Physical / Environmental Security Flashcards

(40 cards)

1
Q

Threat Mitigation Technique

Internal

A

Address insider threats, from those who already have access

i.e. A door lock on server room is designed to keep out those already in the building

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threat Mitigation Technique

External

A

Addresses perimeter security, or access to building or room from outsiders

i.e.
Electric fence surrounding the facility designed to keep out those who don’t have access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Geographical Threats

A

Hurricane / Tropical Storm
Location of facility should dictate how much is spent in mitigating possible damages

Tornadoes
Rate and severity of tornadoes in an area from historical perspective help determine protective measures

Earthquakes
Treated same way as hurricanes

Floods
Can occur anywhere. Keep computing systems off the floor, Build server rooms and wiring closets on raised floors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Electrical threats

A

all mission critical systems should be on a UPS

use onsite generators for longer term

maintain 40-60% relative humidity around equipment

use line conditioners to maintain clean, steady power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Communications

A

Maintain fault-tolerant connections to internet

know contact phone numbers for employee notifications

Establish radio communications over entire compass with repeater antennas to provide comms during emergencies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Man-made threats

explosions
fire
vandalism

A

Explosions
prevent access to areas where explosions could cause serious damage

Fire
all walls should have 2 hour minimum fire rating
deploy auxiliary station alarm
use proper extinguisher / suppression system

Vandalism
ensure critical components are inaccessible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Man-made threats

Fraud
Theft
Collusion

A

Fraud
prevent physical access to critical systems

Theft
Prevent physical access to facility

Collusion
can be caused by separation of duties. Consider the tradeoff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Politically Motivated Threats

Strikes
Riots
Civil disobedience
Terrorist acts
Bombing
A

Strikes
can cost productivity and hurt image of company

Riots
Enterprise is seen as willing participant in some perceived slight

Civil Disobedience
physical security of facility becomes important in case action is taken against facility

Terrorist acts
includes emergency planning to address terrorism
reactions should be rehearsed

Bombing
evacuation plans should address terrorist threats and bombings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Site and Facility Design

Layered Defense Model

A

Reliance should not be based on any single physical security concept but on the use of multiple approaches that support one another

Permiter-Network-Host-Application-Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CPTED

Crime Prevention Through Environmental Design

3 main strategies

A

Design facility from ground up to support security

Natural Access Control
place doors, lights, fences, landscaping to satisfy security goals in least obtrusive and appealing way possible

Natural Surveillance
Promotes visibility of all areas to discourage crime

Natural Territorials Reinforcement
Promotes feeling of community, tries to extend sense of ownership to employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Physical Security Plan Goals

A

Deter criminal activity

delay intruders

detect intruders

asses situation - id specific personnel, actions to take when event occurs

respond to intrusions and disruptions - anticipate and develop responses to intruders and disruptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Facility Selection Issues

A

Visibility - amount depends on organization and processes being done by facility

surrounding areas and external entities - consider nature and operations of surrounding businesses, and people they attract

accessibility - how easily can employees access facility

construction - what are support systems built into the building

internal compartments - are there drop ceilings in rooms that need to be secured?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Computer and Equipment rooms

A

should be locked and secured

should be in center of building
have single point of entry
avoid top floors of buildings and the basement
install and test fire detection and suppressions systems
install raised flooring
install separate power supplies
use only solid doors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Perimeter Security

Concentric Circle Approach

A

Perimeter fence
Exterior door
Office door
Locked cabinet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Perimeter Security

Protection from vehicles

A

Bollards in front of doorways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Perimeter Security

Fences and Gates

A

Fences

3-4 foot tall fences - casual intruders
6-7 foot fences - too tall to climb easily
8 foot and taller - deter more determined people

Gates
Class 1 - Residential
Class 2 - Commercial
Class 3 - Industrial
Class 4 - Restricted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Perimeter Security

Intrusion Detection Systems

A

Infrared - changes in heat waves

Electromechanical - detect break in electrical circuit

Photometric or Photoelectric - detect changes in light, used in windowless areas

Acoustical - microphones detect sounds

Wave Motion - generate wave pattern and detect any motion that disturbs it

Capacitance Detector - emits magnet field and monitors it

CCTV - cameras for real time view and/or recording

18
Q

Perimeter Security

Lighting Systems

A

Continuous Lighting - array of lights producing even amount of illumination across an area

Standby Lighting - illuminates only at certain times or on a schedule

Movable Lighting - can be repositioned as needed

Emergency Lighting - have own power source for use when general power is out

19
Q

Perimeter Security

Types of Lighting

A

Fluorescent - low pressure mercury vapor gas-discharge lamp

Mercury Vapor - gas discharge, electronic arc through vaporized mercury

Sodium Vapor - gas discharge, uses excited sodium to produce light

Quartz lamps - UV light source like mercury vapor contained in fused silica bulb that transmits UV light with little absorption

20
Q

Perimeter Security

Patrol Force
Access Control

A

Guards can use discriminating judgement which automated systems cannot do

Every successful and unsuccessful attempt to enter facility should record:
date and time
specific entry point
use ID employed during attempt

21
Q

Building and Internal Security

Doors

A

Vault Doors - lead into walk-in safes or security rooms

Personnel Doors - used by people to enter facility

Industrial Doors - large doors for vehicles

Vehicle access doors - doors to parking building or lots

Bullet resistant doors - for withstanding firearms

22
Q

Building and Internal Security

Electronic Locks

A

Electric locks or cipher locks use a keypad

Proximity Authentication device uses programmable card to deliver access code

These devices typically have these EAC (Electronic Access Control) components

Electromagnetic lock
Credential reader
Closed door sensor

23
Q

Building and Internal Security

Mantraps

A

2 doors that hold a person in small room until they’re verified before opening the second door

24
Q

Building and Internal Security

Warded locks

A

Key must pass through the wards to unlock

25
Building and Internal Security Tumbler locks
If the key is the right pattern, tumblers fall into right place and open the door
26
Building and Internal Security Combination locks
Turn the dial left and right to align studs and pins
27
Building and Internal Security Glass entries
Standard - used for residential, easily broken Tempered glass - heated for extra strength Acrylic - made of polycarbonate acrylic. Much stronger than regular glass. Toxic when burns Laminated - sheets of glass with plastic film between, making it harder break
28
Building and Internal Security Interior considerations
Visitor control - ways to accompany visitor/contractor to destination Equipment rooms - lock and keep inventory so theft can be discovered Work areas - prohibiting some employees from certain areas can be beneficial
29
Secure Data Center
Data center shouldn't be on top floor or basement off switch should be located near door for easy access separate HVAC for these is recommended environmental monitoring should be deployed with alerting enabled for temp and humidity issues Use raised floors to help prevent water damage All systems should have a UPS and room on generator
30
Fire detectors
smoke activated - uses photoelectric device to detect variations in light caused by smoke particles Head activated - detects heat changes. Can alert at predefined temperature or when rate of rise is certain value Flame actuated - optical devices that "look at" an area. Typically react faster to a fire than non-optical devices
31
Fire Suppression Systems
Wet Pipe water is contained in pipes to extinguish fire water could freeze and burst in some areas not recommended for rooms where equipment can be damaged by water (like computer rooms) Dry Pipe water held in a holding tank, not in pipes only pushed to pipes if actual fire
32
Fire Suppression Preaction and Deluge
Preaction Operates like dry pipe except sprinkler head holds thermal-usable link that must be melted before water is released. Currently the recommended system for computer rooms Deluge Allows large amounts of water to be released. Not a good choice for computer rooms
33
Fire Suppression / Environmental Security EPA approved replacements for Halon
Water Argon NAF-S-III FM-200
34
Types of Power Issues
Surge - prolonged high voltage Brownout - prolonged voltage decrease below normal Fault - momentary power outage Blackout - prolonged power outage Sags - momentary reduction in power level
35
How to prevent static electricity
antistatic sprays maintain proper humidity levels use antistatic mats, wristbands
36
To protect against dirty power
power conditioners sits between wall outlet and device to smooth power fluctuations UPS between wall outlet and device and has a battery to provide power if source is lost both can be in same device
37
HVAC Issues Heat High humidity Low humidity
excess heat causes crashes and reboots too much humidity causes corrosion too little humidity causes static, which can cause damage
38
HVAC Issues Heat temperature guidelines
at 100 degrees damage starts occurring to magnetic media, primarily floppy disks at 175 degrees damage starts occurring to computers and peripherals at 350 degrees damage starts occurring to paper products
39
Equipment Security
Corporate Procedures should address: tamper protection encryption inventory physical protection of security devices tracking devices portable media procedures
40
Personnel Privacy and Safety
HR are most important assets OEP - Occupant Emergency Plan provides coordinated procedures for minimizing loss of life or injury