Lesson 21 Explaining Physical Security

Question 1

Physical access

Answer 1

Physical access controls are security measures that restrict and monitor access to specific physical areas or assets.

Question 2

industrial camouflage

Answer 2

industrial camouflage to make buildings and gateways protecting high-value assets inconspicuous, or create high-visibility decoy areas to draw out potential threat actors.

Question 3

proximity reader

Answer 3

proximity reader to detect the presence of a physical token, such as a wireless key fob or smart card.

Question 4

turnstile

Answer 4

turnstile (a type of gateway that only allows one person through at a time)

Question 5

mantrap

Answer 5

mantrap is where one gateway leads to an enclosed space protected by another barrier

Question 6

Card cloning

Answer 6

Card cloning—this refers to making one or more copies of an existing card.

A lost or stolen card with no cryptographic protections can be physically duplicated.

Question 7

Skimming

Answer 7

Skimming—this refers to using a counterfeit card reader to capture card details, which are then used to program a duplicate.

ie) Skimmers installed on ATM machines.

Question 8

Malicious USB charging cables and plugs

Answer 8

Malicious USB charging cables and plugs -

A device may be placed over a public charging port at airports and other transit locations.

USB data blocker can provide mitigation against these juice-jacking attacks by preventing any sort of data transfer when the smartphone or laptop is connected to a charge point

Question 9

Alarm Systems and Sensors

Circuit

Answer 9

Circuit—a circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm.

This could be caused by a door or window opening or by a fence being cut. A closed-circuit alarm is more secure because an open circuit alarm can be defeated by cutting the circuit.

Question 10

Alarm Systems and Sensors

Motion detection

Answer 10

Motion detection—a motion-based alarm is linked to a detector triggered by any movement within an area (defined by the sensitivity and range of the detector), such as a room.

The sensors in these detectors are either microwave radio reflection (similar to radar) or passive infrared (PIR), which detect moving heat sources.

Question 11

Alarm Systems and Sensors

Noise detection

Answer 11

Noise detection—an alarm triggered by sounds picked up by a microphone.

Modern AI-backed analysis and identification of specific types of sound can render this type of system much less prone to false positives.

Question 12

Alarm Systems and Sensors

Proximity

Answer 12

Proximity—RFID tags and readers can be used to track the movement of tagged objects within an area.

This can form the basis of an alarm system to detect whether someone is trying to remove equipment.

Question 13

Alarm Systems and Sensors

Duress

Answer 13

Duress—this type of alarm is triggered manually by staff if they come under threat.

Question 14

AI and machine learning smart physical security:

Motion recognition

Answer 14

Motion recognition—the camera system might be configured with gait identification technology.

This means that the system can generate an alert when anyone moves within sight of the camera and the pattern of their movement does not match a known and authorized individual.

Question 15

AI and machine learning smart physical security:

Object detection

Answer 15

Object detection—the camera system can detect changes to the environment, such as a missing server, or an unknown device connected to a wall port.

Question 16

AI and machine learning smart physical security:

Robot sentries

Answer 16

Robot sentries—surveillance systems (and in some cases weapon systems) can be mounted on a wholly or partially autonomous robot

Question 17

AI and machine learning smart physical security:

Drones/UAV

Answer 17

Drones/UAV—cameras mounted on drones can cover wider areas than ground-based patrols

Question 18

air gapped

Answer 18

air gapped host is one that is not physically connected to any network.

Such a host would also normally have stringent physical access controls, such as housing it within a secure enclosure, validating any media devices connected to it, and so on.

An air gap within a secure area serves the same function as a demilitarized zone. It is an empty area surrounding a high-value asset that is closely monitored for intrusions. As well as being disconnected from any network, the physical space around the host makes it easier to detect unauthorized attempts to approach the asset.

Question 19

vault

Answer 19

vault is a room that is hardened against unauthorized entry by physical means, such as drilling or explosives.

Question 20

protected distribution system (PDS)

Answer 20

protected distribution system (PDS) - physically secure cabled network. There are two principal risks:

• An intruder could attach eavesdropping equipment to the cable (a tap).
• An intruder could cut the cable (Denial of Service).

A hardened PDS is one where all cabling is routed through sealed metal conduit and subject to periodic visual inspection.

Question 21

Faraday Cage

Answer 21

Faraday Cage - install communications equipment within a shielded enclosure. The cage is a charged conductive mesh that blocks signals from entering or leaving the area.

Question 22

hot aisle/cold aisle arrangement

Answer 22

hot aisle/cold aisle arrangement -

Servers are placed back-to-back not front-to-back, so that the warm exhaust from one bank of servers is not forming the air intake for another bank

Question 23

Fire suppression systems

Answer 23

Fire suppression systems work on the basis of the fire triangle.

The fire triangle works on the principle that a fire requires heat, oxygen, and fuel to ignite and burn.

Removing any one of those elements provides fire suppression (and prevention)

Question 24

Wet-pipe sprinklers

Answer 24

Wet-pipe sprinklers work automatically, are triggered by heat, and discharge water.

Wet-pipe systems constantly hold water at high pressure

Question 25

There are several alternatives to wet-pipe systems that can minimize the damage that may be caused by water flooding the room.

Answer 25

• Dry-pipe—these are used in areas where freezing is possible; water only enters this part of the system if sprinklers elsewhere are triggered.
• Pre-action—a pre-action system only fills with water when an alarm is triggered; it will then spray when the heat rises. This gives protection against accidental discharges and burst pipes and gives some time to contain the fire manually before the sprinkler operates.
• Halon—gas-based systems have the advantage of not short circuiting electrical systems and leaving no residue. The use of Halon has been banned.
• Clean agent—alternatives to Halon are referred to as “clean agent.” As well as not being environmentally damaging, these gases are considered nontoxic to humans. The gases both deplete the concentration of oxygen in the area and have a cooling effect. CO2 can be used too, but it is not safe for use in occupied areas

Question 26

Media sanitization and remnant removal

Answer 26

Media sanitization and remnant removal

erasing data from hard drives, flash drives/SSDs, tape media, CD and DVD ROMs before they are disposed of or put to a different use. Paper documents must also be disposed of securely.

Question 27

Data remnants

Answer 27

Data remnants can be dealt with either by destroying the media or by purging it (removing the confidential information but leaving the media intact for reuse).

Question 28

One approach to sanitization is to destroy the media, rendering it unusable. There are several physical destruction options:

Answer 28

• Burning—incineration is an effective method for all media types, so long as it is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
• Shredding and pulping—most media can be shredded. Pulping the shredded remains with water or incinerating them provides an extra measure of protection.
• Pulverizing—hitting a hard drive with a hammer can leave a surprising amount of recoverable data, so this type of destruction should be performed with industrial machinery.
• Degaussing— exposing a hard disk to a powerful electromagnet disrupts the magnetic pattern that stores the data on the disk surface. Note that SSDs, flash media, and optical media cannot be degaussed, only hard disk drives.

Question 29

Files deleted from a magnetic-type hard disk

Answer 29

Files deleted from a magnetic-type hard disk are not erased. Rather, the sectors are marked as available for writing and the data they contain will only be removed as new files are added.

Question 30

standard method of sanitizing an HDD

Answer 30

The standard method of sanitizing an HDD is called overwriting.

This can be performed using the drive’s firmware tools or a utility program. The most basic type of overwriting is called zero filling, which just sets each bit to zero.

Question 31

Single pass zero filling

Answer 31

Single pass zero filling can leave patterns that can be read with specialist tools.

A more secure method is to overwrite the content with one pass of all zeros, then a pass of all ones, and then a third pass in a pseudorandom pattern

Question 32

Secure Erase (SE) command

Answer 32

Secure Erase (SE) command. This command can be invoked using a drive/array utility or the hdparm Linux utility.

On HDDs, this performs a single pass of zero filling.

On SSDs, the SE command marks all blocks as empty. A block is the smallest unit on flash media that can be given an erase command.

Question 33

Instant Secure Erase (ISE)

Answer 33

Instant Secure Erase (ISE)

HDDs and SSDs that are self-encrypting drives (SEDs) support another option, invoking a SANITIZE command to perform a cryptoerase.

With an SED, all data on the drive is encrypted using a media encryption key.