pace-it: physical network security control
TRANSCRIPT
Physical network security control.
Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.
Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
Brian K. Ferrill, M.B.A.
Page 3
Physical network security control.PACE-IT.
– The why of physical network security.
– Physical network security practices.
Page 4
The why of physical network security.Physical network security control.
Page 5
Security begins at the door. The boundaries of your building should be your first line of defense.
If an attacker has physical access to the network resources, then there is a high probability that the network can be breached.
The level of security that gets deployed should be driven by the amount of security that is needed. As the need for overall security increases, so should the level of physical security.
The why of physical network security.Physical network security control.
Page 6
The why of physical network security.Physical network security control.
– The dangers of unauthorized physical access.
» Theft of network resources: they’re expensive to replace.
» Damaged network resources: it only takes a spilled drink to destroy a server, or a router, or a switch.
» Reconfigured network resources: this can result in a breached network.
– Credential workaround.» Some networking equipment comes with a known
workaround for when administrator credentials needs to be recovered.
• An administrator leaves an organization without disclosing his/her login credentials.
• An administrator forgets his/her credentials.» Cisco even publishes the steps of its workaround on its
website: http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/22188-pswdrec-2600.html.
• This well known vulnerability is an easy exploit for anyone with physical access to the equipment.
Page 7
Physical network security practices.Physical network security control.
Page 8
Physical network security practices.Physical network security control.
– Basic physical security.» Know who is in the building and who has access to
equipment.• Employee badges.• Security check-in for visitors.• All vulnerable network resources—servers and
networking equipment—are kept in a secure (e.g., locked) area.
– Intermediate physical security.» Access to all vulnerable network resources is controlled
and logged.• Radio frequency identification (RFID) badges or cipher
locks are used to gain access to the resources.» Switches and routers are secured separately from
servers with different access levels.
– Advanced physical security.» A zoned approach to physical security.
• A layering of security in which multiple barriers—security tests—must be passed before physical access is granted.
Page 9
Physical network security practices.Physical network security control.
– Methods of physical security.» Security guards.
• Requiring all authorized personnel to have some form of ID.
» Door locks.• Simple keyed locks: the analog approach.• Cipher locks: allow for logging who has unlocked the
lock.• RFID magnetic locks: also allow for logging who has
unlocked the lock.• Biometric keyed locks: make the person gaining
access prove who they are.» Video monitoring.
• Recording who has had access; remember to store the recordings separately from the resources being monitored.
» Separation of resources.• Networking equipment is separated from servers, and
the methods of access are different.» Mantraps.
• Usually involve at least two doors. Access is granted through one door, but the next door cannot be opened until further verification has been achieved; ideally, the person between the two doors is trapped until some action is taken.
Page 10
What was covered.Physical network security control.
If an attacker has physical access to networking resources, there is a high probability that the network can be breached. Unrestricted physical access can also lead to theft of resources, damage to resources, or to networking equipment being reconfigured, which can lead to a breached network.
Topic
The why of physical network security.
Summary
The best approach to physical network security practices uses a zoned approach—implementing several different barriers before access can be achieved. Some physical access methods that can be put in place include: security guards, door locks, video monitoring, separation of resources, and mantraps.
Physical network security practices.
Page 11
THANK YOU!
This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.