Post on 30-Mar-2015
transcript
Environmental/Physical Security
ObjectivesPhysical Security - physical protection of the resources of an organization which include people, data, facilities, equipment, systems, etc. Physical security is the first line of defense
***Safety of people is most important for this domain, and trumps all other considerations.
Threats• Natural environmental - Floods, earthquakes,
storms, fires, tornadoes, extreme temperature conditions, etc..
• Supply system - Power distribution, communications interruptions, and interruption of other natural energy resources such as water, steam, gas, etc..
• Manmade - Unauthorized access (internal/external), explosions, damage by employee (deliberate or accidental), vandalism, fraud, theft, etc..
• Political - Strikes, riots, civil disobedience, terrorist attacks, bombings, etc..
****These are all man-made too – know the difference!!!
Layered Security
The purpose is to put enough obstacles in front of an intruder to keep them busy until the authorities can take control of the situation.
**Damage to assets can be minimized.
Site Selection• Visibility
– Surrounding terrain– Building markings and signs– Types of neighbors– Population of the area
• Surrounding area and external entities– Crime rate, riots, terrorism attacks– Proximity to police, medical, and fire stations– Possible hazards from surrounding area
• Accessibility– Road access– Traffic– Proximity to airports, train stations, and highways
• Natural disaster– Likelihood of floods, tornadoes, earthquakes, or hurricanes– Hazardous terrain (mudslides, falling rock from mountains, or excessive
snow or rain)
Facility ConstructionWallsCombustibilityFire Rating – walls protecting IT equipment should be 75 according to the NFPA (National Fire
Protection Agency)Reinforcement for secured areas
CeilingsCombustibilityFire RatingWeight-Bearing RatingDrop Ceilings???
FloorsWeight-Bearing Rating
(Commonly 150 lbs./sq. ft.)CombustibilitySlab??? Raised??? Anti-Static??? Rebar – steel rods encased in concreteSurface material
***Heavy timber construction material - this is a building material – if asked, it is probably the correct answer !!!
Building Layout
Data Center should be in the “middle” to protect from natural disaster.
EX: If you have a 5-story building, put it on the 3rd floor.
**Exam Warning**All environmental controls and safety procedures must ensure
the safety of all personnel, including those with handicaps. Elevators cannot be used during a fire, for example, so employees in wheelchairs must have a compensating control.
CPTED - Crime Prevention Through Environmental Design
“reduce crime by directly affecting behavior”
***uses “zones”
Natural Access Control – enter/leave buildingNatural Surveillance – open space/visibilityTerritorial Reinforcement –dedicated community (sense of ownership)
Target Hardening(alternative to CPTED)
•Denying access through physical and artificial barriers (alarms, locks, fences, and so on).
•Traditional target hardening can lead to restrictions on the use, enjoyment, and aesthetics of an environment.
Underwriter Laboratories - UL
A non-profit organization that provides the necessary classifications and guidelines for physical security.
The organization inspects, tests and classifies various devices and equipment used in physical security.
Perimeter Defenses
• Fences• Gates• Bollards• Lights• CCTV• Locks• Smart Cards• Motion Detectors• Other Alarms• Guards/Dogs
Fences
**PIDAS (Perimeter Intrusion Detection and Assessment System) – sensors on a wire mesh – has a high rate of false alarms
General Fence Height:• 3-4 ft. – deters casual trespassers• 6-7 ft. – too high to easily climb• 8ft + 3 strands of barbed wire – deters most
***Nothing will stop a determined intruder
Chain-Link Fence
Gauge – thickness of metal• 11 gague =.0907 in diameter• 9 gague = .1144 in diameter (residential grade)• 6 gague = .162 in diameter (thickest)**The lower the gauge, the thicker the wire
Meshing – spacing between wires (comes in 2”, 1” and 3/8”)
**Fences with smaller mesh are harder to climb
Chain-Link Fence – cont’d
Extremely Secure: 11 in gauge, 3/8 in meshVery High: 9 in gauge, 1 in meshHigh: 11 in gauge, 1 in meshMinimally High: 6 in gauge, 2 in meshNormal Use: 9 in gauge, 2 in mesh
Gates
Type Description • Class I - Residential (home use) • Class II - Commercial/General Access (parking
garage) • Class III - Industrial/Limited Access (loading
dock for 18-wheeler trucks) • Class IV - Restricted Access (airport or prison)
Bollardsa strong post designed to stop a car; often installed in front of convenience stores, to prevent drivers (who mix up the accelerator and brake) from driving into the store. Many
secure facilities use large concrete planters for the same effect. These devices are usually placed in front of physically weak areas.
Lighting**Direct to areas where an intrusion is likely to occur
Continuous – fixed lighting to flood an area **most commonStandby – supplies illumination in the event that the normal light system
failsMoveable – manually operatedResponsive Area Illumination – lights come on automatically if activity is
detectedEmergency – backup lighting used in an emergencyFresnel –lighthouses/theatres; aims light in a specific directionFloodlights – produces a beam of intense lightFluorescent – produces RFI (radio frequency interference) ***Not good for
outdoor useMercury Vapor – the preferred security light – white with a bluish cast
(stadium lighting) **takes a while to warm upSodium Vapor – similar to mercury, but has a yellow tint ***good in fogQuartz lamp – bright white light; used in areas needing to resemble daylight
Lighting – cont’dLumen – the amount of light 1 candle can createFootcandle – 1 lumen per square footLux – 1 lumen per square meter
American Institute of ArchitectsElevators/lobbies/stairwells – 5-10 fcBuilding entrances – 5 fcWalkways – 1.5 fcParking Garages – 5 fcSite Landscape - .5 fcSurrounding building – 1 fcRoadways - .5 fc
NISTCritical areas require illumination of 2’ wide x 8’ high
Closed Circuit TV (CCTV)Functions: surveillance, deterrence, evidentiary archives***Detective device used to aid in the detecting the presence of intruders in restricted areas. ***Violates privacy - may require employee consent
• CRT (tube cameras) – analog camera - backs up to tape; VHSExam Warning****Tube cameras are sometimes called CRT (cathode ray tube) cameras. Do not confuse CRT cameras with CRT displays: while a CRT camera may be viewed on a CRT display, they are different devices.
• CCD (Charged Couple Discharge) – digital camera - backs up to DVR/NVR (NVR has the advantage of allowing centralized storage of all video data.)
• CCTVs using the normal light spectrum require sufficient visibility to illuminate the field of view which is visible to the camera. - Requires 1-2 footcandles of light
• CCTV displays may display a fixed camera view, autoscan (show a given camera for a few seconds before moving to the next), or multiplexing (where multiple camera feeds are fed into one display).
Other exam trivia:
• Infrared devices can “see in the dark” by displaying heat.• Monochrome cameras can see infrared light.
CRT – cont’d (camera terms)• Auto-iris – adjusts automatically; use in area with changing light (outdoor use)• Manual –iris – fixed; use in areas with fixed lighting• Depth of Field – the area of the environment in focus on the monitor; affected by:
size of lens opening - increases as the size of the opening decreases***Wide-Angle lens has small lens opening – good for general scenery/landscape
distance to object – increases as distance increasesfocal length of the lens - increases as focal length decreaseslight – more light allows for a larger depth of field
• Aperture - the opening through which light travels (see image). Smaller aperture places more of the image in focus, wide aperture lowers depth of field – used in lower light conditions.
• Shadow Depth of Focus – allows for focus on smaller detailsshallow depth – portrait/telephotolarge depth – landscape/wide-angle
• Field of View – entire area viewed by the camera; fixed focal length must be changed to get a different field of view
• Neutral Density Filter – dark focus filter – reduces light• Zoom Lenses – allow for a change of angle or distance• Pan/Tilt – horizontal movement/ vertical movement
WindowsPolycarbonate Acrylic – more resistant to breakage than standard
plate windows. Combustible, may produce toxic fumes, may be prohibited by fire code.
Glass-Clad Polycarbonate – the strongest window available. Resists breakage, chemicals, fires and abrasions; comes in varying depths (the thicker the stronger) $$$$$$
Embedded Wire – 2 windows with wire between….adds strength but lacks aesthetics
Tempered Glass – 5-7 times stronger than regular glass (shatters into small shards – used in cars)
Bullet Resistant (BR) – used in banks. Protects up to a 9mm roundLaminated Glass – adds plastic , is tough to break and shatter like a
web . Comes in various depths. The greater the stronger. (used for windshields)
Solar Film – blocks light but no strengthSecurity Film – transparent film… increases strength
DoorsHollow-core door - most commonly used, easily brokenSolid-core door - recommended for sensitive area such as data center… should be mounted in a strong doorframe as it is usually the weakest point in a door assembly• Fail Safe – defaults to unlocked (concerned w/people; they
can get out)• Fail Secure – defaults to locked (concerned with data; it’s
locked up)• Fail Soft – default to either locked or unlocked – depending on
the situation; may continue, but in a degraded state****People are safe/Data is secure****
**Hinges should always face inwardWhen referring to computer systems, also consider these terms:Failover – switches over to hot backup
Fault-tolerent – continues to operate following a failure
LOCKSThis is just a delay – eventually, it will get busted!
Locks are pick-resistant; not pick-proof
Key Lock – can be picked or bumped. • Warded – uses a skeleton key
(easier to circumvent than Tumbler)• Pin Tumbler – locking cylinders, has more parts
than wardedSpring Bolt/Dead Bolt – enters into a strike plate in
the door jambCombination – always change default combination
LOCKS – cont’d
Button/Key Pad – button wear is a vulnerability. Also subject to brute force and shoulder surfing.
Preset – basic mechanical lock requiring a keyProgrammable – mechanical or electric; subject
to shoulder surfingElectronic – uses electronic key or smart card
CardsSmart Cards - “smart” because they contains a circuit (ICC – Integrated
Circuit Card) - digitally encoded ex: CAC cardsMagnetic Stripe – the stripe stores information but there is no circuit –
THESE ARE NOT SMART CARDS!!Magnetic Strip – rows of copper “strips”Electric Circuit – has more information than the standard smart card.Contact Cards – goes through a readerSwipe Cards – swiped through a readerContactless Cards – use radio frequency identification (RFID) – contain
transponders and are read by transceivers – “wireless proximity reader”Optical-Coded – laser-burned lattice of digital dots (popping up on driver’s
licenses)Proximity Card –either user activated or system sensing – passive, field-
powered, transponderPhotID Cards are “dumb cards”
Cards – cont’d
***Use of cards adds accountability
Vulnerabilities:Side Channel AttacksCard Tampering (there’s a word for this, but I can’t remember)
Intrusion Detection/Motion Sensors
***Intrusion Detection Systems (IDS) do not stop an intruder – they only detects the intrusion.
• Electromechanical system - detects change or break in a circuit; can be strips of foil embedded or connected to windows which, when broken, sounds an alarm. Vibration detectors can detect movement on walls, screens, ceilings, and floors when the fine wires embedded within the structure are broken.
Magnetic contact switches - installed on windows and doors. If the contacts are separated, an alarm will sound. Balanced Magnetic Switch (BMS) – magnet on a door and frame;
sounds alarm when connection is brokenPressure Pad - placed under a rug and activated after hours. If
someone steps on the pad, an alarm initiates. • Volumetric systems – (more sensitive than electromagnetic) - detects changes
in vibration, microwave, ultrasonic frequencies, infrared..etc… (change in “subtle environmental characteristics”). Types of volumetric IDSs are photoelectric, acoustical-seismic, ultrasonic, and microwave
Intrusion Detection/Motion Sensors – cont’d
• Photoelectric system (or photometric system) - detects change in a light beam; can only be used in an environment without windows; emit a beam that hits the receiver… if beam is interrupted, an alarm sounds. Beam can be invisible or visible. (Catherine Zetta Jones– Entrapment)
• Acoustical /Audio detection system - uses microphones to passively listen for abnormalities; susceptible to false alarms.
• Vibration sensors - similar to acoustical; senses vibration in walls and floors – susceptible to false alarms.
• Motion Activated Camera – sounds alarm when intruder enters field of view• Wave-pattern motion detectors - differ in the frequency of the waves they
monitor which are: microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern returns altered, an alarm sounds.
• Proximity/Capacitance detector - emits magnetic field around that which is being monitored. An alarm sounds if the field is disrupted; usually used to protect specific objects (artwork, cabinets, or a safe)
Intrusion Detection/Motion Sensors – cont’d
Infrared Sensors:Active Sensor•ultrasonic/microwave – bounces off of an object•photoelectric – sends a beam of lightPassive Infrared Sensor (PIR) - detects infrared energy created by body heat; identifies the changes of heat waves of an area.
Coaxial Strain-Sensitive Cable – coax is woven through fence w/ electric field (susceptible to EMI and RFI)Time Domain Reflectometry (TDR) – sends radio frequency signals on a cableDual Technology Sensors – combination of microwave and infrared sensors; alarm sounds when BOTH detect the intrusion (reduces false alarms)Microwave and Ultrasonic – radiates controlled pattern of microwave energy and measures
the “echo” time; establishes a baselevel and compares echo response time (it comes back faster if it hit something)
Monostatic- uses single sensing unit that incorporates sending and receivingBistatic– sends invisible volumetric detection field
• Behavioral-based – profile based• Pattern matching – signature based
AlarmsPerimeter alarms - magnetic door and window alarms as well as sensors on the
wall. A break in the circuit will set off an alarm to a central alarm station. Types of alarm systems:• Local System – rings bell on premise• Central Station System – signal is sent to the local station• Proprietary System – an in-house system; has all the bells and whistles of a
3rd party monitoring system• Auxiliary Station System – rings to local fire and police• Remote Station System - An electronic fire alarm system capable of notifying
the fire department when the system is activated by a fire.
Other Monitoring:• Line Supervision – monitors line tampering• Power Supplies – monitors power
Dogs
•Expensive to maintain
•Legal issues(liability)
•They have a lack of judgement
GuardsPROS
Discernment - Able to use human judgmentMulti –functionalVisibility
CONSUnpredictableSubject to human errorCostAvailabilityReliabilityTraining
Tailgating/Piggybacking
• Following an authorized person through a locking device. Policy should forbid employees from allowing tailgating and security awareness efforts should describe this risk.
• Attackers attempting to tailgate often combine social engineering techniques, such as carrying large boxes, increasing the chances an authorized user will “help out” by holding the door open.
Turnstile
• designed to prevent tailgating by enforcing a “one person per authentication” rule, just as they do in subway systems. Secure data centers often use floor-to-ceiling turnstiles with interlocking blades to prevent an attacker from going over or under the turnstile.
• must be designed to allow safe egress in case of emergency. No system should require authentication for egress during emergencies.
*****Turnstiles can also be called a bafflegate
Mantraps
• a preventive physical control with two doors. The first door must close and lock before the second door may be opened. Each door typically requires a separate form of authentication to open; a common combination is PIN (Personal Identification Number) and biometrics. The intruder is trapped between the doors after entering the mantrap.
• must be designed to allow safe egress in case of emergency. No system should require authentication for egress during emergencies.
Electricity• Blackout: prolonged loss of power• Brownout: prolonged low voltage• Fault: short loss of power• Surge: prolonged high voltage• Spike: temporary high voltage• Sag: temporary low voltage• In-rush: initial surge of power• Transient: short duration of noise• Clean: no fluctuation; pure power• Noise: steady interference• Ground: the pathway to the earth to enable excessive voltage to dissipate;
one wire in circuit must be grounded• Power Line Monitor: detects frequency and voltage amplitude changes• Regulator: keeps voltage steady, power clean
Electricity – cont’d• Surge Protector - protect equipment from damage due to electrical surges.
They contain a circuit or fuse which is tripped during a power spike or surge, shorting the power or regulating it down to acceptable levels.
• Uninterruptible Power Supplies (UPS) - temporary backup power in the event of a power outage. They may also “clean” the power, protecting against surges, spikes, and other forms of electrical faults. UPSs provide power for a limited period of time, and can be used as a bridge to generator power.
• Generators - designed to provide power for long periods of times, and will run as long as fuel is available. Sufficient fuel should be stored onsite for the period the generator is expected to provide power. Refueling strategies should be considered. should not be placed in areas impacted by weather events contain complex mechanics; should be tested/serviced regularly
Electricity – cont’d• Common-Mode Noise – radiation generated by the charge difference between
hot and ground wire
• Transverse-Mode noise – (same as above) but between hot and neutral wire
• RFI - Radio Frequency Interference – noise generated from radio waves
• EMI - Electromagnetic Interference – magnetism emitted by any electric conductor: circuits, power cables, network cables… etc..
• Crosss Talk - occurs between poorly shielded network cables – impacts INTEGRITY and possibly CONFIDENTIALITY; can be mitigated via proper network cable management. Never route power cables close to network cables. Network cable choice can also lower crosstalk; Unshielded Twisted Pair (UTP)
cabling is far more susceptible than Shielded Twisted Pair (STP) or coaxial cable. Fiber optic cable uses light instead of electricity to transmit data, and is not
susceptible to EMI.
Electricity – cont’d
TEMPEST (Transient Electro-Magnetic Pulse Emanation Standards & Testing) – standard for controlling emanations emitted by electrical equipment
FARADAY – (Faraday Cage) – an enclosure formed by conductive material or by a mesh of such material. The enclosure blocks out external static electricity fields. (1500 volts from a static charge can cause data loss on a disk drive.)
HVACLatent Cooling – removes moistureSensible Cooling – removes heat (used in a data center)
Data Center humidity: 40-60%• Too high: condensation• Too low: static
Data Center temperature: 70-74F(can be higher if there is adequate air flow)
***USE ANTI-STATIC FLOORS
Positive Air Pressure - ensures higher air pressure inside than out. Air goes out the door when openned/ouside air does not come in (allows smoke to exit in the event of a fire)
Positive Drain – water flows out not in.
FIRE
Fire Triange: HEAT
OXYGEN FUEL
• Reduce Temerature• Reduce Oxygen Supply• Reduce Fuel Supply• Interfere with Chemical Reaction
FireU.S. Class Europe Class Material Suppression Agent A A Common Water or Soda Acid
Combustibles (wood and paper) B B Liquid Halon/halon substitiute,
CO2, or Soda acid
B C Flammable Gases Halon/halon substitute, CO2, or Soda acid
C E Electrical Halon/halon substitiute, CO2
D D Metals Dry powder K F Kitchen (oil or fat) Wet chemicals
Smoke DetectorsIonization – NO LIGHT; it measure particle change; radioactive source creates
small electrical chargePhotoelectric – BEAM OF LIGHT; contains LED (light emitting diode)
(Both alert when interrupted by smoke **Neither has “line of sight” limitation)
Aspirating – draws air into a sample chamberFlame Detectors – detects infrared or ultraviolet light emitted from a fire.
**Needs “line of sight”Heat Sensing – measures temperature change
• Fixed- temperature (lower rate of false alarm• Rate-of-rise
Flame Sensing – senses the “flicker” (infrared energy of the flame)Smoke Sensing – detects smokeAutomatic Dial-Up – calls fire dept. and plays a pre-recorded message
Suppression AgentsWater –the safest of all suppressive agents - removes heat; recommended for CLASS A.
***Cut electrical power when extinguishing a fire with waterSoda Acid (sodium bicarbonate mixed w/water - glass acid vial suspended on top) –
Breaking vial creates a gas and floats on top of the fire; removes heat, starves oxygen supply; CLASS A OR B
Dry Powder (such as sodium chloride) - removes heat and oxygen; smothers fire; Primarily used for CLASS D
Wet Chemical (potassium acetate mixed with water) - covers a grease or oil fire in a soapy film which lowers the temperature; primarily used for CLASS K.
CO2 – RISK: is it is odorless and colorless, and our bodies will breathe it as air. By the time we begin suffocating, it is often too late. Recommended for use in unstaffed areas. Requires special training for use; additional safety controls (such as oxygen tanks) are usually recommended. Removes the oxygen. Use for CLASS B or C
***A gas mask can not be used with CO2 – it sucks out the oxygen!!
Halon – interferes with the chemical reaction; breaks the triangle - see next slide
Halon/Halon ReplacementsMontreal Protocol (1987) –IS Cworldwide ban of ozone depleting CFC’s - amended in 1992
to establish a phase-out schedule (CARRIED OUT IN THE US AS PART OF THE CLEAN AIR ACT)
Halon and Halon Substitutes – causes a chemical reaction that consumes energy and lowers the temperature
• Argon – IG55• FE-13 – HFC23 - the newest of these agents, and comparatively safe; can be breathed in
concentrations of up to 30%. (Other types typically only safe up to 10-15% concentration.)
• FM-200 – HFC227 – the most commonly used• Inergen – IG541 – not halocarbon agent; it is an inert gas agent• CEA – 410• CEA – 308• NAS – S – III (HCFC Blend A)• Argonite – IG01
Trick Question:**HFC – 22 – (R-22) – refrigerant of choice – used in heat pumps and A/C units (a bi-
product of this is HFC-23)
Countdown Timer
CO2, halon, and halon substitutes such as FM-200 are considered gas-based systems. All gas systems should use a countdown timer (both visible and audible) before gas is released. This is primarily for safety reasons, to allow personnel evacuation before release. A secondary effect is to allow personnel to stop the release in case of false alarm.
SprinklersWet Pipe – has water right up to the sprinkler head which contains a metal or small glass bulb designed to melt or break at a specific temperature. The bulbs come in different colors, which indicate the trigger temperature:
• orange (135 °F/57 °C)• red (155 °F/68 °C)• yellow (175 °F/79 °C)• green (200 °F/93 °C)• blue (286 °F/141 °C)
Dry Pipe - also has a closed head, but filled with compressed air. Water is held back as long as sufficient air pressure remains in the pipes. As the sprinkler heads open, the air pressure drops allowing water to flow. Often used in areas where water may freeze, such as parking garages.
Deluge - similar to dry pipes, except the sprinkler heads are open and much larger. The pipes are empty at normal air pressure; the water is held back by a deluge valve. The valve is opened when a fire alarm triggers.
Pre-Action - a combination of wet, dry, or deluge systems, and require two separate triggers to release water. Single interlock systems release water into the pipes when a fire alarm triggers. The water releases once the head opens. Used in areas such as museums, where accidental discharge would be expensive.
Single interlock – releases waterDouble interlock - use compressed air (same as dry pipes): the water will not fill the pipes until both
the fire alarm triggers and the sprinkler head opens. Used in cold areas such as freezers to avoid frozen pipes.
Gas Discharge – usually installed under floor boards to smother a fire
Fire Extinguisher• All portable fire extinguishers should be marked with the type of
fire they are designed to extinguish.• Portable extinguishers should be small enough to be operated by
any personnel who may need to use one. This means those old brass monster extinguishers are not a recommended control.
• Use the “PASS” method to extinguish a fire with a portable fire extinguisher:
Pull the pin Aim low Squeeze the pin Sweep the fire
Evacuation
Safety Warden – ensures everyone is evacuated from the building
Meeting Point Leader – ensures everyone is accounted for
Emergency Procedure should include:• Shutdown procedure• Evacuation procedure• Employee Training/Drills• Equipment and System tesing
Fire Misc. Computer Systems are toast @ 175F Magnetc Storage is toast @ 100F Paper is toast @ 350F
Noncombustible – will not aid or add appreciable heat to an ambient flameFire Retardent – lessens or prevents the spread of a fireNon-flammable – will not burnFire Resistant – applicable for use in a computer room
Plenum Areas - wiring and cables should be strung in spaces above dropped ceilings, in wall cavities, and the space under raised floors. Only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.
Plenum Cables – do not release hazardous gass when burned.
Media Handling
Store media offsite.• Use bonded/insured companies• Site should be reasonable distance (accessible,
but not subject to the same natural disasters)Media should be securely cleaned/destroyed
before disposal – AVOID OBJECT REUSE (also a target of dumpster-diving)
Data RemovalRemanence – remnants of data left behind – data is still
there (deleting files or formatting a hard disk)Overwriting – writes over previous data – more secure than
deleting of reformatting – less secure than destructionDegausing – destroys the integrity by exposure to a
magnetic field (disks can usually no longer be formatted) Oersted - A unit of magnetic intensity equal to the intensity of a magnetic field in a vacuum. Coercivity - The amount of applied magnetic field (of opposite polarity) required to reduce magnetic induction to zero. The ease (or difficulty) by which magnetic media can be demagnetized. A tape with a rating of 1800 oersteds or higher will also be called a high coercivity tape.