CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Physical and EM Security.

Slides:



Advertisements
Similar presentations
INTRUSION ALARM TECHNOLOGY
Advertisements

GCSE ICT Networks & Security..
INTD 51 human environments building systems. heating/ventilation/air-conditioning (HVAC) maintain a comfortable indoor climate control temperature and.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 4 th Edition Morrison / Wells.
Presentation by: Serena, Ann & Nicole
Direct Attacks on Computational Devices
If you use your computer more than a few hours per day, we suggest you not to turn off your computer at the end of the day. Instead turn off only the.
The physical parts of Computer
Maintaining and Troubleshooting Computer Systems Computer Technology.
Unbounded media have network signals that are not bound by any type of fiber or cable; hence, they are also called wireless technologies Wireless LAN.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
1 Part II: Data Transmission The basics of media, signals, bits, carriers, and modems Fall 2005 Qutaibah Malluhi Computer Science and Engineering Qatar.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 16: Physical and Infrastructure Security.
Chapter 15 Emission Security. Introduction Emissions Security (Emsec) Tempest defenses Stray RF emitted by Electronics Power Analysis Set back Smart Card.
Power Supplies Chapter 6. Understanding Electricity Electricity is simply a flow of negatively charged particles, called electrons, through matter Materials.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Chapter 8Basic Computer Maintenance  8.1Preventive Maintenance 8.1Preventive Maintenance 8.1Preventive Maintenance  8.2Monitoring System Performance.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Physical Security.
MAINTAINING AND TROUBLESHOOTING COMPUTER SYSTEMS UNIT 6.
Data Security GCSE ICT.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
PC Maintenance: Preparing for A+ Certification Chapter 2: Safety and Preventive Maintenance.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Computer Insides and Out Computer Basics 1.1. Basic Personal Computer System  A computer system consists of hardware and software components.  Hardware.
Computer Basics An overview of computer hardware ICT Tools: Computer Basics.
Security Fundamentals Group TEMPEST Security Hidema Tanaka.
Essential Computer Concepts
Communication channels and transmission media
Security and backups GCSE ICT.
COMPUTER CARE & MAINTENANCE. Protecting Your Computer From Damage Like any kind of equipment, your computer requires care and maintenance to run smoothly.
The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.
Physical Transmission
Presentation on Assembling a Computer Presenting By: Neeraj Dhiman.
1 SI Units and Memory Sizes. 2 SI Units: IEEE adopted the International System of Units in 1965 proposed in France 1960 (Systeme International d’Unites)
1 Safety and Preventative Maintenance. 2 MB, One megabyte - MB or M-byte - represents about 1 million (10 6 ) bytes. Precisely, 1 MB = = 1 kB x 1 kB =
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Echelon › Developed by National Security Agency of USA. › A secret project to spy on people by tracing their messages. › To find out the terrorist activities.
Computer Components Checklist There are many parts that work together to make a computer work.
Advanced CIS NAME: ___________________. OBJECTIVE: Maintaining, Managing, and Troubleshooting Systems Maintenance includes following established procedures.
2.00 Understand Computer Fundamentals. Unit Objective: 2.02.
2.00 Understand Computer Fundamentals. Unit Objective: 2.02.
© CCI Learning Solutions Inc. 1 Lesson 5: Basic Troubleshooting Techniques Computer performance Care of the computer Working with hardware Basic maintenance.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
IST 126 Computer Networks Spring, What is a Computer Network? A group of computers and other devices that are connected together in order to share.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 16 “Physical and Infrastructure.
Physical Security and Contingency Planning CS432 - Security in Computing Copyright © 2008 by Scott Orr and the Trustees of Indiana University.
Physical (Environmental) Security
Security fundamentals Topic 11 Maintaining operational security.
Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.
Computer Parts By: Kayla Alvarez Period: A2. A modem is an electronic device that makes the transmission of data to or from a computer via telephone or.
Chapter 6 Protecting Your Files. Protecting Your Files FAQs: – What should I know about losing data? – How can I protect my files from viruses? – How.
TEMPEST AND ECHELON BY – Y.SRUTHI.  TEMPEST and ECHELON are the method of spying in a sophisticated manner.  Both technologies are a part of secret.
Computer Parts There are many parts that work together to make a computer work.
Physical security By Ola Abd el-latif Abbass Hassan.
TOPIC 1.2 INTRODUCTION TO NETWORKING. OBJECTIVES By the end of the topic, students should be able to: a) List the elements of data communication systems.
BY: NICK DOWNER TEMPEST EMISSIONS. OVERVIEW What are tempest emissions? Detecting tempest emissions Security concerns How to protect against leakage.
Parts of a Computer Created by Carmen Garzes. An electronic device that manipulates information or data. It can store, retrieve or process data. There.
COMPUTER SMPS POWER SUPPLY
Transmission Media The transmission medium is the physical path by which a message travels from sender to receiver. Computers and telecommunication devices.
Physical Security Concerns for LAN Management By: Derek McQuillen.
Computer Parts There are many parts that work together to make a computer work.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 13 – Physical and.
Chapter 2: Introduction to Lab Procedures and Tool Use
IC3 GS3 Standard COMPUTING FUNDAMENTALS Module
Technology Literacy Hardware.
UNIT 19 Data Security 2.
Lesson 3 Computer Protection
Personal Computers and Applications
Presentation transcript:

CSC 382/582: Computer SecuritySlide #1 CSC 382/582: Computer Security Physical and EM Security

CSC 382/582: Computer SecuritySlide #2 Physical Security 1.Physical Security Plan 2.Elements of Physical Security 3.Environmental Threats 4.Physical Access 5.Theft 6.Backups 7.Printouts 8.Unattended Terminals 9.EM Security

CSC 382/582: Computer SecuritySlide #3 Physical Security Plan List of physical assets to be protected –Descriptions –Replacement cost (hardware + data) Locations of physical assets Description of security perimeter(s) –Holes in perimeter (doors, windows, etc.) –Multiple perimeter example: Outermost: campus Outer: building Inner: server room Threats that you’re protecting against Security defences

CSC 382/582: Computer SecuritySlide #4 Elements of Physical Security 1.Determent –Convince people not to attack. 2.Detection –Alarms, guards, and other means of detecting attacks. 3.Delay –Elements that slow down an attacker, e.g. locks & safes. 4.Response –Guards or a call to the police.

CSC 382/582: Computer SecuritySlide #5 Environmental Threats: Fire Dangers: –Flames –Heat –Smoke –Water Defences –Gas-charged extinguishers –Dry-pipe water sprinkler systems

CSC 382/582: Computer SecuritySlide #6 Environmental Threats: Temperature Most computer systems need 50-90F Dangers: –Cold: thermal shock on power-on, cracking ICs/boards. –Hot: unreliability, then system failures as heat increases. Defences –Air-conditioning system –Good air circulation –Temperature alarm system

CSC 382/582: Computer SecuritySlide #7 Environmental Threats: Water Humidity –Below 20% static discharge becomes a problem. –Must remain below dew point to avoid condensation on chilled surfaces. –Defences: Humidifier/de-humidifier Humidity alarm Water –Defences: Keep drinks away from computers. Alarm at low level. Automatic power shut-off at higher level.

CSC 382/582: Computer SecuritySlide #8 Environmental Threats: Electrical Electrical Noise –Motors, fans, even vacuum cleaners can generate electrical surges. –Defences: UPS with power line filter Anti-static mats Lightning –Defences Turn off computer systems during lightning storms. Surge suppressors may help for distant strikes.

CSC 382/582: Computer SecuritySlide #9 Environmental Threats Dust –Collects on drive heads and degrades media by abrasion. –Dust is slightly conductive and can cause circuit boards to short and fail if much accumulates. –Defences: Air Filtering Systems Vacuuming Vibration –Can work circuit boards out of sockets and drive heads out of alignment over time. –Defences: Rubber or foam mat.

CSC 382/582: Computer SecuritySlide #10 Physical Access Raised floors/dropped ceilings –If internal walls do not extend above dropped ceilings and below raised floors, computer room door security can be easily bypassed. Air ducts –Serve computer room with many small air ducts. –Weld screens over air vents or within air ducts. –Motion detectors. Glass walls –Easy to break—avoid them.

CSC 382/582: Computer SecuritySlide #11 Network Cabling Threats –Wiretapping/monitoring –Cutting –Connecting to AC power Defences –Run through steel conduits, not open trays. –Double-walled conduits with pressurized gas between layers; alarm if pressure falls.

CSC 382/582: Computer SecuritySlide #12 Alarms Sensor types –Vibration detectors –Video cameras –Motion sensors –Infrared (body heat) detectors False alarms –Causes Weather (thunder, lightning, wind) Created by attacker –Degrade response guards/police will ignore alarms if too many false.

CSC 382/582: Computer SecuritySlide #13 Theft Reasons: –Resale –Access to stored information Targets –Laptops –Components: RAM, CPUs, hard disks –PCs/servers

CSC 382/582: Computer SecuritySlide #14 Theft Defences Limit physical access. –Keep critical systems in high security areas. Case locks to prevent access to components. Laptop locks to lock laptop to desk. Visible equipment tags with serial numbers. Phone-home software for tracing. Encryption of information.

CSC 382/582: Computer SecuritySlide #15 Backups Protect availability of information. Offer potential for confidentiality violation. Defences: –Secure in safe after creation. –Periodically move to secure offsite storage. –Verify that you can restore data from backups. Verify old backups periodically too. –Encrypt data on backup tapes. –Bulk erase tapes to destroy data before disposal.

CSC 382/582: Computer SecuritySlide #16 Printouts Provide availability when computers down. Potential for confidentiality violation. –Dumpster diving Defences –Separate wastebaskets for confidential/unclassified information. –Paper shredding Expensive shredding recovery services exist.

CSC 382/582: Computer SecuritySlide #17 Unattended Terminals Offer anonymous attacker access Defences: –Autologout shells or daemons –Automatic screen locking –Boot only from hard disk –BIOS password to protect boot settings –Case lock to prevent battery removal or BIOS chip replacement

CSC 382/582: Computer SecuritySlide #18 EM Security 1.What is EM Security? 2.History 3.Surveillance 4.Passive Attacks 5.Active Attacks 6.Defences

CSC 382/582: Computer SecuritySlide #19 EM Security Preventing a system from being attacked using electromagnetic emanations. –Confidentiality attacks Listening to high frequency signals bled onto connected cables like power lines. Listening to electromagnetic radiation leaked from computer devices. –Integrity attacks Disrupting computations by inserting power glitches. –Availability attacks Jamming, electromagnetic pulse weapons.

CSC 382/582: Computer SecuritySlide #20 History 1914: Telephone wires laid for miles parallel to enemy trenches only a few hundred meters away. Earth leakage caused crosstalk, allowing enemy to listen. 1960: UK listened to secondary signal on French embassy cable to capture plaintext leaked from cipher machine. 1960s: TV detector vans in UK listened to RF leakage to discover license fee evaders. 1985: Wim van Eck’s paper describing how to reconstruct picture on CRT at a distance. 1990s: Power analysis of smartcards.

CSC 382/582: Computer SecuritySlide #21 Active Surveillance Many types of “bugs” available: –Battery-powered radio microphones. –Externally powered radio microphone/cameras. –Laser microphones Bounce laser off reflected surface, then measure modulation of reflected light by sound waves. Interception evasion technologies –Rapid frequency hopping –Burst transmission

CSC 382/582: Computer SecuritySlide #22 Surveillance Countermeasures Physical sweep Nonlinear Junction Detectors –Emit weak radio signal. –Listen for harmonics caused by transistors. –Can find unshielded electronics a few feet away. Surveillance receivers –Sweep radio spectrum at rapid rate, searching for unexplained signals. –Can detect frequency hoppers, but burst transmission difficult to find.

CSC 382/582: Computer SecuritySlide #23 Passive Attacks Red/black separation Power analysis RF leakage

CSC 382/582: Computer SecuritySlide #24 Red/Black Separation Red equipment: carries confidential data. Black equipment: carries unclassified data. Red/Black separation: Red equipment must be isolated from Black equipment by filters and shields. Problem: Cipher machines have both red and black connections, so their design must be very careful.

CSC 382/582: Computer SecuritySlide #25 Power Analysis Power analysis: analyzing power supply current of electronic device over time. –Transistor switching changes power draw. Smartcards: credit-card sized plastic with embedded microprocessor/memory. –Uses: credit/ID card replacement, one time password authentication, physical access key. –Vulnerabilities Low clock frequency compared to PCs. Little or no power filtering.

CSC 382/582: Computer SecuritySlide #26 Power Analysis Simple Power Analysis –Visual inspection of power consumption graph can reveal DES shifts and permutations or RSA multiplication and exponentiation operations. Differential Power Analysis –Statistical analysis of many (100’s) operations where algorithm and either plaintext or ciphertext known. –Can be used to find 48 of 56 bits of DES key by analyzing last round of cipher. –Defences: randomization of order of S-box use, frequent key updates, timing randomness, insertion of random dummy operations.

CSC 382/582: Computer SecuritySlide #27 RF Leakage All video displays (CRTs and LCDs) emit a weak TV signal. All cabling (serial cables using by ATMs and ethernet cable used by PCs) emits signals too. Keyboard RF emissions modulated by currently pressed key. Defences: –Electromagnetic shielding of device or room. –Soft-Tempest fonts: low pass filter removes high frequencies of fonts—little visual difference on monitor but larger effect on signal.

CSC 382/582: Computer SecuritySlide #28 Active Attacks Tempest Viruses Glitching

CSC 382/582: Computer SecuritySlide #29 Tempest Viruses Malware that scans infected computer for desired information, which it then broadcasts via RF signals. –Change display when monitor not in use to send signal. –Superimpose signal on monitor image, so that image not visible on monitor but visible to RF receiver.

CSC 382/582: Computer SecuritySlide #30 Glitching Inserting transients into power or clock signal to induce useful errors. Example: On one Smartcard, replacing a clock pulse with two narrower pulses would cause processor to execute a NOP instead of scheduled instruction, allowing access control JMPs to be bypassed.

CSC 382/582: Computer SecuritySlide #31 Defences Use Soft-Tempest fonts. Keep cables short. Use shielded cables. Use EMI filters between PC and wall AC power. Use EMI filters on fax/modem phone lines. Apply ferrite core attenuators to cables. Enclose devices in a Faraday cage (grounded tight cage of aluminum mesh.) Buy specially shielded equipment.

CSC 382/582: Computer SecuritySlide #32 Key Points Physical security is an essential component of computer security. –Many systems are more vulnerable to physical threats than system/network attacks. Elements of Physical Security –Determent –Detection –Delay –Response Backups are a defence against many threats, but must be defended themselves.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.