320 likes | 668 Views
Physical Security By Pallavi Wankhede ISQS 6342. Physical Security. Sub-divisions of Physical Security Means of implementing physical security Merits and demerits of different physical security measures Importance of Physical Security. Sections of Physical Security. Physical Security.
E N D
Physical Security By Pallavi Wankhede ISQS 6342
Physical Security • Sub-divisions of Physical Security • Means of implementing physical security • Merits and demerits of different physical security measures • Importance of Physical Security
Sections of Physical Security Physical Security Physical Controls Technical Controls
Physical Controls Physical Controls Location Construction Physical Barriers Physical Surveillance
Technical Controls Personal Access Controls • Technical Controls Technical Surveillance Ventilation Power Supply Fire Detection and Suppression Shielding Natural Disasters
Physical ControlsLocation and Environment • Visibility • Accessibility • Propensity for Environmental Problems
Physical ControlsConstruction • Composition of construction materials • Evaluation of fire rating • Security of doors • Load and weight bearing ratings of the ceilings • Location of water and gas lines valves • Location of fire detection and suppression devices
Physical ControlsPhysical Barriers • Physical Barriers can be employed in the form of locks and alarms • Locks Preset Locks Cipher Locks Biometric Locks Multicriteria Locks Device Locks
Preset and Cipher locks Preset Locks • Key and Knob combinations • Least Secure Cipher Locks • Programmable • More Expensive • More secure and flexible
Cipher Locks Cipher lock card reader Cipher lock keypad Reads swiped keycard Reads entered numerical combinations
Options offered by Cipher Locks • Door Delay – Alarm triggered if door is held or propped open for long • Key override – Combination can be set into lock to be used during emergency or for supervisory needs • Master Keyring – Allows supervisors to change access codes and other features • Hostage Alarm – Hostaged employee can enter specific code to notify security personnel
Biometric Locks Biometric Systems Fingerprints Palm prints Hand Geometry Eye Scans Signature Dynamics Voiceprints
Biometric Systems • Fingerprints and palm prints • Ridges and swirls scanned by an optical scanner and compared to an archival file of fingerprints • Hand Geometry • Length and width of hand and fingers scanned by the optical scanner and compared to archival data
Biometric Systems • Eye scans • Retinal scans • Iris scans • Signature Dynamics and Voiceprints • Motions performed when signing observed • Inflection, pitch and intonation of one’s voice used
Fooling biometric techniques • Exhibit false positive and false negative identifications • Use of gummy fingers • Signature forgery DNA Analysis is a more promising method for ensuring security
Multicriteria and Device Locks • Multicriteria Locks • Combine strength of two or more locks • Example : specific key/card, thumb print and PIN number or password • Device Locks • Used to secure computer hardware and network devices • Example : cable locks, switch controls, slot locks, port controls, cable traps, etc
Cable Lock consists of a vinyl coated steel cable that attaches PCs. laptops, printers, etc to stationary objects CompuLock is a versatile system which not only prevents unauthorized access to the interior of the computer case, but also the common theft of the mouse and keyboard
Drive lock prevents unauthorized use of 3.5" and 5.25" floppy drives, CD-recorders and players, tape streamers and removable drives. • It prevents accidental or intentional insertion or removal of floppy disk, CD-ROM, etc.
This type of lock will help prevent your PC's or server's processor chip, memory chips and other internal components from being stolen
Other Physical Barriers • Fencing • Control access to entrances • Cost Benefit analysis required • Lighting • Use of flood lights, street lights, etc • Used to deter intruders • Provide safe environment for personnel
Physical Surveillance Various intrusion detection systems and physical protection measures require human action. Security guards can patrol facilities while guard dogs with refined sense of smell and hearing can be used to detect intruders.
Technical ControlsPersonnel Access Controls • Password or PINs • Identification cards • Biometric Systems • Social Engineering Attack • Piggybacking
Password and PINs • Use of cipher locks needs users to enter password or personal identification number (PIN) • A potential attacker could easily watch an authorized user entering his personal information into the keypad and gain entry later
Identification cards • Safeguard against unauthorized use • Use of smart card • Proximity readers • User Activated – transmission of sequence of values to reader • System Sensing – no action required to gain access
Technical Surveillance • Camera monitoring System • More prevalent • Camera records activity within critical areas • Allows security personnel to assess whether area is compromised upon or not
Ventilation and Power Supply • Positive pressurization • Ventilation technique that forces air outward from a facility to help guard against dust and other pollutants • Protection against Power Failure • Uninterruptible power supply (UPS) • Standby systems • Online systems • Backup sources such as generator
Shielding & Natural Disasters • Surrounding the devices/ wires with metallic shielding can suppress the stray electronic signals • Common, Cost effective • If facility and surrounding area is susceptible to natural disasters, locate elsewhere else ensure safeguards such as flood drainage, lightning rods, reinforced building, etc.
Importance of Physical Security • Physical security measures protect the computer from climate conditions, as well as from intruders who use or attempt to use physical access to the computer to break into it.
PC Security Assistance • National Computer Security Center ATTN: C42 9800 Savage Rd. Ft. Meade, Md. 20755 - 6000
References • Security+ In Depth – Paul Campbell, Ben Calvert and Steven Boswell • Networking Services and Information Technology – The University of Chicago • “PC Data Is Vulnerable To Attack,” PC Vol 4 Number 15, July 23, 1985, pp 33-36. • Department of Defense Trusted Network Evaluation Criteria, 29 July 1985, Draft. • Personal Computer Security Considerations (National Computer Security Center) December 1985, NCSC -WA-002-85 • www.gunlockinfo.com • http://www.compelson.com/locks.htm • www.extremetech.com • www.techtv.com