Hardware assets are the assets that can be physically touched. They include any type of computers, such as servers or desktop PCs; networking devices, such as routers and switches; and network appliances, such as firewalls and spam appliances. Not all organizations have the same hardware assets, so being aware of the assets a specific company has is important.
Most organizations use databases to track hardware assets.
However, much more information than just the number of devices the company owns must be identified. Some of this other information includes:
This list may seem like overkill, but it’s not. All the details of the hardware need to be known for successful security and configuration management. Following are a few examples where this information is useful.
Microsoft released patches to its operating systems (OSs) that put systems into an endless reboot cycle. The systems start to boot, crash into a blue screen, recover to start to boot again, and crash again. When this cycle occurs, the problem is often with a specific manufacturer and model number. Sometimes, it happens because of a specific driver or the way the systems were prepared before being shipped. Having the manufacturer and model numbers in the inventory will easily provide the ability to see whether a Microsoft update will affect operations.
Hardware inventories can also help in identifying unneeded components. For example, some systems may include modems, which can present a significant risk. If users dial in to an Internet service provider (ISP) to access the Internet, the connection isn’t controlled.
Similarly, for example, a serious exploit is discovered that affects specific routers. If the hardware inventory includes the manufacturer and model numbers of routers, knowing whether the routers are vulnerable will be easy to determine. Without an inventory, the routers’ vulnerability may not be known until after a successful attack has occurred.
Users could visit sites normally blocked by the proxy server. They could download malware that would normally be filtered by the firewall. The dial-up modem allows the system to bypass all controls and provide access to the Internet. Removing the modem removes the risk.