7. physical sec

1,176 views

Published on

Published in: Business
  • Be the first to comment

7. physical sec

  1. 1. Physical Security
  2. 2. ObjectiveTo address the threats, vulnerabilities, andcountermeasures which can be utilized to physically protectan enterprise’s resources and sensitive information toinclude people, facilities, data, equipment, supportsystems, media, and supplies.To discuss considerations for choosing a secure site, itsdesign and configuration, and the methods for securing thefacility against unauthorized access, theft of equipment andinformation, and the environmental and safety measuresneeded to protect people, the facility, and its resources.
  3. 3. Physical Security Physical Security Threats Site Design and Configuration Physical Security Requirements – For Centralized Computing Facilities – For Distributed Processing Facilities – For Extended Processing
  4. 4. The Layered Approach
  5. 5. Information Protection Environment Crime Prevention through Environmental Design (CPTED) • Concept that, as its basic premise, states that the physical environment of a building can be changed or managed to produce behavioral effects that will reduce the incidence and fear of crime • Territoriality • Surveillance • Access control
  6. 6. Information Protection Environment Cont… Site Location • Specific physical security concerns • Vulnerable to crime, riots, demonstrations, or terrorism attacks • Neighborhood crime rates and types • Vulnerable to natural disasters Construction Impacts Facility Impacts • Entry points • Infrastructure support systems • Electrical power • Heating, ventilation, air conditioning (and refrigeration) • Internal sensitive or compartmentalized areas • Portable computing
  7. 7. Information Protection Environment Cont… Electrical Power – Vulnerabilities include total power loss of short or long duration or degradation in power quality, such as brownouts, spikes, or sags • Blackout - complete loss of commercial power • Fault - momentary power outage • Brownout - an intentional reduction of voltage by a utility company • Sag/dip - a short period of low voltage • Surge - a sudden rise in voltage in the power supply • Transient - line noise or disturbance is superimposed on the supply circuit and can cause fluctuations in electrical power • In-rush current - the initial surge of current required by a load before it reaches normal operation • Electrostatic discharge - another type of electrical surge can occur when two non-conducting materials rub together, causing electrons to transfer from one material to another
  8. 8. The Layered Defense Perimeter and building grounds – Landscaping, Fences, Gates, Bollards, Walls, and Doors • 1 meter/3–4 feet - Deters casual trespassers • 2 meters/6–7 feet - Too high to climb easily • 2.4 meters/8 feet with top guard - Deters determined intruder Building entry points Inside the building - building floors, office suites, and offices
  9. 9. Fire Protection Fire Prevention – Fireproof Construction materials – False ceiling should not be flammable – Magnetic tapes, if ignited, produce poisonous gases – fire-prevention training Fire Detection – Ionization-type smoke detectors – Photoelectric detectors – Heat detectors “The first rule is to get the people out”
  10. 10. Fire Protection Cont… Fire Suppression
  11. 11. Fire Protection Cont… Portable Extinguishers  At Exits  Mark Locations and Type  Types A, B & C  Need to Inspect Water Sprinkler Systems  Works to Lower Temperature  Most Damaging to Equipment  Conventional Systems  “Dry Pipe” Systems: Less Risk of Leakage  Employ in Throughout Building and in all Spaces
  12. 12. Fire Protection Cont… Carbon Dioxide (CO2)  Colorless/Odorless  Potentially Lethal  Removes Oxygen  Best for Unattended Facilities  Delayed-Activation in Manned Facilities Halon  Best Protection for Equipment  Concentrations <10% are Safe  Becomes Toxic at 900o  Depletes Ozone (CFCs)  Montreal Protocol (1987)  Halon 1301: Requires Pressurization  Halon 1211: Self-Pressurization (Portable Extinguishers)
  13. 13. Physical Security Threats Threat Components  Agents  Motives  Results External Threats  Wind/Tornado  Flooding  Lightning  Earthquake  Cold and Ice  Fire  Chemical
  14. 14. Physical Security Threats Cont… Internal Physical Threats  Fire  Environmental Failure  Liquid Leakage  Electrical Interruption Human Threats  Theft  Vandalism  Sabotage  Espionage  Errors
  15. 15. Site Design Considerations Location and Access  Local Crime  Visibility  Emergency Access  Natural Hazards  Air and Surface Traffic  Joint Tenants  Stable Power Supply  Existing Boundary Protection (Barriers/Fencing/Gates)
  16. 16. Boundary Protection Area Designation: Facilitates Enforcement Vehicular Access Personnel Access  Occupants  Visitors (Escort & Logging) Fences  Deter Casual Trespassing  Compliments Other Access Controls  Aesthetics  Won’t Stop Determined Intruder
  17. 17. Boundary Protection Cont… Lighting  Entrances  Parking Areas  Critical Areas Perimeter Detection Systems  Does Not Prevent Penetration  Alerts Response Force  Requires Response  Nuisance Alarms  Costly
  18. 18. Boundary Protection Cont… CCTV  Efficiency  Requires Human Response  Limitations Staffing  Access Control Points  Patrols  Employees
  19. 19. Computing Facility Requirements Walls  True Floor to Ceiling  Fire Rating (at least 1 hour)  Penetrations  Adjacent Areas Doors  Interior/Exterior  Hinges  Fire Rating  Alarms  Monitoring
  20. 20. Computing Facility Requirements Cont… Windows/Openings  Interior/Exterior  Fixed  Shatterproof Computer and Equipment Room Lay Out  Equipment Access  Storage  Occupied Areas  Water Sources  Cable Routing
  21. 21. Computing Facility Requirements Cont… Dedicated Circuits Controlled Access to  Power Distribution Panels  Master Circuit Breakers  Transformers  Feeder Cables Emergency Power Off Controls Voltage Monitoring/Recording Surge Protection
  22. 22. Computing Facility Requirements Cont… Backup Power Alternate Feeders Uninterruptible Power Supply Hydrogen Gas Hazard Maintenance/Testing Emergency Power Generator Fuel Consideration Maintenance/Testing Costs HVAC Telecom
  23. 23. Computing Facility Requirements Cont…  Humidity Controls  Risk of Static Electricity  Risk to Electric Connections  Air Quality (Dust)  Water Protection  Falling Water  Rising Water  Drains  Protective Coverings  Moisture Detection Systems
  24. 24. Securing Storage Areas Forms Storage Rooms  Increased Threat of Fire  Combustibles  Access Controls Media Storage Rooms  Media Sensitivity  Segregation  Access Controls  Environmental Controls
  25. 25. Media Protection Storage  Media Libraries/Special Rooms  Cabinets  Vaults Location  Operational  Off-Site Transportation
  26. 26. Cable Protection Optical Fiber Copper Wire Certifying the Wiring and Cabling Controlling Access to Closets and Riser Rooms
  27. 27. Other Considerations Dealing with Existing Facilities  Planning  Upgrade/Renovation  Incremental New Construction Protecting the Protection  Implement Physical and Environmental Controls for Security Systems  Protect against both Intentional and Inadvertent Threats
  28. 28. Personnel Access Controls Position Sensitivity Designation Management Review of Access Lists Background Screening/Re-Screening Termination/Transfer Controls Disgruntled Employees
  29. 29. Access Controls – Locks Preset Locks and Keys Programmable Locks  Mechanical (Cipher Locks)  Electronic (Keypad Systems): Digital Keyboard  Number of Combinations  Number of Digits in Code  Frequency of Code Change  Error Lock-Out  Error Alarms
  30. 30. Access Controls - Tokens Security Card Systems  Dumb Cards Photo Identification Badges Manual Visual Verification Can be Combined with Smart Technology  Digital Coded (Smart) Cards Often Require Use of PIN Number with Card Readers: Card Insertion, Card Swipe & Proximity
  31. 31. Types of Access Cards Photo ID Cards Optical Coded Cards (Magnetic Dot) Electric Circuit Cards (Embedded Wire) Magnetic Cards (Magnetic Particles) Metallic Stripe Card (Copper Strips)
  32. 32. Access Controls - Biometrics  Fingerprint/Thumbprint Scan  Blood Vein Pattern Scan  Retina  Wrist  Hand  Hand Geometry  Facial Recognition  Voice Verification  Keystroke Recorders  Problems  Cost  Speed  Accuracy
  33. 33. Physical Security in Distributed Processing Threats To Confidentiality Sharing Computers Sharing Diskettes To Availability  User Errors To Data Integrity Malicious Code Version Control
  34. 34. Physical Security Controls Distributed Processing Office Area Controls  Entry Controls  Office Lay-Out  Personnel Controls  Hard-Copy Document Controls  Electronic Media Controls  Clean-Desk Policy
  35. 35. Physical Security Controls - Office Area  Printer/Output Controls  Property Controls  Space Protection Devices  Equipment Lock-Down
  36. 36. Physical Security Controls - Distributed Processing Cont… Cable Locks Disk Locks Port Controls Power Switch Locks Keyboard Locks Cover Locks
  37. 37. Physical Security Controls - Distributed Processing Cont…  Isolated Power Source  Noise  Voltage Fluctuations  Power Outages  Heat/Humidity Considerations  Fire/Water  Magnetic Media Controls
  38. 38. Physical Security Controls Extended Processing User Responsibilities Paramount  Protection against Disclosure  Shoulder Surfing  Access to Sensitive Media and Written Material  Integrity Protection  Protection against Loss or Theft  Locks  Practices Management Responsibilities  Approval  Monitoring
  39. 39. Physical Security - Other Terms Tailgate  Passive Ultrasonic Piggy-Back  Fail Safe/Fail Soft Stay Behind  IDS  Shoulder Surfing Degauss  Electronic Emanation Remanence  Tsunami Mantrap  RFI Pass-Back  Defense in Depth Dumpster Diving  EMI False Positive/Negative  Top Guard Montreal Protocol Duress Alarm Tamper Alarm
  40. 40. ?

×