Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Physical and Infrastructure Security

advertisement 
Chapter 16
Physical and Infrastructure
Security
Physical and Infrastructure
Security
Logical security
•Protects computer-based data from software-based and communicationbased threats
Physical security
•Also called infrastructure security
•Protects the information systems that contain data and the people who use,
operate, and maintain the systems
•Must prevent any type of physical access or intrusion that can compromise
logical security
Premises security
•Also known as corporate or facilities security
•Protects the people and property within an entire area, facility, or building(s),
and is usually required by laws, regulations, and fiduciary obligations
•Provides perimeter security, access control, smoke and fire detection, fire
suppression, some environmental protection, and usually surveillance systems,
alarms, and guards
Physical Security
Overview
• Protect physical assets that support the storage and
processing of information
Involves two
complementary
requirements:
Prevent damage to
physical infrastructure
Concerns include
information system
hardware, physical
facility, support facilities,
and personnel
Prevent physical
infrastructure misuse that
leads to the misuse or
damage of protected
information
Includes vandalism, theft
of equipment, theft by
copying, theft of
services, and
unauthorized entry
Physical Security Threats
Physical situations and
occurrences that threaten
information systems:
•Environmental threats
•Technical threats
•Human-caused threats
Source: ComputerSite Engineering, Inc.
Component or Medium
Flexible disks, magnetic tapes,
etc.
Optical media
Hard disk media
Computer equipment
Thermoplastic insulation on
wires carrying hazardous
voltage
Paper products
Sustained Ambient
Temperature at which
Damage May Begin
38 ºC (100 ºF)
49 ºC (120 ºF)
66 ºC (150 ºF)
79 ºC (175 ºF)
125 ºC (257 ºF)
177 ºC (350 ºF)
Source: Data taken from National Fire Protection Association.
1300
2300
2200
1200
2100
2000
1900
1000
1800
1700
900
1600
1500
800
1400
1300
700
Fire Temperature, ºF
Fire Temperature, ºC
1100
1200
600
1100
1000
500
900
800
400
1
2
3
4
5
6
7
8
Duration, hours
Figure 16.1 Standard Fire Temperature-Time Relations Used for Testing of
Building Elements
Temperature
260 Cº/ 500 ºF
326 Cº/ 618 ºF
415 Cº/ 770 ºF
480 Cº/ 896 ºF
Effect
Wood ignites
Lead melts
Zinc melts
An uninsulated steel file
tends to buckle and expose
its contents
Temperature
625 Cº/ 1157 ºF
Effect
Aluminum melts
1220 Cº/ 2228 ºF
1410 Cº/ 2570 ºF
Cast iron melts
Hard steel melts
Water Damage
Primary danger is an
electrical short
A pipe may burst
from a fault in the
line or from freezing
Floodwater leaving a
muddy residue and
suspended material in
the water
Sprinkler systems set
off accidentally
Due diligence should
be performed to ensure
that water from as far as
two floors above will
not create a hazard
Chemical, Radiological,
and Biological Hazards
•
Pose a threat from intentional attack and from
accidental discharge
•
Discharges can be introduced through the
ventilation system or open windows, and in the
case of radiation, through perimeter walls
•
Flooding can also introduce biological
or chemical contaminants
Dust and Infestation
Dust
• Often overlooked
• Rotating storage media
and computer fans are
the most vulnerable to
damage
• Can also block
ventilation
• Influxes can result from a
number of things:
o Controlled explosion of a
nearby building
o Windstorm carrying debris
o Construction or maintenance
work in the building
Infestation
• Covers a broad range
of living organisms:
o High-humidity conditions can
cause mold and mildew
o Insects, particularly those that
attack wood and paper
Technical Threats
• Electrical power is essential to run equipment
o Power utility problems:
• Under-voltage - dips/brownouts/outages, interrupts service
• Over-voltage - surges/faults/lightening, can destroy chips
• Noise - on power lines, may interfere with device operation
Electromagnetic interference (EMI)
• Noise along a power supply line, motors, fans,
heavy equipment, other computers, cell phones,
microwave relay antennas, nearby radio stations
• Noise can be transmitted through space as well as
through power lines
• Can cause intermittent problems with computers
Human-Caused Threats
• Less predictable, designed to overcome prevention
measures, harder to deal with
• Include:
o Unauthorized physical access
• Information assets are generally located in restricted areas
• Can lead to other threats such as theft, vandalism or misuse
o Theft of equipment/data
• Eavesdropping and wiretapping fall into this category
• Insider or an outsider who has gained unauthorized access
o Vandalism of equipment/data
o Misuse of resources
Physical Security Prevention
and Mitigation Measures
• One prevention measure is the use of cloud
computing
• Inappropriate temperature and humidity
o Environmental control equipment, power supply
• Fire and smoke
o Alarms, preventative measures, fire mitigation
o Smoke detectors, no smoking
• Water
o Manage lines, equipment location, cutoff sensors
• Other threats
o Appropriate technical counter-measures, limit dust entry,
pest control
Uninterruptible
power supply
(UPS) for each
piece of
critical
equipment
Critical
equipment
should be
connected to
an emergency
power source
(like a
generator)
To deal with
electromagnetic
interference (EMI) a
combination of
filters and shielding
can be used
Mitigation
Measures
Technical
Threats
Physical access control
• Restrict building access
• Controlled areas patrolled or guarded
• Locks or screening measures at entry points
• Equip movable resources with a tracking device
• Power switch controlled by a security device
• Intruder sensors and alarms
• Surveillance systems that provide recording and real-time remote viewing
Physical equipment
damage recovery
•Depends on nature of damage
and cleanup
Most essential element of
recovery is redundancy
•Provides for recovery from loss of
data
•Ideally all important data should
be available off-site and updated
as often as feasible
•Can use batch encrypted remote
backup
•For critical situations a remote hotsite that is ready to take over
operation instantly can be created
•May need disaster recovery
specialists
Physical and Logical Security
Integration
• Numerous detection and prevention devices
• More effective if there is a central control
• Integrate automated physical and logical security
functions
o
o
o
o
Use a single ID card
Single-step card enrollment and termination
Central ID-management system
Unified event monitoring and correlation
• Need standards in this area
o FIPS 201-1 “Personal Identity Verification (PIV) of Federal Employees and
Contractors”
PIV Card Issuance
and Management
Access Control
PKI directory &
certificate status
responder
Authorization
data
Physical Access Control
Key
management
Card issuance
& maintenance
Identity profiling
& registration
I&A
Physical
resource
Authorization
Logical Access Control
I&A
Logical
resource
Authorization
Authorization
data
Card reader
/writer
I&A = Identification and Authentication
LEGEND
Shapes
Direction of information flow
PIV card
Processes
PIN input
device
Components
Biometric
reader
PIV Front end
Figure 16.2 FIPS 201 PIV System Model
Shading
PIV system subsystem
Related subsystem
Contactless
smartcard reader
Smartcard
reader
Physical access control
system (PACS) server
Optional
biometric
reader
Vending, e-purse and
other applications
Certificate
authority
PIV
system
card enrollment
station
Smartcard and
biometric middleware
Access
control
system
Camera
Optional
biometric
reader
Smartcard
reader
Card
printer
Smartcard
programmer
Optional
biometric
reader
Active directory
Other user directories
Figure 16.3 Convergence Example
Human resources
database
Unrestricted
Controlled
Limited
Exclusion
CAK+BIO–A
PKI
C
BIO
B
CHUID+VIS
CAK
A
(a) Access Control Model
CONTROLLED
AREA
Fenced-in
area containing
a number of
buildings
LIMITED
AREA
EXCLUSION
AREA
C
B
Building housing
lab space and other
sensitive areas
Room housing
trade secrets
Facility services
HQ
Admin
Buildings
A
Visitor
Registration
(b) Example Use
Figure 16.4 Use of Authentication
Mechanisms for Physical Access Control
Summary
• Overview
• Physical security
threats
o
o
o
o
Natural disasters
Environmental threats
Technical threats
Human-caused physical
threats
• Recovery from
physical security
breaches
• Physical security
prevention and
mitigation
measures
o Environmental threats
o Technical threats
o Human-caused
physical threats
• Integration of
physical and
logical security
o Personal identity
verification
o Use of PIV credentials
in physical access
control systems
Related documents
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
SWOT-Analysis-Worksheet
SWOT-Analysis-Worksheet
The concept of Human Security
The concept of Human Security
MGMT 490 Firm Strategic Analysis 2007
MGMT 490 Firm Strategic Analysis 2007
A. Go through your course outline which is online. B. Choose a topic
A. Go through your course outline which is online. B. Choose a topic
Strategic Management in Action
Strategic Management in Action
Download
advertisement