Week _10_ Physical Security

 Terminology associated with physical security.

 How physical security directly affects computer and network security

 Steps that can be taken to help mitigate risks

 Different types of fires and the various fire suppression systems designed to limit

the damage caused by fires

 Electronic access controls and the principles of convergence

1
Key Terms

BIOS
Access control Access tokens Autorun Biometrics
passwords

Closed circuit
Contactless
Bootdisk television Drive imaging False negative
access cards
(CCTV)

Multiple-
False positive Layered access LiveCD Mantrap factor
authentication

Policies and
Smart cards USB devices
procedures
Seven Major Sources of Physical Loss

• Temperature extremes
• Gases
• Liquids
• Living organisms
• Projectiles
• Movement
• Energy anomalies
Controls for Protecting the Secure Facility

• Walls, Fencing, and Gates • Mantraps

• Guards • Electronic Monitoring
• Dogs, ID Cards, and Badges • Alarms and Alarm Systems
• Locks and Keys • Computer Rooms
• Walls and Doors
Physical Security Domains

• There are a number of ways to subdivide physical security, to simplify we have

divided Physical Security into five parts.

•Part I: Perimeter protection and outer structure

•Part II: Access Control & Closed Circuit Television (CCTV)

•
•Part III: Power

•Part IV: Heating, ventilation and Air Conditioning (HVAC)

•Part IV: Life safety

The Security Problem Illustrated

•Physically securing information

assets doesn’t mean just the
servers; it means protecting
physical access to all the
organization’s computers and its
entire network infrastructure.
Bootdisks
Any media used to boot a computer into an operating system
that is not the native OS on its hard drive could be classified as a
bootdisk. These can be in the form of a floppy disk, CD, DVD, or a
USB flash drive.

Boot floppy disks can be used to attack machines with floppy

drives.

Utilities can be installed on the disk to allow for the stealing of

password files and other information.
A Sample of LiveCDs

• A LiveCD contains a bootable version

of an entire operating system.
• This is typically a variant of
Linux, complete with drivers
for most devices.
• LiveCDs give an attacker a
greater array of tools than
could be loaded onto a floppy
disk.
• These tools include scanners,
sniffers, vulnerability exploits,
forensic tools, drive imagers,
password crackers, and more.
Drive Imaging
Drive imaging is the process of copying the entire contents of a hard drive to a single file on a different media.

A bootable media is used to start the computer and load the drive
This process is often used by people who perform imaging software.
forensic investigations of computers. It makes a bit-by-bit copy of the hard drive or other attached media.
There will be no record of the copy being made.

The information obtained from drive imaging contains every bit of data that is on the computer: any locally
stored documents, locally stored e-mails, and every other piece of information that the hard drive contains.

This data could be very valuable if the machine holds sensitive information about the company.

Encrypting files or the drive provides protection.

Storing files on a files server can also help.

Physical Security Safeguards

• Walls and guards

• Policies and procedures
• Access control and monitoring
• Environmental controls
• Fire suppression
Walls and Guards

• The primary defense against a majority of physical attacks are

the barriers between the assets and a potential attacker—walls,
fences, gates, and doors.
• Some employ private security staff to attempt to protect their
assets.
Walls

The most valuable assets should be contained on

company servers.

To protect the physical Doors and windows should be safeguarded and a

minimum number of each should be used in a server
servers, you must look in all room.
Is there a drop ceiling?
directions: Is there a raised floor?
Guards

• Guards are a visible presence

with direct responsibility for
security, so they provide an
excellent security measure.
• Guards can monitor entrances
and exits and can maintain
access logs of who has entered
and departed the building.
• Everyone who passes through
security as a visitor should sign
the log. It can be useful in
tracing who was at what
location and why.
Policies and Procedures

• Physical security policies and procedures relate to two distinct

areas:
• Those that affect the computers themselves
• Those that affect users
 Computer Policies

Remove/disable Remove/disable Disallow Lock up Train

Remove/disable the Remove/disable the Disallow USB drive Lock up equipment Train all employees:
floppy disk system. optical drive system. keys, either with that contains • To challenge strangers
• If that is not possible, active directory or sensitive data. • To follow procedures
remove the device from registry settings. • To lock workstations before
the boot menu and set a leaving them
BIOS password. • If that is not possible,
implement aggressive anti-
malware scanning.
Access Controls and Monitoring

• Access control means having control of doors and entry points.

• Locks
• Layered access systems
• Electronic door control systems
• Closed circuit television (CCTV)
Layered Access
Layered Access
To help prevent an attacker from gaining access
to important assets, these assets should be
placed inside multiple perimeters.

Access to the server room should be limited to

staff with a legitimate need to work on the
servers.

Area surrounding the server room should also be

limited to people who need to work in that area.
 Laptops and Mobile Devices

Mobile computing devices are Physical security becomes How do you protect laptop or
becoming ubiquitous. responsibility of user. mobile device when you are
separated?
Failure of Supporting Utilities and
Structural Collapse

• Supporting utilities, such as heating, ventilation and air

conditioning, power, water, and other utilities, have a significant
impact on the continued safe operation of a facility
• Extreme temperatures and humidity levels, electrical
fluctuations and the interruption of water, sewage, and garbage
services can create conditions that inject vulnerabilities in
systems designed to protect information
Structural Collapse

• Unavoidable forces can cause failures of structures that house

the organization
• Structures are designed and constructed with specific load
limits, and overloading these design limits, intentionally or
unintentionally, inevitably results in structural failure and
potentially loss of life or injury
• Periodic inspections by qualified civil engineers assists in
identifying potentially dangerous structural conditions well
before they fail
Heating, Ventilation, and Air
Conditioning

• HVAC system areas that can cause damage to information systems:

• Temperature
• Computer systems are subject to damage from extreme temperature
• The optimal temperature for a computing environment (and people) is
between 70 and 74 degrees Fahrenheit
• Filtration
• Humidity
• Static
• One of the leading causes of damage to sensitive circuitry is electrostatic
discharge (ESD)
• A person can generate up to 12,000 volts of static current by walking across
a carpet
Ventilation Shafts

• Security of the ventilation system air ductwork:

• While in residential buildings the ductwork is quite small, in
large commercial buildings it can be large enough for an
individual to climb through
• If the vents are large, security can install wire mesh grids at
various points to compartmentalize the runs
Power Management and Conditioning

• Electrical quantity (voltage level and amperage rating) is a concern, as is

the quality of the power (cleanliness and proper installation)
• Any noise that interferes with the normal 60 Hertz cycle can result in
inaccurate time clocks or unreliable internal clocks inside the CPU
• Grounding
• Grounding ensures that the returning flow of current is properly
discharged
• If this is not properly installed it could cause damage to equipment and
injury or death to the person
• Overloading a circuit not only causes problems with the circuit tripping but
can also overload the power load on an electrical cable, creating the risk
of fire
Uninterruptible Power Supplies (UPSs)

• In case of power outage, a UPS is a backup power source for

major computer systems
• There are four basic configurations of UPS:
• the standby
• ferroresonant standby
• line-interactive
• the true online
Emergency Shutoff

• One important aspect of power management in any

environment is the need to be able to stop power immediately
should the current represent a risk to human or machine safety
• Most computer rooms and wiring closets are equipped with an
emergency power shutoff, which is usually a large red button,
prominently placed to facilitate access, with an accident-proof
cover to prevent unintentional use
Electrical Terms

• Fault: momentary interruption in power

• Blackout: prolonged interruption in power
• Sag: momentary drop in power voltage levels
• Brownout: prolonged drop in power voltage levels
• Spike: momentary increase in power voltage levels
• Surge: prolonged increase in power voltage levels
Testing Facility Systems

• Physical security of the facility must be constantly documented,

evaluated, and tested
• Documentation of the facility’s configuration, operation, and
function is integrated into disaster recovery plans and standing
operating procedures
• Testing provides information necessary to improve the physical
security in the facility and identifies weak points
Interception of Data

• There are three methods of data interception:

• Direct observation
• Data transmission
• Eavesdropping on signals
• TEMPEST is a technology that involves the control of
devices that emit electromagnetic radiation (EMR) in
such a manner that the data cannot be reconstructed
Remote Computing Security

• Remote site computing - distant from the organizational facility

• Telecommuting - computing using telecommunications
including Internet, dial-up, or leased point-to-point links
• Employees may need to access networks on business trips
• Telecommuters need access from home systems or satellite
offices
• To provide a secure extension of the organization’s internal
networks, all external connections and systems must be
secured