Handling Physical Security of Endpoint devices
While SecureDoc performs an invaluable service ensuring that data is protected by encryption, and that user access to SecureDoc-protected devices is locked down and governed by permitting only specific users to authenticate at Pre-Boot, there are other risks that any security-conscious organization should be aware of and include in its overall security design.
Tamper Labels
Use Tamper-labels to ensure the integrity of the device, once configured and deployed, is not compromised. Such labels usually incorporate a glue that is stronger than the labels themselves as well as a smooth surface that can show damage or tampering easily; as such cannot be peeled back or removed without showing damage to the label itself. Tamper labels should be placed across areas where the device can be opened or accessed, such as across the juncture between case elements, access panels and the like.
Tamper Label Management
There should be an IT-or-Audit/Oversight-maintained central registry of tamper label identifiers used, and on which devices. Where practical, the use of a digital camera to record labels and exact placement may be beneficial to prove tampering.
Tamper labels should be uniquely identified, and users should note the exact appearance or unique identifier(s) of the tamper label(s) used on the equipment they use.
IT or an audit oversight team or team member should, on an ongoing basis, maintain and review a registry of which tamper labels were used on which devices.
Any missing labels or unexplained gaps in label sequence should be investigated immediately.
Tamper Detection
Users should check regularly that the tamper labels are: a) intact; b) undamaged and c) display the expected/known label identifier(s).
Upon first noticing evidence of tampering, users should a) immediately disconnect the device from the network; b) unplug the device from mains power; c) immediately notify their company's security oversight team, or IT department, as well as their own manager.
In the event of label tampering, the device should be sequestered and not put into use until further investigation/analysis can be safely performed upon it.