Servers must be kept in a physically secure location with access by authorized personnel only.
The corporate network must be physically secured against eavesdropping or packet sniffing.