S 1.46 Use of anti-theft devices

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Head of IT

Anti-theft devices should be used wherever valuable items need to be protected or where other safeguards, such as appropriate control of access to the workstations, cannot be implemented, as is the case for laptops during mobile use. Anti-theft devices are useful in places to which the public have access or where the fluctuation of users is extremely high. In this respect, it should always be taken into account that the values to be protected consist only to a small part of the replacement costs for the device, but rather that it is necessary to take into consideration the value of the data stored on laptops and similar IT systems.

Preventing a "cold boot attack"

In areas which are not protected adequately against unauthorised access, the memory could be read, for example by a "cold boot attack". The same applies to systems which were set into a standby mode by "Suspend to RAM".

In the event of a cold boot attack, the memory modules are cooled greatly before the system is switched off. Thus, the contents of the memory are retained for several minutes and can be read during this period of time using a suitable device.

Cold boot attacks can only be prevented if attackers have no opportunity to access the memory of an active IT system without any interruption. An access protection such as a physically locked computer casing makes it difficult to open an IT system in an unauthorised manner in order to cool down and remove the memory, but it cannot prevent it permanently. Therefore, an unused IT system should always be switched off if it is not located in areas with access protection.

Types of anti-theft devices

Not only the object to be protected, but also the monitor, keyboard and other accessories should be fitted with anti-theft devices.

There are now various types of anti-theft devices available on the market. First of all, these devices can be divided into mechanical and electronic protection devices.

The mechanical safeguards include, among other things, cable protection devices, casing protection devices (to protect the casing against being opened), protective plates and protective casings. On the one hand, there are anti-theft devices for hardware which protect IT equipment, for example by connecting the IT system to the desk. On the other hand, there are also a number of security mechanisms to prevent thieves from opening the casing and stealing components or manipulating security-related settings, for example by removing security cards.

When procuring mechanical protection devices, it is important to select a good lock equipped with a locking system adapted to the respective requirements. Depending on the product, different locking systems are possible:

• Keyed alike: A key can be used for all protection devices of an organisation, department etc. Such a product has the advantage that the time and expenditure required for the key management is lower. However, it has the disadvantage that a large number of similar keys may be in circulation and that it is often not possible to secure evidence in the event of damage.
• Individually keyed: Each protection device has an individual key. This has the disadvantage that the time and expenditure required for the key management is higher. However, it has the advantage that there are fewer key duplicates.
• Main key system: Each protection device has an individual key, but it can also be opened using a main key. This has the advantage that the time and expenditure required for the key management is lower. However, it has the disadvantage that such systems are more expensive.

Most notebooks - but also many other devices - have a small slot which is marked with a chain or lock symbol. This small opening (approx. 3 x 7 mm) is located at the side or rear on the device. There is a wide range of cable protection devices and other products which use this opening for the protection devices of the device to be protected.

For cable protection devices, it is only necessary to sling a cable loop around a solid object next to the device, to pull the associated lock through the created tongue and to lock it afterwards.

For devices that are not equipped with such an opening - or if such an opening is not strong enough - protection products, for which a stable plate is glued on the device to be protected, are available. The cable lock is then fastened to it.

In addition, there are also electronic protection devices triggering, for example, an acoustic deterrent alarm on the device itself aimed at prompting potential thieves to leave without the device.

When new IT equipment is procured, it should be ensured that it has eyes on the casing so that it can be attached to other objects and that the casing can be locked.

Review questions:

• Are there provisions and rules on the procurement and use of anti-theft devices?