Physical Security
Chapter 9
Physical Security
“encompasses the design, implementation and
maintenance of counter measures that protect the
physical resources of an organization including the
people, hardware, mission, storage, and processing”
Major Sources of Physical
Loss
1.
Extreme temperature
2.
Gases – includes humidity or dry air
3.
Liquids – includes water
4.
Living organisms – viruses, bacteria, animals, people
5.
Projectiles
6.
Movement – shaking, vibrating
7.
Energy anomalies
Security Facility Controls
 Wall, Fencing, and Gates
 Guards
 Dogs
 ID Cards and Badges
 Locks and Keys
 Mechanical
 Electromechanical
 Manual
 Electronic (sensors)
 Biometric locks
Security Facility Controls
 Mantraps
 Small enclosure
 Entry point & different exit point
 Does not allow access if break-in
 Electronic Monitoring
 Alarms & Alarm Systems
 Computer Rooms and Wiring Closets
 Require special attention
 Overlooked
 Interior Walls and Doors
Fire Security and Safety
 Fire suppression system
 Water & water mist system
 Lower temperature
 Wet material
 Carbon dioxide systems (rob fire of oxygen)
 Soda acid (deny fire of fuel)
 Gas-based – Halon (disrupt fire’s chemical reaction)
 Fire Detection Systems
 Thermal detection
 Smoke detection
 Air-aspirating systems
 Flame detector
Portable Extinguishers
Direct application of suppression is
preferred
Fixed apparatus is impractical
Rated by type of fire they combat
Class A
Wood, paper, textiles, rubber, cloth, and
trash
Interrupt the ability of fuel to ignite
Portable Extinguishers
 Class B
Solvents, gasoline, paint, lacquer, and oil
Remove oxygen from the air
 Class C
Electrical equipment and appliance
Non-conducting agents
 Class D
Metals, magnesium, lithium, and sodium
Special extinguishing agents and techniques
Manual & Automatic Fire Response
 Wet-pipe
 Pressurized water in all pipes
 Some form of valve in each protected area
 System activated – valves are opened
 Dry-pipe
 Work in areas where electrical equipment is used
 Air hold valves closed
 Fire is detected – sprinkler heads activated
 Deluge system
 Individual sprinkler heads are kept open
 System activated
 Pre-action
 Water mist
 Gaseous Emission
Failure of Supporting Utilities
Structural Collapse
Heating, Ventilation, & Air Condition
Temperature and Filtration
Optimal temperature = 70-74
Humidity And Static Electricity
Low humidity can cause static electricity
Optimal 40-60%
Ventilation Shafts
Now – generally 12” in diameter
Failure of Supporting Utilities
Structural Collapse
Power Management and
Conditioning
Grounding and Amperage
Uninterruptible Power Supply
Emergency Shutoff
Water Problems
Structural Collapse
Maintenance of Facilities Systems
Interception of Data
 Direct observation
 Individuals must be close enough to breach
confidentiality
 Risk when info is moved from protected place
 Interception of data transmission
 Internet a real problem
 Direct wiretap
 Wireless
 Laws dealing with wiretap do not apply to wireless
 No expectation of privacy with radio-based
communications
Interception of Data
 Electromagnetic interception
 Monitoring electromagnetic activity
 Put back together
 Not proven it can be done
 Hoax
 TEMPEST
 Reduce the risk of EMR monitoring
 Ensure computers placed as far as possible from outside
perimeters
 Installing special shielding inside CPU case
 Maintaining distances from plumbing and other infrastructure
Mobile and Portable Systems
 Requires more monitoring than in-house
 Loss of system = loss of access
 Tracking technology now available
 Telecommuting and remote access
 Information traveling through often unsecure
connections
 Many employers do not supply secure connections
Mobile and Portable Systems
 Hotel rooms
 Presume unencrypted transmissions being monitored
 Notebooks lost or stolen
 Leased facilities
 Who is attached to network
 Advanced authentication systems strongly recommended