Physical Security - PowerPoint PPT Presentation

1 / 59
About This Presentation
Title:

Physical Security

Description:

Physical Security Chapter 8 * Argon systems are designed to reduce the oxygen content to about 12.5 percent, which is below the 15 percent needed for the fire, but is ... – PowerPoint PPT presentation

Number of Views:508
Avg rating:3.0/5.0
Slides: 60
Provided by: DeeM8
Category:

less

Transcript and Presenter's Notes

Title: Physical Security


1
Physical Security
  • Chapter 8

2
Objectives
  • Define basic terminology associated with social
    engineering.
  • Describe steps organizations can take to improve
    their security.
  • Describe common user actions that may put an
    organizations information at risk.
  • Recognize methods attackers may use to gain
    information about an organization.
  • Determine ways in which users can aid instead of
    detract from security.

3
Key Terms
  • Access control
  • Access tokens
  • Autorun
  • Biometrics
  • BIOS passwords
  • Bootdisk
  • Closed circuit television (CCTV)
  • Contactless access cards
  • Drive imaging

4
Key Terms (continued)
  • False negative
  • False positive
  • Layered access
  • LiveCD
  • Mantrap
  • Multiple-factor authentication
  • Policies and procedures
  • Smart cards
  • USB devices

5
The Security Problem
  • The problem that faces professionals charged with
    securing a companys network can be stated rather
    simply
  • Physical access negates all other security
    measures.
  • No matter how impenetrable the firewall and
    intrusion detection system (IDS), if an attacker
    can find a way to walk up to and touch a server,
    he can break into it.

6
The Security Problem (continued)
  • Physically securing information assets doesnt
    mean just the servers it means protecting
    physical access to all the organizations
    computers and its entire network infrastructure.

7
The Security Problem Illustrated
8
Using a Lower Privilege Machine to Get Sensitive
Information
9
Bootdisks
  • Any media used to boot a computer into an
    operating system that is not the native OS on its
    hard drive could be classified as a bootdisk.
    These can be in the form of a floppy disk, CD,
    DVD, or a USB flash drive.
  • Boot floppy disks can be used to attack machines
    with floppy drives.
  • Utilities can be installed on the disk to allow
    for the stealing of password files and other
    information.

10
(No Transcript)
11
LiveCDs
  • A LiveCD contains a bootable version of an entire
    operating system.
  • This is typically a variant of Linux, complete
    with drivers for most devices.
  • LiveCDs give an attacker a greater array of tools
    than could be loaded onto a floppy disk.
  • These tools include scanners, sniffers,
    vulnerability exploits, forensic tools, drive
    imagers, password crackers, and more.

12
A Sample of LiveCDs
13
(No Transcript)
14
The Autorun Feature
15
(No Transcript)
16
Drive Imaging
  • Drive imaging is the process of copying the
    entire contents of a hard drive to a single file
    on a different media.
  • This process is often used by people who perform
    forensic investigations of computers.
  • A bootable media is used to start the computer
    and load the drive imaging software.
  • It makes a bit-by-bit copy of the hard drive or
    other attached media.
  • There will be no record of the copy being made.

17
Drive Imaging (continued)
  • The information obtained from drive imaging
    contains every bit of data that is on the
    computer any locally stored documents, locally
    stored e-mails, and every other piece of
    information that the hard drive contains.
  • This data could be very valuable if the machine
    holds sensitive information about the company.
  • Encrypting files or the drive provides
    protection.
  • Storing files on a files server can also help.

18
Physical Security Safeguards
  • Walls and guards
  • Policies and procedures
  • Access control and monitoring
  • Environmental controls
  • Fire suppression

19
Walls and Guards
  • The primary defense against a majority of
    physical attacks are the barriers between the
    assets and a potential attackerwalls, fences,
    gates, and doors.
  • Some employ private security staff to attempt to
    protect their assets.

20
Walls
  • The most valuable assets should be contained on
    company servers.
  • To protect the physical servers, you must look in
    all directions
  • Doors and windows should be safeguarded and a
    minimum number of each should be used in a server
    room.
  • Is there a drop ceiling?
  • Is there a raised floor?

21
Guards
  • Guards are a visible presence with direct
    responsibility for security, so they provide an
    excellent security measure.
  • Guards can monitor entrances and exits and can
    maintain access logs of who has entered and
    departed the building.
  • Everyone who passes through security as a visitor
    should sign the log. It can be useful in tracing
    who was at what location and why.

22
Gated Access, Cameras, and a Guardhouse
23
Policies and Procedures
  • Physical security policies and procedures relate
    to two distinct areas
  • Those that affect the computers themselves
  • Those that affect users

24
Computer Policies
  • Remove/disable the floppy disk system.
  • Remove/disable the optical drive system.
  • If that is not possible, remove the device from
    the boot menu and set a BIOS password.
  • Disallow USB drive keys, either with active
    directory or registry settings.
  • If that is not possible, implement aggressive
    anti-malware scanning.

25
Computer Policies (continued)
  • Lock up equipment that contains sensitive data.
  • Train all employees
  • To challenge strangers
  • To follow procedures
  • To lock workstations before leaving them

26
Access Controls and Monitoring
  • Access control means having control of doors and
    entry points.
  • Locks
  • Layered access systems
  • Electronic door control systems
  • Closed circuit television (CCTV)

27
Layered Access
  • To help prevent an attacker from gaining access
    to important assets, these assets should be
    placed inside multiple perimeters.
  • Access to the server room should be limited to
    staff with a legitimate need to work on the
    servers.
  • Area surrounding the server room should also be
    limited to people who need to work in that area.

28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
Closed Circuit Television (CCTV)
  • Closed circuit television (CCTV) cameras are
    similar to the door control systemsthey can be
    very effective, but how they are implemented is
    an important consideration.
  • Carefully consider camera placement and the type
    of cameras used.
  • Different iris types, focal lengths, and color or
    infrared capabilities are all options that make
    one camera superior over another in a specific
    location.

32
(No Transcript)
33
Environmental Controls
  • Sophisticated environmental controls are needed
    for current data centers.
  • Fire suppression is also an important
    consideration when dealing with information
    systems.
  • Heating ventilating and air conditioning (HVAC)
    systems are critical for keeping data centers
    cool.
  • Typical servers put out between 1000 and 2000
    BTUs of heat.
  • The failure of HVAC systems for any reason is
    cause for concern.
  • Properly securing these systems is important in
    helping prevent an attacker from performing a
    physical DoS attack on your servers.

34
Fire Suppression
  • The ability to respond to a fire quickly and
    effectively is critical to the long-term success
    of any organization.
  • The goalnever to have a firehowever, in the
    event that one does occur, mechanisms are in
    place to limit the damage the fire can cause.

35
Fire Suppression Systems
  • Water-based
  • Halon-based
  • Clean-agent
  • Handheld fire extinguishers

36
Water-based Fire Suppression
  • Have long been and still are the primary tool to
    address and control structural fires.
  • Electrical equipment does not react well to large
    applications of water
  • It is important to know what to do with equipment
    if it does become subjected to a water-based
    sprinkler system.

37
Halon-based Fire Suppression
  • A fire needs fuel, oxygen, and high temperatures
    for the chemical combustion to occur.
  • If you remove any of these, the fire will not
    continue.
  • Halon interferes with the chemical combustion
    present in a fire.
  • They were originally popular because halon will
    mix quickly with the air in a room, and will not
    cause harm to computer systems.
  • Halon is also dangerous to humans.

38
Clean-Agent Fire Suppression
  • Clean-agent fire suppression systems not only
    provide fire suppression capabilities, but also
    protect the contents of the room, including
    people, documents, and electronic equipment.
    Examples of clean agents include
  • Carbon dioxide
  • Argon
  • Inergen
  • FM-200 (heptafluoropropane)

39
Clean-Agent Fire Suppression (continued)
  • CO2 displaces oxygen so that the amount of oxygen
    remaining is insufficient to sustain the fire.
  • Also provides some cooling in the fire zone and
    reduces the concentration of gasified fuel.
  • Argon extinguishes fire by lowering the oxygen
    concentration below the 15 percent level required
    for combustible items to burn.

40
Clean-Agent Fire Suppression (continued)
  • Inergen, a product of Ansul Corporation, is
    composed of three gases 52 percent nitrogen, 40
    percent argon, and 8 percent carbon dioxide.
  • Inergen systems reduce the level of oxygen to
    about 12.5 percent, which is sufficient for human
    safety but not sufficient to sustain a fire.

41
Handheld Fire Extinguishers
  • If a fire can be caught and contained before the
    automatic systems discharge, it can mean
    significant savings to the organization in terms
    of both time and equipment costs (including the
    recharging of the automatic system).
  • There are four different types of fire, as shown
    in the next slide.

42
Handheld Fire Extinguishers (continued)
43
Fire Detection Devices
  • An essential complement to fire suppression
    systems and devices are fire detection devices
    (fire detectors).
  • Detectors may be able to detect a fire in its
    very early stages.

44
Fire Detectors
  • There are several different types of fire
    detectors.
  • Smoke activated
  • Ionization Detects ionized particles caused by
    fire
  • Photoelectric Detects degradation of light from
    smoke
  • Heat activated
  • Fixed-temperature Alerts if temperature exceeds
    a pre-defined level
  • Rate-of-rise temperature Detects sudden
    increases in temperature
  • Flame activated
  • Relies on the flames from the fire to provide a
    change in the infrared energy that can be
    detected

45
(No Transcript)
46
Authentication
  • Authentication is the process by which a user
    proves that she is who she says she is.
  • Authentication is performed to allow or deny a
    person access to a physical space.
  • The heart of any access control system is to
    allow access to authorized users and to make sure
    access is denied to unauthorized people.

47
Access Tokens
  • Access tokens are defined as something you
    have. An access token is a physical object that
    identifies specific access rights. Your house
    key, for example, is a basic physical access
    token that allows you access into your home.
  • The primary drawback of token-based
    authentication is that only the token is being
    authenticated. Therefore, the theft of the token
    could grant anyone who possessed the token access
    to what the system protects.

48
(No Transcript)
49
Biometrics
  • Biometrics use the measurements of certain
    biological factors to distinguish one specific
    person from others. These factors are based on
    parts of the human body that are unique. The most
    well known of these unique biological factors is
    the fingerprint.
  • False positives and false negatives are two
    issues with biometric scanners.

50
(No Transcript)
51
(No Transcript)
52
False Positives
  • A false positive occurs when a biometric is
    scanned and allows access to someone who is not
    authorizedfor example, two people who have very
    similar fingerprints might be recognized as the
    same person by the computer, which grants access
    to the wrong person.

53
(No Transcript)
54
(No Transcript)
55
False Negatives
  • A false negative occurs when the system denies
    access to someone who is actually authorizedfor
    example, a user at the hand geometry scanner
    forgot to wear a ring he usually wears and the
    computer doesnt recognize his hand and denies
    him access.

56
(No Transcript)
57
Other Issues with Biometrics
  • Another concern with biometrics is that if
    someone is able to steal the uniqueness factor
    that the machine scansyour fingerprint from a
    glass, for exampleand is able to reproduce that
    factor in a substance that fools the scanner,
    that person now has your access privileges.
  • Another problem with biometrics is that parts of
    the human body can change.

58
Multiple-factor Authentication
  • Multiple-factor authentication is simply the
    combination of two or more types of
    authentication. Three broad categories of
    authentication can be used what you are (for
    example, biometrics), what you have (for
    instance, tokens), and what you know (passwords
    and other information).

59
Chapter Summary
  • Define basic terminology associated with social
    engineering.
  • Describe steps organizations can take to improve
    their security.
  • Describe common user actions that may put an
    organizations information at risk.
  • Recognize methods attackers may use to gain
    information about an organization.
  • Determine ways in which users can aid instead of
    detract from security.
Write a Comment
User Comments (0)
About PowerShow.com