1 / 9

Physical Security For System Administrators

Physical Security For System Administrators. John Mark Smotherman. Overview. Think Using Attack Vectors Electronic Security - attacks from the network Physical Security - attacks on the physical machine or environment Electronic security means nothing if they can touch the machine! Design

khanh
Download Presentation

Physical Security For System Administrators

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Physical Security For System Administrators John Mark Smotherman

  2. Overview • Think Using Attack Vectors • Electronic Security - attacks from the network • Physical Security - attacks on the physical machine or environment • Electronic security means nothing if they can touch the machine! • Design • Hardened Core • Personnel • Social Attacks

  3. Importance • Why should a future sysadmin care about physical security? • That’s Security’s Job! • Overlap • System Administration/Facilities • Server security/server room security • Input into server room design • Responsibility for security camera feeds • High Security Jobs • Military, Data Warehousing for Companies

  4. Hardened Core • Physical Defense-in-Depth • Multiple checkpoints • Data Centers should be like Ogres • Sectioning and Layering by access • Sole Purpose Rooms • Access Control • Server Room Design • Secure HVAC • No windows • What happens during an emergency, e.g. a fire?

  5. Access • Two- and Three-Factor Security • Something You Have • Something You Are • Something You Know • Electronic Access (Databases) • Separation of Authentication • Requires Multiple Attack Vectors to Break • Differing Keys • Differing Servers

  6. Personnel • Breaches waiting to happen • Tailgating • Cleaning Personnel • Facilities (e.g. HVAC) • Malicious Attacks • How to deal with this? • Training! • Mantrap/Turnstyle • Guards, Escorts

  7. Case In Point • Data Warehouse • Server farm machines or space • Rented out to various companies • Secure Design • What happens when the IBM rep wants access to his machines, and they’re next to the Intel ones? • Intel =  • Importance of Hardened Core and Sole Purpose

  8. The Take-Away • Physical Security Matters! • Hardened Core/Defense In Depth • Casing the Joint • Think like a criminal • Social Attack Vectors Matter Just as Much as Physical and Electronic Ones

  9. Etc. • Van Eck Phreaking • Reading your screen through the wall • Trash • Secure, monitored disposal • Job Descriptions • Don’t let an attack vector go unprotected because you can’t agree who has to do it!

More Related