Chapter 9 Physical Security - Study Material
Securing Mobile and Portable Systems
-loss of the device means loss of the access control mechanisms -For maximum security, laptops should be secured at all times. If you are traveling with a laptop, you should always have it in your possession. Special care should be exercised when flying, as laptop thefts are common in airports. The following list from the Metropolitan Police of the District of Columbia explains how to prevent your laptop from being stolen or damaged: •"Don't leave your devices in an unlocked vehicle, even if the vehicle is in your drive-way or garage, and never leave it in plain sight, even if the vehicle is locked—that's just inviting trouble. If you must leave your devices in a vehicle, the best place is in the trunk. If you don't have a trunk, try to conceal them or fit them under a seat and lock the doors. • Carry your devices in a nondescript carrying case, briefcase, or bag when moving about. Placing these items in a case designed for computers is an immediate alert to thieves that you have these valuable devices. • Do not leave a meeting or conference room without your laptop or personal electronics. Take them with you. • Lock your device in a safe place when not in use or use a cable lock that wraps around a desk or chair leg. • Apply distinctive paint markings (such as indelible markers) to make your laptop unique and easily identifiable. • Consider purchasing a theft alarm system specially made for laptops and other electronics. • Be aware that if your computer is stolen, automatic log-ins can make it easy for a thief to send inappropriate messages with your account. Use password protection and require a person to log in every time the computer goes to sleep or powers down. • Back up your information using cloud-based storage or on portable media such as a CD, DVD, flash drive, or other backup media. Store the discs someplace safe."
Physical Access Controls
A number of physical access controls are uniquely suited to governing the movement of people within an organization's facilities—specifically, controlling their physical access to company resources. Some of the technology used to control physical access is also used to control logical access, including biometrics, smart cards, and wireless-enabled keycards. -Commonly, a building's access controls are operated by a group called FACILITIES MANAGEMENT. Larger organizations may have an entire staff dedicated to facilities management, while smaller organizations often outsource these duties. -In facilities management, the term SECURE FACILITY might bring to mind military bases, maximum-security prisons, and nuclear power plants. While securing a facility does require adherence to rules and procedures, the environment does not necessarily have to be that con-strained. A facility does not have to resemble a fortress to minimize risk from physical attacks. In fact, a secure facility can sometimes use its natural terrain, local traffic flow, and surrounding development to enhance its physical security, along with protection mechanisms such as fences, gates, walls, guards, and alarms. -A secure facility includes the same defense-in-depth strategy as logical network security. Any intrusion attempt, whether natural or man-made, should be confronted with multiple layers of defense, including those for the facility's location, the drive to and onto the facility grounds, and multiple layers of physical access controls needed to gain access to information.
Heating, Ventilation, and Air Conditioning
Although traditionally a responsibility of facilities management, the operation of the heating, ventilation, and air-conditioning (HVAC) system can have a dramatic impact on information, information systems, and their protection. Specifically, the temperature, filtration, humidity, and static electricity controls must be monitored and adjusted to reduce risks to information systems Temperature and Filtration: Computer systems are electronic, and therefore are subject to damage from extreme temperatures and particulate contamination. Temperatures as low as 100 degrees Fahrenheit can damage computer media, and at 175 degrees Fahrenheit, computer hardware can be damaged or destroyed. When the temperature approaches 32 degrees Fahrenheit, media are susceptible to cracking and computer components can actually freeze together. Rapid changes in temperature from hot to cold or vice versa can produce condensation, which can create short circuits or otherwise damage systems and components. The optimal temperature for a computing environment and for people is between 70 and 74 degrees Fahrenheit -Filtration is no longer as significant as it once was for most commercial data processing facilities. Humidity and Static Electricity: -High HUMIDITY levels create condensation problems, and low humidity levels can increase the amount of static electricity in the environment. With condensation comes the short-circuiting of electrical equipment and the potential for mold and rot in paper-based information storage. -STATIC ELECTRICITY is caused by TRIBOELECTRIFICATION, which occurs when two materials make contact and exchange electrons. As a result, one object becomes more positively charged and the other more negatively charged. When a third object with an opposite charge or ground is encountered, electrons flow again, and a spark is produced. One of the leading causes of damage to sensitive circuitry is ELECTROSTATIC DISCHARGE (ESD). -Static electricity is not noticeable to human beings until levels approach 1,500 volts, and the spark can't be seen until the level approaches 4,000 volts before being discharged. Moreover, a person can generate a discharge of up to 12,000 volts merely by walking across a carpet. Integrated circuits are designed to only use between 2 & 5 volts of electricity. In general, ESD damage to chips produces two types of failures. -Immediate failures, also known as catastrophic failures, occur right away, are often totally destructive, and require chip replacement. -Latent failures or delayed failures can occur weeks or even months after the damage occurs. The chip may suffer intermittent problems, although given the overall poor quality of some popular operating systems, this type of damage may be hard to notice. (it is imperative to maintain an optimal level of humidity between 40 percent and 60 percent in the computing environment. Humidity levels below this range create static, and levels above it create condensation.) Ventilation Shafts: While the ductwork in residential buildings is quite small, it may be large enough for a person to climb through in large commercial buildings. -With moderate security precautions, these shafts can be completely eliminated as a security vulnerability. In most new buildings, the ducts to individual rooms are no larger than 12 inches in diameter and are composed of flexible, insulated tubes. The size and nature of the ducts precludes most people from using them, but access may be possible via the plenum. If the ducts are much larger, the security team can install wire mesh grids at various points to compartmentalize the runs
Special Considerations for Physical Security
An organization must account for several special considerations when developing a physical security program. -The first is the question of whether to handle physical security in-house or to outsource it. The benefits of outsourcing physical security include gaining the experience and knowledge of these agencies, many of which have been in the field for decades. Outsourcing unfamiliar operations always frees an organization to focus on its primary objectives rather than support operations. The disadvantages include the expense, the loss of control over individual components of physical security, and the need to trust another company to perform an essential business function. -Another physical security consideration is social engineering. As you learned in previous chapters, social engineering involves using people skills to obtain confidential information from employees. While most social engineers prefer to use the telephone or computer to solicit information, some attempt to access the information more directly. Technically proficient agents can be placed in janitorial positions at a competitor's office, and an outsider can gain access to an organization's resources in other ways. -When no procedure is in place, no one gives the wandering repairman, service worker, or city official a second look. It is not difficult to get a clipboard, dress like a repairman or building inspector, and move freely throughout a building. If you look like you have a mission and appear competent, most people will leave you alone. Organizations can combat this type of attack by requiring all people who enter the facility to display appropriate visitor badges and be escorted in restricted areas
Physical Security Controls
An organization's communities of interest should consider several physical security controls when implementing physical security inside and outside the facility. Some of the major controls are: • Walls, fencing, and gates • Guards • Dogs • ID cards and badges • Locks and keys • Mantraps • Electronic monitoring • Alarms and alarm systems • Computer rooms and wiring closets • Interior walls and doors Walls, Fencing, and Gates: Some of the oldest and most reliable elements of physical security are walls, fencing, and gates. While not every organization needs to implement external perimeter controls, walls and fences with suitable gates are an essential starting point when employees require access to physical locations the organization owns or controls. Each exterior perimeter control requires expert planning to ensure that it fulfills security goals and presents an image appropriate to the organization. Guards: Guards can evaluate each situation as it arises and make reasoned responses. Most guards have clear standard operating procedures (SOPs) that help them act decisively in unfamiliar situations. An issue with human guards, beyond the high cost, is the human tendency to boredom and distraction, making supervision and oversight of guards a management concern. Dogs: For an organization that is protecting valuable resources, dogs can be an important part of physical security if they are integrated into the plan and managed properly. Guard dogs are useful because their keen sense of smell and hearing can detect intrusions that human guards cannot, and they can be placed in harm's way when necessary to avoid risking the life of a person. ID Cards and Badges: An IDENTIFICATION (ID) CARD is typically carried concealed, whereas a BADGE is worn and visible. -Both devices can serve a number of purposes. -First, they serve as simple forms of biometrics in that they use the cardholder's picture to authenticate access to the facility. Some organizations choose names or badges that display the wearer's name and/or organization unit data; others show nothing except the wearer's photograph. The cards may be visibly coded to specify which buildings or areas may be accessed. -Second, ID cards that have a magnetic strip or radio chip can be read by auto-mated control devices and allow an organization to restrict access to sensitive areas within the facility. ID cards and badges are not foolproof, however; even the cards designed to communicate with locks can be duplicated, stolen, or modified. Because of this inherent weakness, such devices should not be an organization's only means of controlling access to restricted areas. -Another inherent weakness of cards and badges is the human factor. TAILGATING occurs when an authorized person opens a door and other people also enter. -Making employees aware of tailgating through a security awareness program is one way to combat this problem. There are also technological means of discouraging tailgating, such as turnstiles or mantraps. Locks and Keys: There are two types of lock mechanisms: mechanical and electromechanical. -The mechanical lock may rely on a key—a carefully shaped piece of metal rotated to turn tumblers that release secured loops of steel, aluminum, or brass. Alternatively, a mechanical lock may have a dial that rotates slotted discs until the slots on each of the multiple discs are aligned and then retracts a securing bolt, as in combination and safe locks. -Electromechanical locks can accept a variety of inputs as keys, including magnetic strips on ID cards, radio signals from badges, personal identification numbers (PINs) typed into a keypad, or some combination of these to activate an electrically powered locking mechanism. -Locks can also be divided into four categories based on the triggering process: manual, programmable, electronic, and biometric. (pg. 508 for more) -Electromechanical locks can be integrated into alarm systems and combined with other building management systems. These locks can also be integrated with sensors to create various combinations of locking behavior. -As described previously, some locks use smart cards—keys that contain computer chips. These smart cards can carry critical information, provide strong authentication, and offer a number of other features. Keycard readers based on smart cards are often used to secure computer rooms, communications closets, and other restricted areas. -A specialized type of keycard reader is the PROXIMITY READER, which allows people simply to place their cards within the reader's range instead of inserting them. -The most sophisticated locks are biometric locks. Finger, palm, and hand readers, iris and retina scanners, and voice and signature readers fall into this category. -Sometimes locks fail, so facilities need to have alternative procedures in place for controlling access. These procedures must take into account that locks fail in one of two ways. -A door lock that fails and causes the door to become unlocked is called a FAIL-SAFE LOCK; -a door lock that fails and causes the door to remain locked is called a FAIL-SECURE LOCK. -A fail-safe lock is normally used to secure an exit when a door must be unlocked in case of fire or another event. A fail-secure lock is used when human safety is not the dominant factor in the area being controlled. -Locks are often implemented within organizations in a systematic fashion, whether mechanical locks are used in a pattern approach with specific and master keys or electromechanical locks are used with complex access control lists and a centrally managed authorization model. Mantraps: A common enhancement for locks in very high-security areas is the mantrap. To gain access to a facility, area, or room, a person enters the mantrap, requests access via some form of electronic or biometric lock and key, and then exits the mantrap into the facility if confirmed. Otherwise, the person cannot leave the mantrap until a security official overrides the enclosure's automatic locks. Electronic Monitoring: Monitoring equipment can record events that guards and dogs might miss, and is useful in areas where other types of physical controls are not practical. -Electronic monitoring includes closed-circuit television (CCT) systems. Some CCT systems collect constant video feeds, while others rotate input from a number of cameras, sampling each area in turn. -These video monitoring systems have drawbacks; for the most part they are passive and do not prevent access or prohibited activity. -CCT is more so used for evidence collection after a break-in than as a detection instrument. In high-security areas such as banks, casinos, and shopping centers, however, security personnel monitor CCT systems constantly, looking for suspicious activity. Alarms and Alarm Systems: -Closely related to monitoring systems are the alarms that notify people or systems when a predetermined event or activity occurs. Alarms can detect a physical intrusion or other untoward event. This could be a fire, a break-in, an environmental disturbance such as flooding, or an interruption in services, such as a loss of power. -To detect intrusions, these systems rely on different types of sensors, including motion detectors, thermal detectors, glass breakage detectors, weight sensors, and contact sensors. -MOTION DETECTORS are either active or passive. Some motion sensors emit energy beams, usually in the form of infrared or laser light, ultrasonic sound or sound waves, or some form of electromagnetic radiation. If the energy from the beam projected into the monitored area is disrupted, the alarm is activated. -Other types of motion sensors are passive in that they constantly measure the infrared or ultrasonic energy from the monitored space and detect rapid changes in this energy. The passive measurement of these energies can be blocked or disguised and is therefore fallible. For example, THERMAL DETECTORS can detect when a person with a nor-mal body temperature of 98.6 degrees Fahrenheit enters a room with a temperature of65 degrees Fahrenheit, because the person's presence changes the room's ambient temperature. Thermal detectors are also used in fire detection -CONTACT AND WEIGHT SENSORS work when a foot steps on a pressure-sensitive pad under a rug or when a window is opened. -VIBRATION SENSORS also fall into this category, except that they detect movement of the sensor rather than movement in the environment. Computer Rooms and Wiring Closets: Computer rooms and wiring and communications closets require special attention to ensure the confidentiality, integrity, and avail-ability of information. -Logical access controls are easily defeated if an attacker gains physical access to the computing equipment. Custodial staff members are often the least scrutinized people who have access to an organization's offices, yet custodians are given the greatest degree of unsupervised access. They are often handed the master keys to the entire building and then ignored, even though they collect paper from every office, dust many desks, and move large containers from every area. Therefore, it is not difficult for a custodian to gather critical information and computer media or copy proprietary and classified information. An organization's custodians should not be under constant suspicion of espionage, but their wide-reaching access can be a vulnerability that attackers exploit to gain unauthorized information. Factual accounts exist of technically trained agents working as custodians in the offices of their competition. Thus, custodial staff should be carefully supervised not only by the organization's general management but by information security management. Interior Walls and Doors: The security of information assets can sometimes be compromised by improper construction of a facility's walls and doors. The walls in a facility typically consist of two types: standard interior and firewall. -Building codes require that each floor have a number of firewalls—walls that limit the spread of damage should a firebreak out in an office. While the network firewalls discussed in an earlier chapter isolate the logical subnetworks of the organization, physical firewalls isolate the physical spaces of the organization's offices. -Between the firewalls, standard interior walls compartmentalize the individual offices. Unlike firewalls, these interior walls reach only partially to the next floor, which leaves a space between the ceiling and the floor of the next level. This space is called a PLENUM, and is usually one to three feet wide to allow for ventilation systems that can inexpensively collect returned air from the offices on the floor. For security, however, this design is not ideal, because a person can climb over the wall from one office to the next. As a result, all computer rooms, wiring closets, and other high-security areas must be surrounded by firewall-grade walls to provide physical security against potential intruders and fires. -It is a fairly common practice to break into a low-security business in a mini-mall, use a sledgehammer to break through the drywall walls that separate the businesses, and then rob each in turn. -The doors that allow access into high-security rooms should also be evaluated, because standard office doors often provide little or no security. -To secure doors, install push or crash bars on computer rooms and closets. These bars are much more difficult to open from the outside than standard pull handles and thus provide much higher levels of security, but they also allow for a safe exit in the event of an emergency. Rooms that contain high-value items like computer servers should be constructed with floor-to-ceiling, solid walls that prevent crawling over or punching through.
Power Management and Conditioning
Electrical power is another aspect of the organization's physical environment that is usually considered within the realm of physical security. Power systems used by information-processing equipment must be properly installed and correctly grounded. Because computers sometimes use the normal 60-Hertz cycle of electricity in alternating current to synchronize their clocks, noise that interferes with this cycle can result in inaccurate time clocks or, even worse, unreliable internal clocks inside the CPU.
Fire Detection
Fire Detection: Fire detection systems fall into two general categories: manual and automatic. -Manual fire detection systems include human responses, such as calling the fire department, and manually activated alarms, such as sprinklers and gaseous systems. -Organizations must use care when manually triggered alarms are tied directly to suppression systems because false alarms are not uncommon. -During the chaos of a fire evacuation, an attacker can easily slip into offices and obtain sensitive information. To help prevent such intrusions, fire safety programs often designate a person from each office area to serve as a floor monitor. There are three basic types of fire detection systems: thermal detection, smoke detection, and flame detection. THERMAL DETECTION SYSTEMS contain a sophisticated heat sensor that operates in one of two ways: -FIXED-TEMPERATURE SYSTEMS detect when the ambient temperature in an area reaches a predetermined level—usually 135 to 165 degrees Fahrenheit, or 57 to 74 degrees Celsius. -RATE-OF-RISE SENSORS detect an unusually rapid increase in the area temperature within a relatively short period of time. -Thermal detection systems are inexpensive and easy to maintain. Unfortunately, they usually don't catch a problem until it is already in progress, as in a full-blown fire. As a result, thermal detection systems are not a sufficient means of fire protection in areas where human safety could be at risk. They are also not recommended for areas that contain high-value items or items that could be easily damaged by high temperatures. SMOKE DETECTION SYSTEMS are perhaps the most common means of detecting a potentially dangerous fire, and they are required by building codes in most residential dwellings and commercial buildings. Smoke detectors operate in one of three ways. -PHOTOELECTRIC SENSORS use infrared beams that activate the alarm when interrupted, presumably by smoke. -IONIZATION SENSORS contain a small amount of a harmless radioactive material within a detection chamber. When certain by-products of combustion enter the chamber, they change the level of electrical conductivity within the chamber and activate the detector. Ionization sensors are much more sophisticated than photoelectric sensors and can detect fires much earlier, because invisible by-products can be detected long before enough visible material enters a photoelectric sensor to trigger a reaction. -AIR-ASPIRATING DETECTORS are sophisticated systems that are used in high-sensitivity areas. They work by taking in air, filtering it, and moving it through a chamber that contains a laser beam. If the laser beam is diverted or refracted by smoke particles, the system is activated. These types of systems are typically much more expensive than systems that use photoelectric or ionization sensors; however, they are much better at early detection and are commonly used in areas where extremely valuable materials are stored. -FLAME DETECTOR: The third major category of fire detection systems is the flame detector which detects the infrared or ultraviolet light produced by an open flame. These systems compare a scanned area's light signature to a database of known flame light signatures to determine whether to activate the alarm and suppression systems. -While highly sensitive, flame detection systems are expensive and must be installed where they can scan all areas of the protected space. They are not typically used in areas where human lives are at stake; however, they are quite suitable for chemical storage areas where normal chemical emissions might activate smoke detectors.
Fire Suppression
Fire suppression systems can consist of portable, manual, or automatic apparatus. Portable extinguishers are used in a variety of situations where direct application of suppression is preferred or a fixed apparatus is impractical. Portable extinguishers are much more efficient for smaller fires because triggering an entire building's sprinkler systems can cause extensive damage. -Portable extinguishers are rated by the type of fire they can combat, as follows: • Class A fires: These fires involve ordinary combustible fuels such as wood, paper, textiles, rubber, cloth, and trash. Class A fires are extinguished by agents that interrupt the ability of the fuel to be ignited. Water and multipurpose dry chemical fire extinguishers are ideal for these types of fires. • Class B fires: These fires are fueled by combustible liquids or gases, such as solvents, gasoline, paint, lacquer, and oil. Class B fires are extinguished by agents that remove oxygen from the fire. Carbon dioxide, multipurpose dry chemical, and Halon fire extinguishers are ideal for these types of fires. • Class C fires: These fires are caused by energized electrical equipment or appliances. Class C fires are extinguished with nonconducting agents only. Carbon dioxide, multi-purpose dry chemical, and Halon fire extinguishers are ideal for these types of fires. Never use a water fire extinguisher on a Class C fire. • Class D fires: These fires are fueled by combustible metals, such as magnesium, lithium, and sodium. Class D fires require special extinguishing agents and techniques. • Class K fires: These fires are fueled by combustible cooking oil and fats in commercial kitchens. These fires are classified as Class F in Europe and Australasian environments. These fires require special water mist, dry powder, or CO2 agents to extinguish. -Manual and automatic fire response systems include those designed to apply suppressive agents. They are usually either sprinkler or gaseous systems. All SPRINKLER SYSTEMS are designed to apply a liquid, usually water, to all areas in which a fire has been detected, but an organization can choose from one of three implementations: wet-pipe, dry-pipe, or pre-action systems. -A WET-PIPE SYSTEM contains pressurized water in all pipes and has some form of valve in each protected area. When the system is activated, the valves open, sprinkling the area. This system is best for areas where a fire represents a serious risk to people, but damage to property is not a major concern. The most obvious drawback to this type of system is water damage to office equipment and materials. A wet-pipe system is not usually appropriate in computer rooms, wiring closets, or anywhere electrical equipment is used or stored. There is also the risk of accidental or unauthorized activation. -A DRY-PIPE SYSTEM is designed to work in areas where electrical equipment is used. Instead of holding water in the distribution pipes as a standard wet-pipe system does, this type of system contains pressurized air. The air holds valves closed, keeping the water away from the target areas until the system is triggered. When a fire is detected, the sprinkler heads are activated, the pressurized air escapes, and water fills the pipes and exits through the sprinkler heads. This reduces the risk of accidental leakage from the system. (DELUGE SYSTEMS keep the pipes empty and all of the individual sprinkler heads open; as soon as the system is activated, water is immediately applied to all areas. This is not the optimal solution for computing environments, as other more sophisticated systems can suppress the fire without damaging computer equipment.) -PRE-ACTION SYSTEM: A variation of the dry-pipe system is the pre-action system. This approach has a two-phase response to a fire. Under normal conditions, the system has nothing in the delivery pipes. When a fire is detected, the first phase is initiated, and valves allow water to enter the system. At that point, the system resembles a wet-pipe system. The pre-action system does not deliver water into the protected space until the individual sprinkler heads are triggered, at which time water flows only into the area of the activated sprinkler heads. -WATER MIST SPRINKLERS, the newest form of sprinkler systems, rely on ultra-fine mists instead of traditional shower-type systems. The water mist systems work like a traditional water system by reducing the ambient temperature around the flame, minimizing its ability to sustain the necessary temperature needed to maintain combustion. Unlike traditional water sprinkler systems, however, these systems produce a fog-like mist that stays buoyant (airborne) much longer because the droplets are much less susceptible to gravity. As a result, a much smaller quantity of water is required; also, the fire is extinguished more quickly, which causes less collateral damage. Compared with gaseous systems, which are discussed next, water-based systems are inexpensive, nontoxic, and can often be created by using an existing sprinkler system that may have been present in earlier construction. GASEOUS EMISSION SYSTEM: Gaseous (or chemical gas) emission systems can be used in the suppression of fires. They are often used to protect chemical and electrical processing areas, as well as facilities that house computing systems -Gaseous fire suppression systems are either self-pressurizing or must be pressurized with an additional agent. Until recently, the only two major types of gaseous systems were carbon dioxide and Halon. -Carbon dioxide extinguishes a fire by removing its supply of oxygen. Unfortunately, any living organisms that also rely on oxygen are similarly extinguished. Asa result, carbon dioxide systems are not commonly used in residential or office environments, where people or animals are likely to be present. -The alternative is Halon. Halon is one of a few chemicals designated as a CLEAN AENT, which means that it does not leave any residue after use, nor does it interfere with the operation of electrical or electronic equipment. As a result, Halon gas-based systems are the preferred solution for computer rooms and communications closets. Unlike carbon dioxide, Halon does not rob the fire of its oxygen, but instead relies on a chemical reaction with the flame to extinguish it. Therefore, Halon is much safer than carbon dioxide when people or animals are present. Although Halon can cause suffocation like a carbon dioxide system, the dosage levels required are much higher, so Halon-based systems provide additional time for people to exit areas. Because the EPA has classified Halon as an ozone-depleting substance, new installations of the controlled types of Halon are prohibited in commercial and residential locations. The alternatives are less effective, but safer than Halon. -It is also important to have fire suppression systems that are both manual and automatic, and that are inspected and tested regularly.
Fire Response and Detection
Fire suppression systems typically work by denying an environment one of the three requirements for a fire to burn: temperature (an ignition source), fuel, and oxygen. While the temperature of ignition, or flame point, depends on the material, it can be as low as a few hundred degrees. Paper, the most common combustible in an office, has a flame point of 451 degrees Fahrenheit, a fact used to dramatic effect in Ray Bradbury's novel Fahrenheit 451. -Water and water mist systems work to reduce the temperature of the flame in order to extinguish it and to saturate some types of fuels (such as paper) to prevent ignition. -Carbon dioxide (CO2) systems rob fire of its oxygen. -Soda acid systems deny fire its fuel, preventing the fire from spreading. -Gas-based systems, such as Halon and its approved replacements by the Environmental Protection Agency (EPA), disrupt the fire's chemical reaction but leave enough oxygen for people to survive for a short time.
Grounding and Amperage
Grounding ensures that the returning flow of current is properly discharged to the ground. If the grounding elements of the electrical system are not properly installed, anyone who touches a computer or other electrical device could become a ground source, which can cause damage to the equipment and injury or death to the person. -In areas where water can accumulate, computing and other electrical equipment must be uniquely grounded using GROUND FAULT CIRCUIT INTERRUPTION (GFCI) equipment. GFCI is capable of quickly identifying and interrupting a ground fault—for example, a situation in which a person comes into contact with water and becomes a better ground than the electrical circuit's current source. -Organizations should identify the computing systems that are critical to their operations and that must continue to operate during interruptions, and then make sure those systems are connected to a device that assures the delivery of electric power without interruption. This device is called an uninterruptible power supply (UPS). -The capacity of UPS devices is measured using the volt-ampere (or VA) power output rating. UPS basic configurations: the standby, line-interactive, standby online hybrid, standby ferroresonant, double conversion online, and delta conversion online. -STANDBY UPS: an offline battery backup that detects the interruption of power to equipment and activates a transfer switch that provides power from batteries through a DC to AC converter until normal power is restored or the computer is shut down. Because this type of UPS is not truly uninterruptible, it is often referred to as a standby power supply(SPS). The advantage of an SPS is that it is the most cost-effective type of UPS. However, the savings may be outweighed by the system's significant drawbacks, such as its limited runtime and the amount of time it takes to switch from standby to active. An SPS is seldom used in critical computing applications and is best suited for home and light office use. -A STANDBY FERRORESONANT UPS improves upon the standby UPS design. It is still an offline UPS, with the electrical service providing the primary source of power and the UPS serving as a battery backup. The primary difference is that a ferroresonant transformer replaces the UPS transfer switch. The transformer provides line filtering to the primary power source, reducing the effect of some power problems and reducing noise that may be present in the power as it is delivered. This transformer also stores energy in its coils, thereby providing a buffer to fill in the gap between the interruption of service and the activation of an alternate source of power (usually a battery backup). This greatly reduces the probability of system reset and data loss. Standby ferroresonant UPS systems are better suited to settings that require a large capacity of conditioned and reliable power because they are available for uses up to 14,000 VA. With the improvement in other UPS designs, however, many manufacturers have abandoned this design in favor of other configurations. -The LINE-INTERACTIVE UPS has a substantially different design than the previously mentioned UPS models. In line-interactive UPSs, the internal components of the standby models are replaced with a pair of inverters and converters. The primary power source, as with both the SPS and the ferroresonant UPS, remains the power utility, with a battery serving as backup. -However, the inverters and converters both charge the battery and provide power when needed. When utility power is interrupted, the converter begins supplying power to the systems. -Because this device is always connected to the output as opposed to relying on a switch, this model has a much faster response time and incorporates power conditioning and line filtering. -In a DOUBLE CONVERSION ONLINE UPS, the primary power source is the inverter, and the power feed from the utility is constantly recharging the battery, which in turn powers the output inverter. This model allows constant use of the system while completely eliminating power fluctuation. This model of UPS can deliver a constant, smooth, conditioned power stream to the computing systems. -The online UPS is considered the top-of-the-line option and is the most expensive. The only major drawback, other than cost, is that the system generates a lot of heat: the process constantly converts power from the utility's AC feed to the DC used by the battery storage and then converts it back to AC for use by the systems. -An improved model, the DELTA CONVERSION ONLINE UPS, resolves this issue by incorporating a device known as a delta-conversion unit, which allows some of the incoming power to be fed directly to the destination computers, thus reducing the amount of energy wasted and heat generated. Should the power fail, the delta unit shuts off and the batteries automatically compensate for the increased power draw. -Generally, UPS systems provide information for how long they run at specific VA levels. Some smaller-scale UPS scan run for approximately six minutes at 600 VA at full voltage. You should look for a UPS that provides enough time for the computing equipment to ride out minor power fluctuations, and for the user to shut down the computer safely if necessary.
Introduction
Information security requires the protection of both data and physical assets. If it is easy to steal the hard drives from a computer system, then the information on those hard drives is not secure. Therefore, physical security is just as important as logical security to an information security program. -Donn B. Parker lists the following "Seven Major Sources of Physical Loss": 1. Extreme temperature: heat, cold 2. Gases: war gases, commercial vapors, humid or dry air, suspended particles 3. Liquids: water, chemicals 4. Living organisms: viruses, bacteria, people, animals, insects 5. Projectiles: tangible objects in motion, powered objects 6. Movement: collapse, shearing, shaking, vibration, liquefaction, flow waves, separation, slide 7. Energy anomalies: electrical surge or failure, magnetism, static electricity, aging circuitry; radiation: sound, light, radio, microwave, electromagnetic, atomic -As with all other areas of security, the implementation of physical security measures requires sound organizational policy. Physical security policies guide users in the appropriate use of computing resources and information assets, as well as in protecting their own safety in day-to-day operations. -Physical security is designed and implemented in several layers. Each of the organization's communities of interest is responsible for components within these layers, as follows: • General management is responsible for the security of the facility and the policies and standards for secure operation. This includes exterior security, fire protection, and building access, as well as other controls such as guards, guard dogs, and door locks. • IT management and professionals are responsible for environmental and access security in technology equipment locations, and for the policies and standards that govern secure equipment operation. This includes access to server rooms, power conditioning, server room temperature and humidity controls, and more specialized controls like static and dust contamination equipment. • Information security management and professionals are responsible for risk assessments and for reviewing the physical security controls implemented by the other two groups.
Emergency Shutoff
One important aspect of power management in any environment is the ability to stop power immediately if the current represents a safety risk to people or machines. Most computer rooms and wiring closets are equipped with an emergency power shutoff, which is usually a large red button that is prominently placed to facilitate access and that has a cover to prevent unintentional use. These devices are the last line of defense against personal injury and machine damage in the event of flooding or sprinkler activation. -While it is never advisable to allow water to come into contact with a computer, there is a much higher probability of recovering the systems if the power was off when they got wet. At a minimum, hard drives and other sealed devices may be recoverable. Some disaster recovery companies specialize in water damage recovery. Water Problems: Another critical utility is water service. On the one hand, lack of water poses problems to systems, including fire suppression and air-conditioning systems. On the other hand, a sur-plus of water or water pressure poses a real threat. Flooding and leaks can be catastrophic to paper and electronic storage of information. Water damage can result in complete failure of computer systems and the structures that house them. Structural Collapse: Unavoidable environmental factors or forces of nature can cause failures in the structures that house the organization. Structures are designed and constructed with specific load limits, and overloading these design limits inevitably results in structural failure, which could cause personal injury and even loss of life. Scheduling periodic inspections by qualified civil engineers enables managers to identify potentially dangerous structural conditions before a structure fails. Maintenance of Facility Systems: As with any phase of the security process, the implementation of physical security must be constantly documented, evaluated, and tested. Once the physical security of a facility is established, it must be diligently maintained. Testing provides information necessary to improve physical security in the facility and identifies weak points.
Failure of Supporting Utilities and Structural Collapse
Supporting utilities, such as heating, ventilation, and air conditioning, power, and water, have a significant impact on a facility's safe operation. Extreme temperatures and humidity levels, electrical fluctuations, and the interruption of water, sewage, and garbage services can create conditions that inject vulnerabilities in systems designed to protect information.
Remote Computing Security
TELECOMMUTING (or telework) involves off-site computing that uses Internet connections, dial-up connections, connections over leased point-to-point links between offices, and other mechanisms. -as more people become telecommuters, the risk to information traveling via their often unsecured connections is substantial. -To secure the entire network, the organization must dedicate security resources to protecting these home connections. Although the installation of a virtual private network (VPN) may go a long way toward protecting the data in transmission, telecommuters frequently store office data on their home systems, in home filing cabinets, and on off-site media. -To ensure a secure process, the computers that telecommuters use must be made more secure than the organization's systems, because they are outside the security perimeter. -The same principles apply to workers using portable computing devices on the road. Employees who use tablets, smartphones, and notebook computers in hotel rooms should presume that their unencrypted transmissions are being monitored, and that any unsecured notebook computer can be stolen. -Many organizations barely tolerate telecommuting for a number of reasons, foremost among them that such employees generally require two sets of computing equipment, one for the office and one for the home. -However, some organizations do support telecommuting, and they typically fall into one of three groups. -The first is the mature and fiscally sound organization with a sufficient budget to support telecommuting and thus enhance its standing with employees and its own image. -The second group consists of new high-technology companies with large numbers of geographically diverse employees who telecommute almost exclusively. These companies use technology extensively and are determined to make it the cornerstone of their organizations. -The third group overlaps with the second, and is called a VIRTUAL ORGANIZATION. A virtual organization is a group of people from different organizations who form a virtual company, either in leased facilities or through 100-percent telecommuting arrangements. When the job is done, the organization is either redirected or dissolved.
Fire Security and Safety
The most important security concern is the safety of the people in an organization's physical space—workers, customers, clients, and others. The most serious threat to that safety is fire. Fires account for more property damage, personal injury, and death than any other threat to physical security. It is imperative that physical security plans implement strong measures to detect and respond to fires and fire hazards.
Interception of Data
There are three methods of data interception: direct observation, interception of data transmission, and electromagnetic interception. -The first method, direct observation, requires that a person be close enough to the information to breach confidentiality. The physical security mechanisms described in the previous sections limit the possibility of a person accessing unauthorized areas and directly observing information. Incidences of interception, such as shoulder surfing, can be avoided if employees are prohibited from removing sensitive information from the office or are required to implement strong security at their homes. -The second method, interception of data transmissions, has become easier in the age of the Internet. If attackers can access the media transmitting the data, they needn't be anywhere near the source of the information. Because wireless LANs are uniquely susceptible to eavesdropping and current wire-less sniffers are very potent tools, all wireless communications should be secured via encryption. Incidentally, U.S. laws that deal with wiretapping do not cover wireless communications, except for commercial cellular phone calls; courts have ruled that users have no expectation of privacy with radio-based communications media. -The third method of data interception is electromagnetic interception. For decades, scientists have known that electricity moving through cables emits electromagnetic signals (EM). It is possible to eavesdrop on these signals and therefore determine the data carried on the cables without actually tapping into them. In 1985, scientists proved that computer monitors also emitted radio waves, and that images on the screens could be reconstructed from these signals. -Whether data in devices that emit ELECTROMAGNETIC RADIATION (EMR) can actually be monitored, processed, and reconstructed has been a subject of debate and rumor for many years. James Atkinson, an electronics engineer certified by the National Security Agency (NSA), says that practical monitoring of electronic emanations does not exist and claims that stories about such monitoring are just urban legends. -Legend or not, a good deal of money is being spent by the U.S. government and military to protect computers from electronic remote eavesdropping. In fact, the government has developed a program named TEMPEST (key-word) to reduce the risk of EMR monitoring. (Transient Electromagnetic Pulse Emanation Surveillance Technology or Telecommunications Electronics Material Protected from Emanating Spurious Transmissions) -In general, TEMPEST involves the following procedures: ensuring that computers are placed as far as possible from outside perimeters, installing special shielding inside the CPU case, and implementing a host of other restrictions, including maintaining distances from plumbing and other infrastructure components that carry radio waves. Regardless of whether the threat from eavesdropping on electromagnetic emanations is real, many procedures that protect against emanations also protect against threats to physical security