Welcome to

the CISSP
Bootcamp
Your instructor:
Michael J Shannon
CISSP #42221 / #524169,
CCNP-Security, PCNSE7,
AWS Certified Security – Specialty, Class will begin at 10:00
OpenFAIR, and A.M. Central Standard
ITIL 4 Managing Professional Time (CST)

You can view recorded sessions and download the

course documents at: http://tiny.cc/CISSP2018LIVE
Secure Switches
 Switch Security
• Switch port security as a base configuration on all layer 2 devices
• Hard code access and trunk ports
• Mitigate MAC flooding attacks
• Enable Port Fast and auto-recovery
• Loop prevention and flood guard techniques
• Deploy VLANs and PVLANs to enforce a layer 2 trust model and compartmentalization
• DHCP snooping, DAI, IP SourceGuard
• Protect any dynamic trunking protocol like VTP
• IEEE 802.1X PNAC and 802.11AE MACsec are important features
• MACsec uses AES-GCM-128/256 with GMAC – this is an AEAD
 Wireless Access Points
• Wireless Access Points (WAPs) typically
operate Layers 1 and 2 of the OSI model
and create wireless LANs
• Beginning with a single AP replacing a
cable, Wi-Fi networks are a true
extension of the wired LAN – sometimes
distributing over warehouses or entire
campuses
• Most modern WAPs connect to a
Wireless Controller infrastructure device
which provides the security features
• Standalone vs. infrastructure
• Internal vs. external
 Wireless Access Points
• Most office environments use APs with integrated omnidirectional antennas, which
have a gain for 4 dBi for both radio bands
• 802.11ac environments like Cisco Wave 2 Aironet APs allow more data by increasing
the spatial streams up to eight
• Cisco Wi-Fi 6 (802.11ax) Catalyst access points allow 100+ devices per access point to
connect with latency-sensitive apps such as voice over IP and video conferencing
• The Cisco Catalyst 9100 is a new model to explore
Secure Routers
 Routers can run security services

• Network Address Translation

• Infrastructure Access Control Lists (ACLs)
• Unicast and Multicast Reverse Path Forwarding
Secure • Integrated and modular L2-7 Next-Generation firewall and
intrusion prevention services (IDS/IPS)
Routers
• VPN Gateways for TLS and IPsec
• URL Filtering and Caching
• Integration with various cloud security services (web, email, DLP,
anti-malware)
• Coordinate with Managed Security Service Providers (MSSP)
Firewalls
• A firewall is a metaphor representing software and/or hardware
controls that can limit the damage spreading from one subnet,
VLAN, zone, or domain to another
• It is typically deployed as a barrier (zone interface point)
between an internal (trusted) network and an external
(untrusted) network
• They are integrated systems of threat defense functioning at
layers 2-7 and can be categorized as network or application
firewalls
 Firewalls can run many services

• Layer 5-7 policies

• Authentication proxy

Next- • Identity services

• Integrated IDS/IPS
Generation
• Content security
Firewalls • Advanced malware
protection
• URL filtering
• Botnet filtering
• Cloud correlation and participation
Web Application
Firewall
Also: DPI, L5/7, AVC, ALG, etc.

• An appliance (physical or virtual), server

plugin, or filter that applies a set of rules
to an HTTP conversation
• Typically, these rules cover common web
attacks such as cross-site scripting (XSS)
and SQL injection
• Common solutions are Akamai,
Cloudflare, Cisco WSA and CWS,
Stackpath, and Amazon Web Service
NIDS and NIPS
Intrusion detection and inspection

• Monitor mode (promiscuous mode or passive)

• Inline (IPS) mode
• In-band vs. OOB
• Signature based
• Anomaly based
• Heuristic/Behavioral
• Cloud based (NGIPS)
NIDS and NIPS
IPS Actions
Intrusion detection and inspection

• Alerts
• Verbose dumps
• Drops
• Resets
• Blocking (shun)
• SNMP traps
• Logging to SIEM or other systems
 • True – accurate
• False – error
• Positive – action taken

Tuning the • Negative – no action taken

(alarm, alert, block)
IDS and IPS • True Positive
• False Positive
• True Negative
• False Negative
• There is an inverse relationship between reducing false
positives and reducing false negatives
 NAC and Endpoint Security

• Network Admission Control (NAC) was an industry initiative sponsored by Cisco

• Cisco NAC and similar technologies is officially on the exam but has being replaced
by newer solutions such as TrustSec and Zero Trust Security
• It was part of the Cisco Self-Defending Network initiative and is the foundation for
enabling NAC on Layer 2 and Layer 3 networks
• Do not trust anything inside or outside the perimeter without stringent
authentication and verification
• Helps secure access from users and their devices, API calls, IoT, microservices,
containers (Dockers, Kubernetes) and more
Network Admission Control
 Endpoint security is evolving from
traditional HIDS to security suites to
EDR to advanced systems that include:
• Antivirus and antimalware

Endpoint • Ransomware protection

• Antispyware
Security
• Spam filtering
Software • Data loss prevention
• User behavioral analytics
• Patch management
• HIPS and tamper protection
 Most companies have evolved from original
HIPS and NAC to a mix of antivirus, next-
generation HIPS, host-based agents and
firewalls, whitelisting, heuristics, and
Modern proprietary machine learning

Endpoint
Security
 • Endpoint detection & response (EDR) – traditionally
lightweight sensors look for malicious code and rogue
applications using a combination of behavioral analytics,
heuristics and threat intelligence (i.e. Palo Alto Traps)

Modern • User Behavioral Analytics (UBA), ML/AI, and honey tokens

are becoming more common in the enterprise
EDR
Cloud-based EDR
 Heuristics and
Behavioral Analytics
• Most NGIPS and anti-virus systems use
heuristic and ML mechanisms to
achieve better results than traditional
signature-based and anomaly-based
solutions
• Heuristic engine used by an
antimalware/IPS program might
include proactive rules and behavioral
analytics to look for:
• a program which tries to copy itself into
other programs (in other words, a classic
computer virus)
• a program which tries to remain resident
in memory after it has finished executing
 Load Balancers
• Popular due to the usage of intensive applications and services
• Optimize application availability and performance
• Distribute traffic across multiple servers in order to efficiently allocate resources
and offer failover solutions (HTTP/S)
 Elastic Load Balancers
at CSPs
• Network or Application load
balancing
• Represents virtual network to the
public
• Performs health checks on instances
• Produces flow logs
• Runs the TLS listener
• Can also have layer 3/4 and web
application firewall (WebACL)
Mediated Access is a security principle
• A proxy or proxy server is a generic term for a service that acts
as an intermediary on behalf of clients and servers
• Can be server based, appliance, router, or firewall; forward or Proxies
reverse proxy; transparent; application-based; or multipurpose:
• Translation (NAT, business logic, XML)
• Authentication and identity services (IAM)
• Application Layer Gateways (ALGs)
• Encryption proxies – can be SSL/TLS accelerators and SSL
decryptors as well
• URL filtering and caching (Web proxy)
• Federated access proxies (SAML 2.0, OATH)
SIEM Systems
Most SIEM systems operate by arraying
several collection agents in a hierarchical
design to collect security-related data and
events from the following:
• Endpoints
• Servers
• Network infrastructure devices
• Firewalls
• IDS/IPS sensors
• Specialty appliances
• Antivirus systems
SIEM Systems
Security Information (incident) and Event
Management

• Aggregation
• Correlation
• Automated alerting
and triggers
• Normalization
• Time synchronization
• Event deduplication
• Logs/WORM
• Serve as enterprise-wide message transfer agents
(MTAs)
• Control and secure e-mail leaving and entering the
organization
• Can perform anti-spam, anti-virus, encryption, Mail
DLP, and more
Gateways
• Physical, virtual, and hybrid solutions
• Example: Cisco Email Security Appliance (physical or
virtual)
Mail Gateways: Ingress Monitoring
Mail Gateways: Egress Monitoring
Egress Monitoring DLP
Data Loss Prevention (DLP

• Financial, health, and educational sectors must prevent data leakage and
breaches
• GDPR, PCI-DSS, SOX, HIPAA, Euro-Sox European Union
• Systems can be standalone MITM systems to analyze and intercept data leakage
and data loss from inside to outside
• Can be integrated into web security and e-mail security solutions (also cloud-
based) to scan e-mail, IM, SMS, and webmail for the presence of protected and
sensitive data
• Can also perform USB blocking and more
Data Loss Prevention (DLP

• DLP systems can lead to a false sense of security

• Must be constantly tuned like inline IPS
• False positives can disrupt productivity
• May be cost-prohibitive for SMBs
Encryption Gateways

• A wide variety of appliances and devices can decrypt and re-encrypt voice and
data as encryption proxies
• SSL/TLS, IPsec, web gateways, e-mail gateways, and authentication proxy services
• VPN gateways will proxy Suite B Cryptography and IKEv2 to TLS and vice versa
• Cloud encryption gateways like Cisco Umbrella and Secure Internet Gateway (SIG)
are common technologies
Encryption Gateways
HAIPE and INE Devices

Router INE Network

B B

Unprotected
Network

Network INE Router

A A A

Router INE Network

B B B
Database Activity Monitoring (DAM)

• Is typically a suite of tools used to identify and report on fraudulent, illegal, or

other undesirable behavior concerning data in transit and data in use
• It should have minimal or no impact on user operations and productivity
• Modern solutions deploy a comprehensive toolkit for:
• visibility, discovery and classification
• vulnerability protection
• application-level analysis
• intrusion prevention
• support for unstructured data security
• identity and access management integration
• risk management support
Remote Access
Technology
• Most modern secure RA solutions involve
running various console or GUI tools over
SSH2, TLS 1.2+, and Remote Access VPNs
• RA VPNs can use IPsec or SSL/TLS
• Solutions can be client-based or clientless
(agents are much more secure and should be
used when possible)
• Newer solutions have emerged such as Cisco
Umbrella
• CSPs offer Systems Managers and direct
access though local providers and endpoints
to bypass the Internet
VPN Gateways
• VPN gateways are dedicated termination
points (concentrators) for site-to-site and
remote-access VPNs
• Server based or appliance based - physical or
virtual
• Cryptographic or tunnel based (an also be
VPN PKI Certificate Server for scenarios)
• Routers and firewalls are common VPN
gateways
• SSL/TLS 1.1/2/3 and IPsec IKEv1 or V2
• Client-based vs. clientless (Web VPN)
• CSP S2s and P2S VPNs (AWS, GCP, MSFT-AZ)
Unified Communication

• VoIP/IP telephony • Desktop sharing

• Integrated voicemail, e-mail, SMS and fax • Data sharing
• Instant Messaging (chat) • Call control
• Presence • Speech recognition
• Fixed-mobile convergence (FMC) • Mobility features
• Conferencing
 Also Content Delivery Networking
Content
• Also called “content delivery networks”
Distribution • Large, geographically distributed system of specialized servers that

Networks
accelerate the delivery of web content and rich media to internet-
connected devices

(CDN) • The primary technique that a content distribution network (CDN) uses to
speed the delivery of web content to end users is edge caching
• Largest CDN is owned and operated by Akamai and spans more than
216,000 servers in over 120 countries and within more than 1,500
networks around the world.
• Amazon CloudFront is a global content delivery network service that
securely delivers data, videos, applications, and APIs to your viewers with
low latency and high transfer speeds (ElastiCache with Redis and Edge
Locations)
CDN Security at AWS
• All API calls are authenticated with HMAC-SHA
• No guarantee of durability at Edge Locations
• Private Content Feature and Geo-restriction
• Origin Access Identities with S3 ACLs
• WAF can be associated with a CloudFront distribution
 • Open Networks
• Initial event is to associate client with AP
• Equivalent to plugging device into physical hub or switch
• Client identifies itself as an 802.11 capable device
Types of • No encryption
Wireless • No per-packet authentication
• No message integrity
Networks
 • Pre-shared key wireless
• Also known as personal authentication
• A pre-shared key is configured (AP and wireless devices)
• Adds a challenge and a response between client and AP
Types of
• Enterprise wireless
Wireless • Also known as 802.1x or RADIUS wireless authentication
Networks • Client provides credentials to AP
• AP contacts RADIUS server and provides client credentials
• RADIUS server verifies credentials in database
• RADIUS server notifies AP if client is allowed
• AP allows or denies client
 • WPA
• A temporary fix to WEP shortcomings (2003)
• Uses TKIP for encryption and integrity
• Supports PSK and Enterprise authentication
WPA and • Deprecated (should not be used)
• Still available on products for SOHO deployments
WPA2
• WPA2
• Replacement for WPA (2004)
• Devices require testing and certification from Wi-Fi Alliance
(2006)
• Uses CCMP for encryption
• Supports PSK and Enterprise authentication
 • PSK (personal)
• Shared secret key is a static key is used to add challenge and
response during AP and client association
• Manually configured on devices and AP
• Local access controls
WPA 2 • AES used for encryption (replaced WPA TKIP)

Modes • Enterprise (802.1X)

• Centralized authentication server is required
• RADIUS used for authentication and key distribution
• EAP-TLS
• EAP-TTLS
• EAP-FAST
• PEAP
• AES used for encryption (replaced WPA TKIP)
CCMP Encryption
Counter Mode Cipher Block Chaining
Message Authentication Code Protocol

• Based on the AES (Advanced Encryption

Standard)
• Designed as the replacement for WEP and
any interim solution (TKIP)
• Used with WPA2
• Provides strong message encryption with
CCM
• Provides authenticity and integrity
checking with CBC-MAC
Physical Security

• Aims to ensure the safety and CIA of

all resources in the organization from:
• Environmental threats
• Man-made threats
• Supply system threats
• Political threats
Primary and Secondary
Loss
• Loss of life
• Interruption to operations
• productivity loss
• Response
• Loss of revenue
• Compromised CIA of assets
• Replacement costs
• Damaged public image and reputation
• Loss of customers or competitive
advantage
• Fines and judgments
Protective Barriers
• Landscaping
• Fencing and gates
• Tire shredders
• Cages
• Bollards
• Gates are separated into classes:
• Class I: Residential gate operation
• Class II: Commercial like parking lot or garage
• Class III: Industrial/limited access
(warehouse, factory, loading dock, etc.)
• Class IV: Restricted access operation that
requires supervisory control (prison, airport,
etc.)
Security Guards
• Typically 24x7, but varies by organization
• Provides rapid security response if an
intrusion occurs
• Detective, preventative, and deterrent
control
• Considerations:
• Hire or contract
• Certified or licensed
• Armed or unarmed
• Screening process
• Training
• Impact on insurance
Signage
• Signs are a deterrent control to deter
individuals from doing something
unauthorized
• They can also be to provide safety to
potential intruders
• Do Not Enter
• No Trespassing
• Beware of Dog
• Caution Electric Fence
• Authorized Personnel Only
Cameras and CCTV
• Provides a way to monitor the premise
for intruders
• Just the presence of cameras can deter
intruders
• Provides a way to record intruders
actions and triggers alarms and alerts
• Deploy externally and internally in
strategic places without “dead spots”
• Common to combine with other
controls such as lights and sensors
Lighting
• Internal and external systems
• Low lights for posts and patrolling
• Glaring lights for intruders
• Common types of protective lighting
systems include the following:
• Continuous Lighting - The most common
type of lighting
• Trip Lighting - Lighting activated by some
trigger or sensor
• Standby Lighting - Lighting activated when
suspicious activity is suspected
• Emergency Lighting - Lighting used for
limited times when power fails
Types of Lighting
• Mercury vapor
• Least temperature sensitive
• Preferred outdoor security lighting
• Long life, strong illumination, turns on
slow

• Sodium vapor
• Soft yellow light
• Great in fog
• Quartz
• Bright white light (high visibility)
• Turns on immediately
• LED
• Cost effective
 • Photoelectric – break in a light beam
Motion • Passive infrared – infrared light
Detection • Vibration – change in the level of vibration
• Acoustic – change in sound waves
• Microwave – change in radio waves
• Electromechanical – break in an electrical
circuit
• Electrostatic – change in an electrostatic field
 • Electrical junctions and boxes should be surrounded
by gates and locked fences/enclosures
• Lines to electrical and Internet providers are
protected
Protecting • Cameras and sensors should be used

Utilities • Motion detection can also be critical system to

protect assets outside of the facility and roof access
Locking Server Rooms and Data Centers
• Locks are the most common physical security
mechanism
• Although categorized as a preventative control,
locks are a delay mechanism
• All locks are susceptible to brute force
• Picking tools are easy to acquire
• Raking involves a pick that has a wider tip
• It is inserted all the way to the back of the plug
• The pick is then pulled out quickly, and when this
happens all the pins are bounced up
• As the rake exits, you turn the plug using a tension
wrench
Types of Locking Mechanisms
• Key Lock - A lock that requires a key to open
• Warded Lock - Wards are obstructions to the
keyhole that prevent all but the properly cut key
from entering
• Wafer/Tumbler Lock - Wafers under spring tension
are located in the core or plug of the lock and
protrude outside the diameter of the plug into a
shell formed by the body of the lock
• Pin Tumbler Lock - The key moves pins so that a
shear line can be obtained, thus allowing the key to
turn the plug and operate the lock
• Pin tumblers are more secure than warded and
wafer/tumbler locks
Types of Locking Mechanisms
• Interchangeable Core - A lock with a core that can
be removed and replaced using a special-change
key
• Combination Lock - A sequence of numbers in
proper order are required to open the lock
• Electronic Combination Lock - Uses digital readouts
and obtains its power from the energy created
when the dials are turned
• offers higher security than combination locks,
but is much more expensive
Types of Locking Mechanisms
• Deadbolt Lock - A bolt inserted into the frame of
the door for added security
• Keyless Lock - A push button lock that has
buttons that are pushed in sequence to open
the door; sometimes called a cipher lock
• Smart Lock - An inexpensive plastic card that is
pre-authenticated to open a door; smart locks
are used in most hotels
• Key management is critical regardless of the
types of locks being used!
• Document who has what key, who has what access,
who created the key, and why
• What do you do when a key is lost?
Alarms
• This is a physical notification that
something abnormal has occurred
• Alarms are often combined with other
types of physical alerts such a lights
• There are a variety of types:
• Static or flashing light illuminates on a display
panel for security officer
• A bell or alarm sound rings
• Loud horns blaring
• Loud whistle ~ 130 decibels
• A text message or email notification
• A telephone call is made to law enforcement
Alarms
• False alarms are a false positive
• When there is no malicious event, and an
alarm is triggered anyway

• False negative
• When there is a malicious event, and an
alarm is not triggered

• True alarms are a true positive

• When there is a malicious event, and an
alarm is triggered

• True negative
• When there is no malicious event, and no
alarm is triggered
Enterprise Facility
Physical Security
• Know all ingress and egress points
• Implement protective barriers
• Have redundant and monitored
support systems
• Power conduits
• Water lines
• Have visibility into high-security
compartmentalized areas
 Wiring Closets and
Intermediate
Distribution Areas
• Door locks to wiring closets and access
to main and intermediate distribution
frame (MDF and IDF) areas
• No windows, or security windows
• Protected wiring infrastructure and
cable runs
• Security cameras and intrusion
detection system (IDS)
• Hardened management stations
• HVAC and environmental controls
Wiring Closets and Distribution Areas
 Physical access should be strictly
Server controlled
Rooms and • Access control both at the perimeter and at room ingress
Data Centers points, by professional security staff using video
surveillance, intrusion detection systems, and other
electronic methods
• Authorized staff should pass two-factor authentication a
minimum of two times to access data center floors
• Biometric multifactor authentication (MFA) is highly
recommended
• All visitors and contractors should show identification and
be signed in and continually escorted by authorized staff
 Physical access should be strictly
Server controlled
Rooms and • When an employee no longer has a business need for data
Data Centers center privileges, access must be immediately revoked,
even if they continue to be an employee
• Automatic fire detection and suppression equipment
• The electrical power systems should be fully redundant
and maintainable without impact to operations 24/7
• Uninterruptible power supply (UPS) units can provide back-
up power for critical and essential loads in the facility in
the event of an electrical failure
• Data centers often use generators to provide back-up
power for the entire facility
 Physical access should be strictly
Server controlled
Rooms and • Climate control is required to maintain a constant
Data Centers operating temperature for servers and other hardware
• Data centers should be conditioned to maintain the
atmosphere at optimal levels
• Personnel and systems should monitor and control
temperature and humidity at appropriate levels
 Protected systems are top priority
Server
Rooms and • Airgap is the physical separation of the control network
Data Centers and the other networks
• Separate the highly secure networks from the unsecured
networks with physical or logical compartmentalization
• Log and audit all devices and objects entering and exiting
facility
• Stop malicious and privileged users from having individual
access
• Use private clouds, sandboxes, detonation chambers
Mantraps
• A system that routes personnel through
two interlock-controlled doors into an
area
• The design specifies that the inner door
will not unlock if the outer door is open,
or vice versa
• In most cases, a person must produce
some type of authentication to enter the
second door
• Can also prevent “piggybacking” and
tailgating”
Secure Enclosures
• The corporate safe may be the highest
value asset in the organization based on
the contents
• Safes are used to protect valuable items
such as currency, deeds, securities,
policies, precious metals, cybercurrency
cold storage devices, and failsafe
passwords
Safes
• The Underwriters Laboratory (UL) provides
safe classifications that specify the degree
to which safes can withstand attack
• For example, a safe that takes 30 minutes to
break into using various tools and torches is
classified as a Tool Resistant safe class - TL30

• Factors considered in classifying the safe:

• Lock mechanism factors to open the safe
• Material used to construct the safe
• The weight and whether it's securely anchored
or embedded in concrete
• The tensile strength of the steel
• Whether the safe has a relocking device
Safes
• Employees may need a special area to
store and protect valuables such as lockers
or locked cabinets
• A reinforced filing cabinet is a type of
secured container designed to withstand
burglary attempts
• The U.S. government provides container
classifications for these reinforced
containers, based on the time taken to
break into them, either covertly or
surreptitiously with no forced entry.
Privacy Screen Filters
May be required for HIPAA
compliance
• Limits the viewing angle of a
display
• You must be viewing it straight on
to see the image
• Prevents or inhibits shoulder
surfing
• Common in medical environments
• 3M is a common manufacturer and
provider
Cable Locks
Common for laptops and
docking stations
• Used to secure devices to a desk or
shelf
• Prevents theft of the device
• You lasso the security cable to a
nearby immovable object by
passing the body of the lock
through a loop in the end of the
cable
• Can be key or combination locks
Faraday Cages
Also come as shields and
bags
• Enclosure that blocks
electromagnetic fields
• Safety from EMP and solar
activities
• Made with conductive material
• Metal wires or tinfoil
• Faraday bags (military grade)
Media Storage An Aspect of BCP
Facilities
AWS, GCP, Azure all offer long-term data
archiving and hardware security modules
(HSMs) with AES encryption

• Often stores data backups and redundant

spares
• May include hard copies of document and
microfiches, etc.
• Facilities and media storage should be part of
COO plan and business continuity planning
• Same access policies that apply to data center
and other sensitive areas of organization
Media Storage
Facilities
This should include a disposition and
destruction policy

• When a storage device has reached the end

of its useful life, procedures should include a
decommissioning process that prevents data
from being exposed
• NIST 800-88 ("Guidelines for Media
Sanitization") may be part of the
decommissioning process
Evidence Storage

• Evidence room facilities are only as secure as the honesty of the staff
• Separation of duties and dual operator (two-person rules) are helpful policies
• Same stringent security as data center
• Chain of custody must be maintained for incident response, forensics, and law
enforcement
• Contents of evidence room may have higher street value
• Walls should be made of materials like cinder blocks or concrete instead of drywall
Evidence Storage

• All walls should extend from ceiling to floor, with no ability to access over the walls or
through a false ceiling
• Doors must be solid, preferably steel, with no glass
• Preferably, there should be no doors leading directly to the exterior of the building
from the evidence room
• Modern digital evidence management software should be used
Environmental HVAC
Controls
• Poor Heating, ventilation, and air conditioning
(HVAC) leads to extreme heat, extreme cold,
extreme humidity, and/or extreme dryness
• Needs proper monitoring and ongoing
maintenance (e.g. pressurization and
temperature)
• Physical security of all components and
controllers is a concern
• Location options may be limited by the facility
• Environmental control can also include the
possibility of chemical and biological leaks or
attacks
Environmental Controls

• Most experts recommend that temperatures in a computer facility should be in the

range of 72 to 76 degrees. The relative humidity in the facility should be between 40%
and 60%.
• Many data centers will still employ
hot and cold aisles
• Should have separate air-conditioning
controls for data center or server room
Fire Controls

• Prevention
• Fire-rated construction materials, training,
and safety
• Be prepared
• Detection
• Smoke and fire detector and sensors
• Control quickly, minimize damage
• Suppression
• Contain and extinguish a fire
Fire Suppression

• Create barriers
• Firewalls to prevent the spread of fire
• Use portable fire extinguishers
• Locate in strategic places throughout building
• Use automatic water sprinkler systems
• Common, but can cause water damage and
worsen electrical fires

• Use halon substitutes or carbon dioxide

discharge systems
• Commonly used around computers and
networking equipment
Types of
Extinguishers
• Type A: for common combustibles using
water, water mist, or soda acid
• Type B: for combustible liquids (petroleum
products, coolants) using halocarbons,
inert gas, carbon dioxide, dry powders, or
soda acids
• Type C: for electrical equipment and wires
using inert gas, dry powders, powdered
aerosols, foam or carbon dioxide.
• Type D: combustible metals using only dry
powder