260 likes | 667 Views
Physical Security. Chapter 9. Physical Security. “encompasses the design, implementation and maintenance of counter measures that protect the physical resources of an organization including the people, hardware, mission, storage, and processing”. Major Sources of Physical Loss.
E N D
Physical Security Chapter 9
Physical Security “encompasses the design, implementation and maintenance of counter measures that protect the physical resources of an organization including the people, hardware, mission, storage, and processing”
Major Sources of Physical Loss • Extreme temperature • Gases – includes humidity or dry air • Liquids – includes water • Living organisms – viruses, bacteria, animals, people • Projectiles • Movement – shaking, vibrating • Energy anomalies
Security Facility Controls • Wall, Fencing, and Gates • Guards • Dogs • ID Cards and Badges • Locks and Keys • Mechanical • Electromechanical • Manual • Electronic (sensors) • Biometric locks
Security Facility Controls • Mantraps • Small enclosure • Entry point & different exit point • Does not allow access if break-in • Electronic Monitoring • Alarms & Alarm Systems • Computer Rooms and Wiring Closets • Require special attention • Overlooked • Interior Walls and Doors
Fire Security and Safety • Fire suppression system • Water & water mist system • Lower temperature • Wet material • Carbon dioxide systems (rob fire of oxygen) • Soda acid (deny fire of fuel) • Gas-based – Halon (disrupt fire’s chemical reaction) • Fire Detection Systems • Thermal detection • Smoke detection • Air-aspirating systems • Flame detector
Portable Extinguishers • Direct application of suppression is preferred • Fixed apparatus is impractical • Rated by type of fire they combat • Class A • Wood, paper, textiles, rubber, cloth, and trash • Interrupt the ability of fuel to ignite
Portable Extinguishers • Class B • Solvents, gasoline, paint, lacquer, and oil • Remove oxygen from the air • Class C • Electrical equipment and appliance • Non-conducting agents • Class D • Metals, magnesium, lithium, and sodium • Special extinguishing agents and techniques
Manual & Automatic Fire Response • Wet-pipe • Pressurized water in all pipes • Some form of valve in each protected area • System activated – valves are opened • Dry-pipe • Work in areas where electrical equipment is used • Air hold valves closed • Fire is detected – sprinkler heads activated • Deluge system • Individual sprinkler heads are kept open • System activated • Pre-action • Water mist • Gaseous Emission
Failure of Supporting Utilities Structural Collapse • Heating, Ventilation, & Air Condition • Temperature and Filtration • Optimal temperature = 70-74 • Humidity And Static Electricity • Low humidity can cause static electricity • Optimal 40-60% • Ventilation Shafts • Now – generally 12” in diameter
Failure of Supporting Utilities Structural Collapse • Power Management and Conditioning • Grounding and Amperage • Uninterruptible Power Supply • Emergency Shutoff • Water Problems • Structural Collapse • Maintenance of Facilities Systems
Interception of Data • Direct observation • Individuals must be close enough to breach confidentiality • Risk when info is moved from protected place • Interception of data transmission • Internet a real problem • Direct wiretap • Wireless • Laws dealing with wiretap do not apply to wireless • No expectation of privacy with radio-based communications
Interception of Data • Electromagnetic interception • Monitoring electromagnetic activity • Put back together • Not proven it can be done • Hoax • TEMPEST • Reduce the risk of EMR monitoring • Ensure computers placed as far as possible from outside perimeters • Installing special shielding inside CPU case • Maintaining distances from plumbing and other infrastructure
Mobile and Portable Systems • Requires more monitoring than in-house • Loss of system = loss of access • Tracking technology now available • Telecommuting and remote access • Information traveling through often unsecure connections • Many employers do not supply secure connections
Mobile and Portable Systems • Hotel rooms • Presume unencrypted transmissions being monitored • Notebooks lost or stolen • Leased facilities • Who is attached to network • Advanced authentication systems strongly recommended