Environmental/Physical Security

ObjectivesPhysical Security - physical protection of the resources of an organization which include people, data, facilities, equipment, systems, etc. Physical security is the first line of defense

***Safety of people is most important for this domain, and trumps all other considerations.

Threats• Natural environmental - Floods, earthquakes,

storms, fires, tornadoes, extreme temperature conditions, etc..

• Supply system - Power distribution, communications interruptions, and interruption of other natural energy resources such as water, steam, gas, etc..

• Manmade - Unauthorized access (internal/external), explosions, damage by employee (deliberate or accidental), vandalism, fraud, theft, etc..

• Political - Strikes, riots, civil disobedience, terrorist attacks, bombings, etc..

****These are all man-made too – know the difference!!!

Layered Security

The purpose is to put enough obstacles in front of an intruder to keep them busy until the authorities can take control of the situation.

**Damage to assets can be minimized.

Site Selection• Visibility

– Surrounding terrain– Building markings and signs– Types of neighbors– Population of the area

• Surrounding area and external entities– Crime rate, riots, terrorism attacks– Proximity to police, medical, and fire stations– Possible hazards from surrounding area

• Accessibility– Road access– Traffic– Proximity to airports, train stations, and highways

• Natural disaster– Likelihood of floods, tornadoes, earthquakes, or hurricanes– Hazardous terrain (mudslides, falling rock from mountains, or excessive

snow or rain)

Facility ConstructionWallsCombustibilityFire Rating – walls protecting IT equipment should be 75 according to the NFPA (National Fire

Protection Agency)Reinforcement for secured areas

CeilingsCombustibilityFire RatingWeight-Bearing RatingDrop Ceilings???

FloorsWeight-Bearing Rating

(Commonly 150 lbs./sq. ft.)CombustibilitySlab??? Raised??? Anti-Static??? Rebar – steel rods encased in concreteSurface material

***Heavy timber construction material - this is a building material – if asked, it is probably the correct answer !!!

Building Layout

Data Center should be in the “middle” to protect from natural disaster.

EX: If you have a 5-story building, put it on the 3rd floor.

**Exam Warning**All environmental controls and safety procedures must ensure

the safety of all personnel, including those with handicaps. Elevators cannot be used during a fire, for example, so employees in wheelchairs must have a compensating control.

CPTED - Crime Prevention Through Environmental Design

“reduce crime by directly affecting behavior”

***uses “zones”

Natural Access Control – enter/leave buildingNatural Surveillance – open space/visibilityTerritorial Reinforcement –dedicated community (sense of ownership)

Target Hardening(alternative to CPTED)

•Denying access through physical and artificial barriers (alarms, locks, fences, and so on).

•Traditional target hardening can lead to restrictions on the use, enjoyment, and aesthetics of an environment.

Underwriter Laboratories - UL

A non-profit organization that provides the necessary classifications and guidelines for physical security.

The organization inspects, tests and classifies various devices and equipment used in physical security.

Perimeter Defenses

• Fences• Gates• Bollards• Lights• CCTV• Locks• Smart Cards• Motion Detectors• Other Alarms• Guards/Dogs

Fences

**PIDAS (Perimeter Intrusion Detection and Assessment System) – sensors on a wire mesh – has a high rate of false alarms

General Fence Height:• 3-4 ft. – deters casual trespassers• 6-7 ft. – too high to easily climb• 8ft + 3 strands of barbed wire – deters most

***Nothing will stop a determined intruder

Chain-Link Fence

Gauge – thickness of metal• 11 gague =.0907 in diameter• 9 gague = .1144 in diameter (residential grade)• 6 gague = .162 in diameter (thickest)**The lower the gauge, the thicker the wire

Meshing – spacing between wires (comes in 2”, 1” and 3/8”)

**Fences with smaller mesh are harder to climb

Chain-Link Fence – cont’d

Extremely Secure: 11 in gauge, 3/8 in meshVery High: 9 in gauge, 1 in meshHigh: 11 in gauge, 1 in meshMinimally High: 6 in gauge, 2 in meshNormal Use: 9 in gauge, 2 in mesh

Gates

Type Description • Class I - Residential (home use) • Class II - Commercial/General Access (parking

garage) • Class III - Industrial/Limited Access (loading

dock for 18-wheeler trucks) • Class IV - Restricted Access (airport or prison)

Bollardsa strong post designed to stop a car; often installed in front of convenience stores, to prevent drivers (who mix up the accelerator and brake) from driving into the store. Many

secure facilities use large concrete planters for the same effect. These devices are usually placed in front of physically weak areas.

Lighting**Direct to areas where an intrusion is likely to occur

Continuous – fixed lighting to flood an area **most commonStandby – supplies illumination in the event that the normal light system

failsMoveable – manually operatedResponsive Area Illumination – lights come on automatically if activity is

detectedEmergency – backup lighting used in an emergencyFresnel –lighthouses/theatres; aims light in a specific directionFloodlights – produces a beam of intense lightFluorescent – produces RFI (radio frequency interference) ***Not good for

outdoor useMercury Vapor – the preferred security light – white with a bluish cast

(stadium lighting) **takes a while to warm upSodium Vapor – similar to mercury, but has a yellow tint ***good in fogQuartz lamp – bright white light; used in areas needing to resemble daylight

Lighting – cont’dLumen – the amount of light 1 candle can createFootcandle – 1 lumen per square footLux – 1 lumen per square meter

American Institute of ArchitectsElevators/lobbies/stairwells – 5-10 fcBuilding entrances – 5 fcWalkways – 1.5 fcParking Garages – 5 fcSite Landscape - .5 fcSurrounding building – 1 fcRoadways - .5 fc

NISTCritical areas require illumination of 2’ wide x 8’ high

Closed Circuit TV (CCTV)Functions: surveillance, deterrence, evidentiary archives***Detective device used to aid in the detecting the presence of intruders in restricted areas. ***Violates privacy - may require employee consent

• CRT (tube cameras) – analog camera - backs up to tape; VHSExam Warning****Tube cameras are sometimes called CRT (cathode ray tube) cameras. Do not confuse CRT cameras with CRT displays: while a CRT camera may be viewed on a CRT display, they are different devices.

• CCD (Charged Couple Discharge) – digital camera - backs up to DVR/NVR (NVR has the advantage of allowing centralized storage of all video data.)

• CCTVs using the normal light spectrum require sufficient visibility to illuminate the field of view which is visible to the camera. - Requires 1-2 footcandles of light

• CCTV displays may display a fixed camera view, autoscan (show a given camera for a few seconds before moving to the next), or multiplexing (where multiple camera feeds are fed into one display).

Other exam trivia:

• Infrared devices can “see in the dark” by displaying heat.• Monochrome cameras can see infrared light.

CRT – cont’d (camera terms)• Auto-iris – adjusts automatically; use in area with changing light (outdoor use)• Manual –iris – fixed; use in areas with fixed lighting• Depth of Field – the area of the environment in focus on the monitor; affected by:

size of lens opening - increases as the size of the opening decreases***Wide-Angle lens has small lens opening – good for general scenery/landscape

distance to object – increases as distance increasesfocal length of the lens - increases as focal length decreaseslight – more light allows for a larger depth of field

• Aperture - the opening through which light travels (see image). Smaller aperture places more of the image in focus, wide aperture lowers depth of field – used in lower light conditions.

• Shadow Depth of Focus – allows for focus on smaller detailsshallow depth – portrait/telephotolarge depth – landscape/wide-angle

• Field of View – entire area viewed by the camera; fixed focal length must be changed to get a different field of view

• Neutral Density Filter – dark focus filter – reduces light• Zoom Lenses – allow for a change of angle or distance• Pan/Tilt – horizontal movement/ vertical movement

WindowsPolycarbonate Acrylic – more resistant to breakage than standard

plate windows. Combustible, may produce toxic fumes, may be prohibited by fire code.

Glass-Clad Polycarbonate – the strongest window available. Resists breakage, chemicals, fires and abrasions; comes in varying depths (the thicker the stronger) $$$$$$

Embedded Wire – 2 windows with wire between….adds strength but lacks aesthetics

Tempered Glass – 5-7 times stronger than regular glass (shatters into small shards – used in cars)

Bullet Resistant (BR) – used in banks. Protects up to a 9mm roundLaminated Glass – adds plastic , is tough to break and shatter like a

web . Comes in various depths. The greater the stronger. (used for windshields)

Solar Film – blocks light but no strengthSecurity Film – transparent film… increases strength

DoorsHollow-core door - most commonly used, easily brokenSolid-core door - recommended for sensitive area such as data center… should be mounted in a strong doorframe as it is usually the weakest point in a door assembly• Fail Safe – defaults to unlocked (concerned w/people; they

can get out)• Fail Secure – defaults to locked (concerned with data; it’s

locked up)• Fail Soft – default to either locked or unlocked – depending on

the situation; may continue, but in a degraded state****People are safe/Data is secure****

**Hinges should always face inwardWhen referring to computer systems, also consider these terms:Failover – switches over to hot backup

Fault-tolerent – continues to operate following a failure

LOCKSThis is just a delay – eventually, it will get busted!

Locks are pick-resistant; not pick-proof

Key Lock – can be picked or bumped. • Warded – uses a skeleton key

(easier to circumvent than Tumbler)• Pin Tumbler – locking cylinders, has more parts

than wardedSpring Bolt/Dead Bolt – enters into a strike plate in

the door jambCombination – always change default combination

LOCKS – cont’d

Button/Key Pad – button wear is a vulnerability. Also subject to brute force and shoulder surfing.

Preset – basic mechanical lock requiring a keyProgrammable – mechanical or electric; subject

to shoulder surfingElectronic – uses electronic key or smart card

CardsSmart Cards - “smart” because they contains a circuit (ICC – Integrated

Circuit Card) - digitally encoded ex: CAC cardsMagnetic Stripe – the stripe stores information but there is no circuit –

THESE ARE NOT SMART CARDS!!Magnetic Strip – rows of copper “strips”Electric Circuit – has more information than the standard smart card.Contact Cards – goes through a readerSwipe Cards – swiped through a readerContactless Cards – use radio frequency identification (RFID) – contain

transponders and are read by transceivers – “wireless proximity reader”Optical-Coded – laser-burned lattice of digital dots (popping up on driver’s

licenses)Proximity Card –either user activated or system sensing – passive, field-

powered, transponderPhotID Cards are “dumb cards”

Cards – cont’d

***Use of cards adds accountability

Vulnerabilities:Side Channel AttacksCard Tampering (there’s a word for this, but I can’t remember)

Intrusion Detection/Motion Sensors

***Intrusion Detection Systems (IDS) do not stop an intruder – they only detects the intrusion.

• Electromechanical system - detects change or break in a circuit; can be strips of foil embedded or connected to windows which, when broken, sounds an alarm. Vibration detectors can detect movement on walls, screens, ceilings, and floors when the fine wires embedded within the structure are broken.

Magnetic contact switches - installed on windows and doors. If the contacts are separated, an alarm will sound. Balanced Magnetic Switch (BMS) – magnet on a door and frame;

sounds alarm when connection is brokenPressure Pad - placed under a rug and activated after hours. If

someone steps on the pad, an alarm initiates. • Volumetric systems – (more sensitive than electromagnetic) - detects changes

in vibration, microwave, ultrasonic frequencies, infrared..etc… (change in “subtle environmental characteristics”). Types of volumetric IDSs are photoelectric, acoustical-seismic, ultrasonic, and microwave

Intrusion Detection/Motion Sensors – cont’d

• Photoelectric system (or photometric system) - detects change in a light beam; can only be used in an environment without windows; emit a beam that hits the receiver… if beam is interrupted, an alarm sounds. Beam can be invisible or visible. (Catherine Zetta Jones– Entrapment)

• Acoustical /Audio detection system - uses microphones to passively listen for abnormalities; susceptible to false alarms.

• Vibration sensors - similar to acoustical; senses vibration in walls and floors – susceptible to false alarms.

• Motion Activated Camera – sounds alarm when intruder enters field of view• Wave-pattern motion detectors - differ in the frequency of the waves they

monitor which are: microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern returns altered, an alarm sounds.

• Proximity/Capacitance detector - emits magnetic field around that which is being monitored. An alarm sounds if the field is disrupted; usually used to protect specific objects (artwork, cabinets, or a safe)

Intrusion Detection/Motion Sensors – cont’d

Infrared Sensors:Active Sensor•ultrasonic/microwave – bounces off of an object•photoelectric – sends a beam of lightPassive Infrared Sensor (PIR) - detects infrared energy created by body heat; identifies the changes of heat waves of an area.

Coaxial Strain-Sensitive Cable – coax is woven through fence w/ electric field (susceptible to EMI and RFI)Time Domain Reflectometry (TDR) – sends radio frequency signals on a cableDual Technology Sensors – combination of microwave and infrared sensors; alarm sounds when BOTH detect the intrusion (reduces false alarms)Microwave and Ultrasonic – radiates controlled pattern of microwave energy and measures

the “echo” time; establishes a baselevel and compares echo response time (it comes back faster if it hit something)

Monostatic- uses single sensing unit that incorporates sending and receivingBistatic– sends invisible volumetric detection field

• Behavioral-based – profile based• Pattern matching – signature based

AlarmsPerimeter alarms - magnetic door and window alarms as well as sensors on the

wall. A break in the circuit will set off an alarm to a central alarm station. Types of alarm systems:• Local System – rings bell on premise• Central Station System – signal is sent to the local station• Proprietary System – an in-house system; has all the bells and whistles of a

3rd party monitoring system• Auxiliary Station System – rings to local fire and police• Remote Station System - An electronic fire alarm system capable of notifying

the fire department when the system is activated by a fire.

Other Monitoring:• Line Supervision – monitors line tampering• Power Supplies – monitors power

Dogs

•Expensive to maintain

•Legal issues(liability)

•They have a lack of judgement

GuardsPROS

Discernment - Able to use human judgmentMulti –functionalVisibility

CONSUnpredictableSubject to human errorCostAvailabilityReliabilityTraining

Tailgating/Piggybacking

• Following an authorized person through a locking device. Policy should forbid employees from allowing tailgating and security awareness efforts should describe this risk.

• Attackers attempting to tailgate often combine social engineering techniques, such as carrying large boxes, increasing the chances an authorized user will “help out” by holding the door open.

Turnstile

• designed to prevent tailgating by enforcing a “one person per authentication” rule, just as they do in subway systems. Secure data centers often use floor-to-ceiling turnstiles with interlocking blades to prevent an attacker from going over or under the turnstile.

• must be designed to allow safe egress in case of emergency. No system should require authentication for egress during emergencies.

*****Turnstiles can also be called a bafflegate

Mantraps

• a preventive physical control with two doors. The first door must close and lock before the second door may be opened. Each door typically requires a separate form of authentication to open; a common combination is PIN (Personal Identification Number) and biometrics. The intruder is trapped between the doors after entering the mantrap.

• must be designed to allow safe egress in case of emergency. No system should require authentication for egress during emergencies.

Electricity• Blackout: prolonged loss of power• Brownout: prolonged low voltage• Fault: short loss of power• Surge: prolonged high voltage• Spike: temporary high voltage• Sag: temporary low voltage• In-rush: initial surge of power• Transient: short duration of noise• Clean: no fluctuation; pure power• Noise: steady interference• Ground: the pathway to the earth to enable excessive voltage to dissipate;

one wire in circuit must be grounded• Power Line Monitor: detects frequency and voltage amplitude changes• Regulator: keeps voltage steady, power clean

Electricity – cont’d• Surge Protector - protect equipment from damage due to electrical surges.

They contain a circuit or fuse which is tripped during a power spike or surge, shorting the power or regulating it down to acceptable levels.

• Uninterruptible Power Supplies (UPS) - temporary backup power in the event of a power outage. They may also “clean” the power, protecting against surges, spikes, and other forms of electrical faults. UPSs provide power for a limited period of time, and can be used as a bridge to generator power.

• Generators - designed to provide power for long periods of times, and will run as long as fuel is available. Sufficient fuel should be stored onsite for the period the generator is expected to provide power. Refueling strategies should be considered. should not be placed in areas impacted by weather events contain complex mechanics; should be tested/serviced regularly

Electricity – cont’d• Common-Mode Noise – radiation generated by the charge difference between

hot and ground wire

• Transverse-Mode noise – (same as above) but between hot and neutral wire

• RFI - Radio Frequency Interference – noise generated from radio waves

• EMI - Electromagnetic Interference – magnetism emitted by any electric conductor: circuits, power cables, network cables… etc..

• Crosss Talk - occurs between poorly shielded network cables – impacts INTEGRITY and possibly CONFIDENTIALITY; can be mitigated via proper network cable management. Never route power cables close to network cables. Network cable choice can also lower crosstalk; Unshielded Twisted Pair (UTP)

cabling is far more susceptible than Shielded Twisted Pair (STP) or coaxial cable. Fiber optic cable uses light instead of electricity to transmit data, and is not

susceptible to EMI.

Electricity – cont’d

TEMPEST (Transient Electro-Magnetic Pulse Emanation Standards & Testing) – standard for controlling emanations emitted by electrical equipment

FARADAY – (Faraday Cage) – an enclosure formed by conductive material or by a mesh of such material. The enclosure blocks out external static electricity fields. (1500 volts from a static charge can cause data loss on a disk drive.)

HVACLatent Cooling – removes moistureSensible Cooling – removes heat (used in a data center)

Data Center humidity: 40-60%• Too high: condensation• Too low: static

Data Center temperature: 70-74F(can be higher if there is adequate air flow)

***USE ANTI-STATIC FLOORS

Positive Air Pressure - ensures higher air pressure inside than out. Air goes out the door when openned/ouside air does not come in (allows smoke to exit in the event of a fire)

Positive Drain – water flows out not in.

FIRE

Fire Triange: HEAT

OXYGEN FUEL

• Reduce Temerature• Reduce Oxygen Supply• Reduce Fuel Supply• Interfere with Chemical Reaction

FireU.S. Class Europe Class Material Suppression Agent A A Common Water or Soda Acid

Combustibles (wood and paper) B B Liquid Halon/halon substitiute,

CO2, or Soda acid

B C Flammable Gases Halon/halon substitute, CO2, or Soda acid

C E Electrical Halon/halon substitiute, CO2

D D Metals Dry powder K F Kitchen (oil or fat) Wet chemicals

Smoke DetectorsIonization – NO LIGHT; it measure particle change; radioactive source creates

small electrical chargePhotoelectric – BEAM OF LIGHT; contains LED (light emitting diode)

(Both alert when interrupted by smoke **Neither has “line of sight” limitation)

Aspirating – draws air into a sample chamberFlame Detectors – detects infrared or ultraviolet light emitted from a fire.

**Needs “line of sight”Heat Sensing – measures temperature change

• Fixed- temperature (lower rate of false alarm• Rate-of-rise

Flame Sensing – senses the “flicker” (infrared energy of the flame)Smoke Sensing – detects smokeAutomatic Dial-Up – calls fire dept. and plays a pre-recorded message

Suppression AgentsWater –the safest of all suppressive agents - removes heat; recommended for CLASS A.

***Cut electrical power when extinguishing a fire with waterSoda Acid (sodium bicarbonate mixed w/water - glass acid vial suspended on top) –

Breaking vial creates a gas and floats on top of the fire; removes heat, starves oxygen supply; CLASS A OR B

Dry Powder (such as sodium chloride) - removes heat and oxygen; smothers fire; Primarily used for CLASS D

Wet Chemical (potassium acetate mixed with water) - covers a grease or oil fire in a soapy film which lowers the temperature; primarily used for CLASS K.

CO2 – RISK: is it is odorless and colorless, and our bodies will breathe it as air. By the time we begin suffocating, it is often too late. Recommended for use in unstaffed areas. Requires special training for use; additional safety controls (such as oxygen tanks) are usually recommended. Removes the oxygen. Use for CLASS B or C

***A gas mask can not be used with CO2 – it sucks out the oxygen!!

Halon – interferes with the chemical reaction; breaks the triangle - see next slide

Halon/Halon ReplacementsMontreal Protocol (1987) –IS Cworldwide ban of ozone depleting CFC’s - amended in 1992

to establish a phase-out schedule (CARRIED OUT IN THE US AS PART OF THE CLEAN AIR ACT)

Halon and Halon Substitutes – causes a chemical reaction that consumes energy and lowers the temperature

• Argon – IG55• FE-13 – HFC23 - the newest of these agents, and comparatively safe; can be breathed in

concentrations of up to 30%. (Other types typically only safe up to 10-15% concentration.)

• FM-200 – HFC227 – the most commonly used• Inergen – IG541 – not halocarbon agent; it is an inert gas agent• CEA – 410• CEA – 308• NAS – S – III (HCFC Blend A)• Argonite – IG01

Trick Question:**HFC – 22 – (R-22) – refrigerant of choice – used in heat pumps and A/C units (a bi-

product of this is HFC-23)

Countdown Timer

CO2, halon, and halon substitutes such as FM-200 are considered gas-based systems. All gas systems should use a countdown timer (both visible and audible) before gas is released. This is primarily for safety reasons, to allow personnel evacuation before release. A secondary effect is to allow personnel to stop the release in case of false alarm.

SprinklersWet Pipe – has water right up to the sprinkler head which contains a metal or small glass bulb designed to melt or break at a specific temperature. The bulbs come in different colors, which indicate the trigger temperature:

• orange (135 °F/57 °C)• red (155 °F/68 °C)• yellow (175 °F/79 °C)• green (200 °F/93 °C)• blue (286 °F/141 °C)

Dry Pipe - also has a closed head, but filled with compressed air. Water is held back as long as sufficient air pressure remains in the pipes. As the sprinkler heads open, the air pressure drops allowing water to flow. Often used in areas where water may freeze, such as parking garages.

Deluge - similar to dry pipes, except the sprinkler heads are open and much larger. The pipes are empty at normal air pressure; the water is held back by a deluge valve. The valve is opened when a fire alarm triggers.

Pre-Action - a combination of wet, dry, or deluge systems, and require two separate triggers to release water. Single interlock systems release water into the pipes when a fire alarm triggers. The water releases once the head opens. Used in areas such as museums, where accidental discharge would be expensive.

Single interlock – releases waterDouble interlock - use compressed air (same as dry pipes): the water will not fill the pipes until both

the fire alarm triggers and the sprinkler head opens. Used in cold areas such as freezers to avoid frozen pipes.

Gas Discharge – usually installed under floor boards to smother a fire

Fire Extinguisher• All portable fire extinguishers should be marked with the type of

fire they are designed to extinguish.• Portable extinguishers should be small enough to be operated by

any personnel who may need to use one. This means those old brass monster extinguishers are not a recommended control.

• Use the “PASS” method to extinguish a fire with a portable fire extinguisher:

Pull the pin Aim low Squeeze the pin Sweep the fire

Evacuation

Safety Warden – ensures everyone is evacuated from the building

Meeting Point Leader – ensures everyone is accounted for

Emergency Procedure should include:• Shutdown procedure• Evacuation procedure• Employee Training/Drills• Equipment and System tesing

Fire Misc. Computer Systems are toast @ 175F Magnetc Storage is toast @ 100F Paper is toast @ 350F

Noncombustible – will not aid or add appreciable heat to an ambient flameFire Retardent – lessens or prevents the spread of a fireNon-flammable – will not burnFire Resistant – applicable for use in a computer room

Plenum Areas - wiring and cables should be strung in spaces above dropped ceilings, in wall cavities, and the space under raised floors. Only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.

Plenum Cables – do not release hazardous gass when burned.

Media Handling

Store media offsite.• Use bonded/insured companies• Site should be reasonable distance (accessible,

but not subject to the same natural disasters)Media should be securely cleaned/destroyed

before disposal – AVOID OBJECT REUSE (also a target of dumpster-diving)

Data RemovalRemanence – remnants of data left behind – data is still

there (deleting files or formatting a hard disk)Overwriting – writes over previous data – more secure than

deleting of reformatting – less secure than destructionDegausing – destroys the integrity by exposure to a

magnetic field (disks can usually no longer be formatted) Oersted - A unit of magnetic intensity equal to the intensity of a magnetic field in a vacuum. Coercivity - The amount of applied magnetic field (of opposite polarity) required to reduce magnetic induction to zero. The ease (or difficulty) by which magnetic media can be demagnetized. A tape with a rating of 1800 oersteds or higher will also be called a high coercivity tape.