IBM ICE (Innovation Centre for

Welcome to:

Unit 3 - Physical and Network Security

© Copyright IBM Corporation 2015 9.1

Unit objectives IBM ICE (Innovation Centre for Education)

After completing this unit, you should be able to:

• Understand the basics of physical and network security
• Recognize the scope of physical and network security
• Identify the threats and vulnerabilities associated with
physical and network security
• Categorize the tools and techniques used for the
implementation of physical and network security
• Devise a cost-benefit plan for analyzing security controls

© Copyright IBM Corporation 2015

Overview IBM ICE (Innovation Centre for Education)

• It was easy to protect the information systems at the

beginning of the computer age
• Though physical security was still in existence but no light
was thrown upon network security
• With the advancement of the computing systems and
technology, the need of both has grown in stature
• Many incidents such as 26/11 attack, data breach of Sony
Entertainment etc. has taught many things about the
appropriate use of these

© Copyright IBM Corporation 2015

Introduction to Physical Security IBM ICE (Innovation Centre for Education)

• Definition
– Physical security is the protection of hardware, personnel, programs,
data and networks from physical events including natural disasters,
fire, burglary, terrorism and theft etc. through the use of
countermeasures such as suitable emergency preparedness, solid
building construction, adequate climate control, reliable power
supplies etc.
• Explanation
– The importance of physical security is often undervalued as
Trojans, spywares and hacking are seen as more dramatic and
technical issues. But without physical security, the various existing
software security implementations becomes null and void as the
intruder requires a limited amount of technical knowledge to carry
out a physical breach

© Copyright IBM Corporation 2015

Scope of Physical Security 1
IBM ICE (Innovation Centre for Education)

• All the assets of an organization are required to be taken

into consideration
• The best way to approach the application of physical
security controls is to understand the scope of the
organization
• Optimum security can be created at the lowest cost
possible by planning in this way

© Copyright IBM Corporation 2015

• Grounds
• Roads
– Public road
– Private road
• Buildings
Physical security Threats 1
IBM ICE (Innovation Centre for Education)

• Physical threats that may take place and disrupt the

physical security must be understood first
• Physical security deals with intruders, physical destruction,
theft, vandalism and environmental issues etc.
• In physical security, the security professionals are more
concerned with how an intruder can cause damage by
entering an environment physically

© Copyright IBM Corporation 2015

• Threats due to natural environment
• Threats due to supply systems
• Threats which are man-made
• Threats occurring because of political motivation
Physical Security controls IBM ICE (Innovation Centre for Education)

• Physical security controls can be used to protect

organization’s assets
• There is a need to understand the assets that need to be
protected, where they are located, and what threats,
vulnerabilities, and risks pertain to them

© Copyright IBM Corporation 2015

Categories of Physical Security IBM ICE (Innovation Centre for Education)

controls
• Security in layers
• Technical controls
• Logging controls
• Perception as physical security

© Copyright IBM Corporation 2015

Security in layers IBM ICE (Innovation Centre for Education)

• The best way to approach the application of controls of

physical security controls is in layers
• Physical security can be met only if controls are layered
from the outer to the inner boundaries of each facility in an
organization
• The layers in which physical security can be attained are:
– Outer layer
– Inner layer

© Copyright IBM Corporation 2015

Security in layers – Inner layer IBM ICE (Innovation Centre for Education)

• Locks
• Keys and Combinations
• Patrol Force and Guards

© Copyright IBM Corporation 2015

Security in layers – Outer layer IBM ICE (Innovation Centre for Education)

• Natural barriers
• Structural barriers
– Fences
– Walls
– Gates

© Copyright IBM Corporation 2015

Technical controls 1
IBM ICE (Innovation Centre for Education)

• Mantraps
• Turnstiles
• Biometrics
• CCTV surveillance
• Environmental Monitoring controls
• EMI Shielding controls
• Fire Suppression controls
• Power system controls
• Electronic and Electromagnetic Locks
• Magnetic Locks

© Copyright IBM Corporation 2015

• Mantraps
– A man trap is an intermediate access control mechanism which is
used by high-security installations. A mantrap demands authentication
as well as visual identification
• Turnstiles
– Control over every exit and entry on a location can be allowed by a
turnstile. Turnstiles have an arm which is horizontal and extends
from a post
• Biometrics
– Biological traits are used by biometrics to authenticate a particular
individual. Computer systems which are security oriented should
be coupled with these devices
• Environmental Monitoring controls
– Temperature and humidity control is required by many computer
systems. The expense due to the system’s environmental issue
is quite significant
• EMI Shielding controls
– This is a process of stopping electronic emissions from an
organization’s computer systems. This process also is used to
prevent outside electronic emissions
• Power Systems controls
– Reliable DC power is required by a computing system
– The designs of a power system is made in such a way that it
can operate in a wide range of power features
– The products which can solve power problems are:
• Surge Protectors
• Power Conditioners
• Backup Power
• Fire Suppression
– The act of suppressing or extinguishing fire is known as
fire suppression
– Two primary types of fire-suppression systems are:
• Fire extinguishers
• Other fixed systems
• A table is given in the next slide which describes the type
of the extinguisher, their capabilities and how can they be
combined
Type of fire extinguishers IBM ICE (Innovation Centre for Education)

Type Use Combination

A Paper and wood Largely chemical or

water
B Liquids which are Chemical which are
flammable fire-retardant

C Electrical Chemicals which are

non-conductive

D Metals which are Specific to different

flammable types

© Copyright IBM Corporation 2015

Technical controls 6 IBM ICE (Innovation Centre for Education)

• Electronic and Electromagnetic Locks

– The four most common types are the magnetic lock, electric strike
lock, electric lockset, and electric deadbolt. Electronic or
electromagnetic locks must be strong enough to guard against
picking & drilling
• Magnetic Locks
– Magnetic locks secure doors through magnetic force. They are
ideal for high-frequency access control usage

© Copyright IBM Corporation 2015

Logging controls IBM ICE (Innovation Centre for Education)

• Access logs or audit trails can be produced by physical

access control systems
• Access and audit logs are not preventive but only detective
• Management of an organization should know the
whereabouts of the points of entry of the organizations
• They should also know about the attempters who tries to
get access

© Copyright IBM Corporation 2015

Perception as protection IBM ICE (Innovation Centre for Education)

• The planners of the security process should look beyond

traditional controls to accomplish security
• A perception must be developed that all of them are in
a secure and safe environment
• The concerns of the persons visiting and working in the
organization should be identified

© Copyright IBM Corporation 2015

Weakness and Strengths of the security controls IBM ICE (Innovation Centre for Education)

Security Control Strength Weakness

CCTV  Serves as a deterrent  Cannot respond to incident

 Flexibility of recording  Cost of initial installation

 Maintenance cost

Camera with recording  Permanent record  Cost of initial installation

capability
 Reduced insurance rates  Cannot respond to incident

 Multiple angle of view  Maintenance cost

Security professionals or  Mobility  Human error

guards
 Apply immediate judgment  Limited angles of
observation

 No permanent record of
observation
© Copyright IBM Corporation 2015
Benefits of Physical IBM ICE (Innovation Centre for Education)

Security
• Physical security provides workplace security options
• Multiple levels of identity verification
• Improved response and awareness from combined
solutions, improved event categorization
• Event triggering between technology types for improved
notification, assessment and response
• Reduces threat from internal employees
• Restricts Unauthorized Access

© Copyright IBM Corporation 2015

Security Issues Associated 1
IBM ICE (Innovation Centre for Education)

• The causes of the physical security issues can be either

natural or man-made
• The various security issues associated can be as follows:
– Tailgating
– Using USB ports to gain access
– Accessing the server room
– Easily accessible work-stations
– CBR related issues
– Explosives and Ballistics issue
– Social Engineering
– Protecting the printers
– Stealing the portables

© Copyright IBM Corporation 2015

• Tailgating
– When a person enters the organization’s facility by following a
person who has used his access card to get in
• Using USB ports to gain access
– When devices are attached to the USB ports to gain access of
the critical information
• Accessing the server room
– Accessing the server room in an unauthorized way and
damaging physical assets as well as critical information
• Easily accessible work-stations
– Using the unsecured computers that's connected to the network
to access or delete information that's important to the business
• CBR related issues
– CBR covers three distinct groups of hazards:
• Chemical: Poisoning or injury caused by chemical substances
• Biological: Damage due to release of dangerous bacteria or viruses
• Radioactive: Illness due to harmful radioactive materials
• Explosives and Ballistics issue
– The security issues faced due to terrorist bombing and explosions
• Social Engineering
– The art of manipulating people so they give up confidential information
• Stealing the printers
– The printers are stolen by the intruders and copies are made of
the documents which were printed recently
• Stealing the portables
– Portable computing systems are stolen by intruders and all the
data stored in the computer including passwords is misused
Cost vs. Benefit IBM ICE (Innovation Centre for Education)

Analysis
• Costs determination
– Total Cost of Ownership: It is a financial estimate intended to help
buyers and owners determine the direct and indirect costs of a
product or system
– Cost factors: Typical factors of costs are:
• Access controls
• Videos
• Management of contractor, employee etc.
• Communications
• Capturing the Benefits
– Direct benefits: The direct benefits are those whose influence
relate directly to the organization
– Indirect benefits: The benefits whose assistances do not directly
relate to the business are known as indirect benefits

© Copyright IBM Corporation 2015

Introduction to Network Security IBM ICE (Innovation Centre for Education)

• Definition
– Network security is a specialized field in computer networking
that involves securing a computer network
• Explanation
– Network security involves all the steps that an organization
undertakes to protect the present usability of any asset and also the
integrity and continuity of operations. An effective network security
strategy requires identifying threats and then choosing the best tools
to combat them

© Copyright IBM Corporation 2015

Scope of Network Security IBM ICE (Innovation Centre for Education)

• Every organization has some critical information which

needs to be protected
• Network security deals with all this information whether they
are present on the servers or on the network
• Network security can be applied at the perimeter level
where the private network interfaces with the public network
• It ultimately protects the entire network architecture of the
business

© Copyright IBM Corporation 2015

Threats & Vulnerabilities 1
IBM ICE (Innovation Centre for Education)

• Vulnerability Scanning
– Passively Testing Security Controls
– Interpreting Results
– Identifying Vulnerability
– Identifying Lack of Security Controls
– Identifying Common Misconfigurations
• Penetration Testing
– Verify a Threat Exists
– Bypass Security Controls
– Actively Test Security
– Exploit Vulnerabilities

© Copyright IBM Corporation 2015

• Ethical Hacking
– Black Box
– White Box
– Grey Box
• Assessment Types and Techniques
– Baseline Reporting
– Code Review
– Determine Attack Surface
– Architecture
– Design Review
Secure Network Administration Principles
and
Tools 1
IBM ICE (Innovation Centre for Education)

• To keep the network safe, there are a number of basic

principles that an organization can apply. These Principles
are as follow:
– Rule-Based Management
• The access is granted to the object based on both the object’s
sensitivity label and the user’s sensitivity label
– Port Security
• In the realm of IT, port security works at level 2 of the OSI model and
allows an administrator to configure switch ports so that only certain MAC
addresses can use the port

© Copyright IBM Corporation 2015

• Flood Guards and Loop Protection
– A flood guard is a protection feature built into many firewalls that
allow the administrator to tweak the tolerance for unanswered login
attacks
• Preventing Network Bridging
– Network bridging occurs when a device has more than one network
adapter card installed and the opportunity presents itself for a user
on one of the networks to which the device is attached to jump to the
other
• Log Analysis
– Log analysis is crucial to identifying problems that occur related
to security
Mitigation and Deterrent Techniques 1
IBM ICE (Innovation Centre for Education)

• Various types of techniques for mitigation and deterrence

are as follows:
– Mitigation and Deterrent Techniques
• It is always possible for something to crash, be it an application, a
system, a safeguard, or almost anything else. When it does fail—either
through a crash or someone bypassing the expected control path—there
are two states that it can fail in: failsafe(secure) or fail open (not secure)
– Security Logs/Access Logs
• The Security Logs are accessed beneath Windows Logs in Event Viewer,
and each event is preceded by either a key (audit success) or a lock
(audit failure)
– Audit Logs
• There should be regular examination of the log files that are created by
network services. The place where logs are generated can vary from
an appliance to a workstation

© Copyright IBM Corporation 2015

– Detection/Prevention
• One of the easiest ways to detect and prevent problems is to let people
know that they are being monitored. In the online world, an
organization can do this with messages that appear during login,
regular communications, and so on
• Monitoring here can be done by either cameras or guards
Benefits 1
IBM ICE (Innovation Centre for Education)

• Centralized protection
– The advantage to having a centralized network security system is
that hacks can be halted before they do their malicious work
• Email security
– When an organization uses a network protection service, their
emails are filtered on the third party network before being forwarded
to their mail server
• Increases user productivity
– Network security tools will increase an organization's user
productivity on their network

© Copyright IBM Corporation 2015

• Manages the access
– Network Security provides different levels of access and managed
by network security solution
• Monitors traffic
– A network security tool monitors all of the traffic entering
an organization's computer network
Associated Security Issues IBM ICE (Innovation Centre for Education)

• Security issues associated with network security can be

broken down into different categories:
– Some attacks gain system knowledge or personal information, such
as eavesdropping and phishing
– Some interfere with the system’s intended function, such as
viruses, worms and Trojans.
– The other form of attack is when the system’s resources are
consumed uselessly; these can be caused by denial of service (DoS)
attack
– Other forms of network intrusions also exist, such as smurf attacks
and teardrop attacks etc.

© Copyright IBM Corporation 2015

Types of Attacks 1
IBM ICE (Innovation Centre for Education)

• Eavesdropping
– Interception of communications by an unauthorized party is
called eavesdropping
• Viruses, Worms and Trojans
– Viruses are self-replication programs that use files to infect
and propagate.
– Worms are similar to viruses as they both are self-replicating, but
the worms do not require any file to propagate.
– Trojans are programs with malicious purpose which carry
some payload such as viruses.
• IP spoofing attacks
– Spoofing means to have the address of the computer mirror and
the address of a trusted computer in order to gain access to other
computers

© Copyright IBM Corporation 2015

• Denial of Service (DoS)
– Denial of Service is an attack when the system receiving too many
requests cannot return communication with the requestors. The
system then consumes resources waiting for the handshake to
complete. Eventually, the system cannot respond to any more
requests rendering it without service
– Many attack techniques can be used for DoS purpose as long as they
can disable service, or downgrade service performance by
exhausting resources for providing services
Cost vs. Benefit IBM ICE (Innovation Centre for Education)

Analysis
• An organization computes the true saving that will be
effective due to the installation of a new countermeasure
when it does the Cost vs Benefit Analysis. After the saving
is calculated the new effective cost is being calculated by
the existing management. It is calculated by subtracting the
new cost of the countermeasure from the new reduction in
Annualized Loss Expectancy (ALE) that is incurred from the
use of the new countermeasure
– For example: An organization had a considerable loss because their
network is being intruded. As a result most of the important data of
the organization was deleted. $200,000 was the cost incurred for
recovering the data which was lost. The likelihood of this kind of
incident happening came out to be once every 2 years. Therefore the
organization installed a detection tool for network intrusion which
incurred a cost of $40,000. Given on the next slide is a table that lists
the benefits and the cost incurred by the tool
© Copyright IBM Corporation 2015
Cost Benefit Table IBM ICE (Innovation Centre for Education)

Item Amount

Risk: damage of organization’s critical data due to network intrusion

Cost incurred for data recovery: $ $ 100,000
200,000 @ 50% likelihood per year

Percentage of tool effectiveness: 85% -$ 85,000

Cost incurred due to the installation of $40,000

the tool
Annualized Loss Expectancy due to $55,000
control and loss: $100,000-$85,000 +
$40,000
Amount saved: $100,000 - $55,000 $45,000

© Copyright IBM Corporation 2015

Cost Models IBM ICE (Innovation Centre for Education)

• Cost Model for Network Security

– Network intrusion detection technologies, as part of risk management
measures, have been studied for more than a decade, but most
systems are concerned only with intrusion detection, which tries to
use brute force to catch every possible intrusion, while ignoring
technical effectiveness
• Cost Sensitive Model for Network Intrusion Detection
– Security services include data confidentiality, integrity, traffic flow
confidentiality, authenticity, non-repudiation, availability, audit and
intrusion detection, and boundary control

© Copyright IBM Corporation 2015

Checkpoint (1 of 5) IBM ICE (Innovation Centre for Education)

1. Which component of physical security is meant for outer-

layer access control?
– Mantraps
– Locked doors
– Security zones
– Perimeter security
2. Which type of fire extinguisher is used to suppress
electrical fire?
– Type D
– Type A
– Type C
– Type B

© Copyright IBM Corporation 2015

Checkpoint Solutions (1 of IBM ICE (Innovation Centre for Education)

5)
1. Which component of physical security is meant for outer-
layer access control?
– Mantraps
– Locked doors
– Security zones
– Perimeter security
2. Which type of fire extinguisher is used to suppress
electrical fire?
– Type D
– Type A
– Type C
– Type B

© Copyright IBM Corporation 2015

Checkpoint (2 of 5) IBM ICE (Innovation Centre for Education)

3. The control that is not able to restrict EMI is:

– Physical location
– Humidity control
– Overhauling worn motors
– Physical shielding
4. Physical characteristics are needed by this technology in
order to establish identity. This technology is:
– Smart card
– Biometrics
– CHAP authenticator
– Surveillance

© Copyright IBM Corporation 2015

Checkpoint Solutions (2 of IBM ICE (Innovation Centre for Education)

5)
3. The control that is not able to restrict EMI is:
– Physical location
– Humidity control
– Overhauling worn motors
– Physical shielding
4. Physical characteristics are needed by this technology in
order to establish identity. This technology is:
– Smart card
– Biometrics
– CHAP authenticator
– Surveillance

© Copyright IBM Corporation 2015

Checkpoint (3 of 5) IBM ICE (Innovation Centre for Education)

5. This installation needs authentication as well as visual

identification in order to gain access. This high-security
installation is:
– Fencing
– Proximity reader
– Hot aisle
– Mantrap
6. What are the two states in which an application will fall in?
– Failopen
– Dependable
– Assured
– Failsafe

© Copyright IBM Corporation 2015

Checkpoint Solution (3 of IBM ICE (Innovation Centre for Education)

5)
5. This installation needs authentication as well as visual
identification in order to gain access. This high-security
installation is:
– Fencing
– Proximity reader
– Hot aisle
– Mantrap
6. What are the two states in which an application will fall in?
– Failopen
– Dependable
– Assured
– Failsafe

© Copyright IBM Corporation 2015

Checkpoint (4 of 5) IBM ICE (Innovation Centre for Education)

7. A software application which checks the network of

an organization for security holes that are known?
– Log analyzer
– Design reviewer
– Vulnerability scanner
– Logic bomb
8. Which type of testing begins with the idea that the user
has some internal knowledge of the network?
– Green box
– White box
– Gray box
– Black box

© Copyright IBM Corporation 2015

Checkpoint Solutions (4 of IBM ICE (Innovation Centre for Education)

5)
7. A software application which checks the network of
an organization for security holes that are known?
– Log analyzer
– Design reviewer
– Vulnerability scanner
– Logic bomb
8. Which type of testing begins with the idea that the user
has some internal knowledge of the network?
– Green box
– White box
– Gray box
– Black box

© Copyright IBM Corporation 2015

Checkpoint (5 of 5) IBM ICE (Innovation Centre for Education)

9. Which security function is performed by Nessus?

– Penetration testing
– Vulnerability scanning
– Loop protection
– Ethical hacking
10.In a certain method, a system is accessed from an
attacker’s perspective. What is that method known as?
– Flood gating
– Loop recon
– Penetration testing
– Vulnerability scanning

© Copyright IBM Corporation 2015

Checkpoint Solutions (5 of IBM ICE (Innovation Centre for Education)

5)
9. Which security function is performed by Nessus?
– Penetration testing
– Vulnerability scanning
– Loop protection
– Ethical hacking
10.In a certain method, a system is accessed from an
attacker’s perspective. What is that method known as?
– Flood gating
– Loop recon
– Penetration testing
– Vulnerability scanning

© Copyright IBM Corporation 2015

Unit summary IBM ICE (Innovation Centre for Education)

Having completed this unit, you should be able to:

• Understand the basics of physical and network security
• Recognize the scope of physical and network security
• Identify the threats and vulnerabilities associated with
physical and network security
• Categorize the tools and techniques used for the
implementation of physical and network security
• Devise a cost-benefit plan for analyzing security controls

© Copyright IBM Corporation 2015