information systems security physical security domain #4

Information Systems Security

Physical Security

Domain #4

Physical Security Areas

Threat Types Threat Sources Vulnerabilities Physical Organization Current Measures Physical Security Procedures Environmental Controls Physical Barriers

Threat Types

Environmental Malicious Accidental

Layered Defense

Site Location Physical and Procedural Methods Physical Controls

– Guard Post– Visitor Security– Delivery Security– Fire Control

Fire Detection Systems

Ionization – Reacts to charged particles in smoke

Photoelectric – Reacts to changes in or blockage of light caused by smoke

Heat – Significant changes in ????

Physical Controls

Fencing Lighting Locks Mantraps Dogs Guards

Location Consideration

Natural Disasters Local Crime Highway/airport access Customer access Joint tenants Proximity to emergency services Visibility????

Construction Issues

Building Codes Levels of fire resistance Data Center Location

– No basements or top floors– Controlled access– Do not use partitions

Physical Controls

Locks– Conventional– Pick-resistant– Electronic key systems– Electronic combination lock

Facility Access

Photo ID viewed by a guard Biometric devices Card badge reader Proximity devices

– User activated– System sensing

AVOID PIGGYBACKING– Use mantraps

Fencing

3-4 Feet – deters casual trespassers 6-7 Feet – hard to climb easily 8 Feet with 3 strands of barbed wire BEST Powered Fences PIDAS Fences

– Perimeter Intrusion Detection and Assessment System

Lighting

Required in critical areas Ensure there are no dead zones Two candle feet of power at eight feet high

Guards

Best deterrent, but most expensive Provides discriminating judgment Watches for piggybacking and suspicious

activity Enforce regulations

Types of Physical IDS

Electro-mechanical– Magnetic switches– Metallic foil in windows– Pressure mats

Volumetric– Vibration– Photoelectric– Ultrasonic and passive infrared

Mobile Devices

Locking cable to anchor Tracing software Encryption Biometric controls

HVAC

Positive air pressure– Air goes out when doors are opened

Protect vent Dedicated power lines Emergency switch-off valves Same rules for water supply

Electrical Power

Dependable primary power source Alternative power source

– Generator– UPS (online and standby)

Additional feeder from substation Power not always clean and constant Voltage fluctuations

Power Terms

Fault – momentary loss of power Blackout – complete loss of power Sag – momentary low voltage Spike – momentary high voltage Surge – prolonged high voltage Noise – steady interfering disturbance Transient – short noise disturbance

Electrical Consideration

High Humidity– Can cause corrosion

Low Humidity– Can cause static electricity

Also use antistatic flooring in server areas Wear antistatic bands when working on

internal computer systems

Recommendation

Computer room 60-75 Fahrenheit Humidity 40% - 60% 17,000 volts damages circuits

Fire Prevention

Four legs of fire – Heat (Reduce Temperature)– Fuel (Remove fuel)– Oxygen (Remove oxygen)– Chemical Reaction (Disrupt chemical

combustion)

Fire Detection Systems

Configured to call fire station Shuts down HVAC On and above suspended ceilings Below raised floors In air ducts

Fire Types

CLASS TYPE ELEMENT METHOD

Class A Common Wood, paper, cloth

Water & Soda

Class BLiquid Gas, oil,

alcoholCO2, FM-200

Class C Electrical Circuits & Wires

Halon or CO2

Class D Metals Sodium, Potassium

Dry Chemicals

Extinguishers

Halogenated– Used in place of water

FM-200– Replacement for Halon

Carbon Dioxide– Does not damage sensitive devices

Dry Chemicals– Not effective against electrical fires

Water Pipes

Wet Pipe– Always contains water– Can freeze in cold weather– Most commonly used

Dry Pipe– Water not in pipe– Released after delay– Allows system shut down before water release

Water Pipes (contd)

Pre-action systems– Water released after a sprinkler head is melted

Deluge system– Sprinkler head is open– Releases a lot of water fast

Extinguishers

Placed within 50 feet of electrical equipment Inspected four times a year Clearly marked Easily reached Filled with appropriate reagents

Combustion Elements

Suppression Methods

How Method Works

Fuel Soda acid Removes fuel

Oxygen CO2 Removes oxygen

Temperature Water Reduces temperature

Chemical Halon or FM200 Stops chemical reaction

Physical Intrusion Detection

Electrical Circuits Light Beams Passive IR Ultrasonic

Management Issues

Physical Security Audits Drills Internal Testing Pen Testing Maintenance Issues Education and Training