3.2 Physical Security

Bump key

A bump key is cut to the number nine position with some of the front and shank removed.

Scrubbing

A lock picking method that involves running a pick over all the pins with carefully calculated pressure.

Lock shim

A lock shim is a thin and stiff piece of metal used to open a padlock.

Which of the following best describes a lock shim?

A thin, stiff piece of metal.

Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?

Physical attack

A person in a dark grey hoodie has jumped the fence at your research center. A security guard has detained this person, denying him physical access. Which of the following areas of physical security is the security guard currently in?

Security sequence

Theft

Theft of an organization's assets can be very detrimental. For example if an employee's laptop is stolen, it's not only inconvenient for the employee but also any plans, projects, and other sensitive data that might be on that laptop could be leaked or used against the organization. The more important the position of the employee within the organization, the more serious the theft is.

Security Factors

There are three factors to keep in mind with physical security: Prevention is taking safeguards to protect property, facilities, equipment, and personnel. The safeguards should deter an attack. Detection is identifying the extent of damage, theft, or harm. Recovery is the implementation of security procedures to minimize the impact of an attack and repair any damage in order to get the organization operational again. It also involves hardening the physical security of the organization against future problems.

You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?

Train the receptionist to keep her iPad in a locked drawer.

Environmental Threats

Flood: Flooding can occur for a variety of reasons, including heavy rains, overflowing rivers, broken dams, urban drainage basins, storm surges, broken pipes, and lack of vegetation. Fire: Fires are a common environmental threat. There are many controls available that, if properly implemented, help reduce fire damage and diminish their threat to physical security. Hurricane and tornado: Hurricanes and tornadoes are intense weather events that can be extremely destructive. They often disrupt services, such as electricity and communications networks, and prevent facility access. Tsunami: Tsunamis are caused by underwater earthquakes, volcanic eruptions, or other events that results in the displacement of large volumes of water. Tsunami waves can be tens of feet high and cause an immense amount of destruction. Earthquake: Earthquakes result from the seismic shift of tectonic plates moving along fault lines. Shaking ground, ruptured ground, and landslides can destroy buildings, cause dams to collapse, and ignite ruptured gas lines. Other natural disasters: Other natural disasters include wind storms, electrical storms, blizzards, and other types of extreme weather.

Cold boot attack

In the cold boot attack, the attacker enters the facility and extracts data remanence from RAM that might still be available before the system is completely powered off.

Lock picking

Lock picking involves manipulating the lock's components to open it without a key. A attacker only needs a tension wrench and a pick. A tension wrench is a small, L-shaped tool available in several thicknesses and sizes. A pick is a small, angled, and pointed tool.

On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company?

Man-made threat

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?

Mantraps

Badge cloning

Many employee ID badges use an RFID chip to access their office and other parts of their organization's building. However, this kind of chip can be easily copied to another card. To do this, all an attacker needs is a high-frequency antenna to capture a card's frequency, a card read/write device, a legitimate card, and a blank card. The attacker gets close enough to the legitimate card to read it. Once the card information is read, the attacker can easily clone it.

The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose?

NIST

National Institute of Standards and Technology (NIST)

NIST is an institute that publishes and standardizes the security controls and assessment procedures to protect the integrity of information systems.

Scrubbing

One of the most common ways to pick a lock is called scrubbing. This method involves holding the lock with the tension wrench while quickly scraping the pins with the pick. Some of the pins are placed in a mechanical bind and become stuck in the unlocked position. With practice, an attacker can do this very easily. When all the pins stick, the lock is disengaged.

Security Sequence

Physical security should deploy in the following sequence. If a step in the sequence fails, the next step should implement itself automatically. Deter initial access attempts. Deny direct physical access. Detect the intrusion. Delay the violator to allow for response.

Important aspects of physical security include which of the following?

Preventing interruptions of computer services caused by problems such as fire.

Preventing interruptions of computer services caused by problems such as fire.

Prevention, detection, and recovery

Vandalism

Vandalism is damaging, defacing, or destroying someone else's property. Vandalism can be done by resentful employees or ex-employees; someone with a political agenda or vendetta against the organization; or for other reasons.

Layered Defense

When designing physical security, implement a layered defense system. A layered defense system is one in which controls are implemented at each layer to ensure that defeating one level of security does not allow an attacker subsequent access. Using multiple types of security controls within the same layer further enhances security. Tips for implementing a multi-layered defense system include the following: Protect entry points with a card access system (or some other type of control) as well as a security camera. Use a reception area to prevent the public, visitors, or contractors from entering secure areas of the building without an escort. Use the card access or other system to block access to elevators and stairwells. This will prevent someone who successfully tailgates from gaining further access. Use a different access system such as key locks, keypad locks, or biometric controls to secure offices or other sensitive areas. Implement security within offices and data centers using locking storage areas and computer passwords.

Bump keys

A bump key is cut to the number nine position, which is the lowest possible cut. When the bump key goes inside the lock, the hacker puts a little bit of pressure on the back of the key by either bumping or tapping it. Doing this makes the pins jump inside of the cylinder, creating a temporary shear line that allows enough time for the intruder to quickly turn the lock.

Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras?

A dome camera

Lock shim

Another technique uses lock shims. This tool is, basically, a thin, stiff piece of metal that can be inserted into the latch of the padlock.

BIOS access attack

BIOS attacks have been around for a long time, but should not be overlooked. This attack usually involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the installed operating system.

Destruction

Destruction is similar to vandalism, but it aims to completely destroy the organization's assets. This kind of malicious act could result in significant loss for the organization.

Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?

Employee and visitor safety

Security Aspects

Important aspects of physical security include: Restricting physical access to facilities and computer systems. Preventing interruptions of computer services caused by problems such as loss of power or fire. Preventing unauthorized disclosure of information. Disposing of sensitive material. Protecting the interior and exterior of the facility.

Physical Controls

Perimeter barriers: The first measure in physically securing a building is to secure the perimeter and restrict access to only secure entry points. Methods for securing the perimeter include: Fences to provide an environmental barrier that prevents easy access to the facility. A low fence (3-4 feet) acts as a deterrent to casual intrusion. A higher fence (6-7 feet) acts as a deterrent unless the trespasser has a specific intent to violate security. A fence 8 feet or higher topped with barbed wire is an effective deterrent. Barricades and bollards can be erected to prevent vehicles from approaching the facility. Signs should be posted to inform individuals that they are entering a secured area. Guard dogs are generally highly reliable, but are appropriate only for physical perimeter security. They can be expensive to keep and maintain. Their use might raise issues of liability and insurance. Lighting deters casual intruders, helps guards see intruders, and is necessary for most cameras to monitor the area. To be effective, lights should be placed to eliminate shadows or dark spots. Security guards offer the best protection for perimeter security because they can actively respond to a variety of threat situations. Security guards can also reference an access list, which explicitly lists who can enter a secure facility. However, guards are expensive, require training, and can be unreliable or inconsistent. Closed-circuit television (CCTV): Closed-circuit television can be used as both a preventative tool (when monitoring live events) or as an investigative tool (when events are recorded for later playback). Camera types include the following: A bullet camera has a built-in lens and is long and round in shape. Most bullet cameras can be used indoors or outdoors. A c-mount camera has interchangeable lenses and is typically rectangular in shape with the lens on the end. Most c-mount cameras require a special housing to be used outdoors. A dome camera is a camera protected with a plastic or glass dome. These cameras are more vandal-resistant than other cameras. A pan tilt zoom (PTZ) camera can dynamically move the camera and zoom in on specific areas. Cameras without PTZ capabilities are manually set looking toward a specific direction. Automatic PTZ mode automatically moves the camera between several preset locations; manual PTZ lets an operator remotely control the position of the camera. When selecting cameras, be aware of the following characteristics: The focal length measures the magnification power of a lens. The focal length controls the distance that the camera can see, as well as how much detail can be seen at a specific range. The focal length is expressed in millimeters (mm). A higher focal length lets you see more detail at a greater distance. Most cameras have a 4 mm lens with a range of 30-35 feet, allowing you to see facial features at that distance. A fixed lens camera has a set focal length. A varifocal camera lens lets you adjust the focus (zoom). A 70-degree view angle is the largest view angle possible without image distortion. The resolution is rated in the number of lines (such as 400) included in the image. In general, the higher the resolution, the sharper the image. LUX is a measure of the sensitivity to light. The lower the number, the less light is necessary for a clear image. Infrared cameras can record images in little or no light. Infrared cameras have a range of about 25 feet in no light and further in dimly-lit areas. When CCTV is used in a preventative way, you must have a guard or other person available who monitors one or more cameras. The cameras effectively expand the area that can be monitored by the guard. Cameras can detect only security breaches. Guards can prevent and react to security breaches. Doors: Doors can enhance security if they are properly implemented. Specific door types include the following: A mantrap is a specialized entrance with two doors that create a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. Authentication may include visual identification and identification credentials. Mantraps should permit only a single person to enter, and each person must provide authentication. If authentication is not provided, the intruder is kept in the mantrap until authorities arrive. A turnstile is a barrier that permits entry in only one direction. Physical turnstiles are often used to control entry for large events such as concerts and sporting events. Optical turnstiles use sensors and alarms to control entry. Turnstiles are often used to permit easy exit from a secure area. Entry is controlled through a mantrap or other system that requires authentication for entry. A double-entry door has two doors that are locked from the outside, but have crash bars on the inside that allow easy exit. Double-entry doors are typically used only for emergency exits. Alarms sound when double-entry doors are opened. Regular doors are susceptible to social engineering attacks such as piggybacking, or tailgating, where an unauthorized person follows an authorized person through a door. Mantraps and turnstiles that permit only a single person to enter and require individual authentication are effective deterrents to piggybacking. Door locks: Door locks allow access only to people with the proper key. Lock types are explained in the following list. Pick-resistant locks with restricted key duplication are the most secure key lock. It is important to note that all traditional key locks are vulnerable to lock picking (shimming). Keypad locks require knowledge of a code and reduce the threat of lost keys and cards. Keypads should be cleaned frequently to remove indications of buttons used. Electronic systems often use key cards (or ID badges) instead of keys to allow access. Dumb cards contain limited information. Smart cards have the ability to encrypt access information. Smart cards can be contact or contactless. Contactless smart cards use the 13.56 MHz frequency to communicate with proximity readers. Proximity cards, also known as radio frequency identification (RFID) cards, are a subset of smart cards that use the 125 kHz frequency to communicate with proximity readers. Proximity cards differ from smart cards because they are designed to communicate only the card's identity. A smart card can communicate much more information. Biometric locks increase security by using fingerprints or iris scans. They reduce the threat of lost keys or cards. Physical access logs: Physical access logs are implemented by a facility's guards and require everyone gaining access to the facility to sign in up on entry. Physical access controls: Physical access controls can be implemented inside the facility in the following ways. Physical controls may include key fobs, swipe cards, or badges. Physical controls may include biometric factors such as fingerprint scanners, retinal scanners, iris scanners, voice recognition, and facial recognition. The false acceptance rate (FAR) refers to the likelihood that an unauthorized user will incorrectly be given access. The false recognition rate (FRR) refers to the likelihood that an authorized user will incorrectly be rejected and denied access. Both the FAR and FRR are influenced by the biometric scanners threshold settings. The crossover error rate (CER) is the rate at which the FAR becomes equal to the FRR after adjusting the threshold. The lower the CER, the better the biometric system. To control access to sensitive areas within the facility, require a card swipe or reader. Some systems can track personnel movement within a facility and proactively lock or unlock doors based on each person's access token device. An anti-passback system prevents a card holder from passing a card back to someone else. Physical controls are often implemented along with sensors and alarms to detect unauthorized access. Photoelectric sensors detect motion and are better suited to detect a perimeter breach than interior motion detection. Wave pattern, heat sensing, and ultrasonic sensors are all better suited for interior motion detection than perimeter breach detection. Employee and visitor safety: As you implement physical security, be sure to keep the safety of employees and visitors in mind. Consider the importance of the following actions: Implement adequate lighting in parking lots and around employee entrances. Implement emergency lighting that runs on protected power and automatically switches on when the main power goes off. Implement fail-open locking systems that allow employees to exit your facility quickly in the event of an emergency. Devise escape plans that utilize the best escape routes for each area in your organization. Post these escape plans in prominent locations. Conduct emergency drills to verify that the physical safety and security measures you have implemented function correctly. Protected distribution system: A protected distribution system (PDS) encases network cabling within a carrier. This enables data to be securely transferred directly between two high-security areas through an area of lower security. Three types of PDS are most frequently implemented: In a hardened carrier PDS, network cabling is run within metal conduit. All conduit connections are permanently welded or glued to prevent external access. To identify signs of tampering, regular visual inspections of the carrier should be conducted. In an alarmed carrier PDS, an electronic alarm system replaces the welds and/or glue used to secure a hardened carrier. The electronic alarm system can detect attempts to compromise the carrier and access the protected cable within it. In a continuously viewed carrier PDS, security guards continuously monitor the carrier to detect any intrusion attempt by attackers.