400 likes | 417 Views
This domain covers the criteria for designing secure sites and facilities, including perimeter security, building and inside security, and secure operational areas. It also addresses threat sources and controls, as well as the use of physical controls such as locks, access logs, CCTV, and intrusion detection systems.
E N D
Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)June 2011 Physical (Environmental) Security
Domain Agenda • Site and Facility Design Criteria • Perimeter Security • Building and Inside Security • Secure Operational Area
Site Location Considerations • Emergency services • Hazards/ threats • Adjacency
Threats to Physical Security • National / environmental • Utility systems • Human-made/ political events
Threat Sources and Controls Threat • Theft • Espionage • Dumpster diving • Social engineering • Shoulder surfing • HVAC access Controls • Locks • Background checks • Disposal procedures • Awareness • Screen filters • Motion sensors in ventilation ducts
Domain Agenda • Site and Facility Design Criteria • Perimeter Security • Building and Inside Security • Secure Operational Area
Perimeter and BuildingBoundary Protections • First line of defense • Protective barriers • Natural • Structural
Fences • Federal, state or local codes may apply • Parking should not be allowed near fences
Controlled Access Points • Gates are the minimum necessary layer • Bollards
Perimeter Intrusion Detection Systems • Detect unauthorized access into an area • Electronic ‘eyes’ • Note that some perimeters IDSs can function inside the perimeter as well.
Types of Lighting • Continuous lighting • Trip lighting • Standby lighting • Emergency exit lighting • Emergency egress lighting
Closed Circuit Television (CCTV) • CCTV Capability Requirements • Detection • Recognition • Identification • Mixing Capabilities • Virtual CCTV Systems
Guards and Guard Stations • Guards • Deterrent • Possible liability • Guard stations
Domain Agenda • Site and Facility Design Criteria • Perimeter Security • Building and Inside Security • Secure Operational Area
Doors • Isolation of critical areas • Lighting of doorways • Contact devices • Guidelines
Building Entry Point Protection • Locks • Lock components • Body • Strike • Strike plates • Key • Cylinder
Types of Locks • Something you have – Keyed • Something you know – Combinations • Something you are - Biometric
Lock Attacks • Lock picking • Lock bumping
Lock Controls • Lock and key control system • Key control procedures • Change combinations • Fail • Soft • Secure • Safe
Other Electronic Physical Controls • Card access • Biometric access methods
Windows and Entry Points • Standard plate glass • Tempered glass • Acrylic materials • Polycarbonate windows • Entry points
Intrusion Detection Systems (IDS) • Closed circuit television • Sensors and monitors
Escorts and Visitor Control • Visitor access control best practices • Picture identity • Photographs • Enclosed area • Authorized escort
Access Logs • Computerized log • Closed circuit TV
Domain Agenda • Site and Facility Design Criteria • Perimeter Security • Building and Inside Security • Secure Operational Area
Equipment Room • Perimeter enclosure • Controls • Policy
Data Processing Facility • Small devices threat • Server room • Mainframes • Storage
Communications and Power • Wireless access points • Network access control • Utility and power rooms
Work Area • Operators • System administrators • Restricted work areas
Equipment Protection • Inventory • Locks and tracing equipment • Data encryption • Disabling I/O ports
Environmental Controls System • Electric power • HBAC • Water / plumbing • Gas • Refrigeration Threat • Loss of power • Overheating • Flood / dripping • Explosion • Leakage
Fire Protection • Prevention – reduce causes • Detection – alert occupants • Suppression – contain or extinguish
Flooding Area Coverage • Water – sprinkler systems • Gas – Halon/CO2/Argon systems • Best practices for systems • Portable extinguishers
Types of Electrical Power Faults • Complete loss of power • Power degradation • Interference (noise) • Grounding
Loss of Electrical Power • UPS • Generators • Goals of power • Power controls
Heating Ventilation Air Condition (HVAC) • Location • Positive pressure • Maintenance
Other Infrastructure Threats • Gas leakage • Water threats
Key Performance Indicators • # of physical security incidents detected • # of false positives for biometrics