2Objectives ***Safety of people is most important for this Physical Security - physical protection of the resources ofan organization which include people, data, facilities,equipment, systems, etc. Physical security is the first lineof defense***Safety of people ismost important for thisdomain, and trumps allother considerations.
3ThreatsNatural environmental - Floods, earthquakes, storms, fires, tornadoes, extreme temperature conditions, etc..Supply system - Power distribution, communications interruptions, and interruption of other natural energy resources such as water, steam, gas, etc..Manmade - Unauthorized access (internal/external), explosions, damage by employee (deliberate or accidental), vandalism, fraud, theft, etc..Political - Strikes, riots, civil disobedience, terrorist attacks, bombings, etc..****These are all man-made too – know the difference!!!
4Layered SecurityThe purpose is to put enough obstacles in front of an intruder to keep them busy until the authorities can take control of the situation. **Damage to assets can be minimized.
5Site Selection Visibility Surrounding terrain Building markings and signsTypes of neighborsPopulation of the areaSurrounding area and external entitiesCrime rate, riots, terrorism attacksProximity to police, medical, and fire stationsPossible hazards from surrounding areaAccessibilityRoad accessTrafficProximity to airports, train stations, and highwaysNatural disasterLikelihood of floods, tornadoes, earthquakes, or hurricanesHazardous terrain (mudslides, falling rock from mountains, or excessive snow or rain)
6Facility Construction WallsCombustibilityFire Rating – walls protecting IT equipment should be 75 according to the NFPA (National Fire Protection Agency)Reinforcement for secured areasCeilingsFire RatingWeight-Bearing RatingDrop Ceilings???Floors(Commonly 150 lbs./sq. ft.)Slab??? Raised??? Anti-Static??? Rebar – steel rods encased in concreteSurface material***Heavy timber construction material - this is a building material – if asked, it is probably the correct answer !!!
7Building LayoutData Center should be in the “middle” to protect from natural disaster. EX: If you have a 5-story building, put it on the 3rd floor. **Exam Warning** All environmental controls and safety procedures must ensure the safety of all personnel, including those with handicaps. Elevators cannot be used during a fire, for example, so employees in wheelchairs must have a compensating control.
8CPTED - Crime Prevention Through Environmental Design “reduce crime by directly affecting behavior”***uses “zones”Natural Access Control – enter/leave buildingNatural Surveillance – open space/visibilityTerritorial Reinforcement –dedicated community(sense of ownership)
9Target Hardening (alternative to CPTED) Denying access through physical and artificial barriers (alarms, locks, fences, and so on).Traditional target hardening can lead to restrictions on the use, enjoyment, and aesthetics of an environment.
10Underwriter Laboratories - UL A non-profit organization that provides the necessary classifications and guidelines for physical security. The organization inspects, tests and classifies various devices and equipment used in physical security.
12Fences General Fence Height: 3-4 ft. – deters casual trespassers **PIDAS (Perimeter Intrusion Detection and Assessment System) – sensors on a wire mesh – has a high rate of false alarmsGeneral Fence Height:3-4 ft. – deters casual trespassers6-7 ft. – too high to easily climb8ft + 3 strands of barbed wire – deters most***Nothing will stop adetermined intruder
13Chain-Link Fence Gauge – thickness of metal 11 gague =.0907 in diameter9 gague = in diameter (residential grade)6 gague = .162 in diameter (thickest)**The lower the gauge, the thicker the wireMeshing – spacing between wires(comes in 2”, 1” and 3/8”)**Fences with smaller mesh are harder to climb
14Chain-Link Fence – cont’d Extremely Secure: 11 in gauge, 3/8 in mesh Very High: 9 in gauge, 1 in mesh High: 11 in gauge, 1 in mesh Minimally High: 6 in gauge, 2 in mesh Normal Use: 9 in gauge, 2 in mesh
15Gates Type Description Class I - Residential (home use) Class II - Commercial/General Access (parking garage)Class III - Industrial/Limited Access (loading dock for 18-wheeler trucks)Class IV - Restricted Access (airport or prison)
16Bollardsa strong post designed to stop a car; often installed in front of convenience stores, to prevent drivers (who mix up the accelerator and brake) from driving into the store. Manysecure facilities use largeconcrete planters for thesame effect. These devicesare usually placed in frontof physically weak areas.
17Lighting **Direct to areas where an intrusion is likely to occur Continuous – fixed lighting to flood an area **most commonStandby – supplies illumination in the event that the normal light system failsMoveable – manually operatedResponsive Area Illumination – lights come on automatically if activity is detectedEmergency – backup lighting used in an emergencyFresnel –lighthouses/theatres; aims light in a specific directionFloodlights – produces a beam of intense lightFluorescent – produces RFI (radio frequency interference) ***Not good for outdoor useMercury Vapor – the preferred security light – white with a bluish cast (stadium lighting) **takes a while to warm upSodium Vapor – similar to mercury, but has a yellow tint ***good in fogQuartz lamp – bright white light; used in areas needing to resemble daylight
18Lighting – cont’d Lumen – the amount of light 1 candle can create Footcandle – 1 lumen per square footLux – 1 lumen per square meterAmerican Institute of ArchitectsElevators/lobbies/stairwells – 5-10 fcBuilding entrances – 5 fcWalkways – 1.5 fcParking Garages – 5 fcSite Landscape - .5 fcSurrounding building – 1 fcRoadways - .5 fcNISTCritical areas require illumination of 2’ wide x 8’ high
19Closed Circuit TV (CCTV) Functions: surveillance, deterrence, evidentiary archives***Detective device used to aid in the detecting the presence of intruders in restricted areas.***Violates privacy - may require employee consentCRT (tube cameras) – analog camera - backs up to tape; VHSExam Warning****Tube cameras are sometimes called CRT (cathode ray tube) cameras. Do not confuse CRT cameras with CRT displays: while a CRT camera may be viewed on a CRT display, they are different devices.CCD (Charged Couple Discharge) – digital camera - backs up to DVR/NVR (NVR has the advantage of allowing centralized storage of all video data.)CCTVs using the normal light spectrum require sufficient visibility to illuminate the field of view which is visible to the camera. - Requires 1-2 footcandles of lightCCTV displays may display a fixed camera view, autoscan (show a given camera for a few seconds before moving to the next), or multiplexing (where multiple camera feeds are fed into one display).Other exam trivia:Infrared devices can “see in the dark” by displaying heat.Monochrome cameras can see infrared light.
20CRT – cont’d (camera terms) Auto-iris – adjusts automatically; use in area with changing light (outdoor use)Manual –iris – fixed; use in areas with fixed lightingDepth of Field – the area of the environment in focus on the monitor; affected by:size of lens opening - increases as the size of the opening decreases***Wide-Angle lens has small lens opening – good for general scenery/landscapedistance to object – increases as distance increasesfocal length of the lens - increases as focal length decreaseslight – more light allows for a larger depth of fieldAperture - the opening through which light travels (see image). Smaller aperture places more of the image in focus, wide aperture lowers depth of field – used in lower light conditions.Shadow Depth of Focus – allows for focus on smaller detailsshallow depth – portrait/telephotolarge depth – landscape/wide-angleField of View – entire area viewed by the camera; fixed focallength must be changed to get a different field of viewNeutral Density Filter – dark focus filter – reduces lightZoom Lenses – allow for a change of angle or distancePan/Tilt – horizontal movement/ vertical movement
21WindowsPolycarbonate Acrylic – more resistant to breakage than standard plate windows. Combustible, may produce toxic fumes, may be prohibited by fire code. Glass-Clad Polycarbonate – the strongest window available. Resists breakage, chemicals, fires and abrasions; comes in varying depths (the thicker the stronger) $$$$$$ Embedded Wire – 2 windows with wire between….adds strength but lacks aesthetics Tempered Glass – 5-7 times stronger than regular glass (shatters into small shards – used in cars) Bullet Resistant (BR) – used in banks. Protects up to a 9mm round Laminated Glass – adds plastic , is tough to break and shatter like a web . Comes in various depths. The greater the stronger. (used for windshields) Solar Film – blocks light but no strength Security Film – transparent film… increases strength
22Doors **Hinges should always face inward Hollow-core door - most commonly used, easily brokenSolid-core door - recommended for sensitive area such as data center… should be mounted in a strong doorframe as it is usually the weakest point in a door assemblyFail Safe – defaults to unlocked (concerned w/people; they can get out)Fail Secure – defaults to locked (concerned with data; it’s locked up)Fail Soft – default to either locked or unlocked – depending on the situation; may continue, but in a degraded state****People are safe/Data is secure******Hinges should always face inwardWhen referring to computer systems, also consider these terms:Failover – switches over to hot backupFault-tolerent – continues to operate following a failure
23LOCKS This is just a delay – eventually, it will get busted LOCKS This is just a delay – eventually, it will get busted! Locks are pick-resistant; not pick-proofKey Lock – can be picked or bumped.Warded – uses a skeleton key(easier to circumvent than Tumbler)Pin Tumbler – locking cylinders, has more parts than wardedSpring Bolt/Dead Bolt – enters into a strike plate in the door jambCombination – always change default combination
24LOCKS – cont’dButton/Key Pad – button wear is a vulnerability. Also subject to brute force and shoulder surfing.Preset – basic mechanical lock requiring a keyProgrammable – mechanical or electric; subject to shoulder surfingElectronic – uses electronic key or smart card
25CardsSmart Cards - “smart” because they contains a circuit (ICC – Integrated Circuit Card) - digitally encoded ex: CAC cards Magnetic Stripe – the stripe stores information but there is no circuit – THESE ARE NOT SMART CARDS!! Magnetic Strip – rows of copper “strips” Electric Circuit – has more information than the standard smart card. Contact Cards – goes through a reader Swipe Cards – swiped through a reader Contactless Cards – use radio frequency identification (RFID) – contain transponders and are read by transceivers – “wireless proximity reader” Optical-Coded – laser-burned lattice of digital dots (popping up on driver’s licenses) Proximity Card –either user activated or system sensing – passive, field-powered, transponder PhotID Cards are “dumb cards”
26Cards – cont’d ***Use of cards adds accountability Vulnerabilities: Side Channel AttacksCard Tampering (there’s a word for this, but I can’t remember)
27Intrusion Detection/Motion Sensors ***Intrusion Detection Systems (IDS) do not stop an intruder – they only detects the intrusion.Electromechanical system - detects change or break in a circuit; can be strips of foil embedded or connected to windows which, when broken, sounds an alarm. Vibration detectors can detect movement on walls, screens, ceilings, and floors when the fine wires embedded within the structure are broken.Magnetic contact switches - installed on windows and doors. If the contacts are separated, an alarm will sound.Balanced Magnetic Switch (BMS) – magnet on a door and frame; sounds alarm when connection is brokenPressure Pad - placed under a rug and activated after hours. If someone steps on the pad, an alarm initiates.Volumetric systems – (more sensitive than electromagnetic) - detects changes in vibration, microwave, ultrasonic frequencies, infrared..etc… (change in “subtle environmental characteristics”). Types of volumetric IDSs are photoelectric, acoustical-seismic, ultrasonic, and microwave
28Intrusion Detection/ Motion Sensors – cont’d Photoelectric system (or photometric system) - detects change in a light beam; can only be used in an environment without windows; emit a beam that hits the receiver… if beam is interrupted, an alarm sounds. Beam can be invisible or visible. (Catherine Zetta Jones– Entrapment)Acoustical /Audio detection system - uses microphones to passively listen for abnormalities; susceptible to false alarms.Vibration sensors - similar to acoustical; senses vibration in walls and floors – susceptible to false alarms.Motion Activated Camera – sounds alarm when intruder enters field of viewWave-pattern motion detectors - differ in the frequency of the waves they monitor which are: microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern returns altered, an alarm sounds.Proximity/Capacitance detector - emits magnetic field around that which is being monitored. An alarm sounds if the field is disrupted; usually used to protect specific objects (artwork, cabinets, or a safe)
29Intrusion Detection/ Motion Sensors – cont’d Infrared Sensors:Active Sensorultrasonic/microwave – bounces off of an objectphotoelectric – sends a beam of lightPassive Infrared Sensor (PIR) - detects infrared energy created by body heat; identifies the changes of heat waves of an area.Coaxial Strain-Sensitive Cable – coax is woven through fence w/ electric field (susceptible to EMI and RFI)Time Domain Reflectometry (TDR) – sends radio frequency signals on a cableDual Technology Sensors – combination of microwave and infrared sensors; alarm soundswhen BOTH detect the intrusion (reduces false alarms)Microwave and Ultrasonic – radiates controlled pattern of microwave energy and measures the “echo” time; establishes a baselevel and compares echo response time (it comes back faster if it hit something)Monostatic- uses single sensing unit that incorporates sending and receivingBistatic– sends invisible volumetric detection fieldBehavioral-based – profile basedPattern matching – signature based
30AlarmsPerimeter alarms - magnetic door and window alarms as well as sensors on the wall. A break in the circuit will set off an alarm to a central alarm station.Types of alarm systems:Local System – rings bell on premiseCentral Station System – signal is sent to the local stationProprietary System – an in-house system; has all the bells and whistles of a 3rd party monitoring systemAuxiliary Station System – rings to local fire and policeRemote Station System - An electronic fire alarm system capable of notifying the fire department when the system is activated by a fire.Other Monitoring:Line Supervision – monitors line tamperingPower Supplies – monitors power
31Dogs Expensive to maintain Legal issues (liability) They have a lack of judgement
32GuardsPROS Discernment - Able to use human judgment Multi –functional Visibility CONS Unpredictable Subject to human error Cost Availability Reliability Training
33Tailgating/Piggybacking Following an authorized person through a locking device. Policy should forbid employees from allowing tailgating and security awareness efforts should describe this risk.Attackers attempting to tailgate often combine social engineering techniques, such as carrying large boxes, increasing the chances an authorized user will “help out” by holding the door open.
34Turnstiledesigned to prevent tailgating by enforcing a “one person per authentication” rule, just as they do in subway systems. Secure data centers often use floor-to-ceiling turnstiles with interlocking blades to prevent an attacker from going over or under the turnstile.must be designed to allow safe egress in case of emergency. No system should require authentication for egress during emergencies.*****Turnstiles can also be called a bafflegate
35Mantrapsa preventive physical control with two doors. The first door must close and lock before the second door may be opened. Each door typically requires a separate form of authentication to open; a common combination is PIN (Personal Identification Number) and biometrics. The intruder is trapped between the doors after entering the mantrap.must be designed to allow safe egress in case of emergency. No system should require authentication for egress during emergencies.
36Electricity Blackout: prolonged loss of power Brownout: prolonged low voltageFault: short loss of powerSurge: prolonged high voltageSpike: temporary high voltageSag: temporary low voltageIn-rush: initial surge of powerTransient: short duration of noiseClean: no fluctuation; pure powerNoise: steady interferenceGround: the pathway to the earth to enable excessive voltage to dissipate; one wire in circuit must be groundedPower Line Monitor: detects frequency and voltage amplitude changesRegulator: keeps voltage steady, power clean
37Electricity – cont’dSurge Protector - protect equipment from damage due to electrical surges. They contain a circuit or fuse which is tripped during a power spike or surge, shorting the power or regulating it down to acceptable levels.Uninterruptible Power Supplies (UPS) - temporary backup power in the event of a power outage. They may also “clean” the power, protecting against surges, spikes, and other forms of electrical faults. UPSs provide power for a limited period of time, and can be used as a bridge to generator power.Generators - designed to provide power for long periods of times, and will run as long as fuel is available. Sufficient fuel should be stored onsite for the period the generator is expected to provide power. Refueling strategies should be considered.should not be placed in areas impacted by weather eventscontain complex mechanics; should be tested/serviced regularly
38Electricity – cont’dCommon-Mode Noise – radiation generated by the charge difference between hot and ground wireTransverse-Mode noise – (same as above) but between hot and neutral wireRFI - Radio Frequency Interference – noise generated from radio wavesEMI - Electromagnetic Interference – magnetism emitted by any electric conductor: circuits, power cables, network cables… etc..Crosss Talk - occurs between poorly shielded network cables – impacts INTEGRITY and possibly CONFIDENTIALITY; can be mitigated via proper network cable management.Never route power cables close to network cables.Network cable choice can also lower crosstalk; Unshielded Twisted Pair (UTP) cabling is far more susceptible than Shielded Twisted Pair (STP) or coaxial cable.Fiber optic cable uses light instead of electricity to transmit data, and is not susceptible to EMI.
39Electricity – cont’dTEMPEST (Transient Electro-Magnetic Pulse Emanation Standards & Testing) – standard for controlling emanations emitted by electrical equipment FARADAY – (Faraday Cage) – an enclosure formed by conductive material or by a mesh of such material. The enclosure blocks out external static electricity fields. (1500 volts from a static charge can cause data loss on a disk drive.)
40***USE ANTI-STATIC FLOORS HVACLatent Cooling – removes moistureSensible Cooling – removes heat (used in a data center)Data Center humidity: %Too high: condensationToo low: staticData Center temperature: F(can be higher if there is adequate air flow)***USE ANTI-STATIC FLOORSPositive Air Pressure - ensures higher air pressure inside than out. Air goes out the door when openned/ouside air does not come in (allows smoke to exit in the event of a fire)Positive Drain – water flows out not in.
41FIRE Fire Triange: HEAT OXYGEN FUEL Reduce Temerature Reduce Oxygen SupplyReduce Fuel SupplyInterfere with Chemical Reaction
42FireU.S. Class Europe Class Material Suppression Agent A A Common Water or Soda Acid Combustibles (wood and paper) B B Liquid Halon/halon substitiute, CO2, or Soda acid B C Flammable Gases Halon/halon substitute, CO2, or Soda acid C E Electrical Halon/halon substitiute, CO2 D D Metals Dry powder K F Kitchen (oil or fat) Wet chemicals
43Smoke DetectorsIonization – NO LIGHT; it measure particle change; radioactive source creates small electrical chargePhotoelectric – BEAM OF LIGHT; contains LED (light emitting diode)(Both alert when interrupted by smoke **Neither has “line of sight” limitation)Aspirating – draws air into a sample chamberFlame Detectors – detects infrared or ultraviolet light emitted from a fire. **Needs “line of sight”Heat Sensing – measures temperature changeFixed- temperature (lower rate of false alarmRate-of-riseFlame Sensing – senses the “flicker” (infrared energy of the flame)Smoke Sensing – detects smokeAutomatic Dial-Up – calls fire dept. and plays a pre-recorded message
44Suppression AgentsWater –the safest of all suppressive agents - removes heat; recommended for CLASS A. ***Cut electrical power when extinguishing a fire with water Soda Acid (sodium bicarbonate mixed w/water - glass acid vial suspended on top) –Breaking vial creates a gas and floats on top of the fire; removes heat, starves oxygen supply; CLASS A OR B Dry Powder (such as sodium chloride) - removes heat and oxygen; smothers fire; Primarily used for CLASS D Wet Chemical (potassium acetate mixed with water) - covers a grease or oil fire in a soapy film which lowers the temperature; primarily used for CLASS K. CO2 – RISK: is it is odorless and colorless, and our bodies will breathe it as air. By the time we begin suffocating, it is often too late. Recommended for use in unstaffed areas. Requires special training for use; additional safety controls (such as oxygen tanks) are usually recommended. Removes the oxygen. Use for CLASS B or C ***A gas mask can not be used with CO2 – it sucks out the oxygen!! Halon – interferes with the chemical reaction; breaks the triangle - see next slide
45Halon/Halon Replacements Montreal Protocol (1987) –IS Cworldwide ban of ozone depleting CFC’s - amended in 1992 to establish a phase-out schedule (CARRIED OUT IN THE US AS PART OF THE CLEAN AIR ACT)Halon and Halon Substitutes – causes a chemical reaction that consumes energy and lowers the temperatureArgon – IG55FE-13 – HFC23 - the newest of these agents, and comparatively safe; can be breathed in concentrations of up to 30%. (Other types typically only safe up to 10-15% concentration.)FM-200 – HFC227 – the most commonly usedInergen – IG541 – not halocarbon agent; it is an inert gas agentCEA – 410CEA – 308NAS – S – III (HCFC Blend A)Argonite – IG01Trick Question:**HFC – 22 – (R-22) – refrigerant of choice – used in heat pumps and A/C units (a bi-product of this is HFC-23)
46Countdown TimerCO2, halon, and halon substitutes such as FM-200 are considered gas-based systems. All gas systems should use a countdown timer (both visible and audible) before gas is released. This is primarily for safety reasons, to allow personnel evacuation before release. A secondary effect is to allow personnel to stop the release in case of false alarm.
47SprinklersWet Pipe – has water right up to the sprinkler head which contains a metal or small glass bulbdesigned to melt or break at a specific temperature. The bulbs come in different colors, which indicatethe trigger temperature:orange (135 °F/57 °C)red (155 °F/68 °C)yellow (175 °F/79 °C)green (200 °F/93 °C)blue (286 °F/141 °C)Dry Pipe - also has a closed head, but filled with compressed air. Water is held back as long assufficient air pressure remains in the pipes. As the sprinkler heads open, the air pressure dropsallowing water to flow. Often used in areas where water may freeze, such as parking garages.Deluge - similar to dry pipes, except the sprinkler heads are open and much larger. The pipes areempty at normal air pressure; the water is held back by a deluge valve. The valve is opened when a fire alarm triggers.Pre-Action - a combination of wet, dry, or deluge systems, and require two separate triggers torelease water. Single interlock systems release water into the pipes when a fire alarm triggers. Thewater releases once the head opens. Used in areas such as museums, where accidental discharge would be expensive.Single interlock – releases waterDouble interlock - use compressed air (same as dry pipes): the water will not fill the pipes until both the fire alarm triggers and the sprinkler head opens. Used in cold areas such as freezers to avoid frozen pipes.Gas Discharge – usually installed under floor boards to smother a fire
48Fire ExtinguisherAll portable fire extinguishers should be marked with the type of fire they are designed to extinguish.Portable extinguishers should be small enough to be operated by any personnel who may need to use one. This means those old brass monster extinguishers are not a recommended control.Use the “PASS” method to extinguish a fire with a portable fire extinguisher:Pull the pinAim lowSqueeze the pinSweep the fire
49EvacuationSafety Warden – ensures everyone is evacuated from the buildingMeeting Point Leader – ensures everyone is accounted forEmergency Procedure should include:Shutdown procedureEvacuation procedureEmployee Training/DrillsEquipment and System tesing
50Fire Misc. Computer Systems are toast @ 175F Magnetc Storage is 100FPaper is 350FNoncombustible – will not aid or add appreciable heat to an ambient flameFire Retardent – lessens or prevents the spread of a fireNon-flammable – will not burnFire Resistant – applicable for use in a computer roomPlenum Areas - wiring and cables should be strung in spaces above dropped ceilings, in wall cavities, and the space under raised floors.Only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.Plenum Cables – do not release hazardous gass when burned.
51Media Handling Store media offsite. Use bonded/insured companies Site should be reasonable distance (accessible, but not subject to the same natural disasters)Media should be securely cleaned/destroyed before disposal – AVOID OBJECT REUSE (also a target of dumpster-diving)
52Data RemovalRemanence – remnants of data left behind – data is still there (deleting files or formatting a hard disk) Overwriting – writes over previous data – more secure than deleting of reformatting – less secure than destruction Degausing – destroys the integrity by exposure to a magnetic field (disks can usually no longer be formatted) Oersted - A unit of magnetic intensity equal to the intensity of a magnetic field in a vacuum. Coercivity - The amount of applied magnetic field (of opposite polarity) required to reduce magnetic induction to zero. The ease (or difficulty) by which magnetic media can be demagnetized. A tape with a rating of 1800 oersteds or higher will also be called a high coercivity tape.