Physical Security Chapter 9 Physical Security “encompasses the design, implementation and maintenance of counter measures that protect the physical resources of an organization including the people, hardware, mission, storage, and processing” Major Sources of Physical Loss 1. Extreme temperature 2. Gases – includes humidity or dry air 3. Liquids – includes water 4. Living organisms – viruses, bacteria, animals, people 5. Projectiles 6. Movement – shaking, vibrating 7. Energy anomalies Security Facility Controls Wall, Fencing, and Gates Guards Dogs ID Cards and Badges Locks and Keys Mechanical Electromechanical Manual Electronic (sensors) Biometric locks Security Facility Controls Mantraps Small enclosure Entry point & different exit point Does not allow access if break-in Electronic Monitoring Alarms & Alarm Systems Computer Rooms and Wiring Closets Require special attention Overlooked Interior Walls and Doors Fire Security and Safety Fire suppression system Water & water mist system Lower temperature Wet material Carbon dioxide systems (rob fire of oxygen) Soda acid (deny fire of fuel) Gas-based – Halon (disrupt fire’s chemical reaction) Fire Detection Systems Thermal detection Smoke detection Air-aspirating systems Flame detector Portable Extinguishers Direct application of suppression is preferred Fixed apparatus is impractical Rated by type of fire they combat Class A Wood, paper, textiles, rubber, cloth, and trash Interrupt the ability of fuel to ignite Portable Extinguishers Class B Solvents, gasoline, paint, lacquer, and oil Remove oxygen from the air Class C Electrical equipment and appliance Non-conducting agents Class D Metals, magnesium, lithium, and sodium Special extinguishing agents and techniques Manual & Automatic Fire Response Wet-pipe Pressurized water in all pipes Some form of valve in each protected area System activated – valves are opened Dry-pipe Work in areas where electrical equipment is used Air hold valves closed Fire is detected – sprinkler heads activated Deluge system Individual sprinkler heads are kept open System activated Pre-action Water mist Gaseous Emission Failure of Supporting Utilities Structural Collapse Heating, Ventilation, & Air Condition Temperature and Filtration Optimal temperature = 70-74 Humidity And Static Electricity Low humidity can cause static electricity Optimal 40-60% Ventilation Shafts Now – generally 12” in diameter Failure of Supporting Utilities Structural Collapse Power Management and Conditioning Grounding and Amperage Uninterruptible Power Supply Emergency Shutoff Water Problems Structural Collapse Maintenance of Facilities Systems Interception of Data Direct observation Individuals must be close enough to breach confidentiality Risk when info is moved from protected place Interception of data transmission Internet a real problem Direct wiretap Wireless Laws dealing with wiretap do not apply to wireless No expectation of privacy with radio-based communications Interception of Data Electromagnetic interception Monitoring electromagnetic activity Put back together Not proven it can be done Hoax TEMPEST Reduce the risk of EMR monitoring Ensure computers placed as far as possible from outside perimeters Installing special shielding inside CPU case Maintaining distances from plumbing and other infrastructure Mobile and Portable Systems Requires more monitoring than in-house Loss of system = loss of access Tracking technology now available Telecommuting and remote access Information traveling through often unsecure connections Many employers do not supply secure connections Mobile and Portable Systems Hotel rooms Presume unencrypted transmissions being monitored Notebooks lost or stolen Leased facilities Who is attached to network Advanced authentication systems strongly recommended