Physical Security Katie Parker and Robert Tribbia Computer Security
Download
Report
Transcript Physical Security Katie Parker and Robert Tribbia Computer Security
Physical Security
Katie Parker and
Robert Tribbia
Computer Security
Fall 2008
Physical Security
Prevent attacks from accessing a facility,
resource, or information stored on physical
media
Two Main Things to Protect Against
Human Attack
Natural Disasters
Human Attacks
Attacks from outside
– Thieves/burglars
– Hackers
– Former employee
Attacks from inside
– Current angry or
disgruntled employee
– Agent for hire
Five Layers of Physical Security
Environmental deterrents
Mechanical deterrents
Surveillance deterrents
Human deterrents
Proper employee training
Environmental Deterrents
Primarily for outside attacks
High walls, fences
Used to deter less motivated attackers
Mechanical Deterrents
Can range from simple ID card to hightech biometrics
Locked gates, key cards
Access control
Surveillance Deterrents
Used to help prevent
future attacks and
provide information on
past attacks
Cameras, microphones,
detection systems
CCTV/cameras can help
deter “shoulder surfing”
Human Deterrents
Can be used to prevent both outside and
inside attacks
Security guards and checkpoints – outside
Reception desks and the employees (when
trained)- inside
One is not enough!
True Story
2 attackers obtained entry to data center
Security guard wasn’t at post, one
employee on duty
Attackers beat employee and used
employee to gain access to equipment
Employee Training
Common problem is laziness
Train employees to always:
– Lock all unattended workstations
– Turn monitors away from common areas
– Shred sensitive documents
– Lock laptops
Stolen laptops are becoming a big security issue
Social Engineering
Tricking people into
giving confidential
information or
granting access
Several different
methods
– Pretexting
– Baiting
– Quid pro quo
Pretexting
Using a invented scenario to convince the victim
to give up personal information or do some
action
Justin Long’s character in Live Free or Die Hard;
car
Baiting
Attacker puts harmful
virus/malware on a
device
Leave device in public
place with legitimate
title
Victim uses device
and uploads the
malware to system
Quid Pro Quo
“Something for something”
Attacker offers help with problem, but
while helping, hurts too
The Italian Job- Becky the cablewoman
Dumpster diving
Searching through the trash for valuable
information that is still intact
Prevent by:
– Thoroughly shredding all important data
Regular old theft
Mission Impossible
Katie’s work application
Natural Disasters
Risk Assessment
– See what problems are the most likely for
your location and guard against them
– Example: in Tallahassee, don’t really need to
worry about earthquakes, so don’t spend
money protecting against them
Natural disasters
Fire
Fire can destroy
computer hardware
Prevent with:
– Smoke detectors
– Fire alarms
– Fire extinguishers
Other Natural Disasters
Liquid damage
– Keep sensitive equipment
on 2nd floor or higher
– Don’t run water pipes
through or near rooms with
susceptible equipment
Earthquakes
– Support with gel padding
and springs
Lightning
– Faraday cages
– Generators