Transcript Physical Security Katie Parker and Robert Tribbia Computer Security

Physical Security

Katie Parker and
Robert Tribbia

Computer Security

Fall 2008
Physical Security

Prevent attacks from accessing a facility,
resource, or information stored on physical
media
Two Main Things to Protect Against
Human Attack
Natural Disasters
Human Attacks

Attacks from outside
– Thieves/burglars
– Hackers
– Former employee

Attacks from inside
– Current angry or
disgruntled employee
– Agent for hire
Five Layers of Physical Security
Environmental deterrents
 Mechanical deterrents
 Surveillance deterrents
 Human deterrents
 Proper employee training

Environmental Deterrents

Primarily for outside attacks

High walls, fences

Used to deter less motivated attackers
Mechanical Deterrents

Can range from simple ID card to hightech biometrics

Locked gates, key cards

Access control
Surveillance Deterrents

Used to help prevent
future attacks and
provide information on
past attacks

Cameras, microphones,
detection systems

CCTV/cameras can help
deter “shoulder surfing”
Human Deterrents
Can be used to prevent both outside and
inside attacks
 Security guards and checkpoints – outside
 Reception desks and the employees (when
trained)- inside
 One is not enough!

True Story

2 attackers obtained entry to data center

Security guard wasn’t at post, one
employee on duty

Attackers beat employee and used
employee to gain access to equipment
Employee Training
Common problem is laziness
 Train employees to always:

– Lock all unattended workstations
– Turn monitors away from common areas
– Shred sensitive documents
– Lock laptops
 Stolen laptops are becoming a big security issue
Social Engineering

Tricking people into
giving confidential
information or
granting access

Several different
methods
– Pretexting
– Baiting
– Quid pro quo
Pretexting
Using a invented scenario to convince the victim
to give up personal information or do some
action
 Justin Long’s character in Live Free or Die Hard;
car

Baiting
Attacker puts harmful
virus/malware on a
device
 Leave device in public
place with legitimate
title
 Victim uses device
and uploads the
malware to system

Quid Pro Quo

“Something for something”

Attacker offers help with problem, but
while helping, hurts too

The Italian Job- Becky the cablewoman
Dumpster diving

Searching through the trash for valuable
information that is still intact

Prevent by:
– Thoroughly shredding all important data
Regular old theft

Mission Impossible

Katie’s work application
Natural Disasters

Risk Assessment
– See what problems are the most likely for
your location and guard against them
– Example: in Tallahassee, don’t really need to
worry about earthquakes, so don’t spend
money protecting against them
Natural disasters
Fire
 Fire can destroy
computer hardware
 Prevent with:

– Smoke detectors
– Fire alarms
– Fire extinguishers
Other Natural Disasters

Liquid damage
– Keep sensitive equipment
on 2nd floor or higher
– Don’t run water pipes
through or near rooms with
susceptible equipment

Earthquakes
– Support with gel padding
and springs

Lightning
– Faraday cages
– Generators