Over the next several months, we will look at network security from a layer-by-layer point of view. We will work our way up through the OSI stack, starting at the physical layer and moving up toward the application layer. Let's get started by looking at physical security.

I have often been asked what physical security has to do with an IT administrator's logical network. My response is: "Everything!" I think that it is safe to say that without physical security, you have no security at all. Let's go through a few scenarios to see why.

1. Podslurping

Do your employees listen to music, and do any of them bring an iPod to work? While this may seem like a rather innocuous question, consider the possible threat of Podslurping.

Abe Usher wrote this controversial program to demonstrate the danger of iPods and other mass storage devices. Maybe someone on your cleaning crew comes in with an iPod and seems to go about his normal nightly activities. Once everyone is gone, this trusted member of the staff moves quickly from system to system using Podslurp to recursively search all subdirectories of each targeted computer looking for Word documents, PDFs, HTML files, and any other text documents that contain sensitive information. At the end of the shift, the employee walks out of the business with 30 GB or more of sensitive proprietary information.

If you want to learn more about Podslurp, check out the