PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.
-
Upload
javen-ferry -
Category
Documents
-
view
228 -
download
2
Transcript of PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.
![Page 1: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/1.jpg)
PHYSICAL SECURITY(NSTISSI 4011)
BY
Josef Onuoha
CS 996
![Page 2: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/2.jpg)
Outline
• Goals of Physical Security
• Perimeter and Building protection
• Access Controls
• Distributed Processing
• Stand-alone Systems and Peripherals
• Environment and Life Safety Controls
• Tamper Resistance
![Page 3: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/3.jpg)
Goals of Physical Security
• Prevent unauthorized access to equipment, installations, material, and documents
• Safeguard against espionage, sabotage, damage, and theft
• Safeguard personnel
![Page 4: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/4.jpg)
Perimeter Protection
• Standoff distance– The maintained distance between where a vehicle
bomb is allowed and the target
• Exclusive Standoff Zone– Vehicles are not allowed within perimeter unless they
have been searched and cleared
• Nonexclusive Standoff Zone– Established when a facility or location permits a
mixture of trucks and cars. – Includes inner and outer perimeters
![Page 5: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/5.jpg)
Perimeter Protection
![Page 6: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/6.jpg)
Perimeter Protection
• Speed Control– Controls the speed of
vehicles used for bombs
![Page 7: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/7.jpg)
Perimeter Protection
• Vehicle barriers
![Page 8: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/8.jpg)
Perimeter Protection
• Perimeters should also protect against Standoff weapons such as riffles, shot guns, pistols
• Primary defense is to obstruct Line Of Sight (LOS) from vantage point outside the site– Use a Predetonation Screen
![Page 9: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/9.jpg)
Perimeter Protection
![Page 10: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/10.jpg)
Perimeter Protection
• Surveillance – aggressors remain outside of controlled areas
and try to gather information from within those areas
– Designers must eliminate or control vantage points from which aggressors can surveil or eavesdrop on assets or operations.
• Trees, bushes, fences, other buildings etc
![Page 11: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/11.jpg)
Perimeter Protection
![Page 12: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/12.jpg)
Perimeter Protection
• Lighting– Discourage or deter attempts at entry by intruders.– Prevent glare that may temporarily blind the guards.– Different types
• Continuous, standby, movable
– Different applications• Entrances, Parking areas, Critical areas
• Staffing– Security Guards– Patrols– Dogs
![Page 13: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/13.jpg)
Building Protection
• A Sensitive Compartmented Information Facility (SCIF) is an accredited area, room, group of rooms, buildings, or installation where Sensitive Compartmented Information (SCI) may be stored, used, discussed, and/or processed
• We now focus on construction requirements of a SCIF
![Page 14: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/14.jpg)
Building Protection
• Vault Specifications
![Page 15: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/15.jpg)
Building Protection
• Vault Specification (cont)– minimum compressive strength of 3000 psi
after 28 days of aging for class A– 5/8-inch diameter steel rein- forcing bars laid
6 inches on centers– In seismic areas, 6-inch or thicker RC will be
used.
![Page 16: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/16.jpg)
Building Protection
• Walls– The walls will be of either reinforced concrete
in excess of four inches thick or solid masonry (stone or brick) in excess of eight inches thick
• Floors– The floor and ceiling selected for a Secure
Area will be at least a four inch thickness of concrete
![Page 17: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/17.jpg)
Building Protection
• Entrances– A Secure Area will be equipped with a GSA
Class 6 vault door
• Windows– It is preferable that Secure Area be
windowless . Accessible windows, where required, will be secured with bars, installed as specified in the requirements
![Page 18: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/18.jpg)
Building Protection
• Barred Window Specifications for SCIF– Type of Installation
• Type A: Requires a steel frame with steel bars welded on it to be bolted to the inside of the facility window frame
• Type B: Requires imbedding the ends of steel bars in the masonry window frame of the facility
• Type C: Requires a grillwork of steel bars to be imbedded in the masonry walls immediately adjacent to the facility window frame
![Page 19: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/19.jpg)
Building Protection
• Sound Attenuation for SCIF– The SCIF walls, windows, floor and ceiling,
including all openings, should provide sufficient sound attenuation to preclude inadvertent disclosure of conversation
– Must meet the following SCT:• Executive Suite 45+• Briefing Rooms 45+• Auditoriums 50+
![Page 20: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/20.jpg)
Building Protection
• Telephone Security for SCIF– Telephone cables and wires which penetrate
a facility's perimeter will enter the facility through one opening and be placed under control at the interior face of the perimeter
– The number of telephone instruments servicing a SCIF will be limited to those operationally necessary
![Page 21: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/21.jpg)
Interior Intrusion Detection Systems
• Structural vibration sensors– Detects energy due to hammering, drilling, etc
• Point sensors– Detects close proximity to an object.
• Passive ultrasonic sensors– detect acoustical energy
• Volumetric Motion sensors– Detects intruder motion within the interior of a
protected volume
![Page 22: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/22.jpg)
Exterior Intrusion Detection Systems
• Fence sensors– Detects penetration generated by mechanical
vibrations and stresses in fence fabric and posts
• LOS sensors– generate a beam of energy and detect
changes in the received energy that an intruder causes by penetrating the beam.
![Page 23: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/23.jpg)
Alarms
• Requirements– perimeter doors will be equipped with high security
balanced magnetic door switches.– Vault doors will be equipped with heat detectors
and balanced magnetic switches. – The interior spaces not continually occupied by
authorized personnel will be protected by motion detection alarms.
– vents and ducts over six inches will be alarmed. – Windows less than 18 feet from ground level will be
alarmed
![Page 24: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/24.jpg)
Alarms
• Types– Motion alarm detectors
• Overt body motion walking through the protected areas at the rate of one step per second for four seconds, in areas protected by ultrasonic, microwave, and other motion detection devices
– Door Switches• Actual opening of doors (or windows or other
openings using door switches) which are protected by balanced magnetic door switches.
![Page 25: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/25.jpg)
Alarms
• Types (cont)– Capacitance Alarms
• Attempts to push hands, arm, or legs through the protected area (air ducts or vents); to touch an item being protected (door, window, wall, etc.); or to move protected objects (security containers).
– Tamper Switches• Removal of the covers for sensors, alarm control
units, day/night switches, and end of the line supervision control units should cause an alarm regardless of the status of the overall system
![Page 26: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/26.jpg)
Physical Access Control
• Designate restricted area: Facilitates enforcement
![Page 27: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/27.jpg)
Physical Access Control
• Locks– Preset Locks and Keys
• Typical door looks– Programmable Locks
• Mechanical (Cipher Locks)• Electronic (Keypad Systems): Digital Keyboard
– Number of Combinations
– Number of Digits in Code
– Frequency of Code Change
![Page 28: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/28.jpg)
Physical Access Control
• Cards– Photo-ID cards– Wireless Proximity readers– Magnetic Strip cards– Smart Cards
• Often Require Use of PIN Number with Card• Readers: Card Insertion, Card Swipe & Proximity
![Page 29: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/29.jpg)
Physical Access Control• DOD Smart Cards (Common Access Cards)
![Page 30: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/30.jpg)
Physical Access Control
• Biometric Devices– Fingerprint/Thumbprint Scan– Retina Scan– Hand Geometry– Facial Recognition– Voice Verification– Problems
• Cost• Speed• Accuracy
![Page 31: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/31.jpg)
Physical Access Control
• Typical verification times for entry-control devices
![Page 32: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/32.jpg)
Physical Access Control
• Visitor identification and control– Visitors, Cleaning teams, Civilians in work areas after
normal work hours, Government contractors
• Personnel– Position Sensitivity Designation – Management Review of Access Lists– Background Screening/Re-Screening– Termination/Transfer Controls– Disgruntled Employees
![Page 33: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/33.jpg)
Physical Access Control
• Movement Control– Escorts– Two-person rule
![Page 34: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/34.jpg)
Distributed Computing
• Threats– To Confidentiality
• Sharing Computers• Sharing Diskettes
– To Availability• User Errors
– To Data Integrity• Malicious Code• Version Control
![Page 35: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/35.jpg)
Physical security of Distributed Computing
• Office Area Controls– Entry Controls– Office Lay-Out– Property controls– Electronic Media Controls– Clean-Desk Policy– Space protection devices
• Heat/Humidity considerations
![Page 36: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/36.jpg)
Stand-alone Systems and Peripherals
• PC Physical Control– Cable locks
• Vinyl-covered steel cable anchoring the PC or peripheral to desk
– Port controls– Devices that secure data ports (such as USB
ports) and prevent their use
![Page 37: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/37.jpg)
Stand-alone Systems and Peripherals
• PC Physical Control (cont)– Switch Controls
• A cover for the on/off switch, which prevents a user from switching off the file server’s power
– Peripheral switch controls• Lockable switches that prevent a keyboard from
being used
– Electronic Security Boards• Boards inserted into an expansion slot in the PC
and force a user to enter a password when the unit is booted
![Page 38: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/38.jpg)
Environment and Life safety Controls
• Environment considerations to physical security include the following
• Electric Power• RFI, EMI
– Implement TEMPEST
• Humidity– Humidity of < 40% increases static elec. Damage
potential
• Emergency power off controls• Voltage monitoring/recording• Surge protection
![Page 39: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/39.jpg)
Environment and Life safety Controls
• Electric Power (cont)– Backup power
• Backup feeders, UPS
– Emergency power generators
![Page 40: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/40.jpg)
Environment and Life safety Controls
• Temperature– Temperatures When Damage Occurs
• Paper Products: 350o
• Computer Equipment: 175o
• Disks: 150o
• Magnetic Media: 100o
• Fire detection– Heat-sensing– Flame-actuated– Smoke-actuated– Automatic dial-up fire alarm
![Page 41: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/41.jpg)
Environment and Life safety Controls
• Fire Extinguishing Systems– Wet pipe– Dry pipe– Deluge
• Suppression mediums– Halon
• Excellent for vaults, equipment cabinets, etc
– Carbon IV Oxide• Great for unattended facilities. Potentially dangerous
![Page 42: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/42.jpg)
Information System Centers
• Site selection– Low visibility– Low natural disaster threat– Easy access to external services such as
police, fire, hospitals, etc
![Page 43: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/43.jpg)
Information System Centers
• Infrastructure– Servers, switches, routers, should be placed
in looked racks and looked rooms– Wiring and cables should be routed through
walls, floors, etc to avoid tampering– Uninterrupted power supply should exist for
computing facility
![Page 44: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/44.jpg)
Tamper Resistance
• A device is said to be tamper-resistant if it is difficult to modify or subvert, even for an assailant who has physical access to the system.
• Specialized materials used to make tampering difficult– One-way screws, epoxy encapsulation, trox
• Closely tied to tamper detection and response
![Page 45: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/45.jpg)
Tamper Detection
• The ability of a device to sense that it is under physical attack and includes– Switches to detect opening of device covers– Sensors to detect changes in light or pressure
within the device– Barrier to detect drilling or penetration of
physical boundary– Paint
![Page 46: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/46.jpg)
Tamper Response
• Tamper Response is the counter measure taken upon the detection of tampering
• Ex.: Erase memory, shutdown/disable device, enable logging
• This is especially very important in the case of cryptographic keys stolen or lost
• This is especially very important in the case of cryptographic keys stolen or lost– Computational errors introduced into a smart card can deduce
the values of cryptographic keys hidden in the smart card – layers of a chip can be uncovered by etching, discerning chip
behavior by advanced infrared probing, and reverse-engineering chip logic
![Page 47: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/47.jpg)
OPSEC
• Operations security (OPSEC) is an analytic process used to deny an adversary information - generally unclassified
• Trains people on the handling of information
• We can apply OPSEC in our daily lives– “What could an adversary glean from the
knowledge of this activity?”
![Page 48: PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996.](https://reader035.fdocuments.us/reader035/viewer/2022062300/56649ca55503460f94965e1f/html5/thumbnails/48.jpg)
Resources
• Physical Security Requirements For NSA/CSS SensitiveCompartmented Information Facilities
• FM 3-19.30 Physical Security, Department of the Army• AR 380-5 Appendix H Classified document and Material
Storage• Smart Card/Common Access Card Program
http://www.don-ebusiness.navsup.navy.mil/portal/page?_pageid=36,74750,48_72991&_dad=pebiz&_schema=PEBIZ