I experienced a near direct lightning strike on my New Mexico house in August. Unfortunately my Toshiba laptop was connected at the power outlet and at the phone connection. The laptop got zapped big time, as well as the house sound system, dishwasher, two of three phone plugs, and VCR. About half of the house electrical circuits were kicked off-line and had to be reset. One phone plug and phone continued to work as well as some of the electrical circuits.

Needless to say, the lightning strike was upsetting. I was using some vacation time to write this article and another review, as well as take care of other business, things that had to be done in this time frame. I had to return to San Antonio to pickup another computer and reload the data I needed. Vacation time, travel expenses, and frustration of loading a new computer with all the required data, not to mention contacting the insurance company and acquiring a new computer really made this vacation period a bummer. We did return to San Antonio, obtain the new computer, load it, contact the insurance company and return to Angel Fire, NM.

The Toshiba laptop suffered damages of a complete burn down. It would not restart. It had a 3Com Megahertz 10/100 LAN/Modem PC Card installed, which was burned out as well. The Megahertz modem doggle cable caught the blunt of the lightning surge and literally exploded. The wall phone jack was burned as well, requiring a replacement wall jack. The data on the laptop was critical to the work I wanted to complete in this time-frame. Needless to say, an unscheduled 1,400 plus mile round trip was made back to San Antonio to get another computer and reload the required data. And, on arriving in San Antonio, discovered that a lightning strike had occurred at my house while I was gone. The precautions taken with my equipment there revealed that no damage had occurred.

So, What is Missing Here
What was missing is the fact that I did not practice what I preach. One of the basic rules of computer physical security is to make sure that computers and other electronics equipment is protected from electrical power surges. A lightning strike is one type of electrical power surge, a most violent surge. At home, all of my computer equipment and network components are protected by qualified surge protectors and uninterruptible power supplies (UPS). And, as part of my operational philosophy, I unplug my equipment at home during thunder storms in order to defeat the lightning power surges. I have had to go back in my archives and re-read my Computers and Security; What are the Aspects of Local Security? column in the March 2000 issue of PC Alamode.

Computer Security Defined
I quote from that article, “Computer security covers many aspects of computing and communication. When we think of computer security, we tend to think only about some unauthorized person breaking into our computer to gain access to our data. This is not the complete case, in that crashes, fire, flood, robbers, and a host of other events can compromise our system, applications, and data.” Computer physical protection, i.e., looking after the environment around the computer to keep it relatively clean, insuring that the electrical power is regulated and clean, is nearly as important as all the rest of the security protections employed together.

Security is defined as a means to protect information no matter where it resides or travels. The official definition includes data in storage, in memory, or in transit. This security definition is broad enough to include the physical machine, the software, and how the data is moved.

Physical Security
Physical security starts with the location of the computer. This space should be in a location that makes it relative hard to knock the machine over or drop it on the floor. This space should be relatively free from dust and lint. Computers attract dust. The computer needs to be about four or five inches above the floor. Eighty to ninety percent of the dust accumulates in that space. Movement around the computer by users and passers-by stir this dust up so that the air flow from cooling fans suck the dust into the computer.

Air flow around the computer should be ample enough to provide cooling air to remove heat buildup from the computer. Make sure that the cooling fans in the computer are not blocked. Today’s average computer demands and requires air for cooling. The computer requires at least one case fan to pull hot air from the machine. I prefer having two case fans, one for input and one for exhaust. Of course, it goes without saying that a CPU fan is required at all times. The current normal Intel or AMD CPU will burn out before the POST process is completed if a CPU fan is not installed. The power supply fan should have adequate air flow to keep it cool. A new John Woody rule is that “there is no such thing as too much air flow in a computer.”

Physical security includes taking care of the electrical power to the computer. Computers really like to have a electrical power source input that does not fluctuate.  They can handle the little surges and brown-outs in the normal power grid. When these surges and negative electrical flows get bigger, the computer has a hard time, including stopping functioning. The wall circuit being used by the computers or networks should have adequate voltage and amperage to handle the over-all power requirements. Remember that the average home computer may require as much as 400 watts of power to function properly. This really raises the heat within the computer case.

Surge protectors handle the over-voltage surges to keep the electrical power from burning the computer up, but, they do not handle the negative electrical flows that can happen as well. One gets what one pays for when buying surge protectors. This is one component that it pays to buy a good one. Two manufacturers are noted for these devices. APC and Tripplite both provide surge protectors that qualify. Read the sales packaging to determine the maximum surge protection offered in Joules. And, remember that surge protectors break down over usage time. The surge protector should have ports for phone line input and output so that any electrical surge will be captured in the surge protector. The qualified surge protectors have these ports, as well as network ports.

Uninterruptible power supplies (UPS) are smart surge protectors. They include capability for negative as well as positive electrical power flow. All of them have the capability to regulate the electrical power input from the wall socket. The regulation circuits make sure that the electrical power is 120 volts 0+/- output. The computer really likes this. In addition, they have a charged power source, i.e., a battery, that can supply power in case of decreased or terminated electrical flow. The battery power takes over when the wall electrical circuit shuts down. The battery power is finite in that it can supply power only for a given amount of time. The life of the battery. The battery can maintain power to operate the computer during momentary disruptions so that the computer can operate without disruption in service. During longer disruptions in electrical power, the operation can take place to the life of the battery, usually 15 to 30 minutes. This provides more than enough time to shut the computer down in an orderly manner as would have been the case in the New York blackout.

UPS devices can also have dedicated control circuits that allow them to shut down computers in an orderly manner when they are unattended, such as with servers that run continually. These control circuits usually function via the serial or USB ports and can send the proper shut-down signal the computer to shut them down. UPS devices also have phone and network ports to capture electrical surges.

I employ both devices in my home network to insure that electrical problems are kept to a minimum. I use both APC and Tripplite devices. I use the UPS devices that have the smart shut-down and phone/network ports.

Blackouts and Long-term Brownouts
Most of this article has been about the momentary electrical positive and negative power surges. The precautions covered in this article will provide adequate physical security to overcome the incidents. Electrical failures like that of the recent New York/East Coast incident require a long-term solution. Once the failure has gone past the UPS battery time, it is time to permanently shut the computer or network down until power is resumed. Very few of us really have the money to invest in a backup power source. Large business, hospitals, utilities, and other facilities may have alternate power sources. Most of us do not have Honda gasoline generators that are hooked into the house power grid and automatically start up when the power is interrupted. At least, I don’t. And, that is the only way to handle the long term blackout.

One Additional Aspect of Basic Security;
the Backup
A part of the security philosophy is to make regular backups of the data. Ten days is too long to go without backing up that data.

Backing up by some media, i.e., tape, CD-ROM, floppy disk, ZIP disk, USB driven external HDD, or a mirrored HDD is a real necessity for basic individual or networked computer usage. Your data is valuable, so it is wise to develop a philosophy of doing regular backups to some media outside the workstation computer so that it is retained.

Conclusion
Computer physical security starts with computer location, keeping the work area relatively clean, attending to the electrical needs, and developing a security philosophy that includes regular backups of critical data. Specifically, in this article, handling of electrical problems that can intrude from the outside is a central tenet of that philosophy. Qualified surge protectors and uninterruptible power supplies are critical to protecting against electrical power positive and negative surges.