740 likes | 991 Views
Physical Security. Chapter 8. Objectives (1 of 2). Describe how physical security directly affects computer and network security. Discuss steps that can be taken to help mitigate risks. Describe the physical security components that can protect your computers and network.
E N D
Physical Security Chapter 8
Objectives (1 of 2) • Describe how physical security directly affects computer and network security. • Discuss steps that can be taken to help mitigate risks. • Describe the physical security components that can protect your computers and network. • Identify environmental factors that can affect security
Objectives (2 of 2) • Identify the different types of fires and the various fire suppression systems designed to limit the damage caused by fires. • Explain electronic access controls and the principles of convergence. • Prevent disclosure through electronic emanations.
Key Terms (1 of 2) • Access tokens • Autoplay • Biometrics • BIOS passwords • Bootdisk • Closed circuit television(CCTV) • Contactless access cards • Convergence • Faraday cage • Layered access • Lighting • LiveCD • Mantrap
Key Terms (2 of 2) • Physical access control • Policies and procedures • Smart cards • TEMPEST • Turnstile • Unified Extensible Firmware Interface (UEFI) • USB devices
The Security Problem (1 of 12) • The problem that faces professionals charged with securing a company’s network can be stated rather simply: • Physical access negates all other security measures. • No matter how impenetrable the firewall and intrusion detection system (IDS), if an attacker can find a way to walk up to and touch a server, he can break into it.
The Security Problem (2 of 12) • Physically securing information assets does not mean just the servers. • It means protecting physical access to all the organization’s computers and its entire network infrastructure.
The Security Problem (3 of 12) Figure 8.1 Using a lower-privilege machine to get at sensitive information
The Security Problem (4 of 12) Figure 8.2 A wireless bridge can allow remote access.
The Security Problem (5 of 12) • Any media used to boot a computer into an operating system that is not the native OS on its hard drive can be classified as a bootdisk. • In the form of a floppy disk, CD, DVD, or a USB flash drive • A boot source can contain a number of programs. • Typically, a NTFSDOS or a floppy-based Linux distribution that can be used to perform a number of tasks including mounting the hard drives and performing at least read operations, via script
The Security Problem (6 of 12) • If write access to the drive is obtained, the attacker could alter the password file or place a remote-control program to be executed automatically upon the next boot, guaranteeing continued access to the machine. • The most obvious mitigation is to tell the BIOS not to boot from removable media, but this too has issues.
The Security Problem (7 of 12) • A LiveCD contains a bootable version of an entire operating system, typically a variant of Linux, complete with drivers for most devices. • LiveCDs give an attacker a greater array of tools than could be loaded onto a floppy disk. • These tools include scanners, sniffers, vulnerability exploits, forensic tools, drive imagers, password crackers, and more.
The Security Problem (8 of 12) • With a LiveCD, an attacker would likely have access to the hard disk and also to an operational network interface that would allow him to send the drive data over the Internet if properly connected. • Bootable USB flash drives emulate the function of a CD-ROM and provide a device that is both physically smaller and logically larger. • Can contain entire specialized operating systems • Can also write to a LiveCD
The Security Problem (9 of 12) Figure 8.3 A collection of sample LiveCDs
The Security Problem (10 of 12) • Drive imaging is the process of copying the entire contents of a hard drive to a single file on a different media. • Often used by people who perform forensic investigations of computers • Uses a bootable media to start the computer and load the drive imaging software • Makes a bit-by-bit copy of the hard drive on another media • Keeps the original copy exactly as it was for evidence
The Security Problem (11 of 12) • The information contains every bit of data that is on the computer: any locally stored documents, locally stored e-mails, and every other piece of information that the hard drive contains. • This data could be very valuable if the machine holds sensitive information about the company. • Physical access is the most common way of imaging a drive. • Biggest benefit for the attacker is that drive imaging leaves absolutely no trace of the crime.
The Security Problem (12 of 12) • One can minimize the impact of drive imaging by an attacker. • Encrypting important files • Placing files on a centralized file server • A denial-of-service (DoS) attack can also be performed with physical access. • Stealing a computer, using a bootdisk to erase all data on the drives, or simply unplugging computers
Walls and Guards (1 of 2) • The primary defense against a majority of physical attacks are the barriers between the assets and a potential attacker. • Walls, fences, gates, and doors • Some employ private security staff to attempt to protect their assets.
Walls and Guards (2 of 2) • To protect the physical servers, look in all directions: • Are doors and windows safeguarded and a minimum number of each in the server room? • Is a drop ceiling used in the server room? • Do the interior walls extend to the actual roof, raised floors, or crawlspaces? • Is there limited access to the server room, only to people who need access? • Have you made sure there are no obvious holes in the walls?
Lighting and Signs • Proper lighting is essential for physical security • External • Internal • Signs act as informational devices and can be used in a variety of ways to assist in physical security. • Restricted areas • Visitor access
Fences • Outside of the building’s walls, many organizations prefer to have a perimeter fence as a physical first layer of defense. • Chain-link-type fencing is most commonly used, and it can be enhanced with barbed wire. • Anti-scale fencing, which looks like very tall vertical poles placed close together to form a fence, is used for high-security implementations that require additional scale and tamper resistance.
Guards and Alarms • Provide an excellent security measure, because guards are a visible presence with direct responsibility for security • Monitor entrances and exits and can maintain access logs of who has entered and departed the building • Alarms serve to alert operators to abnormal conditions • Sensors, alarms, motion detectors, video, etc.
Physical Access Controls and Monitoring • Physical access control refers to the control of doors and entry points. • Physical locks • Layered access systems • Electronic access • Control systems closed circuit television (CCTV) systems
Layered Access (1 of 2) • To help prevent an attacker from gaining access to important assets, place them inside multiple perimeters. • Servers should be placed in a separate secure area, ideally with a separate authentication mechanism. • Access to the server room should be limited to staff with a legitimate need to work on the servers. • The area surrounding the server room should also be limited to people who need to work in that area.
Layered Access(2 of 2) Figure 8.4 Contactless access cards act as modern keys to a building.
Locks (1 of 4) • Locks use a metal “token” to align pins in a mechanical device. • High security locks are typically found in commercial applications. • Designed to resist picking and drilling • Commonly includes key control, i.e., restrictions placed on making a copy of the key by using patented keyways • Employs mechanical means to resist bump key attacks
Locks (2 of 4) Figure 8.5 Lockpicking tools
Locks (3 of 4) Figure 8.6 A high-security lock and its key
Locks (4 of 4) • Other types of physical locks • Programmable or cipher locks • Locks with a keypad that require a combination of keys to open the lock • Locks with a reader that require an access card to open the lock • Device locks are used to lock a device to a physical restraint, preventing its removal.
Doors • Doors to secured areas should have characteristics to make them less obvious. • Should be self-closing; have no hold-open feature; should trigger alarms if they are forcibly opened or have been held open for a long period • There are two door design methodologies: • Fail-safe – the door is unlocked should power fail. • Fail-secure – the system will lock the door when power is lost; can also apply when door systems are manually bypassed.
Mantraps and Turnstiles • Mantrap is composed of two doors closely spaced that require the user to card through one and then the other sequentially. • A turnstile is a physical gated barrier that allows only one person at a time to pass
Cameras (1 of 3) • Closed circuit television (CCTV) cameras are similar to the door control systems. • Can be very effective, but implementation is an important consideration • Traditional cameras are analog-based and require a video multiplexer to combine all the signals and make multiple views appear on a monitor.
Cameras (2 of 3) • IP-based cameras are standalone units viewable through a web browser. • IP-based systems add useful functionality, such as the ability to check on the building from the Internet. • This network functionality, however, makes the cameras subject to normal IP-based network attacks. • Carefully consider camera placement and camera type used. • Different options make one camera superior over another in a specific location.
Cameras (3 of 3) Figure 8.7 IP-based cameras leverage existing IP networks instead of needing a proprietary CCTV cable.
Additional Physical Access Controls and Monitoring (1 of 2) • IR Detection • Motion Detection • Safes • Secure Cabinets/Enclosures • Protected Distribution/Protected Cabling • Airgap • Faraday cage
Additional Physical Access Controls and Monitoring (2 of 2) • Cable locks • Screen filters • Key management • Logs
Electronic Access Control Systems (1 of 4) • Access tokens are defined as “something you have.” • They are physical objects that identify specific access rights. • Your house key, for example, is a basic physical access token that allows you access into your home. • The advent of smart cards (cards that contain integrated circuits capable of generating and storing cryptographic keys) has enabled cryptographic types of authentication.
Electronic Access Control Systems (2 of 4) • Smart card technology is now part of a governmental standard for physical and logical authentication. • Personal Identity Verification, or PIV, cards adhere to the FIPS 201 standard. • Includes a cryptographic chip and connector, and a contactless proximity card circuit • Standards for a printed photo and name on front • Biometric data can be stored, providing an additional authentication factor, and if PIV standard is followed, several forms of identification are needed to get a card.
Electronic Access Control Systems (3 of 4) Figure 8.8 Smart cards have an internal chip as well as multiple external contacts for interfacing with a smart card reader.
Electronic Access Control Systems (4 of 4) • The primary drawback of token-based authentication is that only the token is being authenticated. • Therefore, the theft of the token could grant anyone who possessed the token access to what the system protects.
Biometrics (1 of 2) • Biometrics use the measurements of certain biological factors to identify one specific person from others. • These factors are based on parts of the human body that are unique. • The most well-known of these unique biological factors is the fingerprint.
Biometrics (2 of 2) Figure 8.9 Newer laptop computers often include a fingerprint reader
Convergence • There is a trend to converge elements of physical and information security to improve identification of unauthorized activity on networks. • If an access control system is asked to approve access to an insider using an outside address, yet the physical security system identifies them as being in the building, then an anomaly exists and should be investigated. • Convergence can significantly improve defenses against cloned credentials.
Policies and Procedures • Physical security policies and procedures relate to two distinct areas: • Those that affect the computers themselves • Those that affect users • To mitigate the risk to computers, physical security needs to be extended to the computers themselves.
BIOS • A safeguard that can be employed is the removal of removable media devices from the boot sequence in the computer’s BIOS (basic input/output system). • A related step that must be taken is to set a BIOS password. • In some cases, BIOS manufacturers will have a default BIOS password that still works.
UEFI • Unified Extensible Firmware Interface (UEFI) is a standard firmware interface for PCs, designed to replace BIOS. • UEFI has a functionality known as secure boot, which allows only digitally signed drivers and OS loaders to be used during the boot process, preventing bootkit attacks. • As UEFI is replacing BIOS, and has additional characteristics, it is important to keep policies and procedures current with the advancement of technology.
USB (1 of 2) • USB ports have greatly expanded users’ ability to connect devices to their computers spawning a legion of USB devices, from MP3 players to CD burners. • Automount feature of USB drive keys creates security problems. • Can conceal the removal of files or data from the building or bring malicious files into the building and onto the company network • Can accidentally introduce malicious code
USB (2 of 2) • If USB devices are allowed, aggressive virus scanning should be implemented throughout the organization. • There are two common ways to disable USB support in a Windows system. • On older systems, editing the Registry key • On newer systems, using Group Policy in a domain or through the Local Security Policy MMC on a stand-alone box
Autoplay (1 of 3) • Remove or disable bootable CD/DVD drive. • DVD drive can be used as a boot device or be exploited via the autoplay feature that some operating systems support. • Since the optical drive can be used as a boot device, a DVD loaded with its own operating system could be used to boot the computer with malicious system code.
Autoplay (2 of 3) Figure 8.10 Autoplay on a Windows system