1 Security+ All-In-One Edition Chapter 7 – Physical Security Brian E. Brzezicki
2 NoteNote: A LOT of this chapter is “missing” from the book. That is the book is only 12 pages..I have put over 70 slides in this chapter (one of the longest) These things you should expect to see on the exam. So pay extra attention to these slides!
4 There is NO security without Physical Security We spend A LOT of money on logical (technical) security. However without physical security there is NO security. Physical security is a weak link usually!Attackers can walk off with machinesIf I can get physical access to your machine I will be able to get whatever info I want or load “bad” software on it, or even just change the root/administrator account password!Plug into a network and attack it from within!
5 Some physical Security Attacks (187) LiveCDs (Knoppix, BackTrack)USB/CDs and “auto play” – talk about this LATERNo BIOS/Default BIOS passwordsCopying off sensitive data to removable mediaDisk Imaging (how?)Theft of equipment
6 Physical Security Layers (n/b) Deterrence – fences, guards, signsReducing/Avoiding damage by Delaying attackers – slow down the attackers (locks, guards, barriers)Detection – motion sensors, smoke detectorsIncident assessment – response of guards, and determination of damage levelResponse procedures – fire suppression, law enforcement notification etc
9 Bollards (n/b)Bollards are small concrete pillars, sometimes containing lights or flowers.They are used to stop people from driving through a wall, often put between a building and parking lot.They can be arranged to form a natural path for walking.
10 Fencing (n/b) Can deter and delay intruders, first line of defense Fences 3-4 feet high only deter casual trespassersFences 6-7 feet high are considered too high to climb easilyFences 8 feet high should are considered serious. Use for Critical areas
11 Walls (n/b) You know what they are Choose a wall with the strength to support the security application. This might also include fire rating!
12 Zones (n/b)Fences, Walls, Bollards, etc along with access control mechanisms can be brought together to create “security” zones. Each zone has some different security level or work type.Example.Lobby – low security, public accessOffices – medium security, restricted accessR&D – high security, extremely restricted access(see next slide)
13 Security Zones (n/b)Zones are used to physically separate areas into different security areas.Each inner level becomes more restricted and more secureStronger Access Control and Monitoring at the entry point to each zone
14 Lighting (n/b)Lighting is obviously important in perimeter security. It decreases the probability of criminal activity.Each light should cover it’s own zone and there should not be gaps in the coverageCoverage in fact should overlap.Lighting should be directed AWAY from the security guards etc.
15 Locks (n/b) Mechanical – use a physical key (Warded lock or tumbler) Warded lock – basic padlock, cheap (image)Tumbler lock – more piece that a warded lock, key fits into a cylinder which moved the metal pieces such that the bolt can slide into the locked and unlocked position.Pin tumbler – uses pinsWafer – uses wafer (not very secure)
18 Attacks against key type locks (n/b) Tension wrench – shaped like an L and is used to apply tension to the cylinder, then use a pick to manipulate the individual pins.Pick – used in conjunction with a tension wrench to manipulate the pins into place so you can turn the cylinderVisualization next slide
20 LocksCombination locks – rather than use a key, turn
21 Locks (n/b) Cipher locks – electronic locks Combination can be changed Combination can be different for different peopleCan work during different times of dayCan have emergency codesCan have “override codes”
24 Man Trap (n/b)Avoids piggybackingCan trap intruder
25 Surveillance (n/b)CCTVs and recording devices to record video of site.It deters criminal activityCan be used later as evidence or to determine what happened.CCTVs should generally have PTZ capability, and auto-irises.
26 Intrusion Detection Systems (n/b) IDS (physical IDS, NOT network IDS) – help detect the physical presence of an intruder.Can be multiple types.Electromechanical – traditional types, determine a opening of a window by a break in connectivity.Vibration sensors are also electromechanicalPressure pads are also electromechanical
27 IDS (n/b)Photoelectric – uses light beams to detect when something crosses the beam. (slide image)Passive Infrared (PIR) – monitors heat signatures in a room. (a lot of home automatically light systems are of this type) (slide image)Acoustical Detection – uses soundProximity detector/capacitance detectors – emits a measurable magnetic field. If field is disrupted it sets off the alarm. (usually this field is a very small area, as magnetic fields disperse quickly as the area increases)
28 Passive Infrared IDSPassive Infrared (PIR) – monitors heat signatures in a room. (a lot of home automatic light systems are of this type)
29 Photoelectric IDSPhotoelectric – uses light beams to detect when something crosses the beam.
31 Personnel access controls There are different technologies to grant access to a building, generally called an “access token”User activated – a user does something (swipe cards, biometrics)Proximity devices/transponders – a system recognizes the presence of an object. (Electronic access control tokens) is a generic term for proximity authentication systems)
32 Smart Cards Vs. Memory cards What is memory Cards? (see slide)What is a smart Card? (see slide)How are they different?Which is more secure?
35 Biometrics (195) Bio – life, metrics - measure Biometrics verifies (authenticates) an individuals identity by analyzing unique personal attribute (something they ARE)Require enrollment before being used* (what is enrollment? Any ideas)EXPENSIVECOMPLEX
36 Biometrics (195) Can be based on Can give incorrect results behavior (signature dynamics) – might change over timePhysical attribute (fingerprints, iris, retina scans)We will talk about the different types of biometrics laterCan give incorrect resultsFalse negative – Type 1 error* (annoying)False positive – Type 2 error* (very bad)
37 CER (n/b)Crossover Error Rate (CER)* is an important metric that is stated as a percentage that represents the point at which the false rejection rate equals the false positive rate.Lower number CER is better/more accurate*. (3 is better than an 4)Also called Equal Error RateUse CER to compare vendors products objectively
38 Biometrics (n/b)Systems can be calibrated, for example of you adjust the sensitivity to decrease fall positives, you probably will INCREASE false negatives, this is where the CER come in. (see next slide)Some areas (like military) are more concerned with one error than the other (ex. Would rather deny a valid user than accept an invalid user)Can you think of any situations for each case?
43 Fingerprint (n/b)Measures ridge endings an bifurcations (changes in the qualitative or topological structure) and other details called “minutiae”Full fingerprint is stored, the scanners just compute specific features and values and sends those for verification against the real fingerprint.
44 Hand Geometry (n/b) Overall shape of hand Length and width of fingers This is significantly different between individuals
48 Iris Scan (n/b) Measures colors Measures rifts Measures rings Measures furrow (wrinkle, rut or groove)Provides most assurance of all biometric systemsIRIS remains constant through adulthoodPlace scanner so sun does NOT shine through aperture*
49 Keyboard dynamics (n/b) Measure the speeds and motions as you type, including timed difference between characters typed. For a given phraseThis is more effective than a password believe it or not, as it is hard to repeats someone's typing style, where as it’s easy to get someone's password.
50 Voice Print (n/b) Enrollment, you say several different phrases. Measures speech patterns, inflection and intonation (i.e.. pitch and tone)For authentication words are jumbled.
52 Facial Scan (n/b) Geometric measurements of Bone structure Nose ridges Eye widthChin shapeForehead size
53 Biometrics wrap up We covered a bunch of different biometrics Understand some are behavioral* basedVoice printKeyboard dynamicsCan change over timeSome are physically basedFingerprintIris scan
54 Biometrics wrap UpFingerprints are probably the most commonly used and cheapestIris scanning provides the most “assurance”Some methods are intrusiveUnderstand Type I and Type II errorsBe able to define CER, is a lower CER value better or worse?Privacy Issues
56 Device Security Devices can be stolen Use a drive encryption technology such as bit locker or encrypting file systemUse device or port locks to secure itemsLaptopsshould be inventoried“Lojack” type devices should be installed.Encrypt the Disks(more)
57 Device SecurityBe wary of USB devices and CDs etc that you find or are given (bank story)Disable USB if possible\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UsbStor – set to 4 (from 3)Disable Auto PlayUse privacy ScreenSecurely Dispose of Devices
59 Fire SuppressionDifferent fire suppression types based on class of fireABCD(we’ll talk about each of these)
60 Fire Suppression A – Common Combustibles Use for: Wood, paper, laminatesUses water or foam as suppression agentB – LiquidUse for: gas or oil firesUse: Gas (CO2), foam, dry powders
61 Fire Suppression C – Electrical Use on: electrical equipment and wires Uses: Gas, CO2, dry powderD – Combustible materialsUse on: combustible chemicals (sodium, potassium)Uses: dry powder
62 Fire Suppression (Halon) Before any type of dangerous gas (Halon, CO2) is released there should be some type of warning emitted. (CO2 will suffocate people)Halon is a type of gas that used to be commonly used, it is no longer used do to CFCs. (it is also dangerous to people). It was banned by the “Montreal protocol”* in effective replacement is FM-200 or others on top of pg 444*
63 Fire Suppression NoteHVAC system should be set to shutdown when an automatically suppression system activates.Now we need to understand automatic fire suppression systems
64 Sprinkler HeadsThe “Thermal Linkage” is often a small glass tube with colored liquid that is designed to shatter at a fixed temperature.The fire will heat the Thermal Linkage to its break point, at which point the water in the pipe will flow freely through the opening at a high pressure. The pressure of the water causes it to spread in a wide area when it hits the deflector
65 Automatic fire suppression (n/b) Sprinklers –Wet Pipe – high pressure water in pipe directly above sprinkler headsDeluge – Type of wet pipe with a high volume of water dispersal, not used for data centers.
66 Automatic fire suppression (n/b) Dry Pipe – Air in pipe overhead, water in reservoir, released on fire detection
67 Automatic fire suppression (n/b) Pre action – like dry pipe, but a delay exists before release. Best for computer rooms if a water based system is used.
68 Fire random tidbit (n/b) The space between the “ceiling” and the actual floor above is called the “plenum”. You should know this term, you should understand that when running network cables and other plastics insulated wiring, you need to use a certain type of wire called “plenum” wire, this is because burning plastic gives off toxic gases and small fires in plenum areas could distribute toxic gases throughout the building air systems.
69 Environmental Issues (n/b) Improper environments can cause damage to equipment or servicesWater and GasMake sure there are shutoff valves and that they have positive drains (flow out instead of in, why?)HumidityHumidity must not be too high or too lowLow – staticHigh – rust/corrosionHygrometer measures humidity(more)
70 Environmental Issues (n/b) Static electricity – besides ensuring proper humidityuse anti-static flooring in data processing areasDon’t use carpeting in data centersWear anti-static bands when working inside computers.
71 Electric power issues (n/b) There power interference that stops you from getting “clean power” this is called “line noise”.
72 Electric power issues (n/b) Line Noise can be caused by the followingElectromagnetic Interference – electromagnetic that can create noise. (motors can generate fields)Radio Frequency Interference – fluorescent lights
73 Electrical Power Issues (n/b) There are times where the voltage delivered falls outside normal thresholdsExcessSpike – momentary high voltageSurge – prolongedShortageSag/dip – momentary low voltageBrownout – prolonged low voltageLossFault – momentary outageBlack out
74 Electrical power issues (n/b) “In rush current” – when a bunch of things are turned on, power demands are usually higher, and may stress power supplies, causing a sag/dipTry to have computer equipment on different electrical supplies. Do not use microwaves or vacuums on computer power lines.
75 Power best practices (n/b) Use surge protectors on desktopsDo not daisy change surge protectors (see next slide)Employ power monitor to detect current and voltage changesUse regulators or line conditioners in computer roomsUse UPS systems in computer roomsIf possible shield power cablesDo not run power over or under fluorescent lights
77 Computer Room (n/b)Temperature and Humidity levels should be properly maintainedHumidity too low, static electricity*Humidity too high, corrosion of metal parts*CR should be on separate electrical systems than the rest of the buildingShould have redundant power systems and UPS
78 Review QuestionsQ. What feature can allow a windows computer to automatically run a Trojan program on an inserted CD or USB driveQ. Which of the following water based automatic fire suppression systems would be best used for a data center.Q. Why is access to a network jack a risk?Q. What is the CER in terms of biometricsQ. What is a type 1 and type 2 error?
79 Review QuestionsQ. If providing access to a bank vault, would I prefer higher false positives or higher false negatives?Q. What type of fire rating is electrical fires?Q. What is the difference between smart cards and memory cards.Q. What type of motion sensor detects a human through emanated heat?