TestOut Ch3

Physical Security continued

-Restricting physical access to facilities and computer systems. -Preventing interruptions of computer services caused by problems such as loss of power or fire. -Preventing unauthorized disclosure of information. -Disposing of sensitive material. -Protecting the interior and exterior of your facility

Control Measures- Perimeter barriers

-The first measure in physically securing a building is to secure the perimeter and restrict access to secure entry points. Methods for securing the perimeter are explained in the following list. -Fences provide an environmental barrier that prevents easy access to the facility. A low fence (3-4 feet) acts as a deterrent to casual intrusion. A higher fence (6-7 feet) acts as a deterrent unless the trespasser has a specific intent to violate security. A fence 8 feet or higher topped with barbed wire is an effective deterrent. -Barricades can be erected to prevent vehicles from approaching the facility. -Bollards are short, sturdy posts used to prevent a car from crashing into a secure area. -Signs should be posted to inform individuals that they are entering a secured area. -Guard dogs are generally highly reliable, but are appropriate only for physical perimeter security. They can be expensive to keep and maintain. Their use might raise issues of liability and insurance. -Lighting deters casual intruders, helps guards see intruders, and is necessary for most cameras to monitor the area. To be effective, lights should be placed to eliminate shadows or dark spots. -Security guards offer the best protection for perimeter security because they can actively respond to a variety of threat situations. Security guards can also reference an access list that explicitly lists who can enter a secure facility. -However, guards are expensive, require training, and can be unreliable or inconsistent.

Demilitarized zone(DMZ)

A DMZ provides enhanced security by isolating your publicly accessible network from your privately accessible network.

Turnstile

A barrier that permits entry in only one direction.

Checkout policy

A checkout policy ensures that hardware does not leave the organization's premises without a manager's approval. Checkout policies can include the following details: Acceptable use is limited to business-specific activities on the device. A listing of software that is installed on the device. Characteristics of the hardware such as the serial number, make, and model number. A rule that borrowers must not install software on the devices. A rule that returning the device should be within a reasonable or defined period. A rule that liability is placed on the borrower for the device's physical safety.

Demilitarized zone (DMZ) or Screened Subnet

A demilitarized zone, also called a screened subnet, provides enhanced security by isolating your publicly accessible network from your privately accessible network. Basically, you're using a firewall to creating two separate networks.

Double-entry door

A double-entry door has two doors that are locked from the outside but have crash bars on the inside that allow easy exit.

Fire Suppression Methods- Fixed

A fixed system is part of a building and typically combines fire detectors with fire-suppression technology. Fixed fire suppression systems usually use water or gas to extinguish fire. Deluge sprinklers have open sprinklers. The pipes are dry until the fire alarm causes the deluge valve to open and send water to all the sprinklers. Wet pipe sprinklers contain pressurized water that is released when initiated by a heat-sensitive device. Wet pipe systems respond to fire threats more quickly than deluge systems. Be aware that a fixed system might only slow down a fire, but it gives you more time to evacuate. It might be incapable of extinguishing a fire.

Access list

A list of personnel who are authorized to enter a secure facility

Control Measures- Doors

A mantrap is a specialized entrance with two doors that create a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. Authentication may include visual identification and identification credentials. Mantraps should permit only a single person to enter. The person must provide authentication. If authentication is not provided, the intruder is kept in the mantrap until authorities arrive. A turnstile is a barrier that permits entry in only one direction. Physical turnstiles are often used to control entry for large events such as concerts and sporting events. Optical turnstiles use sensors and alarms to control entry. Turnstiles are often used to permit easy exit from a secure area. Entry is controlled through a mantrap or other system that requires authentication for entry. A double-entry door has two doors that are locked from the outside but have crash bars on the inside that allow easy exit. Double-entry doors are typically used only for emergency exits and alarms sound when the doors are opened.

Protected cable distribution

A metal cabinet that locks away all the networking cables and prevents any type of emissions. PDSs also keep attackers from physically removing cables or plugging in additional cables. PDSs are most commonly used by utility companies.

Air gap

A security method that physically isolates a portion of the network (such as a computer, a server, or a small network of computers) from the internet or any other unsecured networks.

Mantrap

A specialized entrance with two locking doors that create a security buffer zone between two areas.

Access cards

Access cards can be used to secure a facility, room, or cabinet. Barcode readers require a barcode to be scanned using infrared technology. Magnetic stripe readers require that a card be swiped. Proximity card readers transmit a low radio frequency (RF). When a card is within a certain distance, the card uses the RF signal to transmit the code to the reader.

Smart card

Access cards that have encrypted access information. Smart cards can be contactless or require contact.

Airflow

Airflow is an important factor in controlling temperature. Be aware that: Fans are a critical component in preventing hot spots in a computer room. There are two types of fans, fans inside the computer equipment and room fans, which circulate air in the room. The air exchange rate for a computer room is much higher than for an office area. An office area needs approximately two air changes per hour. A server room needs between 20 and 30 air changes per hour.

Air gap

An air gap is a security method in which a computer, a server, or a small network of computers is physically isolated from the internet or other unsecured networks. This means that only individuals authorized to access that computer or network can access it. It can be accessed only in person, not over the internet, not even from another internetwork within the organization.

Vault

Another way you can secure networking devices is to keep them in a locked cage, or a vault. You can do this in addition to a locked room or you can place the vault inside a locked room. Obviously, combining the two physical security measures is best, but make sure to have at least one.

Biometric Locks

Biometric locks increase security by using fingerprints or iris scans. They reduce the threat from lost keys or cards.

Bollard

Bollards are short, sturdy posts used to prevent a vehicle from crashing into a secure area.

Card cloning

Card cloning is the process of making copies of smart cards. Lost, misplaced, or stolen cards can be copied, if there is not cryptographic protection on them.

Skimming

Card skimming is when there is a card reader placed in order to copy the credentials of a users smart card. Once the cards details are copied, it can be used to create counterfeit cards. Proximity cards can also be copied. These transmit the credentials and can be captured with portable RFID reader.

Fire Extinguishers

Class A Wood, paper, cloth, plastics Water or soda acid Class B Petroleum, oil, solvent, alcohol CO2 or FM200 Class C Electrical equipment, circuits, wires Halon or CO2 Class D Sodium, potassium Dry powders Class K Oil, solvents, electrical wires Halon, CO2, or soda acid

Control Measures- Physical access controls

Physical access controls can be implemented inside the facility. Physical controls can include key fobs, swipe cards, or badges. To control access to sensitive areas within the facility, require a card swipe or reader. Some systems can track personnel movement within a facility and proactively lock or unlock doors based on the access token device. An anti-passback system prevents a card holder from passing their card back to someone else. Physical controls are often implemented along with sensors and alarms to detect unauthorized access. Photoelectric sensors detect motion and are best suited to detect a perimeter breach rather than interior motion detection. Wave pattern, heat sensing, and ultrasonic sensors are better suited for interior motion detection than perimeter breach detection.

Control Measures- Physical access logs

Physical access logs are implemented by the guards of a facility and require everyone gaining access to the facility to sign in.

Physical security

Physical security is the protection of corporate assets from threats such as unauthorized entry, theft or damage.

Water or Gas

Recommendations for water and gas focus on the ability to turn them off in the event of a broken pipe, fire, or another type of emergency. These recommendations are: Identify the location of a master shut-off valve. Identify the location of any secondary shut-off valves. Using secondary shutoff valves minimizes the impact of the service loss. Ensure that the shut-off valves work. Mark shut-off valves to increase visibility. Ensure that appropriate personnel has access to shut-off values for water and gas systems. Secure shut-off valves from general access.

Recovery

Recovery is the process of returning a system to a functional state and repairing any damage.

Locked network closet

Regardless of the size of your organization, networking components should always be inside of a locked room that only specific individuals have access to. Make sure the lock to this room has some sort of access logging. For example, many key card locking mechanisms track the time, date, and individual who opens the door. This can be helpful when identifying the source of an attack.

Door locks

The first line of defense in protecting computer systems is to control access to the location where the computers are located. Many businesses use cubicles, which leave computers in plain sight and easily accessible to anyone. Controlling access to the building is critical to prevent unauthorized people from gaining access to computers. Place critical or sensitive devices in a locked room. For good physical security, implement the following protections. Keep doors to the rooms locked as much as possible, especially when the rooms are not in use. Use keypads or card readers to control room access. Do not leave the door ajar to adjust the temperature inside the room.

Physical Security

There are three factors to keep in mind with physical security: prevention, detection, and recovery. -Prevention is making the location less tempting to break into. -Detection is identifying what was broken into, what is missing, and the extent of the damage. -Recovery is the review of the physical security procedures, repairing any damage, and hardening the physical security of the company against future problems.

Defense in Depth

employing multiple layers of controls to avoid a single point-of-failure

Control Measures- Closed-Circuit Television (CCTV)

Closed-circuit television can be used as both a preventative tool (when monitoring live events) or as an investigative tool (when events are recorded for later playback). Camera types include: A bullet camera, which has a built-in lens. It is long and round in shape. Most bullet cameras can be used indoors or outdoors. A c-mount camera, which has interchangeable lenses. It is typically rectangle in shape with the lens on the end. Most c-mount cameras require a special housing to be used outdoors. A dome camera, which is a camera protected with a plastic or glass dome. These cameras are more vandal-resistant than other cameras. A pan tilt zoom (PTZ) camera, which lets you dynamically move the camera and zoom in on specific areas. Cameras without PTZ capabilities are manually set looking toward a specific direction. Automatic PTZ mode automatically moves the camera between several preset locations. A manual PTZ lets an operator remotely control the position of the camera. When selecting cameras, be aware of the following characteristics: The focal length measures the magnification power of a lens. The focal length controls the distance that the camera can see, as well as how much detail can be seen at a specific range. The focal length is expressed in millimeters (mm). A higher focal length lets you see more detail at a greater distance. Most cameras have a 4 mm lens with a range of 30-35 feet. This allows you to see facial features at that distance. A fixed lens camera has a set focal length. A varifocal camera lens lets you adjust the focus (zoom). A 70-degree view angle is the largest view angle possible without distorting the image. The resolution is rated in the number of lines (such as 400) included in the image. In general, the higher the resolution, the sharper the image. LUX is a measure of the sensitivity to light. The lower the number, the less light is necessary for a clear image. Infrared cameras can record images in little or no light. Infrared cameras have a range of about 25 feet in no light and further in dimly-lit areas. When CCTV is used in a preventative way, you must have a guard or other person who monitors one or more cameras in real time. The cameras effectively expand the area that can be monitored by the guard. Cameras can only detect security breaches. Guards can prevent and react to security breaches.

Environmental Considerations

Cool temperatures to protect hardware from being damaged by overheating. Humidity control to keep humidity above 50% to avoid electric shock. Moisture detectors to identify the presence of water and provide early alerts to prevent water/flood damage from water pipes and sprinklers. Fire suppression controls to prevent damage from heat and smoke.

Secure data destruction

Data is an important resource for any organization. All digital data and paper data should be protected. Any paperwork containing sensitive information should be securely destroyed. The following are some of the options for secure data destruction: Burning Shredding Pulping Pulverizing Degaussing Third-party solutions

Detection

Detection is identifying that a security breach has happened or is happening.

Control Measures- Door locks

Door locks allow access only to people with the proper key. Lock types include: Pick-resistant locks with restricted key duplication are the most secure key lock. It is important to note that all traditional key locks are vulnerable to lock-picking (shimming). Keypad locks require knowledge of a code and reduce the threat from lost keys and cards. Clean keypads frequently to remove indications of buttons used. Smart cards have the ability to encrypt access information. Smart cards can be contact or contactless. Contactless smart cards use the 13.56 MHz frequency to communicate with proximity readers. A smart card can communicate a great deal of information. Proximity cards, also known as radio frequency identification (RFID) cards, are a subset of smart cards that use the 125 kHz frequency to communicate with proximity readers. Proximity cards differ from smart cards because they are designed to communicate only the card's identity. Biometric locks increase security by using fingerprints or iris scans. They reduce the threat from lost keys or cards.

Electro-magnetic interference (EMI)

Electro-magnetic interference is caused by noise between the hot wire and the ground or neutral wires in a circuit. This burst of energy is known as an electromagnetic pulse (EMP.) It can disrupt the signal in a data cable. Common causes of EMI are: Motors Heavy machinery Lights Electrical systems (for example, a computer system) EMI shielding is the process of protecting computer components from interference to prevent transmission problems and security concerns, such as eavesdropping. A Faraday cage or a Faraday bag can be used to protect a device from EMP. The Faraday cage or bag is made of special metallic materials that can shield devices such as cell phones, tablets, computers, and servers.

Faraday cage

Faraday cages are designed to block all electromagnetic emissions.

Faraday cage

Faraday cages are designed to block all electromagnetic emissions. Faraday cages are used to protect against attackers who collect electronic emissions from electronic devices. The technique of collecting electronic emissions is known as Van Eck phreaking. It is a form of eavesdropping.

Hardware locks

Hardware locks prevent the theft of computers or components. Keep servers and other devices inside locked cabinets or locked rooms. Bolt or chain workstations to desks or other stationary objects to prevent theft. Lock cases to prevent opening up devices and removing components, such as memory and hard drives. For laptops, use removable cable locks when computers are left unattended in public areas. You can also use motion detectors that sound an alarm when a laptop is moved.

Temperature

Heat reduces the life span and reliability of computer equipment.Keep in mind the following about temperature: Fans and cooling systems on users' desktop, laptop, and notebook computers are usually adequate to keep those types of equipment sufficiently cool. Server rooms require special cooling systems due to the high concentration of equipment. The optimum temperature for computer equipment is 68 degrees Fahrenheit (20 Celsius). There is a variety of environment sensors and software available to monitor the temperature in server rooms and data centers. Environmental sensors and software can also help you identify hot spots. Temperature sensors are generally located one-half to two feet above the floor and five to six feet above the floor throughout the room. A variation of more than 12 degrees between low-mounted and high-mounted sensors indicates a problem. A well-maintained HVAC system is important for employee comfort and the protection of equipment. HVAC controls the temperature and humidity of a building. HVAC keeps temperatures cool for computer systems. Computer systems and server rooms should be centrally located and have separate ducting for better controls. Computer rooms/server rooms require full-time environmental controls. Recommendations for HVAC systems include: Use positive pressure systems. Positive pressure systems protect the air quality in the facility by causing air to be forced out through doors, windows, and other openings. Negative pressure systems draw air in, potentially bringing in airborne particles such as dust, smoke from a fire, or contamination from a chemical leak. Positive pressure systems are more energy effective. Protect filtered air intakes. The air intakes are the source of air for the positive pressure system. Air intakes can be a target of sabotage or contaminated by toxic chemicals if an incident occurs in the surrounding area. For electronic components, keep the temperature between 70 and 74 degrees and humidity between 40% and 65%. Ensure that appropriate personnel has access to shut-off valves for the HVAC system in the event of an emergency. Use hot and cold aisles to ensure proper cooling. A cold aisle is created by having the front of the equipment face toward the center of the aisle. Hot aisles have the back of the equipment face the aisle. Air from the cooling system is forced into the cool aisles from underneath and exhausted through the hot aisles overhead. Typically, cold aisles face air conditioner output ducts and hot aisles face air conditioner return ducts. Best practices for hot aisle/cold aisle containment include: Install internal fans to bring air into, or exhaust air out of, individual units to act with the overall pattern of airflow in the center. Locate devices with side or top exhausts in their own part of the datacenter. Raise the floor 1.5 feet so that air being pushed by air conditioning equipment can pass through. Install automatic doors in the data center.

Power Conditions

Here is a list of power conditions that you should be aware of: A surge or spike in power is a sudden rise in voltage. It can be caused by a lightning strike; a power plant coming online or going off-line; or even equipment inside the facility. A sag or dip in power is a reduction in voltage for a short period of time (up to as long as a few seconds). Sources of sags or dips include chained power strips, faulty wiring, sudden power draws (such as when equipment is first turned on), and large inductive sources, such as an electric motor. A brownout is a reduction in voltage that lasts longer than a few seconds. A brownout is generally caused at the utility company during times of high-power usage. The ANSI standard defines a brownout as an 8% drop between the power source and the voltage meter or a 3.5% drop between the voltage meter and the wall outlet. A blackout is a complete power failure. A blackout can have a variety of sources, such as downed power lines or failed transformers. A fault is a momentary power outage that can have a variety of sources. A transient is a fluctuation caused by line noise or disturbance. Power systems can help keep electrical service constant. The following types of protection are available to improve and protect your equipment against AC power issues: Surge protectors protect against spikes that damage components. Many power strips have a built-in surge protector. Uninterruptible Power Supplies (UPS) protect against under-voltage conditions of short duration (depending on battery life, 30 minutes or more). Most UPS systems include a line conditioner and a surge protector. A redundant power source can ensure constant power. An example of a redundant power source is a backup generator or power from a secondary source in case the primary source fails. Backup generators require fuel to operate and can provide power to critical systems until the fuel is consumed. Line conditioners, also known as power conditioners, can improve the quality of the power by providing filters to remove noise, temporary voltage regulators, and surge protectors.

Humidity

Humidity is an important consideration for server rooms. Humidity should be kept within a range of 40 to 65 percent. Too much humidity results in condensation. Too little humidity results in electrostatic discharge (ESD). Depending on the naturally occurring humidity level of your area and the season, you may have to add or decrease humidity. Avoid large, rapid changes in humidity. Keeping a narrow range of temperature in the computer room will help to avoid condensation.

Malicious universal serial bus (USB) cable

It is common now to find USB charging stations in public places, such as airports, hotels, and restaurants. It is possible that these could be used to copy data from a users device. Users can protect themselves by using USB data blockers. These are used to prevent data transfers to USB drives. This device is connected between the USB charging port and your charging cable and helps to protect access to your data.

Defense in Depth continued

Physical security should deploy in the following sequence. If a step in the sequence fails, the next step should implement itself automatically. Deter initial access attempts Deny direct physical access Detect the intrusion Delay the violator to allow for response When designing physical security, implement a layered defense system. Defense in depth is a process in which controls are implemented in layers to ensure that defeating one level of security does not allow an attacker subsequent access. Using multiple types of security controls within the same layer further enhances security. Tips for implementing a multi-layered defense system include: Protect entry points with a card access system, or some other type of control, as well as a security camera. Use a reception area to prevent the public, visitors, or contractors from entering secure areas of the building without an escort. Use the card access or other system to block access to elevators and stairwells. This prevents someone who successfully tailgates from gaining further access. Use a variety of access systems such as key locks, keypad locks, or biometric controls to secure offices or other sensitive areas. Implement security within offices and data centers using locking storage areas and computer passwords. Perform physical security inspections quarterly. Violations should be addressed in a formal manner, with warnings and penalties imposed.

Malicious flash drive

Plugging an infected USB flash drive to a host system or network can be a major risk. These USB drives can be infected with malware which later can be used to disrupt the operation of a business.A malicious USB drive can install malware such as backdoors, trojans, and ransomware. These drives could also install browser hijackers that will redirect a victim to a website of choice for the hacker.One of the first incident was thought to have happened in 2010 when the Stuxnet worm was distributed via USB sticks to launch attacks on the networks of an Iranian facility.

Fire Suppression Methods- Portable

Portable systems are fire extinguishers that can be used to suppress small fires. When using a portable fire extinguisher, be aware of the following facts: A pin is inserted in the handle of most fire extinguishers to prevent the extinguisher from being accidentally triggered. Remove the pin to use the fire extinguisher. The PASS method (Pull, Aim, Squeeze, and Sweep) is the best method to administer the fire suppressant. Aim toward the base of the fire. Fire extinguishers usually have a limited effective range of 3-8 feet. Fires spread quickly. In most cases, you will be unable to control a fire with only a portable system.

Prevention

Prevention is taking the steps necessary to avert unauthorized access, theft, damage, or other type of security breach.

Proximity card

Proximity cards, also known as radio frequency identification (RFID) cards, are a subset of smart cards that use the 125 kHz frequency to communicate with proximity readers.