Physical / Environmental Security Flashcards
(40 cards)
Threat Mitigation Technique
Internal
Address insider threats, from those who already have access
i.e. A door lock on server room is designed to keep out those already in the building
Threat Mitigation Technique
External
Addresses perimeter security, or access to building or room from outsiders
i.e.
Electric fence surrounding the facility designed to keep out those who don’t have access
Geographical Threats
Hurricane / Tropical Storm
Location of facility should dictate how much is spent in mitigating possible damages
Tornadoes
Rate and severity of tornadoes in an area from historical perspective help determine protective measures
Earthquakes
Treated same way as hurricanes
Floods
Can occur anywhere. Keep computing systems off the floor, Build server rooms and wiring closets on raised floors
Electrical threats
all mission critical systems should be on a UPS
use onsite generators for longer term
maintain 40-60% relative humidity around equipment
use line conditioners to maintain clean, steady power
Communications
Maintain fault-tolerant connections to internet
know contact phone numbers for employee notifications
Establish radio communications over entire compass with repeater antennas to provide comms during emergencies
Man-made threats
explosions
fire
vandalism
Explosions
prevent access to areas where explosions could cause serious damage
Fire
all walls should have 2 hour minimum fire rating
deploy auxiliary station alarm
use proper extinguisher / suppression system
Vandalism
ensure critical components are inaccessible
Man-made threats
Fraud
Theft
Collusion
Fraud
prevent physical access to critical systems
Theft
Prevent physical access to facility
Collusion
can be caused by separation of duties. Consider the tradeoff
Politically Motivated Threats
Strikes Riots Civil disobedience Terrorist acts Bombing
Strikes
can cost productivity and hurt image of company
Riots
Enterprise is seen as willing participant in some perceived slight
Civil Disobedience
physical security of facility becomes important in case action is taken against facility
Terrorist acts
includes emergency planning to address terrorism
reactions should be rehearsed
Bombing
evacuation plans should address terrorist threats and bombings
Site and Facility Design
Layered Defense Model
Reliance should not be based on any single physical security concept but on the use of multiple approaches that support one another
Permiter-Network-Host-Application-Data
CPTED
Crime Prevention Through Environmental Design
3 main strategies
Design facility from ground up to support security
Natural Access Control
place doors, lights, fences, landscaping to satisfy security goals in least obtrusive and appealing way possible
Natural Surveillance
Promotes visibility of all areas to discourage crime
Natural Territorials Reinforcement
Promotes feeling of community, tries to extend sense of ownership to employees
Physical Security Plan Goals
Deter criminal activity
delay intruders
detect intruders
asses situation - id specific personnel, actions to take when event occurs
respond to intrusions and disruptions - anticipate and develop responses to intruders and disruptions
Facility Selection Issues
Visibility - amount depends on organization and processes being done by facility
surrounding areas and external entities - consider nature and operations of surrounding businesses, and people they attract
accessibility - how easily can employees access facility
construction - what are support systems built into the building
internal compartments - are there drop ceilings in rooms that need to be secured?
Computer and Equipment rooms
should be locked and secured
should be in center of building
have single point of entry
avoid top floors of buildings and the basement
install and test fire detection and suppressions systems
install raised flooring
install separate power supplies
use only solid doors
Perimeter Security
Concentric Circle Approach
Perimeter fence
Exterior door
Office door
Locked cabinet
Perimeter Security
Protection from vehicles
Bollards in front of doorways
Perimeter Security
Fences and Gates
Fences
3-4 foot tall fences - casual intruders
6-7 foot fences - too tall to climb easily
8 foot and taller - deter more determined people
Gates Class 1 - Residential Class 2 - Commercial Class 3 - Industrial Class 4 - Restricted
Perimeter Security
Intrusion Detection Systems
Infrared - changes in heat waves
Electromechanical - detect break in electrical circuit
Photometric or Photoelectric - detect changes in light, used in windowless areas
Acoustical - microphones detect sounds
Wave Motion - generate wave pattern and detect any motion that disturbs it
Capacitance Detector - emits magnet field and monitors it
CCTV - cameras for real time view and/or recording
Perimeter Security
Lighting Systems
Continuous Lighting - array of lights producing even amount of illumination across an area
Standby Lighting - illuminates only at certain times or on a schedule
Movable Lighting - can be repositioned as needed
Emergency Lighting - have own power source for use when general power is out
Perimeter Security
Types of Lighting
Fluorescent - low pressure mercury vapor gas-discharge lamp
Mercury Vapor - gas discharge, electronic arc through vaporized mercury
Sodium Vapor - gas discharge, uses excited sodium to produce light
Quartz lamps - UV light source like mercury vapor contained in fused silica bulb that transmits UV light with little absorption
Perimeter Security
Patrol Force
Access Control
Guards can use discriminating judgement which automated systems cannot do
Every successful and unsuccessful attempt to enter facility should record:
date and time
specific entry point
use ID employed during attempt
Building and Internal Security
Doors
Vault Doors - lead into walk-in safes or security rooms
Personnel Doors - used by people to enter facility
Industrial Doors - large doors for vehicles
Vehicle access doors - doors to parking building or lots
Bullet resistant doors - for withstanding firearms
Building and Internal Security
Electronic Locks
Electric locks or cipher locks use a keypad
Proximity Authentication device uses programmable card to deliver access code
These devices typically have these EAC (Electronic Access Control) components
Electromagnetic lock
Credential reader
Closed door sensor
Building and Internal Security
Mantraps
2 doors that hold a person in small room until they’re verified before opening the second door
Building and Internal Security
Warded locks
Key must pass through the wards to unlock