Hardware Assets

Hardware assets are the assets that can be physically touched. They include any type of computers, such as servers or desktop PCs; networking devices, such as routers and switches; and network appliances, such as firewalls and spam appliances. Not all organizations have the same hardware assets, so being aware of the assets a specific company has is important.

NOTE

Most organizations use databases to track hardware assets.

However, much more information than just the number of devices the company owns must be identified. Some of this other information includes:

  • Location
  • Manufacturer
  • Model number
  • Hardware components, such as processor and random access memory (RAM)
  • Hardware peripherals, such as add-on network interface cards (NICs)
  • Basic input/output system (BIOS) version

This list may seem like overkill, but it’s not. All the details of the hardware need to be known for successful security and configuration management. Following are a few examples where this information is useful.

Microsoft released patches to its operating systems (OSs) that put systems into an endless reboot cycle. The systems start to boot, crash into a blue screen, recover to start to boot again, and crash again. When this cycle occurs, the problem is often with a specific manufacturer and model number. Sometimes, it happens because of a specific driver or the way the systems were prepared before being shipped. Having the manufacturer and model numbers in the inventory will easily provide the ability to see whether a Microsoft update will affect operations.

NOTE

Hardware inventories can also help in identifying unneeded components. For example, some systems may include modems, which can present a significant risk. If users dial in to an Internet service provider (ISP) to access the Internet, the connection isn’t controlled.

Similarly, for example, a serious exploit is discovered that affects specific routers. If the hardware inventory includes the manufacturer and model numbers of routers, knowing whether the routers are vulnerable will be easy to determine. Without an inventory, the routers’ vulnerability may not be known until after a successful attack has occurred.

Controlling Hardware Purchases

Many organizations have policies to control hardware purchases. Only hardware on the approved hardware list can be purchased. Although this is often inconvenient for the users, it provides an added layer of security.

First, verifying that the hardware on the approved list has only the necessary components for the environment should be done. If a component hasn’t been added, there are no risks for that component. However, if an unnecessary component is added, it needs to be managed to reduce any potential risks.

Second, controlling the number of configurations introduced in the environment improves availability. For example, if all the users have identical desktop PCs, desktop support personnel need to learn the specifics of only one system. Once they master the one system, they can easily troubleshoot all the systems. On the other hand, if the environment has 30 different types of desktop PCs, they can be harder to troubleshoot.

Users could visit sites normally blocked by the proxy server. They could download malware that would normally be filtered by the firewall. The dial-up modem allows the system to bypass all controls and provide access to the Internet. Removing the modem removes the risk.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.117.103.219