Physical Security

Chapter 9

Physical Security “encompasses the design, implementation and maintenance of counter measures that protect the physical resources of an organization including the people, hardware, mission, storage, and processing”

Major Sources of Physical Loss 1.

2.

3.

4.

5.

6.

7.

Extreme temperature Gases – includes humidity or dry air Liquids – includes water Living organisms – viruses, bacteria, animals, people Projectiles Movement – shaking, vibrating Energy anomalies

Security Facility Controls      Wall, Fencing, and Gates Guards Dogs ID Cards and Badges Locks and Keys      Mechanical Electromechanical Manual Electronic (sensors) Biometric locks

Security Facility Controls      Mantraps  Small enclosure  Entry point & different exit point  Does not allow access if break-in Electronic Monitoring Alarms & Alarm Systems Computer Rooms and Wiring Closets   Require special attention Overlooked Interior Walls and Doors

Fire Security and Safety   Fire suppression system  Water & water mist system   Lower temperature  Wet material Carbon dioxide systems (rob fire of oxygen)   Soda acid (deny fire of fuel) Gas-based – Halon (disrupt fire’s chemical reaction) Fire Detection Systems  Thermal detection    Smoke detection Air-aspirating systems Flame detector

Portable Extinguishers  Direct application of suppression is preferred  Fixed apparatus is impractical  Rated by type of fire they combat  Class A  Wood, paper, textiles, rubber, cloth, and trash  Interrupt the ability of fuel to ignite

Portable Extinguishers  Class B  Solvents, gasoline, paint, lacquer, and oil  Remove oxygen from the air  Class C  Electrical equipment and appliance  Non-conducting agents  Class D  Metals, magnesium, lithium, and sodium  Special extinguishing agents and techniques

Manual & Automatic Fire Response    Wet-pipe   Pressurized water in all pipes Some form of valve in each protected area  System activated – valves are opened Dry-pipe     Work in areas where electrical equipment is used Air hold valves closed Fire is detected – sprinkler heads activated Deluge system  Individual sprinkler heads are kept open  System activated  Pre-action  Water mist Gaseous Emission

Failure of Supporting Utilities Structural Collapse  Heating, Ventilation, & Air Condition  Temperature and Filtration  Optimal temperature = 70-74  Humidity And Static Electricity  Low humidity can cause static electricity  Optimal 40-60%  Ventilation Shafts  Now – generally 12” in diameter

Failure of Supporting Utilities Structural Collapse  Power Management and Conditioning  Grounding and Amperage  Uninterruptible Power Supply  Emergency Shutoff  Water Problems  Structural Collapse  Maintenance of Facilities Systems

Interception of Data   Direct observation  Individuals must be close enough to breach confidentiality  Risk when info is moved from protected place Interception of data transmission  Internet a real problem  Direct wiretap  Wireless  Laws dealing with wiretap do not apply to wireless  No expectation of privacy with radio-based communications

Interception of Data   Electromagnetic interception    Monitoring electromagnetic activity Put back together Not proven it can be done  Hoax TEMPEST  Reduce the risk of EMR monitoring    Ensure computers placed as far as possible from outside perimeters Installing special shielding inside CPU case Maintaining distances from plumbing and other infrastructure

Mobile and Portable Systems     Requires more monitoring than in-house Loss of system = loss of access Tracking technology now available Telecommuting and remote access   Information traveling through often unsecure connections Many employers do not supply secure connections

Mobile and Portable Systems  Hotel rooms  Presume unencrypted transmissions being monitored  Notebooks lost or stolen  Leased facilities  Who is attached to network  Advanced authentication systems strongly recommended