8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 1/40
C H A P T E R 6K E R R Y C O X , P H . D . , C I S S P
Physical and EnvironmentalSecurity
5/7/2011
1
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 2/40
Introduction to Physical Security
y More a concern today than in 60s and 70s
y Risks Theft, fraud, sabotage, vandalism, accidents
y Countermeasures CCTV , IDSs, employee education, security guards
y Threats
Natural environmental threats
Supply system threats
Manmade threats
Politically motivated threats
y Life Safety Goals5/7/2011
2
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 3/40
The Planning Process
y Understand Risks
Determine the threat profile
Physical security is combination of people, processes,
procedures, and equipmenty External versus Internal Threats
Collusion
Ù 2 or more people work together to carry out fraud
yMonitor physical security program
5/7/2011
3
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 4/40
Risk, Baseline, and Countermeasures
5/7/2011
4
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 5/40
Prevention Through Environmental Design
y CPTED
Proper design of physical environment can reduce crime
Developed in 1960s
y Guidelines Plants and hedges no higher than 2.5 feet tall
Data center located at the center of a facility
Street furnishings facilitate observation
Not include wooded areas CCTV cameras in full view
y Target Hardening Denying access through physical or artificial barriers
5/7/2011
5
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 6/40
Natural Access Control
y Definition
Guidance of people entering and leaving space
Doors, fences, lighting, landscaping
y Security zones 1st CPTED strategy
Different security levels, who needs to be in the zone, risk
Ù Limit the number of entry points.
Ù
Force all guests to go to a front desk and sign in.Ù Reduce the number of entry points even further after hours.
Ù Have a security guard validate a picture ID.
Ù Require guests to sign in and be escorted.
Ù Encourage employees to question strangers.
5/7/2011
6
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 7/40
Security Zones
5/7/2011
7
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 8/40
Environmental Design (cont.)
y Natural Surveillance
2nd CPTED strategy
Organized and mechanical means, and natural strategies
Make criminals uncomfortable through observationy Territorial Reinforcement
3rd CPTED strategy
Creates physical designs extending company¶s physical sphere
of influence, users feel sense of ownership Walls, fences, landscaping, light fixtures, flags, sidewalks, etc.
5/7/2011
8
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 9/40
Designing a Physical Security Program
Includes the following elements:
Ù H V A C systems
Ù Construction materials of walls and ceilings
Ù Power distribution systems
Ù Communication paths and types (copper, telephone, fiber)
Ù Surrounding hazardous materials
Ù Exterior components:
Topography and proximity to airports, highways, railroads
Potential electromagnetic interference Climate, soil, existing fences, detection sensors, cameras
Working hours of employees and operational activities
V ehicle activity
Neighbors
5/7/2011
9
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 10/40
Physical Security Program (cont.)
y Facility
V isibility
Ù Terrain, building markings, neighbors, population
Surrounding areas and external entitiesÙ Crime rates, proximity to police and fire dept., possible hazards
Accessibility
Ù Road access, traffic, proximity to airports, trains, highways
Natural disasters
Ù Likelihood of floods, tornadoes, earthquakes, hurricanes
Ù Hazardous terrain
y Construction
Materials
5/7/2011
10
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 11/40
Physical Security Program (cont.)
y Construction
Walls
Ù Combustibility, fire rating, reinforcement
Doors
Ù Combustibility, fire rating, resistance, emergency marking, etc.
Ceilings
Ù Combustibility, fire rating, weight-bearing rating, drop-ceilings
Windows
Ù Translucent, shatterproof, alarms, placement, accessibility
Flooring
Ù Weight-bearing, combustibility, fire rating, raised flooring
5/7/2011
11
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 12/40
Physical Security Program (cont.)
y Construction (cont.)
H V A C
Ù Positive air pressure, protected intakes, power lines, shut offs
Electric Power SuppliesÙ Backup, clean and steady power, feeders, placement
Water and Gas Lines
Ù Shutoff valves, positive flow, placement
Fire Detection and Suppression
Ù Placement of sensors, detectors, and suppression systems, types
5/7/2011
12
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 13/40
Physical Security Program (cont.)
y Construction (cont.)
Light frame construction material
Ù Least amount of protection
Heavy timber construction materialÙ Used in offices, fire rate of 1 hour
Incombustible material
Ù Steel, loses strength in extreme temps
Ù Fire-resistant material, offers most protection
y Entry Points
Consider and fortify all possible entry points
Ù Weak point is around doors
Ù Windows
5/7/2011
13
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 14/40
Physical Security Program (cont.)
y Internal Compartments
Internal partitions
Ù Only create barriers from one area to another
y Computer and Equipment Rooms One access door and restricted access
5/7/2011
14
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 15/40
Physical Security Controls
5/7/2011
15
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 16/40
Protecting Assets
y Main Threats
Theft, interruptions to services, physical damage,compromised integrity, and unauthorized access
Real Loss
Laptop theft
Ù Tracing software
Securing items
Ù Wall and floor safes
Ù Chests and depositoriesÙ V aults
Passive relocking
Thermal relocking
5/7/2011
16
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 17/40
Internal Support Systems
y Internal Elements
Lights
Air Conditioning
Water
5/7/2011
17
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 18/40
Electric Power
y Electric Power
Failures or fluctuations
y Power Protection
UPS, line conditioners, and backup sourcesÙ Online UPS
Ù Standby UPS
Ù Backup power supplies
y
Electric PowerIssues
Line noise
Electromagnetic Interference (EMI)
Radio Frequency Interference (RFI)
5/7/2011
18
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 19/40
Electric Power (cont.)
y Power Issues
Surge
Blackout
Brownout Noise
Ù V oltage regulators
Ù Line conditioners
y
Preventive Measures and Good Practices Practice safe computing
5/7/2011
19
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 20/40
Environmental Issues
y Proper Controls
Emergency shutoff valves
Positive drains
Static electricity Dry versus humid climates
5/7/2011
20
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 21/40
V entilation
y Closed-loop
Re-circulating air-conditioning system
y Positive Pressurization
Air goes out
y Contaminants Dust
5/7/2011
21
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 22/40
Fire Prevention, Detection, and Suppression
y Fire Prevention
Training employees
Using proper material
y Fire Detection Manual detection
Automatic detection systems
y Fire Suppression
Agent that puts out a fireÙ Water, halon, CO2
y Fire Resistant Ratings
5/7/2011
22
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 23/40
Fire Prevention, Detection, and Suppression
y Fire Resistant Ratings
Four Classes (A,B,C, and D)
Location of suppression agents
y Smoke Activated Photoelectric device
y Heat Activated
Rise of temperature sensors
Fixed temperature sensors Automatic Dial-Up Alarm
5/7/2011
23
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 24/40
Fire Prevention, Detection, and Suppression
y Fire Suppression
Plenum areas (space above dropped ceilings)
y Fire T ypes and Suppression Methods
5/7/2011
24
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 25/40
Fire Prevention, Detection, and Suppression
y Fire Requirements
Fuel
Oxygen
High temperatures
5/7/2011
25
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 26/40
Fire Prevention, Detection, and Suppression
y Water Sprinklers
Wet Pipe
Dry Pipe
Preaction Deluge
5/7/2011
26
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 27/40
Perimeter Security
y 1st Line of Defense
Physical security
Managerial security
y Diversity of controlsy Modes Normal hours
After hours
5/7/2011
27
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 28/40
Facility Access Control
y Definition
Control mechanisms to identify individuals
y Locks
Mechanical locksÙ Warded locks = padlocks
Ù Tumbler locks = key fits in cylinder
Pin tumbler
Wafer tumbler (wafer tumbler locks)
Lever tumbler
Combination locks
Cipher locks
Device locks
5/7/2011
28
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 29/40
Facility Access Control (cont.)
y Locks (cont.)
Cipher locks
Device locks
y Administrative Responsibilitiesy Circumventing Locks Tension wrench
Raking
5/7/2011
29
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 30/40
Locks
5/7/2011
30
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 31/40
Personnel Access Controls
y V erification and Authorization
Anatomical attribute (biometric)
Smart or memory cards (swipe cards)
PhotoID
y Piggybacking
y Access Cards
User-activated readers
System sensing access control readersÙ Proximity devices / transponders
5/7/2011
31
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 32/40
External Boundary Protection Mechanisms
y Purpose
Control pedestrian and vehicle traffic flows
V arious levels of protection for different security zones
Delaying mechanisms to protect against forced entry attempts
Limit and control entry points
y Control T ypes
Access control mechanisms
Physical barriers Intrusion detection
Assessment and Response
Deterrents
5/7/2011
32
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 33/40
External Boundary Protection Mechanisms
y Physical Boundaries
Fencing
Ù At least eight feet high
Ù Gauges and mesh sizes
Gates
Bollards
Lighting
Ù 30 foot radius of illumination
Ù Glare protection
Ù Continuous lighting versus standby lighting
Ù Responsive area illumination
5/7/2011
33
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 34/40
External Boundary Protection Mechanisms
y Physical Boundaries (cont.)
Surveillance Devices
V isual Recording Devices
Ù CCTV
Ù Charged coupled devices (CCDs)
ÙDepth of field
Ù Manual versus auto iris lens
Ù Fixed mounting
Ù PTZ capabilities
5/7/2011
34
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 35/40
CCTV s
5/7/2011
35
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 36/40
Intrusion Detection Systems
y Definition
Detect unauthorized entries and alert authorities
y T ypes of IDSs
Electromechanical systems Photoelectric systems (photometric)
Passive infrared system (PIR)
Acoustical detection
Ù V
ibration sensors Wave pattern motion detectors
Proximity detectors (capacitance detector)
5/7/2011
36
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 37/40
Patrol Force, Guards, and Dogs
y Flexible security
Should have clear, decisive tasks
Can perform multiple tasks
y Dogs Trained against intruders
Cannot always tell difference between authorized and not
5/7/2011
37
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 38/40
Auditing Physical Access
y Review Logs:
The date and time of the access attempt
The entry point at which access was attempted
The user
IDemployed when access was attempted
Any unsuccessful access attempts, especially if duringunauthorized hours
y Physical or digital logs
Not preventive, detective solely
5/7/2011
38
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 39/40
Testing and Drills
y People require training
Documented and practiced
Present users with real-life exercise
y Test and drills Evacuation and emergency response
Drills take place once a year
Updated and improved
Agree upon test parameters
5/7/2011
39
8/6/2019 06+ +Physical+and+Environmental+Security
http://slidepdf.com/reader/full/06-physicalandenvironmentalsecurity 40/40
Sample Questions
y Review end of chapter questions
5/7/2011
40