1. Submitted to: Dr. Carmelo JohnVidal
MIT Major in CYBERSECURITY
Course/Subject: INFORMATION TECHNOLOGY RESEARCH
Submitted by: Erickxander Garin
2. The security of servers is paramount for ensuring the uninterrupted
operation of digital services and the protection of sensitive information.
Several challenges contribute to the vulnerability of servers in the
current landscape in:
CyberThreat Landscape is evolving nature of cyber threats, including malware,
ransomware, and advanced persistent threats, poses a constant and dynamic
challenge to the security of servers specially in its hardware side protection.
Data Breaches and Privacy Concerns is rising frequency of data breaches and puts
confidential information at risk, leading to financial losses, reputational damage,
and legal implications. Safeguarding user data and ensuring compliance with
privacy regulations are critical aspects of server security thru installation of cctv
and other protection in its hardware functions.
The primary objective of this study is to develop and implement
comprehensive strategies for enhancing server security in its physical
form.
3. 1. Assessing the current state of server security in diverse environments.
2. Identifying and prioritizing vulnerabilities and potential threats.
3. Proposing and implementing effective security measures, including
encryption, access controls, and intrusion detection/prevention
systems.
4. Developing protocols for incident response and recovery in the event of
a security breach.
5. Evaluating the effectiveness of security measures through continuous
monitoring and testing.
4. 1. Investigating security concerns related to the supply chain of server
components, including software and most the protection of its
hardware, can be an essential aspect
2. focusing on developing the models and tools for dynamic risk
assessment that adapt to changing threat landscapes.
3. Enhancing methods for rapid incident response and efficient recovery
after a security breach is crucial.
4. Understanding the role of human behavior in server security
5. ensuring server security compliance with evolving regulatory
requirements and industry standards.
5. One of the most important components of total server security is protecting a Conceptual Framework
server's physical architecture. The purpose of physical security measures is to prevent theft, unauthorized
access, and damage to the server hardware and data. The following are some important things to keep in
mind when protecting a Conceptual Framework server's physical form:
1. Access Control:
Secure Location: Place servers in a physically secure environment, such as a dedicated server room or data
center. Limit access to authorized personnel only.
Biometric Access: Implement biometric access controls, such as fingerprint or retina scans, to ensure that
only authorized individuals can access the server room.
2. Surveillance:
VideoCameras: Install surveillance cameras in and around the server room to monitor and record
any unauthorized access or suspicious activities.
Motion Sensors:Use motion sensors to detect movement in restricted areas and trigger alarms.
3. EnvironmentalControls:
Temperature and Humidity Monitoring: Maintain optimal environmental conditions to ensure the
server's performance and longevity. Install sensors to monitor temperature and humidity levels and
alert personnel if they exceed predefined thresholds.
Fire Suppression: Implement fire suppression systems to protect servers from fire hazards.These
systems should not damage the servers while extinguishing the fire.
6. 4. Rack Security:
Locking Cabinets: Use locking cabinets or racks to physically secure servers.This prevents unauthorized
individuals from tampering with or removing server hardware.
Cable Management: Ensure proper cable management to prevent tripping hazards and to maintain a neat
and organized server environment.
5. Power Supply:
Uninterruptible Power Supply (UPS): Install UPS systems to provide a stable power supply and protect
against power surges or outages.This helps prevent data loss and hardware damage.
Power Distribution Units (PDUs): Use PDUs with built-in surge protection to distribute power to servers
safely.
6. Security Policies and Training:
Personnel Training: Educate personnel about the importance of physical security and
implement security policies. Ensure that employees are aware of the procedures to follow in
case of security incidents.
7. Remote Management:
Out-of-Band Management: Implement remote management capabilities for servers.This
allows administrators to monitor and manage servers even if they are not physically present.
8.Vendor Access Controls:
Vendor Procedures: If third-party vendors require access to the server room, establish strict
access procedures and monitor their activities closely.
7. 9. RegularAudits and Inspections:
Physical SecurityAudits (PSA):Conduct regular audits and inspections of the physical security
measures to identify and address vulnerabilities.
By implementing a comprehensive physical security plan, organizations can enhance the
overall security of their Conceptual Framework servers and protect valuable data and resources
from physical threats.
8. How can University of Luzon Network Operating System
ensure the security of the physical server today and in
the succeeding years to come.
9. What are the sub-problems of Securing server in its physical form?
Sub-problem 1: Securing a server in Access Control
The means of making sure that no unauthorized people can access it or tamper with it in NOC (Network
Operating Center).This involves things like using locks, access controls, and surveillance to protect the
server from physical threats.
Sub-problem 2: EnvironmentalControls
Temperature and Humidity Monitoring in Maintaining the optimal environmental conditions to ensure
the server's performance and longevity. Install sensors to monitor temperature and humidity levels and
alert personnel if they exceed predefined thresholds. Due to people always entering the office and no
specific room or unstable room temperature of the server itself in NOC the servers is not good and my
become a potential problem later on.
Sub-problem 3: PersonnelTraining:
Educate personnel ‘s that maintain the server and the importance of physical security and
implement security policies. Ensure that employees are aware of the procedures to follow in
case of security incidents.
10. Sub-problem 4: Remote Management andVendor Access Controls
Problems may rise in Implement remote management capabilities for servers.This will
lead problems to administrators that monitor s and manage servers even if they are
not physically present However without proper training and controls in place, data’s
can be compromised, leading to privacy violations and potential threats.
If there is no agreement and contract of the third-party vendors that require access to
the server room, there is a possible threat that can arise in establishing and stricting the
access procedures and no one can monitor their activities closely.
11. Examining the architecture and physical components that support servers is a necessary part of
studying server security in its physical form. Although this is a crucial component of total
security, there are a number of drawbacks and difficulties with this strategy:
Inadequate Security Image
A complete picture of server security cannot be obtained by concentrating only on physical
protection. It is imperative to think about a comprehensive strategy that incorporates
human access controls, software security, and network security.
Restricted Range:
Threats that are physically present at the server site are the only ones that physical security
addresses. Cyberthreats, remote attacks, and other vulnerabilities unrelated to the physical
environment might not be taken into consideration.
Human Aspect
Physical security protocols are frequently susceptible to human factors like carelessness,
insider threats, and social engineering. An unapproved individual
12. The study of server security in its physical form is crucial for several reasons, as it addresses the
foundational aspects of safeguarding computing infrastructure. Here are key reasons highlighting the
importance of focusing on the physical security of servers.
Data Security:
• By preventing unwanted access to servers, physical security measures guard sensitive information
from loss, alteration, or destruction. Ensuring the confidentiality, integrity, and accessibility of vital
information is contingent upon this.
Stopping Unauthorized Entry:
• Physical security makes sure that only individuals with permission may enter data centers or server
rooms. Unauthorized access can result in service interruptions, unauthorized alterations, and data
breaches.
Reducing Insider Dangers:
•When it comes to preventing insider threats, such as those from workers or outside contractors who
could physically own server infrastructure, physical security measures are crucial. It assists with
preventing harm from being done, either purposefully or accidentally, by those who are physically
close to the servers.
Business Interruption:
• Guarding against physical dangers including water, fire, and natural catastrophes in the automate
system in the NOC in the evolution of new information and communication technology (ICT).
13. NOC - Network Operation Center
UPS - Uninterruptible Power Supply
PDUs - Power Distribution Units
PSA - Physical Security Audits
ICT - Information and Communication Technology
IOT - Internet ofThings
IIOT - Industrial Internet ofThings
CPS - cyber-physical systems
DPA - Data Privacy Act
14. Cybersecurity is receiving a lot of attention as cyber attacks are reported on a daily basis.
As more devices become connected to the internet, they become attractive targets for criminals.
Therefore, the attack surface increases exponentially especially in securing the physical server itself.
The introduction and integration of Internet ofThings (IoT) and Industrial Internet ofThings (IIoT)
devices has led to increasingly interconnected cyber-physical systems (CPS), increasing the attack
surface and expanding previously obvious cyber Security features have been enhanced and physical
security has become blurred and safety as with any technological advancement, connected devices
have become common targets for cybercriminals looking to steal valuable data and, in some cases,
destroy property.
Connectivity comes at a price, and effective cybersecurity protection of connected devices goes
hand in hand with physical security, both in the physical and digital domains to reflect the
increasingly connected world in which we operate and no matter what industry your company
operates in, it's important to understand why cybersecurity is needed to support physical security of a
server
It comes as no surprise to the security industry that devices ranging from doorbells to artificial hearts
to surveillance cameras can become targets for cybercriminals, while this is no longer strictly a
technology issue, people, processes, and technology are all at risk if proper precautions are not taken.
https://www.compassitc.com/blog/cyber-physical-security-why-you-need-both
15. In today’s security landscape, very few businesses are running without CPS in place. However, as IoT
technology evolves and more systems move into the cloud, companies need to re-examine their
strategies constantly.Traditionally, physical security measures such as access control, security
personnel, and surveillance were treated as standalone functions, with little regard for how data and
IT systems are innately linked to physical security. When applications and systems are increasingly
mobile or cloud-based, it is almost impossible to achieve compliance for sensitive data and identity
protection without an integrated physical and cybersecurity strategy. Systems and devices can
provide threat actors with additional attack vectors to connect to networks, infect other devices, and
exfiltrate data.Today, organizations must consider physical security as a primary pillar of
cybersecurity.
Examples of incidents involving cyber and physical can be categorized three ways:
16. Cyberattack on physical systems
In March of 2021, more than 150,000 cloud-basedVerkada physical security cameras were hacked.
This incident provided the hackers with access to thousands of cameras through a broad cross-section
of industries, from hospitals, schools, and corporate offices to police stations and jails. Not only were
the hackers able to see into a variety of facilities, but they also accessed certain private data. For
example, they saved video footage taken from the home of a Verkada employee of inmates in
detention facilities. They had insight into who used access cards to enter certain hospital rooms.The
hackers gained access toVerkada via a username and password for an administrator account that was
publicly exposed on the Internet.
Physical systems used in cyberattacks
Mirai was one of the most infamous botnet attacks in 2016 and was the first significant botnet to
infect insecure IoT devices.The Mirai botnet resulted in a massive, distributed denial of service
(DDoS) attack that left much of the Internet inaccessible on the east coast of the United States.
Physical security of cyber systems
On April 21, 2017, Lifespan Corporation filed a breach report with OCR regarding the theft of a
laptop when an employee’s car was broken into.The laptop was unencrypted and contained
electronic protected health information, including patients’ names, medical record numbers,
demographic data, and medication information.The laptop was never recovered.
17. The research method proposed for this study is the mixed-methods approach, which
combines both quantitative and qualitative research methods. This approach provides a more
comprehensive understanding of the research problem and allows for a more robust analysis
of the data.
Quantitative research will be conducted through a survey of NOC to gather data on
their awareness and perception of the NOC’s physical server protection measures. The survey
will include questions on the Network Admin, tech supports and owner of the school’
understanding of the DPA, their level of trust in the NOC’s data security in securing physical
server, and their satisfaction with the current data protection measures in place. The survey will
be administered online and in-person, and the data will be analyzed using statistical methods
to identify trends and patterns.
Qualitative research will be conducted through in-depth interviews with key
stakeholders in the University of Luzon NOC (Network Operations Center), such as senior
management, IT personnel, and data protection officers. The interviews will focus on the
current data protection policies and procedures in place, the challenges faced by the NOC in
ensuring physical server security, and their recommendations for improving data protection
measures. The interviews will be transcribed and analyzed using thematic analysis to identify
key themes and patterns.
18. The participants/respondent of the said topic will be 50 persons in number. They
are the school administration, Net admin, Tech. Support and faculty members who are
randomly selected by the researcher. All of them are employees of University of Luzon.
19. After the ruins ofWorldWar II, DagupanCity rose to become one of the major economic, political
and socio-cultural centers of Northern Luzon.At the core of this development were the academic institutions
that served to produce the prime movers of society.
In that fateful year of 1948, Atty. Luis F. Samson, Sr. gathered his friends: Atty. Liberato Ll. Reyna, Sr., Dean
Basilio Fernandez and Servillano Romasanta.Together, they designed the blueprint of the then Luzon
College of Commerce and BusinessAdministration (LCCBA).They endeavored with zeal and energy to
establish in this part of the country a system of education, genuinely Filipino, through the instrumentality of
the LCCBA.
Inspired by Dr. Samson’s initiative, these pioneers in the field of education dared think of country and
national ideals at a time when patriotism was not paid a high premium and love for truth and knowledge
were not deemed as virtues of considerable values and that powerful glow which was lit in 1948 contributed
to the vanguard of a movement that was bound to grow and develop with the passing of years. In 1952,
LCCBA was renamed LuzonColleges (LC). From the initial enrolment of 243, LC held as many as more than
16,000 students at the onset to the middle part of the 80’s.
Recognizing its solid achievements and capabilities, the Commission on Higher Education granted university
status to the LuzonColleges in 2002.After more than half a century, the founders’ dream was finally fulfilled
and the University of Luzon (UL) took its place in the rich history of Northern Luzon.
For nearly six decades, UL reigned as one of the top educational institutions in Northern Luzon. It chalked up
a string of top notchers in the PRC Licensure Examinations including 9 first placers, 68 second to 10th placers
and 36 11th to 20th placers in the last 20 years.This is on top of a consistently impressive passing rate.
20. Research instruments used in the research study are survey forms (checklist and rating
scale), interviews and observation schedule. These chosen instruments will be used in the
collection of data are to test the validity and reliability of the research study being conducted.
Survey forms will be used in data collection. A systematically prepared form with a set of questions
designed to get and produce responses from respondents.
The researchers already have a ready-made and comprehensive set of questions. Semi-structured
questionnaire will be used. At the first part of the survey form, a Likert Scale is used.
According to smartsurvey, the semi-structured questionnaire is also a document that can be used
to collect data feedback from respondents. However, unlike the structured questionnaire, which
only uses closed questions, the semi-structured questionnaire includes open-ended questions too,
so that both quantitative and qualitative information can be gathered.
While the semi-structured questionnaire includes some predefined questions, it also allows an
interviewer to administer some of their own questions that have not been planned in advance.
Subsequently, this can enable a more fluid conversation that gives the interviewer the option to
explore particular themes or responses in more depth, if they hear anything they feel could further
benefit their research.
https://www.smartsurvey .co.uk/blog/structured-or-semi-structured-
questionnaire#:~:text=The%20structured%20questionnaire%20is%20a,a%20set%20of %20predefined%20answers.
21. The researcher made a letter of approval that approved by the School President.
The researcher agreed to conduct the study at University of Luzon through observing,
describing, comparing, evaluating and understanding different aspects of a research
problem.
The researcher had given an ample time, exert a lot of efforts, and collaboration in
developing the questionnaire so as to serve its proposed respondents. This survey was
created using suitable questions modified from related research and individual questions
formed by the researcher.
The data will be gathered through randomly selected in answering of the questionnaire list
in. The researcher used the time for vacant to avoid distractions of office and school works
such as teaching class of the faculty members and the school administration’s office works.
Copies of survey questionnaires were distributed to randomly selected school administration
and the faculty members. In reviewing the related literature and studies needed to provide
an in-depth background and meaningful answer to the research problems, books, and online
journals were consulted and cited.
22. The researcher prepared a tabulation to tabulate the result of the survey form. On
the first part of survey questionnaire using Likert Scale will be answerable by the following:
very bad (1 pt), bad (2 pts.), neutral (3 pts.), good (4 pts.), and very good (5 pts.)
While the second part , short questions are given along with the choices given below each
questions and the respondent will indicate his or her response by checking tick-marks.
Interviews will be used to meet face-to-face with individuals to interact and generate ideas
coming from the NOC department. It is an interaction in which oral questions are posed by
the interviewer to get and produce oral response from the interviewee. The researcher has
to identify a potential source of information, and structure the interaction in a manner that
will bring out relevant information from the respondents.
23. Unstructured interview will be used, which is less formal, casual type. Sets of
questions will be used. The interviewer freely modifies the sequence of questions,
rephrase/paraphrase and sometimes explains them or adds to them during the interview.
This will be used to project a free, flexible and relaxed interaction. Observation will also be
used to obtain data, in order to obtain first-hand information about the securing the
physical server and cybersecurity that will lead to their decision-making.
The researcher found out that most of the respondents really had a bad answers regarding
the topic. For them cybersecurity gone wrong here in the school because files were lost and
they will start again from zero just have a file copy of some informations and data of the
school.
Some are also answered very good because the school has computers and in some rooms
has monitor and CCTV for the students’ protection. It is a mandatory in the school premises
to be aware that in every corner of the school there was a CCTV especially in the NOC
department which is the location of the physical server.
So, this research will be of great help for the school administration, Network Admins, Tech
support and faculty members, and it is a must to have a knowledge about Securing the
physical server itself.