Physical Security “Least sexy of the 10 domains but the best firewall in the world will not stand...
-
Upload
stephen-mitchell -
Category
Documents
-
view
214 -
download
1
Transcript of Physical Security “Least sexy of the 10 domains but the best firewall in the world will not stand...
Physical Security
“Least sexy of the 10 domains but the best firewall in the world will not stand up to a well placed brick.”
Physical Security
Addresses threats, vulnerabilities, countermeasures to physically protect org’s resources & sensitive info
Natural disasters Unauthorized entry and/or theft
Threats Risk analysis or business impact
assessment identify threats Seven major sources of physical loss
1. Temperature2. Gases3. Liquids4. Organisms5. Projectiles6. Movement7. Energy Anomalies
Controls for Physical Security
Administrative Controls Emergency Procedures, Personnel
control, & planning and policy implementation
Physical & Technical Controls
Facility Requirements Planning
Planning done in early stages of construction of data facility
Choosing a Secure Site Designing a Secure Site
Choosing a Secure Site Visibility: neighbors, external markings Local Considerations: near possible threats,
local crime rate Natural Disasters: weather related,
earthquake fault Transportation: excessive air, highway or
road traffic Joint Tenancy: HVAC controls, elecriticity External Services: local emergency,
hospitals
Designing a secure site Walls: fire ratings rooms & storage Ceilings: weight-bearing, fire rating Floors: weight bearing, static, electrical cables Windows: none or translucent & shatterproof Doors: resist forcible entry, fire rating, personnel
safety is first Sprinkler systems: fire resistant rating of not less than
1 hour Liquid or gas lines: positive (outward) flow Air Conditioning: dedicated power circuits, positive air
flow Electrical Requirements: dedicated circuits,
alternative
Facility Security Management Audit Trails
Detecting security violations Performance Problems Design & programming flaws Include: date & time, successful or not, Where
access granted, Who tried, data modified? Detective rather than preventative
Emergency Procedures Include: emergency shutdown procedures,
Evacuation, Employee training, periodic tests
Administrative Personnel Controls
Human resources department
Pre-employment screening Ongoing employee checks Post-employment procedures
Environmental & Life Safety Controls
“Physical controls necessary to sustain either computer’s operating environment (OE) or personnel’s OE”
Main Areas: Electrical Power Fire detection & suppression Heating, Ventilation, & Air Conditioning
(HVAC)
Electrical Power Noise
Radio frequency interference, EMI Cell phones, laptops, other ele. Equip. EMI eavesdropping Power line conditioning, proper shielding,
grounding, magnets, fluorescent lights, electric motors, space heaters
Brownouts & Sag (NYC 15% common) Surges & spikes when come back up
Humidity Low == static (20,000 volts possible)
Fire Detection & Suppression
Fire classes, combustibles, detectors, & suppression methods
Factors in priority order:1. Life safety aspects2. Fire threat of installation to occupants &
property3. Economic loss from computing function4. Economic loss from loss of equipment
Fire Classes & Combustibles
ClassesA. Common combustibles – water or soda
acidB. Liquid – CO2, soda acid, or halon
C. Electrical – CO2 or halon
Fire requires: oxygen, heat, & fuel Water: temperature, soda acid: fuel
supply, CO2 oxygen, halon: chemical reaction
Fire Detectors
Heat sensing Predetermined temp or fast change
Flame-actuated Infrared or pulsation of flame
Smoke-actuated In ventilation systems
Automatic dialup fire alarm
Fire Extinguishing Systems
Water Sprinkler Wet Pipe, Dry Pipe, Deluge, or Preaction
(combination of wet & dry pipe) Gas Discharge
Pressurized inert gas CO2 , halon, argon, argonite, inergen
After the fire Contamination
Smoke: little damage at first, residue Heat Water Suppression medium
Water damage Shutoff power Move equipment Drain Wipe parts & spray
Physical & Technical Controls
Facility Control Requirements Facility Access Control Devices Intrusion Detection & Alarms Computer Inventory Control Media Storage Requirements
Facility Access Control Devices
Security Access Cards Dumb: photo id Smart: digital coded smart card Smarter: processor on card
Wireless Proximity Readers Passive, field powered, transponders
Biometric
Intrusion Detection & Alarms
Perimeter Intrusion Detectors Photoelectric & dry contact switches
Motion Detectors Wave pattern (reflection), capacitance
(electrical field), audio detectors Alarm Systems
Local, central station, proprietary Line supervision
Computer Inventory Control
Physical PC Control Cable locks Port controls Switch Controls Peripheral Switch Controls Electronic Security Boards
Laptops
Media Storage Requirements Ongoing Storage
Access & Environment Disposal
Clearing – overwriting (7 times min), Purging – Degaussing or overwriting, Destruction
Erasing only changes FAT, Damaged sectors not changed, overwrite may not change cause new file shorter,
Encryption of sensitive data