domain9 physical security
TRANSCRIPT
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 1/19
CISSP Essentials:
Mastering the Common Body of Knowledge
Class 9:
Physical security
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 2/19
• CISSP Essentials Library:
• www.searchsecurity.com/CISSPessentials
•
Class 9 Quiz:• www.searchsecurity.com/Class9quiz
• Class 9 Spotlight:
• www.searchsecurity.com/Class9spotlight
CISSP Essentials:
Mastering the Common Body of Knowledge
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 3/19
Physical security objectives
First line of defense
Facility location and construction
Physical security risks, threats and
countermeasures
Electrical issues and countermeasures
Perimeter protection mechanisms
Physical intrusion detection
Fire prevention, detection and
suppression
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 4/19
Physical security - Threats
Vulnerabilities and threats thatneed to be identified• Physical damage
• Theft of assets
• Interruption of services
• Unauthorized disclosure of information
• Natural disasters
• Fires
• Vandalism
• Terrorism
• Environmental issues
A full threat analysis should be conducted• Understanding the common threats to any facility
• Identifying threats that apply specifically to a certain company
• This analysis helps ensure that proper countermeasures are
implemented
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 5/19
Facility site selection
Location considerations• Natural disasters
• Different areas are prone to certain types of disasters
• Local crime• Cheaper land prices, but more money will be spent on protecting company
assets
• Access – highways and airports• Is this necessary for the company?
• Customer access• Will customers be entering the facility?
• Joint tenants• Types of companies in the area
• Proximity to emergency services• Hospital, fire station, police station
Visibility• Should the facility stand out and attract attention?
• What type of signs and markings should be on the building?
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 6/19
Facility construction
Construction issues• What will the facility be used for?
• Storage, office space, industrial plant
• Building codes are different for different uses of facilities
• Are there emanation security threats?
• May require walls and ceilings to be re-enforced with
material that controls electrical radiation
• Level of fire resistance• A light frame will be destroyed by fire in approximately 30 minutes
• Use of heavy timber requires the minimum thickness of the structure to be
4 inches
• Fire resistant material has a type of insulation that provides protection
• Steel or mineral wool is sprayed onto structural elements
Data center location• Located in core of facility for protection from exterior threats
• Not in the basement or top floors
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 7/19
Controlling access
Restricting access to sensitive areas• Security professional must first assess the company’s
workflow processes• Who needs to have access to this area?
• How often do they need access?
• What level of protection do sensitive assets require?
• Proper type of access control for this environment
• Necessary alerts and logging of activities
• Fire codes require what type of designated fire route?
• Access also needs to be restricted for…
• Electrical power service and HVAC
•
Telephone and data lines• Surveillance and monitoring devices
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 8/19
Entrance protection
TurnstilesRevolving doors
Can be activated to “lock” and not allow unauthorized individualsto enter or leave a facility
Mantraps• Individual must be authenticated to enter the
mantrap
• Then they must be authenticated again to exit themantrap and gain access to the internal work area
• Some use biometric devices to weigh individuals
• Provides further protection against piggybacking
Fail-safe
• Door defaults to being unlocked• Dictated by fire codes
Fail-secure• Door defaults to being locked
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 9/19
Perimeter protection - Fencing
Fencing•
Heights provide degrees of protection• 3-4ft – Deters casual trespassers
• 6-7ft – Too high to climb easily
• 8ft with three strands of barbed wire – Deters determined intruder
(9 feet in height including the barbed wire)
• Critical areas should have at least 8-foot fences
• Powered fencing
• Sounds an alarm when touched and sends out an electrical shock to
trespasser
• PIDAS fencing
• Perimeter Intrusion Detection and Assessment System
• Detects attempts to climb or cut the fence
• Mesh-wire fence with a passive cable vibration sensor that sets off an alarm
if detected
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 10/19
Perimeter protection - Lighting
Lighting•
Deters trespassers• Required in critical areas, entrances and
parking lots
• Where employees walk or gather
• Ensure there are no dead zones
• Dark areas between lighted areas
• Illumination of lights should slightly overlap to
ensure full coverage
• Should be properly combined with
surveillance tools
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 11/19
Types of physical intrusion-detection systems
Electro-mechanical – Most widely used
• Magnetic switches• Metallic foil in windows
• Pressure mats
Volumetric – Not used as often
• Vibration
• Microwave, ultrasonic, passive infrared
• Photoelectric
Intrusion detection characteristics
Expensive and requires human intervention
Redundant power supply and emergency backup power is necessary
Can be linked to a central security system – fire and intruder detection
Should have a fail-safe configuration
Should detect, and be resistant to, tamperingCan be penetrated – not a “silver bullet”
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 12/19
Electrical power
Primary power source
• Provides day-to-day power
• Needs dedicated feeders from utility
substation
Alternate power source
• Backup power in the event of a failure of the
primary source• Generator
• Uninterruptible Power Supply (UPS)
• Online UPS
• Primary power supply goes though this type of UPS
constantly• More expensive
• Takes on load more quickly than a standby UPS
• Standby UPS
• Monitors power line and switches to battery power
when power is lost
• Another feeder from a utility substation
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 13/19
Power interference
Clean power
• Power supply has no interference or voltage
fluctuation
Electromagnetic Interference (EMI)
• Caused by difference between wires (hot, neutral,
ground)
• Incorrect wiring – Neutral wire is at a different potential than groundwire
• Improper grounding
• Caused by lightning or electrical motors
Radio Frequency Interference (RFI)
• Caused by fluorescent lighting, electric cables,
components within electrical systems, radio signals
Transient noise
• Disturbance imposed on a power line
• Can damage devices, corrupt data, hurt people
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 14/19
Fire prevention
Approach to fire safety• Fire prevention can be accomplished through…
• Proper building construction and wiring
• Developing and implementing safety procedures
• Training employees
• Housekeeping – supplies and combustibles
Four legs of a fire• Heat, fuel, oxygen, chemical reaction
Fire prevention measures• Reduce temperature
• Remove fuel
• Disrupt possible chemical combustion
• Remove oxygen
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 15/19
Automatic detector mechanisms
Ionization detector
• Reacts to charged particles of smoke
• Gives early warning
Thermal detector
• Sounds when there is a change in
temperature
• Fixed or rate-of-rise temperature sensors
Photoelectric smoke detector
• Sounds when source of light is interrupted
• Optical detectors sound alarm when light beam is blocked by
smoke
Infrared flame detector
• Reacts to emissions of flames
• Senses pulsation of flame
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 16/19
Fire types
Fire class Type of fire Elements offire
Suppressionmethod
Commoncombustibles
Wood, paper, cloth,plastics
Water, soda acid
Liquid Petroleum, tars, oils,solvents, alcohol, gases
C02, FM-200
Electrical Electrical equipment,
circuits and wires
Gas (Halon) or C02. Non-
conductive extinguishingagent
Class A
Class B
Class C
Combustible metals Magnesium, sodium,
potassium
Dry chemicals
Class D
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 17/19
Fire extinguishers
Halogenated fire extinguishers
• Used so that equipment is not damaged
by water
FM-200
• Replacement for Halon without ozone-
depleting chemicals
• Uses chemicals instead of water
Carbon dioxide
• Does not leave residue after use; does
not cause damage to sensitive devices
• Can suffocate people
Dry chemicals
• Not effective against electrical fires
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 18/19
Fire suppression
Water pipe types• Wet pipe
• Always contains water
• Usually discharged at predefined temperatures
• Pipes can freeze and break
• Can cause water leakage
• Most commonly used
• Dry pipe• Water not in pipe
• Release after a delay
• Allows someone to shut down system before release of water
• Pipes will not freeze and break – colder climate areas
• Pre-action system• Water released after a sprinkler head link is melted
• Lets people react more quickly to false alarms; also allows for another
method of extinguishing fire if possible
• Deluge system• Sprinkler head is open
• Releases a lot of water fast
7/26/2019 Domain9 Physical Security
http://slidepdf.com/reader/full/domain9-physical-security 19/19
CISSP Essentials:
Mastering the Common Body of Knowledge
Lecturer Shon Harris, CISSP, MCSE
President, Logical Security
www.LogicalSecurity.com
Coming next :
Class 10: Operations security
Register at the CISSP Essentials Library:
www.searchsecurity.com/CISSPessentials