Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security
Domain Agenda Site and Facility Design Criteria Perimeter Security Building and Inside Security Secure Operational Area
Site Location Considerations Emergency services Hazards/ threats Adjacency
Threats to Physical Security National / environmental Utility systems Human-made/ political events
Threat Sources and Controls Threat Theft Espionage Dumpster diving Social engineering Shoulder surfing HVAC access Controls Locks Background checks Disposal procedures Awareness Screen filters Motion sensors in ventilation ducts
Domain Agenda Site and Facility Design Criteria Perimeter Security Building and Inside Security Secure Operational Area
Perimeter and Building Boundary Protections First line of defense Protective barriers – Natural – Structural
Fences Federal, state or local codes may apply Parking should not be allowed near fences
Controlled Access Points Gates are the minimum necessary layer Bollards
Perimeter Intrusion Detection Systems Detect unauthorized access into an area – Electronic ‘eyes’ Note that some perimeters IDSs can function inside the perimeter as well.
Types of Lighting Continuous lighting Trip lighting Standby lighting Emergency exit lighting Emergency egress lighting
Access and Visitor Logs and More Rigorous forms of Logging ABC Company Entrance:___________________Date:________________ NameInstitutionName of Person Visiting Time InTime Out
Closed Circuit Television (CCTV) CCTV Capability Requirements – Detection – Recognition – Identification Mixing Capabilities Virtual CCTV Systems
Guards and Guard Stations Guards – Deterrent – Possible liability Guard stations
Domain Agenda Site and Facility Design Criteria Perimeter Security Building and Inside Security Secure Operational Area
Doors Isolation of critical areas Lighting of doorways Contact devices Guidelines
Building Entry Point Protection Locks Lock components – Body – Strike – Strike plates – Key – Cylinder
Types of Locks Something you have – Keyed Something you know – Combinations Something you are - Biometric
Lock Attacks Lock picking Lock bumping
Lock Controls Lock and key control system Key control procedures Change combinations Fail – Soft – Secure – Safe
Other Electronic Physical Controls Card access Biometric access methods
Windows and Entry Points Standard plate glass Tempered glass Acrylic materials Polycarbonate windows Entry points
Intrusion Detection Systems (IDS) Closed circuit television Sensors and monitors
Escorts and Visitor Control Visitor access control best practices – Picture identity – Photographs – Enclosed area – Authorized escort
Access Logs Computerized log Closed circuit TV
Domain Agenda Site and Facility Design Criteria Perimeter Security Building and Inside Security Secure Operational Area
Equipment Room Perimeter enclosure Controls Policy
Data Processing Facility Small devices threat Server room Mainframes Storage
Communications and Power Wireless access points Network access control Utility and power rooms
Work Area Operators System administrators Restricted work areas
Equipment Protection Inventory Locks and tracing equipment Data encryption Disabling I/O ports
Environmental Controls System Electric power HBAC Water / plumbing Gas Refrigeration Threat Loss of power Overheating Flood / dripping Explosion Leakage
Fire Protection Prevention – reduce causes Detection – alert occupants Suppression – contain or extinguish
Materials and Suppression Agents TypeSuppression Agents Common combustiblesWater, foam, dry chemicals Combustible liquidsInter gas, CO 2, foam, dry chemicals ElectricalInert gas, CO 2, dry chemicals Combustible metalsDry powders Cooking media (fats)Wet chemicals
Flooding Area Coverage Water – sprinkler systems Gas – Halon/CO2/Argon systems Best practices for systems Portable extinguishers
Types of Electrical Power Faults Complete loss of power Power degradation Interference (noise) Grounding
Loss of Electrical Power UPS Generators Goals of power Power controls
Heating Ventilation Air Condition (HVAC) Location Positive pressure Maintenance
Other Infrastructure Threats Gas leakage Water threats
Key Performance Indicators # of physical security incidents detected # of false positives for biometrics