Physical Security - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Physical Security

Description:

Physical Security Wilfridus Bambang Triadi Handaya Wilfridus.bambang_at_gmail.com * * * * * * * * * * Types of Threats Human Intrusion Attackers looking to perform some ... – PowerPoint PPT presentation

Number of Views:501
Avg rating:3.0/5.0
Slides: 21
Provided by: wam89
Category:

less

Transcript and Presenter's Notes

Title: Physical Security


1
Physical Security
Wilfridus Bambang Triadi Handaya Wilfridus.bambang
_at_gmail.com
2
Types of Threats
  • Human Intrusion
  • Attackers looking to perform some sort of damage
    or obtain useful information
  • Natural Disasters
  • Fire
  • Flood
  • Earthquake/Seismic Vibrations
  • Power Outages/Fluctuations

3
Physical Protection from Human Intrusion
  • One example why physical security should be taken
    very seriously
  • The only tools you need to break into an
    unsecured PC
  • BIOS password can be bypassed.
  • Remove the machines hard drive and put it in
    another machine
  • Reset the BIOS password via jumpers on the
    motherboard
  • Simply remove the CMOS battery to reset
  • Once accomplished, boot off CD or floppy (in this
    example, KNOPPIX), and copy.
  • A Phillips-head screwdriver
  • USB Thumbdrive or an external hard drive
  • Knoppix CD
  • Knoppix Floppy

4
Physical Protection from Human Intrusion (contd)
  • Resetting admin passwords has never been easier
  • Using Rescue CD
  • Using 3rd party tools/cd
  • Hiren, ntpassword,etc.

5
Risk Assessment
  • Determine your primary threats and act
    accordingly
  • While their susceptibility of attack is the same,
    the large company will house more profitable
    information and technology.
  • FBI statistics indicate that approximately 72 of
    all thefts, fraud, sabotage, and accidents are
    caused by a companys own employees.
  • Only about 5 is done by external sources.

6
The How-Tos of Protection
  • Guarding the Outer Perimeter
  • Disguise
  • Out of sight, out of mind
  • If disguising is not possible
  • High fences
  • Barbed wire
  • Round-the-clock security guard
  • Security Cameras
  • Motion Sensors

7
Samples
8
Samples (contd)
  • Canadian Embassy in Washington, D.C. showing
    planters being used as vehicle barriers, and
    barriers and gates along the vehicle entrance

9
  • The Workstations
  • Workstations should ALWAYS be logged off or
    locked out whenever unattended
  • Screens positioned such that they cannot be seen
    through the windows
  • Hackers with telescopes to record keystrokes
  • Workstations should be secured and physically
    locked while unattended
  • Steel cable that runs through the computer case
    and attaches to an anchor to prevent the tower
    from being removed

10
  • Safeguarding the Computer Rooms
  • Keep the doors locked
  • Tuck networking cables out of sight
  • Keep networking cables inaccessible from outside
    room
  • Secure items in the room according to value
  • Intrusion detection systems
  • Ensure walls extend to the physical ceiling
    versus ceiling panels
  • Attackers can gain access to the room via scaling
    the wall
  • Access Control Methods
  • Biometrics
  • Key Card access w/ PIN s
  • Security Guard presence at all times
  • Watchdogs if the assets merit
  • Security Cameras

11
  • Control the flow of people in the building
  • Employee and visitor badges
  • Access restricitions to visitors and maintenance
  • Any unscheduled dropoffs or deliveries should be
    verified with vendors
  • You dont want the wrong people getting in

12
Physical Protection from Natural Disasters
  • Physical security is more than "guns, gates and
    guards"
  • Risk Assessment
  • Proper security solutions require a proper threat
    assessment
  • The likelihood of tsunamis is very low in Phoenix

13
Security Mechanisms
  • Fire
  • Extinguishers
  • Carbon Dioxide
  • Harmful to Humans
  • Halon
  • Preferred Choice, but very expensive to refill
  • Binds with available oxygen molecules to starve
    the fire
  • Harmful to the ozone
  • Inergen
  • Safer and cleaner alternative to Halon
  • Allows a breathable atmosphere and starvation of
    the atmosphere without ozone harm

14
Fire Detectors/Alarms
  • Detectors
  • VESDA
  • Very Early-warning Smoke Detection Apparatus

15
Fire Detectors/Alarms (contd)
  • smoke detection
  • optical detection (photoelectric)
  • physical process (ionization)

16
Fire Detectors/Alarms (contd)
  • Dry pipe suppression
  • same purpose as fire hydrants

17
  • Flood/Water
  • Go to the high ground
  • Locate sensitive equipment on the second story or
    above
  • Dont allow water pipes to run through or around
    computer room

18
  • Earthquake/Seismic Vibrations
  • Common sources
  • Airports, railroads, major thoroughfares,
    industrial tools, and road construction
  • Common solutions involve supporting the
    foundation of computers with springs, gel-filled
    mats, or rubber pads.
  • THE most effective solution
  • Dont position your data center near a source of
    seismic vibrations

19
  • Power Outages/Fluctuations
  • UPS
  • Large solutions available to large power
    consumption
  • Generator
  • When UPS just isnt enough
  • Extreme Temperature/Humidity
  • Control must be maintained over the environment
  • Larger computers run hotter and thus more
    susceptible to heat in the room
  • Humidity problems with moisture developing on the
    inside of the machine
  • Redundant HVAC unit (Heating, Ventilation, and
    Air Conditioning)

20
Bibliography
  • http//www.servepath.com/why/datacenter.htm
  • http//searchsecurity.techtarget.com/tip/1,289483,
    sid14_gci993832,00.html
  • http//www.servepath.com/why/datacenter.htm
  • http//www2.fpm.wisc.edu/safety/gsp/Fire20Suppres
    sion20Systems.html
  • http//www.reliablefire.com/inergenfolder/inergen.
    html
  • http//www.reliablefire.com/vesdafolder/vesdalaser
    plus.html
  • http//www.sans.org/rr/whitepapers/physcial/
  • http//www.servepath.com/why/datacenter.htm
  • http//en.wikipedia.org/wiki/Computer_security
  • http//security.uchicago.edu/docs/physicalsec.shtm
    l
  • http//searchsecurity.techtarget.com/generic/0,295
    582,sid14_gci1131341,00.html?tracktop10oct
  • http//searchsecurity.techtarget.com/originalConte
    nt/0,289142,sid14_gci1131405,00.html?tracktop10oc
    t
  • http//www.cccure.org/Documents/HISM/675-680.html
  • https//my.tennessee.edu/portal/page?_pageid40,38
    376_dadportal_schemaPORTAL
  • http//www.securityfocus.com/archive/101/383003
Write a Comment
User Comments (0)
About PowerShow.com