We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKylan Hathorne
Modified over 2 years ago
1 Copyright © 2013 M. E. Kabay. All rights reserved. Physical Threats & Protecting the Information Infrastructure CSH5 Chapters 22 & 23 Physical Threats to the Information Infrastructure & Protecting the Information Infrastructure Franklin Platt
2 Copyright © 2013 M. E. Kabay. All rights reserved. Selected Topics in Facilities Security (1) Location of building Location within building Layout Doors Windows Electrical power supply Air conditioning Electromagnetic radiation Fire detection and prevention Water damage NOTE: These lecture notes do not correspond to the sequence of material in CSH5 Chapters 22 & 23.
3 Copyright © 2013 M. E. Kabay. All rights reserved. Location of Building If possible, safe area: avoid Earthquakes Tornadoes Hurricanes Civil unrest Gasoline storage Aircraft flyways Train tracks Heavily-traveled highways (esp. raised)
4 Copyright © 2013 M. E. Kabay. All rights reserved. Location of Building (contd) Ensure dual access paths Fire emergency teams Ambulances Police If possible, avoid labeling building function Avoid forcing outside lineups of staff at starting time
5 Copyright © 2013 M. E. Kabay. All rights reserved. Building Design (1) Defend against car/truck bombs Avoid large areas of unprotected glass at ground level Place solid obstructions at entranceways to prevent access by vehicles Bollards Anchored planters Reinforced seats New CIA HQ finished 1991
6 Copyright © 2013 M. E. Kabay. All rights reserved. Building Design (2) Provide for entry of large equipment Roof cranes Wide or double doors for technical areas Eliminate large chases (indents on side of building) Make it harder to climb building using climbing equipment / techniques
7 Copyright © 2013 M. E. Kabay. All rights reserved. Location Within Building Access to building affects computer room security Involve EDP security staff in design of new building No external walls Inconspicuous yet allowing easy access for fire department Far from hazardous areas
8 Copyright © 2013 M. E. Kabay. All rights reserved. Layout Separate functions Tape vaults/safes Security equipment in secure, separate room Rest rooms, food areas near center Substantial walls Avoid closets in common walls Slab to slab construction: Make provision for secure but effective maintenance access
9 Copyright © 2013 M. E. Kabay. All rights reserved. Doors As few as possible Formal exiting study to set minimum Put alarms and signs on doors which are not essential during normal work Solid wood or metal (avoid glass: 64% burglaries through glass) Secure frames Hidden or inward hinges Non removable hinge pins Astragals (protector on door edge)
10 Copyright © 2013 M. E. Kabay. All rights reserved. Windows None! Cover with bricks if facing outside Eliminate internal vision panels If impossible, at least move security equipment out of sight Cover sensors in room during visitor tours Security glazing Gratings, bars, fastenings Breakage sensors connected to alarm system Closed circuit TV monitoring motion sensors
11 Copyright © 2013 M. E. Kabay. All rights reserved. Electrical power supply Disturbances: monitors, power conditioners Outages: UPS, motor alternator w/ flywheel, battery/rectifier, diesel generators (fuel) Plan for peak load, minimum time required, graceful shutdown Emergency lighting (fixed, portable) Protect electrical equipment from tampering BELKIN UPS
12 Copyright © 2013 M. E. Kabay. All rights reserved. Air Conditioning Protect external air intakes for air conditioners Susceptible to gas attack ¨or disabling Temperature ~21C +/ 2C Humidity ~50% +/ 5% Positive pressure Risks: dust, condensation, curling paper, static charge Keep computer air conditioning separate from that of rest of building Non combustible ducts Link to fire suppression system (auto shutoff)
13 Copyright © 2013 M. E. Kabay. All rights reserved. Electromagnetic Radiation Magnets Bulk tape erasers Speakers on sound systems Radio transmitters (e.g., nearby public radio or TV stations) Walkie talkies Cellular (mobile) phones are a threat Aluminum mesh if needed on windows (if any) to create Faraday cage
14 Copyright © 2013 M. E. Kabay. All rights reserved. Fire Prevention & Detection (1) Keep DP separate from rest of building if possible Non combustible materials in walls Restrict openings in walls Self closing fire exclosures Duct work, cables to be cemented into walls w/ fire resistant materials Appropriately placed smoke, heat detectors Full-time monitoring and alerts by trained people
15 Copyright © 2013 M. E. Kabay. All rights reserved. Fire Detection and Prevention (2) Fire resistant raised floors Suction cups handy
16 Copyright © 2013 M. E. Kabay. All rights reserved. Fire Detection and Prevention (3) Detectors in suspended ceilings Systems approach integrates information from multiple sensors HALON systems forbidden because of laws on environmental protection passed in 1990s Keep combustibles (e.g., paper) out of computer room Best system in world is useless without trained staff: practice fire drills
17 Copyright © 2013 M. E. Kabay. All rights reserved. Water Damage Install water detectors below raised flooring Link water detectors to building's central alarm systems Use dry pipe sprinkler systems (see also large picture next page) Floors above computer room to be waterproof Install rolls of non flammable plastic sheets ready to cover equipment against water
18 Copyright © 2013 M. E. Kabay. All rights reserved. Dry-Pipe Sprinkler Valves Valves http://www.apigroupinc.com/headlines/images/union-plaza/dry-pipe-valves.jpg
19 Copyright © 2013 M. E. Kabay. All rights reserved. Selected Topics in Facilities Security (2) Guards, Gates and Guns Surveillance Access Controls Protective Technologies
20 Copyright © 2013 M. E. Kabay. All rights reserved. Guards, Gates and Guns
21 Copyright © 2013 M. E. Kabay. All rights reserved. Guards Usually contractors Choose companies with bonded employees Define expectations / policies clearly Train extensively & rehearse emergencies Monitor performance – no exceptions, no tailgating Teach to examine outbound equipment Become aware of high- density storage media such as flash drives
22 Copyright © 2013 M. E. Kabay. All rights reserved. Fences Primarily for delay Psychological barrier Serious assailant not deterred Improvements: barbed wire, razor wire, electrification Surveillance essential (see later)
23 Copyright © 2013 M. E. Kabay. All rights reserved. Gates Gates cannot compensate for weak perimeter: Some secure installations have double gates (external and internal)
24 Copyright © 2013 M. E. Kabay. All rights reserved. Other Barriers Obstruct penetration by bombers Concrete pillars in front of entrances or other weak points (as mentioned in part 1) Prevent stopping / parking in front of buildings (seal off access roads) Slow down attack vehicles – zig-zag barriers High-security installations have guards who check vehicles inside and out All passengers out for positive ID and verification of authorized business Mirrors to look under vehicles Mayur Industrial Corp. Under-Vehicle Bomb Search Mirrors http://preview.tinyurl.com/nz2jhe
25 Copyright © 2013 M. E. Kabay. All rights reserved. Weapons Armed guards require special training & licensing Much more expensive than ordinary guards High-security government installations use military forces High-powered personal weapons (e.g., machine guns) Artillery (armored vehicles, RPGs)
26 Copyright © 2013 M. E. Kabay. All rights reserved. Surveillance Cameras more effective than watchmen alone Motion detectors + digital recorders Must protect recording equipment Archive tapes/disks safely and for > 1 month Guards must monitor activity carefully Ethical and legal issues about concealed cameras May use dummy cameras among real ones Deception is tool of good security Dummy camera
27 Copyright © 2013 M. E. Kabay. All rights reserved. Access Controls Principles Mechanical Locks Keypads Features of Electronic Access Control Systems Cards Biometric Methods
28 Copyright © 2013 M. E. Kabay. All rights reserved. Access Control Principles Normally only one controlled, monitored access point Audit trail is valuable Staff responsibilities Wear badges in restricted areas Accompany visitors Challenge unbadged people and call security at once Put in positive light: protect employees against trouble, disruption, loss of business, loss of employment Apply rules even handedly and consistently to avoid doubts about individual's integrity
29 Copyright © 2013 M. E. Kabay. All rights reserved. Mechanical Locks Appropriate only for small sites Infrequent use (2 3 times/day) Beware wedges and tape blocking doors open Keys easily duplicated Many unregistered locksmiths (e.g., hardware store clerks) ignore DO NOT DUPLICATE warnings Cannot be individually inactivated from control center Loss of a master key can cost $1000s to replace ALL keys in set for everyone Special locks (e.g., Abloy) more secure Michael Zemanek 2012: Key covers can obscure DO NOT DUPLICATE warning
30 Copyright © 2013 M. E. Kabay. All rights reserved. Keypads Fixed keypads must be secured against observation (e.g., by sleeve over keypad) Be sure you can set multiple key combinations Variable position keypads harder to read by observers Watch out for patterns of wear that would give away smaller keyspace
31 Copyright © 2013 M. E. Kabay. All rights reserved. Features of Electronic Access-Control Systems Antipassback (system remembers who's in area) Time open limit (alarms for doors kept open) Duress signal (e.g., Putting in card upside down) Degraded mode (if CPU goes down) Audit features (records of movements, violations) Computer room alarms linked to building alarms Building alarms audible in computer room Image used with permission of United Security Systems Inc. http://www.ussinational.com http://www.ussinational.com
32 Copyright © 2013 M. E. Kabay. All rights reserved. Cards Wiegand: wires generate magnetic pulses Barium ferrite: polarized magnetic fields Bar codes Infrared readable embedded bar codes Magnetic stripe Proximity (radio frequency signatures)
33 Copyright © 2013 M. E. Kabay. All rights reserved. Smart Cards Include microprocessor Can serve as I&A unit Also for digital signatures Interact with software Many form factors Cards Cards with keypads for PINs Calculators USB keyfob
34 Copyright © 2013 M. E. Kabay. All rights reserved. Biometric Methods Hand geometry Fingerprints Retinal scan Iris scan Face recognition Voice verification Signature dynamics Keystroke dynamics Weight/height cabinets Combinations even more effective
35 Copyright © 2013 M. E. Kabay. All rights reserved. Hand Geometry Easy to use No need for tokens, cards Extremely low errors Few false positives (allowing wrong person in) Few false negatives (preventing right person from entering) Contrary to movies, does NOT respond to dead hands!
36 Copyright © 2013 M. E. Kabay. All rights reserved. Fingerprints High accuracy* Sensors available for static image (middle image) and also for dynamic swipe (lower image) *But Japanese scientists showed that fake fingers easy to create from fingerprints Used crazy glue to enhance ridges Gummy Bears candy Fooled sensors 80%
37 Copyright © 2013 M. E. Kabay. All rights reserved. Retinal Scan Viewed with suspicion by general public Hygiene issues due to physical contact with sensor sleeve Highly reliable As with all biometric systems, data generally stored in one-way encrypted form
38 Copyright © 2013 M. E. Kabay. All rights reserved. Iris Scan Highly reliable Easy enrolment process Non-invasive readers No direct contact required Enrolment unit Remote unit
39 Copyright © 2013 M. E. Kabay. All rights reserved. Face Recognition Two distinct applications: Recognizing authorized personnel for I&A Recognizing unregistered people using photos* *Developing bad reputation for high error rates; e.g., Tampa PD dropped sample system in Aug 2003 after > 2 year trial w/out single capture of a criminal
40 Copyright © 2013 M. E. Kabay. All rights reserved. Protective Technologies Special tamper-evident features and materials employed for the purpose of detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute information processing equipment and keying material. CNSS Instruction 4009 (Glossary) http://tinyurl.com/na6yab E. g., Tapes Special screws Seals Photographic Logs
41 Copyright © 2013 M. E. Kabay. All rights reserved. Tapes Detecting opening of equipment or containers Used in forensic work for chain of custody Tape splits into two parts when opened http://www.j-n-s-ind.com.hk/security.htmhttp://www.j-n-s-ind.com.hk/security.htm Used with permission. Courtesy J&S Industrial (HK) Co.
42 Copyright © 2013 M. E. Kabay. All rights reserved. Special Screws Can substitute screws or bolts requiring special drivers with restricted distribution E.g., Tamperproof Screw Co, Inc. of New York http://www.tamperproof.com/index.cfm?fuseaction=products Images used by kind permission of Tamperproof Screw Co.
43 Copyright © 2013 M. E. Kabay. All rights reserved. Seals Use soft metal (e.g., lead) or plastic units to prevent opening containers or exclosures without discovery Use serial numbers or unique patterns E.g., everyone will have seen seals on electric utility boxes and meters; E.g., from American Casting & Manufacturing, http://www.americancasting.com http://www.americancasting.com Images used by kind permission of AC&M
44 Copyright © 2013 M. E. Kabay. All rights reserved. Seals (contd) Examples from ULINE Shipping Supply Specialists http://www.uline.com/Group_47 http://www.uline.com/Group_47 http://www.uline.com/Browse_Listing_2302.asp Image used by kind permission of ULINE Shipping Supply.
45 Copyright © 2013 M. E. Kabay. All rights reserved. Photographic Logs (1) Use process of careful photography of computer equipment before allowing it to be taken overseas Record details such as Exact distances of movable parts Scratches, nicks especially around screws Wipe fingerprints from inner components that should not have to be removed such as batteries and memory chips Orientation of screws and bolts (see next slide)
46 Copyright © 2013 M. E. Kabay. All rights reserved. Photographic Logs (2) Philips Head screw has rotated: Before tripAfter trip Notice how rotation has shifted contact points with alignment lines Vertical Contact Horizontal Contact Center line
47 Copyright © 2013 M. E. Kabay. All rights reserved. DEFCON 17: Invisible Access Electronic Access Control, Audit Trails, and High Security 47 minute discussion of physical access control device vulnerabilities http://www.youtube.com/watch?v=wsvQtIuM5a4
48 Copyright © 2013 M. E. Kabay. All rights reserved. Now go and study
1. 2 Earthquake effects on health care facilities 2.
Physical Security Concerns for LAN Management By: Derek McQuillen.
1 AUTOMOTIVE BRAKING SYSTEMS AUTOMOTIVE BRAKING SYSTEMS.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
C Copyright © 2005, Oracle. All rights reserved. Practice Solutions.
Physical Security Chapter 9. Physical Security “encompasses the design, implementation and maintenance of counter measures that protect the physical resources.
1 Site Safety Plans PFN ME 35B. 2 TERMINAL LEARNING OBJECTIVES ACTION: Identify the requirements for implementing a Safety and Health Program for operation.
Time for a BREAK! You have 45 Minutes. Time Left 44.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Physical (Environmental) Security. 2 Domain Objectives Define key concepts of physical security Goals and Purpose of Layered Defenses Principles in Site.
AMARI AIR BASE AT/FP EVAL 9 JUNE (No photos taken due to tight security)
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
Drivers Education Journal # Please pick up all the handouts Get out a sheet of loose leaf paper and something to write with Write the.
1 Closed Area Construction MFC Physical Security Robert Pullen Industrial Security Representative Stf.
Physical Security SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Physical Security.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 8: Physical Security Control.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © Center for Systems Security and Information Assurance Lesson Seven Physical Security.
Signs, Signals, and Pavement Markings Colors have meaning Shapes have meaning Text and symbols provide information Signs Designed for Quick Recognition.
Threads, SMP, and Microkernels Chapter 4 1. Process Resource ownership - process includes a virtual address space to hold the process image Scheduling/execution-
BMU - E I 1 Development of renewable energy sources in Germany in
1. 2 Its almost time to take the FCAT 2.0! Here are some important explanations and reminders to help you do your very best.
12/14/2014 Cooking Fires 1 How to Prevent Cooking Fires and Related Injuries.
Understanding Security Layers Lesson 1. Objectives.
VistA Imaging Capture via Import. 2October 2007 The information in this documentation includes only new and updated functionality of the software after.
1 INTRUSION ALARM TECHNOLOGY INTRO TO INTRUSION ALARM.
每时每刻 可信安全 1 What category of water sprinkler system is currently the most recommended water system for a computer room? A Dry Pipe sprinkler system B Wet.
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Lecture 6 User Authentication (cont) modified from slides of Lawrie Brown.
John Ogilvie High School - CfE Physics 1 CfE Physics – SCN 4-09 b & c Electronics Input, Process and Output Digital Logic Gates SCN 4-09b: By contributing.
Chapter 7: Physical & Environmental Security. 2 Objectives Define the concept of physical security and how it relates to information security Evaluate.
1 INTRUSION ALARM TECHNOLOGY DETECTION DEVICES. 2 INTRUSION ALARM TECHNOLOGY Detection devices can be either passive or active. Passive devices typically.
Physical Security Ch9 Part I Security Methods and Practice CET4884 Principles of Information Security, Fourth Edition.
1 Turing Machines. 2 A Turing Machine Tape Read-Write head Control Unit.
CS 6143 COMPUTER ARCHITECTURE II SPRING 2014 ACM Principles and Practice of Parallel Programming, PPoPP, 2006 Panel Presentations Parallel Processing is.
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Facilities Management and Design Chapter 4 Safety and Security systems.
Computer Security Computer Security is defined as: The protection afforded to an automated information system in order to: attain the applicable objectives.
1 SAF AMMUNITION COMMAND The Heart of SAF s Firepower Security and Stockpile Management of MANPADS (Man-Portable Air Defence Systems)
Photo Slideshow Instructions (delete before presenting or this page will show when slideshow loops) 1.Set PowerPoint to work in Outline. View/Normal click.
1 Service Area Room Planning. The Service Area Supplies equipment and space for: Supplies equipment and space for: Maintenance. Maintenance. Storage.
The Office Procedures and Technology Chapter 10 Managing Records Copyright© 2007 Thomson/South-Western.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 6 Processes and Operating Systems.
1 National Urban Search & Rescue Response System Communications Specialist Course Communications Specialist Course Skill 2 Unit 3: AC Power, Distribution,
May 15, 2013 Does GIS Stop at the Entrance Door of a Building? Wolfgang Haller Munich Airport.
User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.
© 2017 SlidePlayer.com Inc. All rights reserved.