Controlling computer physical access is always key to strong computer security. Controlling logical access can be more complicated and may not be fully secure as it is exposed to hackers. Physical access, however, is more a matter of doors and locks and other more concrete security measures. Once a person has physical access to a computer, with or without passwords, security is generally at risk.
Physical Computer Access
Physical computer access means the ability to see, touch and modify computer installations. Server installations usually take this kind of access seriously and provide locked access to the server room. Physical access to a desktop computer is usually not as tightly controlled, even more so with laptops that may roam anywhere with data on board.
Types of Logical Computer Access
Logical computer access is usually network access through a company intranet or the Internet. "Ports" are defined for different types of logical access for logging in, accessing file shares, browsing a Web server, sending e-mail or transferring files directly. Most logical access involves some kind of identity confirmation, whether a typed password, security token or just identity or IP (Internet Protocol) address on an allowed list.
Security Risks for Physical Computer Access
"Social engineering" attacks can gain access to a physically secure computer system. A repairman, electrician or network consultant could be a disguised intruder. Most operating systems have ways of gaining access if the user has physical access to the computer, and if the objective is theft of data, removing a disk drive in server storage systems can be a quick operation. More subtle attacks, such as adding a connection to a private network, can also be accomplished quickly.
Security Risks for Logical Computer Access
Logical computer access risks include authorised and unauthorised access. Someone with authorised access can break trust and share information, sabotage or modify code or delete information. Unauthorised users can do the same with perhaps less ease. Unauthorised users may gain access through guessed or stolen passwords but also through software defects, particularly in programs that run with a high level of access with the assumption that the program will enforce security. This can include parts of a public Web server.
Protection Against Unauthorized Logical and Physical Access
The key to security is to assume that unauthorised access can happen. In addition to protection software and physical security, monitoring and auditing software are important to determine when a potential security breach has occurred and to prioritise events so that an operator can review them for risk.
Unified Access Trend
"Unified access" is being offered as a solution for control of both physical and logical access, using a card-based key or other common access device to access physical doors and identify the user on the computer network. For government facilities, Homeland Security Presidential Directive 12 (HSPD-12) is guiding implementation of unified access.