7. physical sec
DESCRIPTION
TRANSCRIPT
Physical SecurityPhysical Security
ObjectiveObjective
To address the To address the threatsthreats, , vulnerabilitiesvulnerabilities, and , and countermeasurescountermeasures which can be utilized to physically protect which can be utilized to physically protect an enterprise’s resources and sensitive information to an enterprise’s resources and sensitive information to include people, facilities, data, equipment, support include people, facilities, data, equipment, support systems, media, and supplies.systems, media, and supplies.
To discuss considerations for To discuss considerations for choosing a secure sitechoosing a secure site, its , its design and configurationdesign and configuration, and the , and the methods for securing the methods for securing the facilityfacility against unauthorized access, theft of equipment and against unauthorized access, theft of equipment and information, and the information, and the environmental and safety measuresenvironmental and safety measures needed to protect people, the facility, and its resources.needed to protect people, the facility, and its resources.
Physical SecurityPhysical Security
Physical Security ThreatsPhysical Security Threats Site Design and ConfigurationSite Design and Configuration Physical Security RequirementsPhysical Security Requirements
– For Centralized Computing FacilitiesFor Centralized Computing Facilities
– For Distributed Processing FacilitiesFor Distributed Processing Facilities
– For Extended ProcessingFor Extended Processing
The Layered ApproachThe Layered Approach
Information Protection Environment
Crime Prevention through Environmental Design (CPTED)
• Concept that, as its basic premise, states that the physical environment of a building can be changed or managed to produce behavioral effects that will reduce the incidence and fear of crime
• Territoriality• Surveillance• Access control
Information Protection Environment Cont…
Site Location• Specific physical security concerns• Vulnerable to crime, riots, demonstrations, or terrorism
attacks• Neighborhood crime rates and types• Vulnerable to natural disasters
Construction Impacts Facility Impacts
• Entry points• Infrastructure support systems• Electrical power• Heating, ventilation, air conditioning (and refrigeration)• Internal sensitive or compartmentalized areas• Portable computing
Information Protection Environment Cont…
Electrical Power– Vulnerabilities include total power loss of short or long duration
or degradation in power quality, such as brownouts, spikes, or sags
• Blackout - complete loss of commercial power• Fault - momentary power outage• Brownout - an intentional reduction of voltage by a utility company• Sag/dip - a short period of low voltage• Surge - a sudden rise in voltage in the power supply• Transient - line noise or disturbance is superimposed on the supply
circuit and can cause fluctuations in electrical power• In-rush current - the initial surge of current required by a load before
it reaches normal operation • Electrostatic discharge - another type of electrical surge can occur
when two non-conducting materials rub together, causing electrons to transfer from one material to another
The Layered DefenseThe Layered Defense Perimeter and building grounds
– Landscaping, Fences, Gates, Bollards, Walls, and Doors
• 1 meter/3–4 feet - Deters casual trespassers• 2 meters/6–7 feet - Too high to climb easily• 2.4 meters/8 feet with top guard - Deters
determined intruder
Building entry points Inside the building - building floors, office suites,
and offices
Fire Protection
Fire Prevention– Fireproof Construction materials– False ceiling should not be flammable– Magnetic tapes, if ignited, produce poisonous gases– fire-prevention training
Fire Detection – Ionization-type smoke detectors– Photoelectric detectors– Heat detectors
“The first rule is to get the people out”
Fire Protection Cont…
Fire Suppression
Fire Protection Cont…
Portable ExtinguishersPortable Extinguishers At ExitsAt Exits Mark Locations and TypeMark Locations and Type Types A, B & CTypes A, B & C Need to InspectNeed to Inspect
Water Sprinkler SystemsWater Sprinkler Systems Works to Lower TemperatureWorks to Lower Temperature Most Damaging to EquipmentMost Damaging to Equipment Conventional SystemsConventional Systems ““Dry Pipe” Systems: Less Risk of LeakageDry Pipe” Systems: Less Risk of Leakage Employ in Throughout Building and in all SpacesEmploy in Throughout Building and in all Spaces
Fire Protection Cont…
Carbon Dioxide (COCarbon Dioxide (CO22)) Colorless/OdorlessColorless/Odorless Potentially LethalPotentially Lethal Removes OxygenRemoves Oxygen Best for Unattended FacilitiesBest for Unattended Facilities Delayed-Activation in Manned FacilitiesDelayed-Activation in Manned Facilities
HalonHalon Best Protection for EquipmentBest Protection for Equipment Concentrations <10% are SafeConcentrations <10% are Safe Becomes Toxic at 900Becomes Toxic at 900oo
Depletes Ozone (CFCs)Depletes Ozone (CFCs) Montreal Protocol (1987)Montreal Protocol (1987) Halon 1301: Requires PressurizationHalon 1301: Requires Pressurization Halon 1211: Self-Pressurization (Portable Extinguishers)Halon 1211: Self-Pressurization (Portable Extinguishers)
Physical Security ThreatsPhysical Security Threats Threat ComponentsThreat Components
AgentsAgents MotivesMotives ResultsResults
External ThreatsExternal Threats Wind/TornadoWind/Tornado FloodingFlooding LightningLightning EarthquakeEarthquake Cold and IceCold and Ice FireFire Chemical Chemical
Physical Security Threats Cont…Physical Security Threats Cont…
Internal Physical ThreatsInternal Physical Threats FireFire Environmental FailureEnvironmental Failure Liquid LeakageLiquid Leakage Electrical InterruptionElectrical Interruption
Human ThreatsHuman Threats TheftTheft VandalismVandalism SabotageSabotage EspionageEspionage ErrorsErrors
Site Design ConsiderationsSite Design Considerations
Location and AccessLocation and Access Local CrimeLocal Crime VisibilityVisibility Emergency AccessEmergency Access Natural HazardsNatural Hazards Air and Surface TrafficAir and Surface Traffic Joint TenantsJoint Tenants Stable Power SupplyStable Power Supply Existing Boundary Protection (Barriers/Fencing/Gates)Existing Boundary Protection (Barriers/Fencing/Gates)
Boundary ProtectionBoundary Protection
Area Designation: Facilitates EnforcementArea Designation: Facilitates Enforcement Vehicular AccessVehicular Access Personnel AccessPersonnel Access
OccupantsOccupants Visitors (Escort & Logging)Visitors (Escort & Logging)
FencesFences Deter Casual TrespassingDeter Casual Trespassing Compliments Other Access ControlsCompliments Other Access Controls AestheticsAesthetics Won’t Stop Determined IntruderWon’t Stop Determined Intruder
Boundary Protection Cont…Boundary Protection Cont…
LightingLighting EntrancesEntrances Parking AreasParking Areas Critical AreasCritical Areas
Perimeter Detection SystemsPerimeter Detection Systems Does Not Prevent PenetrationDoes Not Prevent Penetration Alerts Response ForceAlerts Response Force Requires ResponseRequires Response Nuisance AlarmsNuisance Alarms CostlyCostly
Boundary Protection Cont…Boundary Protection Cont…
CCTVCCTV EfficiencyEfficiency Requires Human ResponseRequires Human Response LimitationsLimitations
StaffingStaffing Access Control PointsAccess Control Points PatrolsPatrols EmployeesEmployees
Computing Facility RequirementsComputing Facility Requirements WallsWalls
True Floor to CeilingTrue Floor to Ceiling Fire Rating (at least 1 hour)Fire Rating (at least 1 hour) PenetrationsPenetrations Adjacent AreasAdjacent Areas
DoorsDoors Interior/ExteriorInterior/Exterior HingesHinges Fire RatingFire Rating AlarmsAlarms MonitoringMonitoring
Computing Facility Requirements Cont…Computing Facility Requirements Cont…
Windows/OpeningsWindows/Openings Interior/ExteriorInterior/Exterior FixedFixed ShatterproofShatterproof
Computer and Equipment Room Lay OutComputer and Equipment Room Lay Out Equipment AccessEquipment Access StorageStorage Occupied AreasOccupied Areas Water SourcesWater Sources Cable RoutingCable Routing
Computing Facility Requirements Cont…Computing Facility Requirements Cont…
Dedicated CircuitsDedicated CircuitsControlled Access toControlled Access to
Power Distribution PanelsPower Distribution PanelsMaster Circuit BreakersMaster Circuit BreakersTransformersTransformersFeeder CablesFeeder Cables
Emergency Power Off ControlsEmergency Power Off ControlsVoltage Monitoring/RecordingVoltage Monitoring/RecordingSurge ProtectionSurge Protection
Computing Facility Requirements Cont…Computing Facility Requirements Cont…
Backup PowerBackup PowerAlternate FeedersAlternate FeedersUninterruptible Power SupplyUninterruptible Power Supply
Hydrogen Gas HazardHydrogen Gas HazardMaintenance/TestingMaintenance/Testing
Emergency Power GeneratorEmergency Power GeneratorFuel ConsiderationFuel ConsiderationMaintenance/TestingMaintenance/TestingCostsCosts
HVACHVACTelecomTelecom
Computing Facility Requirements Cont…Computing Facility Requirements Cont…
Humidity ControlsHumidity Controls Risk of Static ElectricityRisk of Static Electricity Risk to Electric ConnectionsRisk to Electric Connections
Air Quality (Dust)Air Quality (Dust) Water ProtectionWater Protection
Falling WaterFalling Water Rising WaterRising Water DrainsDrains Protective CoveringsProtective Coverings Moisture Detection SystemsMoisture Detection Systems
Securing Storage AreasSecuring Storage Areas
Forms Storage RoomsForms Storage Rooms Increased Threat of FireIncreased Threat of FireCombustiblesCombustiblesAccess ControlsAccess Controls
Media Storage RoomsMedia Storage RoomsMedia SensitivityMedia SensitivitySegregationSegregationAccess ControlsAccess ControlsEnvironmental ControlsEnvironmental Controls
Media ProtectionMedia Protection StorageStorage
Media Libraries/Special RoomsMedia Libraries/Special Rooms CabinetsCabinets VaultsVaults
LocationLocation OperationalOperational Off-SiteOff-Site
TransportationTransportation
Cable ProtectionCable Protection
Optical FiberOptical Fiber Copper WireCopper Wire Certifying the Wiring and CablingCertifying the Wiring and Cabling Controlling Access to Closets and Riser RoomsControlling Access to Closets and Riser Rooms
Other ConsiderationsOther Considerations
Dealing with Existing FacilitiesDealing with Existing Facilities PlanningPlanning Upgrade/RenovationUpgrade/Renovation Incremental New ConstructionIncremental New Construction
Protecting the ProtectionProtecting the Protection Implement Physical and Environmental Controls Implement Physical and Environmental Controls
for Security Systemsfor Security Systems Protect against both Intentional and Inadvertent Protect against both Intentional and Inadvertent
ThreatsThreats
Personnel Access ControlsPersonnel Access Controls
Position Sensitivity Designation Position Sensitivity Designation Management Review of Access ListsManagement Review of Access Lists Background Screening/Re-ScreeningBackground Screening/Re-Screening Termination/Transfer ControlsTermination/Transfer Controls Disgruntled EmployeesDisgruntled Employees
Access Controls – LocksAccess Controls – Locks
Preset Locks and KeysPreset Locks and Keys Programmable LocksProgrammable Locks
Mechanical (Cipher Locks)Mechanical (Cipher Locks) Electronic (Keypad Systems): Digital KeyboardElectronic (Keypad Systems): Digital Keyboard
Number of CombinationsNumber of CombinationsNumber of Digits in CodeNumber of Digits in CodeFrequency of Code ChangeFrequency of Code ChangeError Lock-OutError Lock-OutError AlarmsError Alarms
Access Controls - TokensAccess Controls - Tokens
Security Card SystemsSecurity Card SystemsDumb CardsDumb Cards
Photo Identification BadgesPhoto Identification BadgesManual Visual VerificationManual Visual VerificationCan be Combined with Smart TechnologyCan be Combined with Smart Technology
Digital Coded (Smart) CardsDigital Coded (Smart) CardsOften Require Use of PIN Number with CardOften Require Use of PIN Number with CardReaders: Card Insertion, Card Swipe & ProximityReaders: Card Insertion, Card Swipe & Proximity
Types of Access CardsTypes of Access Cards
Photo ID CardsPhoto ID Cards Optical Coded Cards (Magnetic Dot)Optical Coded Cards (Magnetic Dot) Electric Circuit Cards (Embedded Wire)Electric Circuit Cards (Embedded Wire) Magnetic Cards (Magnetic Particles)Magnetic Cards (Magnetic Particles) Metallic Stripe Card (Copper Strips)Metallic Stripe Card (Copper Strips)
Access Controls - BiometricsAccess Controls - Biometrics Fingerprint/Thumbprint ScanFingerprint/Thumbprint Scan Blood Vein Pattern ScanBlood Vein Pattern Scan
RetinaRetina WristWrist HandHand
Hand GeometryHand Geometry Facial RecognitionFacial Recognition Voice VerificationVoice Verification Keystroke RecordersKeystroke Recorders ProblemsProblems
CostCost SpeedSpeed AccuracyAccuracy
Physical Security in Distributed Physical Security in Distributed ProcessingProcessing
ThreatsThreatsTo ConfidentialityTo Confidentiality
Sharing ComputersSharing ComputersSharing DiskettesSharing Diskettes
To AvailabilityTo Availability User ErrorsUser Errors
To Data IntegrityTo Data IntegrityMalicious CodeMalicious CodeVersion ControlVersion Control
Physical Security Controls Distributed Physical Security Controls Distributed ProcessingProcessing
Office Area ControlsOffice Area ControlsEntry ControlsEntry ControlsOffice Lay-OutOffice Lay-OutPersonnel ControlsPersonnel ControlsHard-Copy Document ControlsHard-Copy Document ControlsElectronic Media ControlsElectronic Media ControlsClean-Desk PolicyClean-Desk Policy
Physical Security Controls - Office AreaPhysical Security Controls - Office Area
Printer/Output ControlsPrinter/Output ControlsProperty ControlsProperty ControlsSpace Protection DevicesSpace Protection DevicesEquipment Lock-DownEquipment Lock-Down
Physical Security Controls - Distributed Physical Security Controls - Distributed Processing Cont…Processing Cont…
Cable LocksCable LocksDisk LocksDisk LocksPort ControlsPort ControlsPower Switch LocksPower Switch LocksKeyboard LocksKeyboard LocksCover LocksCover Locks
Physical Security Controls - Distributed Physical Security Controls - Distributed Processing Cont…Processing Cont…
Isolated Power SourceIsolated Power Source NoiseNoise Voltage FluctuationsVoltage Fluctuations Power OutagesPower Outages
Heat/Humidity ConsiderationsHeat/Humidity Considerations Fire/WaterFire/Water Magnetic Media ControlsMagnetic Media Controls
Physical Security Controls Extended Physical Security Controls Extended ProcessingProcessing
User Responsibilities ParamountUser Responsibilities ParamountProtection against DisclosureProtection against Disclosure
Shoulder SurfingShoulder SurfingAccess to Sensitive Media and Written MaterialAccess to Sensitive Media and Written Material
Integrity ProtectionIntegrity ProtectionProtection against Loss or TheftProtection against Loss or Theft
LocksLocksPracticesPractices
Management ResponsibilitiesManagement ResponsibilitiesApprovalApprovalMonitoringMonitoring
Physical Security - Other TermsPhysical Security - Other Terms
TailgateTailgate Piggy-BackPiggy-Back Stay Behind Stay Behind DegaussDegauss RemanenceRemanence MantrapMantrap Pass-BackPass-Back Dumpster DivingDumpster Diving False Positive/NegativeFalse Positive/Negative Montreal ProtocolMontreal Protocol Duress AlarmDuress Alarm Tamper AlarmTamper Alarm
Passive UltrasonicPassive Ultrasonic Fail Safe/Fail SoftFail Safe/Fail Soft IDSIDS Shoulder SurfingShoulder Surfing Electronic EmanationElectronic Emanation TsunamiTsunami RFIRFI Defense in DepthDefense in Depth EMIEMI Top GuardTop Guard
??