Presentation is loading. Please wait.

Presentation is loading. Please wait.

Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.

Published byRichard Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008."— Presentation transcript:

1 Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008

2 Physical Security Prevent attacks from accessing a facility, resource, or information stored on physical media Prevent attacks from accessing a facility, resource, or information stored on physical media

3 Two Main Things to Protect Against Human Attack Human Attack Natural Disasters

4 Human Attacks Attacks from outside Attacks from outside –Thieves/burglars –Hackers –Former employee Attacks from inside Attacks from inside –Current angry or disgruntled employee –Agent for hire

5 Five Layers of Physical Security Environmental deterrents Environmental deterrents Mechanical deterrents Mechanical deterrents Surveillance deterrents Surveillance deterrents Human deterrents Human deterrents Proper employee training Proper employee training

6 Environmental Deterrents Primarily for outside attacks Primarily for outside attacks High walls, fences High walls, fences Used to deter less motivated attackers Used to deter less motivated attackers

7 Mechanical Deterrents Can range from simple ID card to high- tech biometrics Can range from simple ID card to high- tech biometrics Locked gates, key cards Locked gates, key cards Access control Access control

8 Surveillance Deterrents Used to help prevent future attacks and provide information on past attacks Used to help prevent future attacks and provide information on past attacks Cameras, microphones, detection systems Cameras, microphones, detection systems CCTV/cameras can help deter “shoulder surfing” CCTV/cameras can help deter “shoulder surfing”

9 Human Deterrents Can be used to prevent both outside and inside attacks Can be used to prevent both outside and inside attacks Security guards and checkpoints – outside Security guards and checkpoints – outside Reception desks and the employees (when trained)- inside Reception desks and the employees (when trained)- inside One is not enough! One is not enough!

10 True Story 2 attackers obtained entry to data center 2 attackers obtained entry to data center Security guard wasn’t at post, one employee on duty Security guard wasn’t at post, one employee on duty Attackers beat employee and used employee to gain access to equipment Attackers beat employee and used employee to gain access to equipment

11 Employee Training Common problem is laziness Common problem is laziness Train employees to always: Train employees to always: –Lock all unattended workstations –Turn monitors away from common areas –Shred sensitive documents –Lock laptops  Stolen laptops are becoming a big security issue

12 Social Engineering Tricking people into giving confidential information or granting access Tricking people into giving confidential information or granting access Several different methods Several different methods –Pretexting –Baiting –Quid pro quo

13 Pretexting Using a invented scenario to convince the victim to give up personal information or do some action Using a invented scenario to convince the victim to give up personal information or do some action Justin Long’s character in Live Free or Die Hard; car Justin Long’s character in Live Free or Die Hard; car

14 Baiting Attacker puts harmful virus/malware on a device Attacker puts harmful virus/malware on a device Leave device in public place with legitimate title Leave device in public place with legitimate title Victim uses device and uploads the malware to system Victim uses device and uploads the malware to system

15 Quid Pro Quo “Something for something” “Something for something” Attacker offers help with problem, but while helping, hurts too Attacker offers help with problem, but while helping, hurts too The Italian Job- Becky the cablewoman The Italian Job- Becky the cablewoman

16 Dumpster diving Searching through the trash for valuable information that is still intact Searching through the trash for valuable information that is still intact Prevent by: Prevent by: –Thoroughly shredding all important data

17 Regular old theft Mission Impossible Mission Impossible Katie’s work application Katie’s work application

18 Natural Disasters Risk Assessment Risk Assessment –See what problems are the most likely for your location and guard against them –Example: in Tallahassee, don’t really need to worry about earthquakes, so don’t spend money protecting against them

19 Natural disasters Fire Fire Fire can destroy computer hardware Fire can destroy computer hardware Prevent with: Prevent with: –Smoke detectors –Fire alarms –Fire extinguishers

20 Other Natural Disasters Liquid damage Liquid damage –Keep sensitive equipment on 2 nd floor or higher –Don’t run water pipes through or near rooms with susceptible equipment Earthquakes Earthquakes –Support with gel padding and springs Lightning Lightning –Faraday cages –Generators

Download ppt "Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008."

Similar presentations

Chapter 7: Physical & Environmental Security

Chapter 7: Physical & Environmental Security
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
4 Information Security.

4 Information Security.
Computer Security Computer Security is defined as:

Computer Security Computer Security is defined as:
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.

Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Managing Risk Minimising Insurance Risks –Legal requirements –Premises –Equipment –Employees –Theft and fraud –Transport –Insuring the risks Risk Management.

Managing Risk Minimising Insurance Risks –Legal requirements –Premises –Equipment –Employees –Theft and fraud –Transport –Insuring the risks Risk Management.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Physical Security Chapter 9.

Physical Security Chapter 9.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

Similar presentations

Ads by Google