Presentation is loading. Please wait.

Presentation is loading. Please wait.


Similar presentations

Presentation on theme: "PHYSICAL SECURITY (NSTISSI 4011)"— Presentation transcript:

BY Josef Onuoha CS 996

2 Outline Goals of Physical Security Perimeter and Building protection
Access Controls Distributed Processing Stand-alone Systems and Peripherals Environment and Life Safety Controls Tamper Resistance

3 Goals of Physical Security
Prevent unauthorized access to equipment, installations, material, and documents Safeguard against espionage, sabotage, damage, and theft Safeguard personnel

4 Perimeter Protection Standoff distance Exclusive Standoff Zone
The maintained distance between where a vehicle bomb is allowed and the target Exclusive Standoff Zone Vehicles are not allowed within perimeter unless they have been searched and cleared Nonexclusive Standoff Zone Established when a facility or location permits a mixture of trucks and cars. Includes inner and outer perimeters

5 Perimeter Protection

6 Perimeter Protection Speed Control
Controls the speed of vehicles used for bombs

7 Perimeter Protection Vehicle barriers

8 Perimeter Protection Perimeters should also protect against Standoff weapons such as riffles, shot guns, pistols Primary defense is to obstruct Line Of Sight (LOS) from vantage point outside the site Use a Predetonation Screen

9 Perimeter Protection

10 Perimeter Protection Surveillance
aggressors remain outside of controlled areas and try to gather information from within those areas Designers must eliminate or control vantage points from which aggressors can surveil or eavesdrop on assets or operations. Trees, bushes, fences, other buildings etc

11 Perimeter Protection

12 Perimeter Protection Lighting Staffing
Discourage or deter attempts at entry by intruders. Prevent glare that may temporarily blind the guards. Different types Continuous, standby, movable Different applications Entrances, Parking areas, Critical areas Staffing Security Guards Patrols Dogs

13 Building Protection A Sensitive Compartmented Information Facility (SCIF) is an accredited area, room, group of rooms, buildings, or installation where Sensitive Compartmented Information (SCI) may be stored, used, discussed, and/or processed We now focus on construction requirements of a SCIF

14 Building Protection Vault Specifications

15 Building Protection Vault Specification (cont)
minimum compressive strength of 3000 psi after 28 days of aging for class A 5/8-inch diameter steel rein- forcing bars laid 6 inches on centers In seismic areas, 6-inch or thicker RC will be used.

16 Building Protection Walls Floors
The walls will be of either reinforced concrete in excess of four inches thick or solid masonry (stone or brick) in excess of eight inches thick Floors The floor and ceiling selected for a Secure Area will be at least a four inch thickness of concrete

17 Building Protection Entrances Windows
A Secure Area will be equipped with a GSA Class 6 vault door Windows It is preferable that Secure Area be windowless . Accessible windows, where required, will be secured with bars, installed as specified in the requirements

18 Building Protection Barred Window Specifications for SCIF
Type of Installation Type A: Requires a steel frame with steel bars welded on it to be bolted to the inside of the facility window frame Type B: Requires imbedding the ends of steel bars in the masonry window frame of the facility Type C: Requires a grillwork of steel bars to be imbedded in the masonry walls immediately adjacent to the facility window frame

19 Building Protection Sound Attenuation for SCIF
The SCIF walls, windows, floor and ceiling, including all openings, should provide sufficient sound attenuation to preclude inadvertent disclosure of conversation Must meet the following SCT: Executive Suite       45+ Briefing Rooms Auditoriums

20 Building Protection Telephone Security for SCIF
Telephone cables and wires which penetrate a facility's perimeter will enter the facility through one opening and be placed under control at the interior face of the perimeter The number of telephone instruments servicing a SCIF will be limited to those operationally necessary

21 Interior Intrusion Detection Systems
Structural vibration sensors Detects energy due to hammering, drilling, etc Point sensors Detects close proximity to an object. Passive ultrasonic sensors detect acoustical energy Volumetric Motion sensors Detects intruder motion within the interior of a protected volume

22 Exterior Intrusion Detection Systems
Fence sensors Detects penetration generated by mechanical vibrations and stresses in fence fabric and posts LOS sensors generate a beam of energy and detect changes in the received energy that an intruder causes by penetrating the beam.

23 Alarms Requirements perimeter doors will be equipped with high security balanced magnetic door switches. Vault doors will be equipped with heat detectors and balanced magnetic switches. The interior spaces not continually occupied by authorized personnel will be protected by motion detection alarms. vents and ducts over six inches will be alarmed. Windows less than 18 feet from ground level will be alarmed

24 Alarms Types Motion alarm detectors Door Switches
Overt body motion walking through the protected areas at the rate of one step per second for four seconds, in areas protected by ultrasonic, microwave, and other motion detection devices Door Switches Actual opening of doors (or windows or other openings using door switches) which are protected by balanced magnetic door switches.

25 Alarms Types (cont) Capacitance Alarms Tamper Switches
Attempts to push hands, arm, or legs through the protected area (air ducts or vents); to touch an item being protected (door, window, wall, etc.); or to move protected objects (security containers). Tamper Switches Removal of the covers for sensors, alarm control units, day/night switches, and end of the line supervision control units should cause an alarm regardless of the status of the overall system

26 Physical Access Control
Designate restricted area: Facilitates enforcement

27 Physical Access Control
Locks Preset Locks and Keys Typical door looks Programmable Locks Mechanical (Cipher Locks) Electronic (Keypad Systems): Digital Keyboard Number of Combinations Number of Digits in Code Frequency of Code Change

28 Physical Access Control
Cards Photo-ID cards Wireless Proximity readers Magnetic Strip cards Smart Cards Often Require Use of PIN Number with Card Readers: Card Insertion, Card Swipe & Proximity

29 Physical Access Control
DOD Smart Cards (Common Access Cards)

30 Physical Access Control
Biometric Devices Fingerprint/Thumbprint Scan Retina Scan Hand Geometry Facial Recognition Voice Verification Problems Cost Speed Accuracy

31 Physical Access Control
Typical verification times for entry-control devices

32 Physical Access Control
Visitor identification and control Visitors, Cleaning teams, Civilians in work areas after normal work hours, Government contractors Personnel Position Sensitivity Designation Management Review of Access Lists Background Screening/Re-Screening Termination/Transfer Controls Disgruntled Employees

33 Physical Access Control
Movement Control Escorts Two-person rule

34 Distributed Computing
Threats To Confidentiality Sharing Computers Sharing Diskettes To Availability User Errors To Data Integrity Malicious Code Version Control

35 Physical security of Distributed Computing
Office Area Controls Entry Controls Office Lay-Out Property controls Electronic Media Controls Clean-Desk Policy Space protection devices Heat/Humidity considerations

36 Stand-alone Systems and Peripherals
PC Physical Control Cable locks Vinyl-covered steel cable anchoring the PC or peripheral to desk Port controls Devices that secure data ports (such as USB ports) and prevent their use

37 Stand-alone Systems and Peripherals
PC Physical Control (cont) Switch Controls A cover for the on/off switch, which prevents a user from switching off the file server’s power Peripheral switch controls Lockable switches that prevent a keyboard from being used Electronic Security Boards Boards inserted into an expansion slot in the PC and force a user to enter a password when the unit is booted

38 Environment and Life safety Controls
Environment considerations to physical security include the following Electric Power RFI, EMI Implement TEMPEST Humidity Humidity of < 40% increases static elec. Damage potential Emergency power off controls Voltage monitoring/recording Surge protection

39 Environment and Life safety Controls
Electric Power (cont) Backup power Backup feeders, UPS Emergency power generators

40 Environment and Life safety Controls
Temperature Temperatures When Damage Occurs Paper Products: 350o Computer Equipment: 175o Disks: 150o Magnetic Media: 100o Fire detection Heat-sensing Flame-actuated Smoke-actuated Automatic dial-up fire alarm

41 Environment and Life safety Controls
Fire Extinguishing Systems Wet pipe Dry pipe Deluge Suppression mediums Halon Excellent for vaults, equipment cabinets, etc Carbon IV Oxide Great for unattended facilities. Potentially dangerous

42 Information System Centers
Site selection Low visibility Low natural disaster threat Easy access to external services such as police, fire, hospitals, etc

43 Information System Centers
Infrastructure Servers, switches, routers, should be placed in looked racks and looked rooms Wiring and cables should be routed through walls, floors, etc to avoid tampering Uninterrupted power supply should exist for computing facility

44 Tamper Resistance A device is said to be tamper-resistant if it is difficult to modify or subvert, even for an assailant who has physical access to the system. Specialized materials used to make tampering difficult One-way screws, epoxy encapsulation, trox Closely tied to tamper detection and response

45 Tamper Detection The ability of a device to sense that it is under physical attack and includes Switches to detect opening of device covers Sensors to detect changes in light or pressure within the device Barrier to detect drilling or penetration of physical boundary Paint

46 Tamper Response Tamper Response is the counter measure taken upon the detection of tampering Ex.: Erase memory, shutdown/disable device, enable logging This is especially very important in the case of cryptographic keys stolen or lost Computational errors introduced into a smart card can deduce the values of cryptographic keys hidden in the smart card layers of a chip can be uncovered by etching, discerning chip behavior by advanced infrared probing, and reverse-engineering chip logic

47 OPSEC Operations security (OPSEC) is an analytic process used to deny an adversary information - generally unclassified Trains people on the handling of information We can apply OPSEC in our daily lives “What could an adversary glean from the knowledge of this activity?”

48 Resources Physical Security Requirements For NSA/CSS Sensitive Compartmented Information Facilities FM Physical Security, Department of the Army AR Appendix H Classified document and Material Storage Smart Card/Common Access Card Program


Similar presentations

Ads by Google