________________________________________________How easy is it to get on a computer connected to the network?__________________________________________________________________Step 2Are there any problems with the computer environment security? If so, list the problemsand possible solutions.____________________________________________________________________________________________________________________________________2 - 3 IT Essentials II v2.0 - Lab 14.1.8 Copyright © 2002, Cisco Systems, Inc.

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________TroubleshootingReflectionThe IT department should be up to date on all security measures. They should knowwhich personnel can access the main office and the sensitive equipment areas.Security is a very important part of the computing world. Which companies are most likelyto have very high security measures in place?____________________________________________________________________________________________________________________________________Is the security of the school sufficient? Why or why not?______________________________________________________________________________________________________________________________________________________________________________________________________3 - 3 IT Essentials II v2.0 - Lab 14.1.8 Copyright © 2002, Cisco Systems, Inc.