Chap 9 Terminology
What is industrial camoflauge?
Nondescript location that companies pick for their call centers. Rather than making the call center a visible location for angry customers to seek out, many are largely unmarked and otherwise innocuous. Although security through obscurity is not a legitimate technical control, in the physical world being less likely to be noticed can be helpful in preventing many intrusions that might not otherwise happen.
Whatever type of resiliency your organization uses during a disaster requires what after?
Restoration order
What is a critical part of an organizations security?
Availability(think CIA triad) *systems that are offline or otherwise unavailable are not meeting business needs. No matter how strong your confidentiality and integrity controls are, if your systems, networks, and services are not available when they are needed, your organization will be in trouble.
How are bollards used in site security?
Bollards are posts or other obstacles that prevent vehicles from moving through an area. Bollards may look like posts, pillars, or even planters, but their purpose remains the same: preventing vehicle access. Some bollards are designed to be removable or even mechanically actuated so that they can be raised and lowered as needed. Many are placed in front of entrances to prevent both accidents and intentional attacks using vehicles.
What are some factors you must take into account when building cybersecurity resilience?
Cost, maintenance requirements, suitability to the risks that your organization faces
How are vaults and safes secured?
Datacenters are one of the most obvious secure areas for most organizations, as are vaults and safes, which are protected to ensure that unauthorized personnel do not gain access to them. Vaults are typically room size and built in place, whereas a safe is smaller and portable, or at least movable. Datacenters and vaults are typically designed with secure and redundant environmental controls, access controls, and additional security measures to ensure that they remain secure *Administrative controls like two-person integrity control schemes are put in place to secure safes or vaults.
What must be assessed when trying to build redundancy?
Power, environmental controls, hardware and software failures, network connectivity, and any other factor that can fail
How can mantraps be used in site security?
Some organizations use access control vestibules (often called mantraps) as a means to ensure that only authorized individuals gain access to secure areas and that attackers do not use piggybacking attacks to enter places they shouldn't be. An access control vestibule is a pair of doors that both require some form of authorized access to open. The first door opens after authorization and closes, and only after it is closed can the person who wants to enter provide their authorization to open the second door. That way, a person following behind (piggybacking) will be noticed and presumably will be asked to leave or will be reported.
What exist to ensure that data can be restored and to allow backup media to be reused?
Various backup rotation schemes
What's the Use of multiple network paths (multipath) solutions?
ensures that a severed cable or failed device will not cause a loss of connectivity.
What's a common practice for organizations that want to reuse a drive?
Wiping drives using a tool like the open source Darik's Boot and Nuke (DBAN)
What may a site restoration order include?
1. Restore network connectivity and a bastion or shell host. 2. Restore network security devices (firewalls, IPS). 3. Restore storage and database services. 4. Restore critical operational servers. 5. Restore logging and monitoring service. 6. Restore other services as possible.
What is a Nearline backup?
backup storage that is not immediately available but that can be retrieved within a reasonable period of time, usually without a human involved. *Tape robots are a common example of nearline storage, with backup tapes accessed and their contents provided on demand by the robot. **Cloud backups like Amazon's Glacier and Google's Coldline provide lower prices for slower access times and provide what is essentially offline storage with a nearline access model. These long-term archival storage models are used for data that is unlikely to be needed, and thus very slow and potentially costly retrieval is acceptable as long as bulk storage is inexpensive and reliable.
What is a Restoration order?
decisions balance the criticality of systems and services to the operation of the organization against the need for other infrastructure to be in place and operational to allow each component to be online, secure, and otherwise running properly
How can an Air-gap be used?
designs physically separate network segments, thus preventing network connectivity. Air-gapped networks require data to be physically transported, typically after careful inspection and approval to enter the secure zone. *When network security is not sufficient
How can Antidrone systems be used in site security?
include systems that can detect the wireless signals and electromagnetic emissions of drones, or the heat they produce via infrared sensors, acoustic systems that listen for the sounds of drones, radar that can detect the signature of a drone flying in the area, and of course optical systems that can recognize drones. Once they are spotted, a variety of techniques may be used against drones, ranging from kinetic systems that seek to shoot down or disable drones, to drone-jamming systems that try to block their control signals or even hijack them. *A newer concern for organizations is the broad use of drones and unmanned aerial vehicles (UAVs). Drones can be used to capture images of a site, to deliver a payload, or even to take action like cutting a wire or blocking a camera.
What must you keep in mind about drones?
laws also protect drones as property, and shooting down or disabling a drone on purpose may have expensive repercussions for the organization or individual who does so. This is a quickly changing threat for organizations, and one that security professionals will have to keep track of on an ongoing basis.
What is site security?
looks at the entire facility or facilities used by an organization and implements a security plan based on the threats and risks that are relevant to each specific location. That means that facilities used by an organization in different locations, or as part of different business activities, will typically have different site security plans and controls in place.
How can Signage be used in site security?
may not immediately seem like a security control, but effective signage can serve a number of purposes. It can remind authorized personnel that they are in a secure area and that others who are not authorized should not be permitted to enter and should be reported if they are seen. Signs can also serve as a deterrent control, such as those that read "authorized personnel only." However, much like many other deterrent controls, signs act to prevent those who might casually violate the rules the sign shows, not those actively seeking to bypass the security controls an organization has in place.
What are some common elements in designs for redundancy?
Geographic dispersal of systems Separation of servers and other devices in datacenters Use of multiple network paths (multipath) solutions Redundant network devices Protection of power Systems and storage redundancy Diversity of technologies
What are some common sensor systems?
motion, noise, moisture, and temperature detection sensors. Motion and noise sensors are used as security sensors, or to turn on or off environment control systems based on occupancy. Temperature and moisture sensors help maintain datacenter environments and other areas that require careful control of the environment, as well as for other monitoring purposes.
Physical access to systems, facilities, and networks is one of the easiest ways to circumvent what?
technical controls, whether by directly accessing a machine, stealing drives or devices, or plugging into a trusted network to bypass layers of network security control keeping it safe from the outside world.
What are some environmental controls?
the use of hot aisles and cold aisles, play into their ability to safely house servers and other devices. A hot aisle/cold aisle design places air intakes and exhausts on alternating aisles to ensure proper airflow, allowing datacenter designers to know where to provide cool air and where exhaust needs to be handled. *Hot and cold aisles aren't typically considered secure areas, although the datacenter where they are deployed usually is.
What are three major types of disaster recovery sites when using resiliency?
Hot sites have all the infrastructure and data needed to operate the organization. Because of this, some organizations operate them full time, splitting traffic and load between multiple sites to ensure that the sites are performing properly. This approach also ensures that staff are in place in case of an emergency. Warm sites have some or all of the systems needed to perform the work required by the organization, but the live data is not in place. Warm sites are expensive to maintain because of the hardware costs, but they can reduce the total time to restoration because systems can be ready to go and mostly configured. They balance costs and capabilities between hot sites and cold sites. Cold sites have space, power, and often network connectivity, but they are not prepared with systems or data. This means that in a disaster an organization knows they would have a place to go but would have to bring or acquire systems. Cold sites are challenging because some disasters will prevent the acquisition of hardware, and data will have to be transported from another facility where it is stored in case of disaster. However, cold sites are also the least expensive option to maintain of the three types.
How can protected cable distribution schemes be used?
If organizations are concerned about attacks that tap into cables or that attempt to access them through any means, they may deploy a variety of cable protection techniques. Though they are relatively rare in most environments, government installations and other extremely high-security facilities may use locks, secure cable conduits and channels, tamper-evident seals, and even conduit and cables that can detect attempts to access them via pressure changes, changes in shielding conductivity, or other techniques.
What's the key difference between SAN and NAS devices?
A SAN typically provides block-level access to its storage, thus looking like a physical drive. NAS devices usually present data as files, although this line is increasingly blurry since SAN and NAS devices may be able to do both. In that case, organizations may simply use SAN and NAS to describe big (SAN) or smaller (NAS) devices.
What happens if you cant put in place a disaster recovery site using a hot, warm or cold site?
Major cloud infrastructure vendors design across multiple geographic regions and often have multiple datacenters linked inside a region as well. This means that rather than investing in a hot site, organizations can build and deploy their infrastructure in a cloud-hosted environment, and then either use tools to replicate their environment to another region or architect (or rearchitect) their design to take advantage of multiple regions from the start. Since cloud services are typically priced on a usage basis, designing and building an infrastructure that can be spun up in another location as needed can help with both capacity and disaster recovery scenarios.
How is fencing used in site security?
Many facilities use fencing as a first line of defense. Fences act as a deterrent by both making it look challenging to access a facility and as an actual physical defense. Highly secure facilities will use multiple lines of fences, barbed wire or razor wire at the top, and other techniques to increase the security provided by the fence. Fence materials, the height of the fence, where entrances are placed and how they are designed, and a variety of other factors are all taken into consideration for security fencing.
Why should you not wipe an SSD?
Modern SSDs should not be wiped using tools that perform a zero wipe, random fill, or other wiping technique. Instead, SSDs should use the secure erase command if they support it. An even better option is to encrypt the SSD in use using a full-disk encryption tool for its entire lifespan. When the drive needs to be wiped, simply deleting the encryption key ensures that the data is unrecoverable. Why is zero wiping problematic? SSDs are overprovisioned, meaning they contain more space than they report. As they wear due to use, that extra space is put into use, with data remaining in the worn sectors that are no longer mapped. Wiping the drive will write only to the active sectors, leaving data potentially accessible using a low-level drive access tool.
RAID Advantage/Disadvantage...
RAID 0 - Striping Description - Data is spread across all drives in the array. Advantage - Better I/O performance (speed), all capacity used. Disadvantage - Not fault tolerant—all data lost if a drive is lost RAID 1 - Mirroring Description - All data is copied exactly to another drive or drives. Advantage - High read speeds from multiple drives, data available if a drive fails. Disadvantage - Uses twice the storage for the same amount of data. RAID 5 - Striping with parity Description - Data is striped across drives, with one drive used for parity (checksum) of the data. Parity is spread across drives as well as data. Advantage - Data reads are fast, data writes are slightly slower. Drive failures can be rebuilt as long as only one drive fails. Disadvantage - Can only tolerate a single drive failure at a time. Rebuilding arrays after a drive loss can be slow and impact performance. RAID 6 - Striping with double parity Description - Like RAID 5, but additional parity is stored on another drive. Advantage - Like RAID 5, but allows for more than one drive to fail at a time. Disadvantage - Slower write performance than RAID 5 as the additional parity data is managed. Rebuilding arrays after a drive loss can be slow and impact performance. RAID 10 - Mirroring and striping Description - Data is striped across two or more drives and then mirrored to the same number of drives. Advantage - Combines the advantages and disadvantages of both RAID 0 and RAID 1. Disadvantage - Combines the advantages and disadvantages of both RAID 0 and RAID 1. Sometimes written as RAID 1+0.
What are key considerations of SAN devices?
Replicating data, where SANs use RAID to ensure that data is not lost. Some organizations even run a backup SAN with all of the organization's data replicated to it in another location. SANs as a type of backup. Here, a SAN can be looked at as a network attached array of disks. NAS devices are only mentioned under backups, not under replication, but they can be used for data replication and backups.
What are common choices of backup media?
Tape has historically been one of the lowest-cost-per-capacity options for large-scale backups. Magnetic tape remains in use in large enterprises, often in the form of tape robot systems that can load and store very large numbers of tapes using a few drives and several cartridge storage slots. Disks, either in magnetic or solid-state drive form, are typically more expensive for the same backup capacity as tape but are often faster. Disks are often used in large arrays in either a network attached storage (NAS) device or a storage area network (SAN). Optical media like Blu-ray disks and DVDs, as well as specialized optical storage systems, remain in use in some circumstances, but for capacity reasons they are not in common use as a largescale backup tool. Flash media like microSD cards and USB thumb drives continue to be used in many places for short-term copies and even longer term backups. Though they aren't frequently used at an enterprise scale, they are important to note as a type of media that may be used for some backups.
What are two major categories of scalability?
Vertical scalability requires a larger or more powerful system or device. Vertical scalability can help when all tasks or functions need to be handled on the same system or infrastructure. Vertical scalability can be very expensive to increase, particularly if the event that drives the need to scale is not ongoing or frequent. There are, however, times when vertical scalability is required, such as for every large memory footprint application that cannot be run on smaller, less capable systems. Horizontal scaling uses smaller systems or devices but adds more of them. When designed and managed correctly, a horizontally scaled system can take advantage of the ability to transparently add and remove more resources, allowing it to adjust as needs grow or shrink. This approach also provides opportunities for transparent upgrades, patching, and even incident response.
What other systems use images?
Virtualization systems and virtual desktop infrastructure (VDI) also use images to create non persistent systems, which are run using a "gold master" image. The gold master image is not modified when the non persistent system is shut down, thus ensuring that the next user has the same expected experience.
Is there another option besides data destruction?
Yes, nondestructive options are often desirable in a business environment to allow for the reuse of media or devices. Secure drive or media wiping options can be used when the potential for exposure is low or the risks of remnant data exposure are not a significant concern for the organization.
After all your assessment work has been completed, what is created?
a design is created that balances business needs, design requirements and options, and the cost to build and operate the environment. Designs often have compromises made in them to meet cost, complexity, staffing, or other limitations based on the overall risk and likelihood of occurrence for the risks that were identified in the assessment and design phases
What is a USB data blocker?
a device used to ensure that USB cables can only be used to transfer power, not data when chargers and other devices cannot be trusted. An alternative is a USB power-only cable.
What is off-site storage?
a form of geographic diversity, helps ensure that a single disaster cannot destroy an organization's data entirely. *storage either at a site they own and operate or through a third-party service like Iron Mountain
What are proximity cards and readers are considered?
a type of sensor
What is changing the model for backups?
As industry moves to a software-defined infrastructure model, including the use of virtualization, cloud infrastructure, and containers, systems that would have once been backed up are no longer being backed up. Instead, the code that defines them is backed up, as well as the key data that they are designed to provide or to access. This changes the equation for server and backup administrators, and methods of acquiring and maintaining backup storage are changing
How can robotic sentries be used in site security?
Some robots are deployed in specific circumstances to help monitor areas, but widespread deployment of robotic sentries has not occurred yet, robot sentries are relatively rare.
What's the advantage of online backups?
The advantage of online backups is in quick retrieval and accessibility. Online backups help you respond to immediate issues and maintain operations.
When data reaches the end of its lifespan, what should you do?
destroying the media that contains it is an important physical security measure. Secure data destruction helps prevent data breaches, including intentional attacks like dumpster diving as well as unintentional losses through reuse of media, systems, or other data storage devices.
How does a Faraday cage provide site security?
blocks electromagnetic fields. A Faraday cage is an enclosure made up of conductive mesh that distributes charges from wireless device signals, thus stopping them. High-security facilities may be constructed as a Faraday cage, or they may have one inside them to prevent cell phone and other electronic and wireless communications from occurring. Faraday cages are also sometimes used to allow wireless devices to be tested inside them without impacting other production networks and devices.
What is Scalability?
common design element and a useful response control for many systems in modern environments where services are designed to scale across many servers instead of requiring a larger server to handle more workload.
What's Geographic dispersal of systems?
ensures that a single disaster, attack, or failure cannot disable or destroy them. For datacenters and other facilities, a common rule of thumb is to place datacenters at least 90 miles apart, preventing most common natural disasters from disabling both (or more!) datacenters. This also helps ensure that facilities will not be impacted by issues with the power grid, network connectivity, and other similar issues.
What's a Forensic image?
essentially the same technology to capture a bitwise copy of an entire storage device, although they have stronger requirements around data validation and proof of secure handling.
What are recovery controls?
focus on returning to normal operations. Because of this, controls that allow a response to compromise or other issues that put systems into a nontrusted or improperly configured state are important to ensure that organizations maintain service availability.
What is site resiliency?
has historically been a major design element for organizations, and for some it remains a critical design element.
What's Systems and storage redundancy?
helps ensure that failed disks, servers, or other devices do not cause an outage
What are single points of failure?
places where the failure of a single device, connection, or other element could disrupt or stop the system from functioning—must be identified and either compensated for or documented in the design.
What a major example of a type of disaster can have a very broad impact on multiple locations?
hurricanes, Designers who build facilities in hurricane-prone regions tend to plan for resilience by placing backup facilities outside of those hurricane-prone regions, typically by moving them further inland. They will also invest in hurricane proofing their critical infrastructure.
How is lighting used in site security?
plays a part in exterior and interior security. Bright lighting that does not leave shadowed or dark areas is used to discourage intruders and to help staff feel safer. Automated lighting can also help indicate where staff are active, allowing security guards and other staff members to know where occupants are.
How does Network security assist an organization?
plays a role in secure areas, including the use of a screened subnet (also frequently called a demilitarized zone [DMZ]). Screened subnets can be logical or physical segments of a network that are used to contain systems that are accessible by the outside world or some other less secure population. Screened subnets rely on network security devices like firewalls to provide segmentation that limits the flow of traffic into and out of the screened subnet, thus keeping higher security zones secure. The network and other telecommunication lines that an organization uses are also susceptible to attack.
Where can you learn more about various backup schemes?
reading about FIFO, grandfather-father-son, and the Tower of Hanoi schedules.
What is sometimes a neglected element of availability?
resilience
What other option can be used instead of data destruction or wiping of data?
the use of third-party solutions, contracted document and device destruction companies will pick up and remove sensitive documents and media for shredding at their facility, or they will perform the same service on-site. Organizations may opt for a thoroughly documented destruction process, including photos of the devices and per-device destruction certification depending on their security needs. Third-party destruction services are a good fit for many organizations with typical security needs, because they ensure appropriate destruction without requiring internal investment in the tools and time to securely destroy media and systems.
What does an organization need to plan for if a datacenter goes offline?
they need to consider site resilience options as a response control
What is a two-person control scheme?
two trusted staff members must work together to provide access—with dual keys, with passwords, or with two portions of an access control factor. This strategy may be familiar to you from many military movies where nuclear weapons are launched only after two individuals insert their keys and turn them at the same time.
What's Protection of power?
use of uninterruptible power supply (UPS) systems that provide battery or other backup power options for short periods of time; generator systems that are used to provide power for longer outages; and design elements, such as dual-supply or multi supply hardware, ensures that a power supply failure won't disable a server. Managed power distribution units (PDUs) are also used to provide intelligent power management and remote control of power delivered inside server racks and other environments.
How can Badges be used in site security?
used for entry access via magnetic stripe and radio frequency ID (RFID) access systems, badges also often include a picture and other information that can quickly allow personnel and guards to determine if the person is who they say they are, what areas or access they should have, and if they are an employee or guest. This also makes badges a target for social engineering attacks by attackers who want to acquire, copy, or falsify a badge as part of their attempts to get past security. Badges are often used with proximity readers, which use RFID to query a badge without requiring it to be inserted or swiped through a magnetic stripe reader.
What's Separation of servers and other devices in datacenters?
used to avoid a single rack being a point of failure. Thus, systems may be placed in two or more racks in case of a single point failure of a power distribution unit (PDU) or even something as simple as a leak that drips down into the rack.
The decision between tape and disk storage at the enterprise level also raises what question?
whether backups will be online, and thus always available, or if they will be offline backups and will need to be retrieved from a storage location before they can be accessed.
What should a security professional do when it comes to backups?
you need to review organizational habits for backups to see if they match the new models, or if old habits may be having strange results—like backups being made of ephemeral machines, or developers trusting that a service provider will never experience data loss and thus not ensuring that critical data is backed up outside of that lone provider
What are some response/recovery controls?
An important response control in that list is the concept of non persistence. This means the ability to have systems or services that are spun up and shut down as needed. Some systems are configured to revert to a known state when they are restarted; this is common in cloud environments where a code-defined system will be exactly the same as any other created and run with that code. Reversion to a known state is also possible by using snapshots in a virtualization environment or by using other tools that track changes or that use a system image or build process to create a known state at startup. One response control is the ability to return to a last-known good configuration. Windows systems build this in for the patching process, allowing a return to a checkpoint before a patch was installed. Change management processes often rely on a last-known good configuration checkpoint, via backups, snapshots, or another technology, to handle misconfigurations, bad patches, or other issues.
What are some important considerations when using cloud and off-site third-party backup options?
Bandwidth requirements for both the backups themselves and restoration time if the backup needs to be restored partially or fully. Organizations with limited bandwidth or locations with low bandwidth are unlikely to be able to perform a timely restoration. This fact makes off-site options less attractive if quick restoration is required, but they remain attractive from a disaster recovery perspective to ensure that data is not lost completely. Time to retrieve files and cost to retrieve files. Solutions like Amazon's Glacier storage focus on low-cost storage but have higher costs for retrieval, as well as slower retrieval times. Administrators need to understand storage tiering for speed, cost, and other factors, but they must also take these costs and technical capabilities into account when planning for the use of third-party and cloud backup capabilities. Reliability. Many cloud providers have extremely high advertised reliability rates for their backup and storage services, and these rates may actually beat the expected durability of local tape or disk options. New security models required for backups. Separation of accounts, additional controls, and encryption of data in the remote storage location are all common considerations for use of third-party services.
What are some Secure data destruction options?
Destruction method - Burning Description - Most often done in a high-temperature incinerator. Primarily used for paper records, although some incinerators may support electronic devices. Notes - Typically done off-site through a third-party service; leaves no recoverable materials. Destruction method - Shredding Description - Can be done on-site; can support paper or devices using an industrial shredder. Notes - Traditional paper shredders may allow for recovery of documents, even from crosscut shredded documents. For high-security environments, burning or pulping may be required. Destruction method - Pulping Description - Breaks paper documents into wood pulp, removing ink. Materials can be recycled. Notes - Completely destroys documents to prevent recovery Destruction method - Pulverizing Description - Breaks devices down into very small pieces to prevent recovery. Notes - The size of the output material can determine the potential for recovery of data; typically pulverizing results in very small fragments of material. Destruction method - Degaussing Description - Magnetically wipes data from tapes and traditional magnetic media like hard hard drives. Notes - Only effective on magnetic media; will not work on SSDs, flash media, optical media, or paper.
What are two types of camera capabilities?
Motion recognition cameras activate when motion occurs. These types of camera are particularly useful in areas where motion is relatively infrequent. Motion recognition cameras, which can help conserve storage space, will normally have a buffer that will be retrieved when motion is recognized so that they will retain a few seconds of video before the motion started; that way, you can see everything that occurred. Object detection cameras and similar technologies can detect specific objects, or they have areas that they watch for changes. These types of camera can help ensure that an object is not moved and can detect specific types of objects like a gun or a laptop.
How can Fire suppression systems be used in site security?
an important part of safety systems and help with resilience by reducing the potential for disastrous fires. One of the most common types of fire suppression system is sprinkler systems. Some types include Water, Gas & Chemical. There are four major types, including wet sprinkler systems, which have water in them all the time; dry sprinklers, which are empty until needed; pre-action sprinklers, which fill when a potential fire is detected and then release at specific sprinkler heads as they are activated by heat; and deluge sprinklers, which are empty, with open sprinkler heads, until they are activated and then cover an entire area. Gaseous agents, which displace oxygen, reduce heat, or help prevent the ability of oxygen and materials to combust, are often used in areas such as datacenters, vaults, and art museums where water might not be a viable or safe option. Chemical agents, including both wet and dry agents, are used as well; examples are foam-dispensing systems used in airport hangars and dry chemical fire extinguishers used in home and other places.
What's Diversity of technologies?
another way to build resilience into an infrastructure. Using different vendors, cryptographic solutions, platforms, and controls can make it more difficult for a single attack or failure to have system- or organization wide impacts. There is a real cost to using different technologies such as additional training, the potential for issues when integrating disparate systems, and the potential for human error that increases as complexity increases.
How can Visitor logs be used in site security?
are a common control used in conjunction with security guards. A guard can validate an individual's identity, ensure that they enter only the areas they are supposed to, and ensure that they have signed a visitor log and that their signature matches a signature on file or on their ID card. Each of these can be faked, however, an alert security guard can significantly increase the security of a facility.
How can Camera systems be used in site security?
are a common form of physical security control, allowing security practitioners and others to observe what is happening in real time and to capture video footage of areas for future use when conducting investigations or for other reasons. Cameras come in a broad range of types, including black and white, infrared, and color cameras, with each type suited to specific scenarios. In addition to the type of camera, the resolution of the camera, whether it is equipped with zoom lenses, and whether it has a pan/tilt/zoom (PTZ) capability are all factors in how well it works for its intended purpose and how much it will cost.
What's an image?
are a similar concept to snapshots, but most often they refer to a complete copy of a system or server, typically down to the bit level for the drive. This means that a restored image is a complete match to the system at the moment it was imaged. Images are a backup method of choice for servers where complex configurations may be in use, and where cloning or restoration in a short timeframe may be desired.
What are Faraday-bags used for?
are commercially available, often sold as a means of preventing thieves from cloning electronic key fobs for cars. They are also useful as part of a technique used by cell phone thieves to prevent phones from being remotely wiped. Thieves put a stolen phone into a bag or container that acts as a Faraday cage. The phone will be unable to "phone home" and can be wiped or accessed without interference.
How can locks be used in site security?
are one of the most common physical security controls you will encounter. A variety of lock types are commonly deployed, ranging from traditional physical locks that use a key, push buttons, or other code entry mechanisms, to locks that use biometric identifiers such as fingerprints, to electronic mechanisms connected to computer systems with card readers or passcodes associated with them. Locks can be used to secure spaces and devices or to limit access to those who can unlock them. Cable locks are a common solution to ensure that devices like computers or other hardware are not removed from a location. Although locks are heavily used, they are also not a real deterrent for most determined attackers. Locks can be bypassed, picked, or otherwise disabled if attackers have time and access to the lock. Thus, locks are not considered a genuine physical security control. A common phrase among security professionals is "Locks keep honest people honest."
How can Security guards be used in site security?
are used in areas where human interaction is either necessary or helpful. Guards can make decisions that technical control systems cannot, and they can provide additional capabilities by offering both detection and response capabilities. Guards are commonly placed in reception areas, deployed to roam around facilities, and stationed in security monitoring centers with access to cameras and other sensors. Security guards also bring their own challenges; humans can be fallible, and social engineering attempts can persuade guards to violate policies or even to provide attackers with assistance. Guards are also relatively expensive, requiring ongoing pay, whereas technical security controls are typically installed and maintained at lower costs. Consequently, guards are a solution that is deployed only where there is a specific need for their capabilities in most organizations.
How can Alarms or alarm systems be used in site security?
are used to detect and alert about issues, including unauthorized access, environmental problems, and fires. Alarm systems may be locally or remotely monitored, and they can vary significantly in complexity and capabilities. Much like alerts from computer-based systems, alarms that alert too often or with greater frequency are likely to be ignored, disabled, or worked around by staff. *some penetration testers will even find ways to cause alarms to go off repeatedly so that when they conduct a penetration test and the alarm goes off staff will not be surprised and won't investigate the alarm that the penetration tester actually caused
In addition to disk-level protections, why else is RAID used?
backups and replication, which is frequently used to ensure that data loss does not impact an organization. Backups are a copy of the live storage system: a full backup, which copies the entire device or storage system; an incremental backup, which captures the changes since the last backup and is faster to back up but slower to recover; or a differential backup, which captures the changes since the last full backup and is faster to recover but slower to back up. Running a full backup each time a backup is required requires far more space than an incremental backup, but incremental backups need to be layered with each set of changes applied to get back to a full backup if a complete restoration is required. Since most failures are not a complete storage failure and the cost of space for multiple full backups is much higher, most organizations choose to implement incremental backups, typically with a full backup on a periodic basis.
What does backup media involve?
capacity, reliability, speed, cost, expected lifespan while storing data, how often it can be reused before wearing out, and other factors, all of which can influence the backup solution that an organization chooses.
What is face recognition technology?
capture video but can help recognize individuals—but we are mentioning facial recognition here because of its increasing role in modern security systems. You should be aware that facial recognition deployments may have privacy concerns in addition to technical concerns. A variety of factors can play into their accuracy, including the sets of faces they were trained on, the use of masks, or even the application of "dazzle paint" designed to confuse cameras.
What is a snapshot?
captures the full state of a system or device at the time the backup is completed. Snapshots are common for virtual machines (VMs), where they allow the machine state to be restored at the point in time that the snapshot was taken. Snapshots can be useful to clone systems, to go back in time to a point before a patch or upgrade was installed, or to restore a system state to a point before some other event occurred. Since they're taken live, they can also be captured while the system is running, often without significant performance impact. Like a full backup, a snapshot can consume quite a bit of space, but most virtualization systems that perform enterprise snapshots are equipped with compression and de-duplication technology that helps to optimize space usage for snapshots.
What's another camera system used in site security?
closed-circuit television (CCTV), which displays what the camera is seeing on a screen. Some CCTV systems include recording capabilities as well, and the distinction between camera systems and CCTV systems is increasingly blurry as technologies converge. Cameras are not the only type of sensor system that organizations and individuals will deploy.
What are response controls?
controls used to allow organizations to respond to an issue, whether it is an outage, a compromise, or a disaster.
How granular can a back up be?
copies of individual files can be made to retain specific individual files or directories of files. Ideally, a backup copy will be validated when it is made to ensure that the backup matches the original file.
What's Redundant network devices?
multiple routers, security devices like firewalls and intrusion prevention systems, or other security appliances, are also commonly implemented to prevent a single point of failure. Here are examples of ways to implement this: Load balancers, which make multiple systems or services appear to be a single resource, allowing both redundancy and increased ability to handle loads by distributing it to more than one system. Load balancers are also commonly used to allow system upgrades by redirecting traffic away from systems that will be upgraded and then returning that traffic after they are patched or upgraded. NIC teaming, which combines multiple network cards into a single virtual network connection. Redundant network interface cards (NICs) are also used to ensure connectivity in situations where a system's availability is important and multiple systems cannot be reasonably used. Redundant NICs are likely to be connected to independent network paths to ensure end-to-end reliability, whereas NIC teams will connect to the same network devices in case of a NIC failure while providing greater bandwidth.
What's the advantage of offline backups?
offline backups can be kept in a secure location without power and other expense required for their active maintenance. Offline backups are often used to ensure that an organization cannot have a total data loss
How to respond to a severely compromised system?
one alternative is to use live boot media. This is a bootable operating system that can run from removable media like a thumb drive or DVD. Using live boot media means that you can boot a full operating system that can see the hardware that a system runs on and that can typically mount and access drives and other devices. This means that repair efforts can be run from a known good, trusted operating system. Boot sector and memory-resident viruses, bad OS patches and driver issues, and a variety of other issues can be addressed using this technique.
What is one of the most common ways to build resilience?
redundancy—in other words, having more than one of a system, service, device, or other component.
What is RAID?
redundant arrays of inexpensive disks is a common solution that uses multiple disks with data either striped (spread across disks) or mirrored (completely copied), and technology to ensure that data is not corrupted or lost (parity). RAID ensures that one or more disk failures can be handled by an array without losing data.