Term
| Risks to Physical Security |
|
Definition
-Interruptions in providing computer services – Availability
-Physical Damage – Availability
-Unauthorized disclosure of information – Confidentiality
-Loss of control over the system – Integrity
-Physical theft – Confidentiality, Availability, Integrity |
|
|
Term
| Threats to Physical Security |
|
Definition
-Emergencies
-Natural Disasters
-Human Intervention |
|
|
Term
|
Definition
Threats to Physcial Security
-Fire and smoke
-Building collapse
-Utility loss
-Water Damage
-Toxic Materials |
|
|
Term
|
Definition
Threats to Physical Security
-Earth Quakes
-Storm Damage |
|
|
Term
|
Definition
Treats to Physical Security
-Sabotage
-Vandalism
-War
-Strikes |
|
|
Term
| Major sources of physical loss |
|
Definition
1.Temperature – extreme variations in heat or cold
2.Gases – war gases, commercial vapors, humidity, dry air, fuel vapors
3.Liquids -- water and chemicals
4.Organisms – viruses, bacteria, people, animals, insects
5.Projectiles – meteorites, falling objects, cars, truck, bullets, rockets
6.Movement – collapse, shearing, shaking, vibration, slides
7.Energy Anomalies – electric surges, magnetism, static electricity, radio waves, micro waves |
|
|
Term
| Controls for Physical Security |
|
Definition
-Adminstrative
-Physical and Technical |
|
|
Term
|
Definition
-Benefits from the proper administrative steps
-Emergency procedures, personnel control, proper planning, policy implementation |
|
|
Term
| Facility Requirements Planning |
|
Definition
| Need for planning of security early on in construction |
|
|
Term
| Considerations for choosing a Secure Site |
|
Definition
1.Visibility – what kind of neighbors, external markings, low visibility is the key
2.Local Considerations – near hazards, high crime areas
3.Natural Disaster – on a fault line, in a flood plain
4.Transportation – excessive air or highway and road traffic
5.Joint Tenancy – are environmental controls shared
6.External Services – proximity of local emergency services |
|
|
Term
|
Definition
1.Walls – acceptable fire rating, media rooms should have a high fire rating
2.Ceilings – weight bearing and fire rating
3.Floors:
-Slab – Physical weight the concrete slab can bear and its fire rating
-Raised – fire rating, electrical conductivity, non conducting surface material
5.Windows – not acceptable in the data center, if so translucent and shatterproof
6.Doors – must resist forcible entry, clear emergency exits, doors should open in an emergency (fail-soft)
7.Sprinkler System – location and type of suppression system
8.Liquid and gas lines – shutoff locations, water drains should be “positive” carry away from the building
9.Air Conditioning – AC should have dedicated power circuits, Location of Emergency Power Off (EPO) switch, should provide outward positive air pressure to prevent contaminants
10.Electrical Requirements – backup alternate power, dedicated circuits, access controls over panels |
|
|
Term
|
Definition
-Log of events, systems may have many audit logs each capturing specific information
-Are detective not preventative |
|
|
Term
|
Definition
Should contain:
1.Date and Time Access attempted
2.Whether the attempt was successful or not
3.Where was access granted (which door)
4.Who attempted Access
5.Who modified access privileges at the supervisor level |
|
|
Term
|
Definition
Should be clearly documented, readily accessible and updated periodically
-Should include:
1.Emergency Shutdown procedures
2.Evacuation procedures
3.Employee training, awareness and periodic drills
4.Periodic System tests |
|
|
Term
| Administrative Personnel Controls |
|
Definition
Implemented commonly by the HR department during hiring and firing
-Pre-employment screening
-Employment references, educational history
-Background checks, credit
-On going employee checks
-Security clearances – if required
-Ongoing evaluations and reviews
-Post-employment
-Exit interview
-Removal of network access
-Return of computer inventory, laptop |
|
|
Term
| Environmental and Life Safety |
|
Definition
Sustain computer and personnel operating environment
Three focus areas:
-Electrical power
-Fire detection and suppression
-Heating Ventilation and Air Conditioning |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Short duration of line noise |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
| Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI) |
|
Definition
| Most commmon type of noise |
|
|
Term
|
Definition
| EMI caused by the generation of radiation due to charge differences between the hot and ground wires |
|
|
Term
|
Definition
| EMI caused by the generation of radiation due to charge differences between the hot and neutral wires |
|
|
Term
| Radio Frequency Interference (RFI) |
|
Definition
| Generated by the components of an electrical system, can damage equipment |
|
|
Term
| Protective measures for noise |
|
Definition
-Power Line Conditioning
-Proper Grounding
-Cable shielding
-Limiting exposure to magnets, fluorescent lights, motors and space heaters |
|
|
Term
|
Definition
| High humidity above 60% can cause condensation on parts. Also can cause corrosion of components. Low humidity less than 40% increase static electricity |
|
|
Term
| Control to prevent Static Electricity |
|
Definition
-Anti-static sprays where possible
-Anti static flooring
-Proper grounding
-Anti-static tables
-HVAC should maintain proper humidity levels |
|
|
Term
| Class A fire extinguisher |
|
Definition
-For common combustibles; uses water, soda acid, or foam
-Water suppresses temperature required to sustain fire.
-Soda Acid – suppressed the fuel |
|
|
Term
| Class B fire extinguisher |
|
Definition
| For liquids; uses CO2, soda acid, Halon or dry powder |
|
|
Term
| Class C fire extinguisher |
|
Definition
-For electrical; uses CO2 or Halon
-CO2 – Suppresses the oxygen
-Halon – suppresses through chemical reaction that kills the fire |
|
|
Term
| Class D fire extinguisher |
|
Definition
| For combustible metals; uses dry powder |
|
|
Term
|
Definition
-Heat sensing – detects one of two things:
*Temperature reaches specified level (less false positives)
*Temperature rises quickly
-Flame Actuated – fairly expensive
*Sense infrared energy of flame or pulsation of the flame
-Smoke Actuated – two types
*Photoelectric devices triggered by variation in light hitting photoelectric cells
*Radioactive device goes off when ionization current is created by radioactive reaction to smoke |
|
|
Term
| Fire Extinguishing Systems |
|
Definition
-Wet Pipe
-Dry Pipe
-Deluge
-Preaction
-Gas Discharge
-Carbon Dioxide CO2 |
|
|
Term
| Portable Extinguishers should be located |
|
Definition
-Commonly located exits
-Clearly marked with their fire types
-Checked regularly |
|
|
Term
| Temperature Damage Points |
|
Definition
-Computer Hardware - 175° F
-Magnetic Storage - 100° F
-Paper Products - 350° F |
|
|
Term
| Physical Technical Controls |
|
Definition
-Guards
-Dogs
-Fencing
-Lighting
-Locks
-CCTV |
|
|
Term
|
Definition
At one time was considered perfect suppression medium
-The two Types
1.Halon 1211 – liquid streaming agent used in portable extinguishers
2.Halon 1301 – gaseous agent used in fixed total flooding
-Not harmful to equipment
-Mixes thoroughly with air
-Spreads extremely fast |
|
|
Term
|
Definition
-Can not be breathed safely in concentrations greater than 10%
-Fires greater than 900° F it degrades to toxic chemicals Hydrogen Fluoride, Hydrogen Bromide and Bromine
-Must allow adequate time to evacuate or cancel
-Ozone depleting due to use of CFCs. Very high ozone depleting potential
-No new Halon 1301 installations allowed
-Existing encouraged to replace
-Federal law prohibits production of Halon
-Halon 1211 is being replaced
-Halon 1301 is being banked for future use |
|
|
Term
|
Definition
-Can make judgments and adjust to rapidly changing conditions
-Provide deterrent capability
-Response and control
-Reception and escort
-Especially useful in personnel safety issues |
|
|
Term
|
Definition
-Availability – human intervention
-Reliability – pre-employment screening not foolproof
-Training – subject to social engineering, not always up to date
-Cost – expensive |
|
|
Term
|
Definition
-Loyal and reliable
-Keen senses
-Especially useful in Perimeter control |
|
|
Term
|
Definition
-Cost – expensive
-Insurance – liability |
|
|
Term
|
Definition
- 3’ to 4’ (1 meter); Deters casual trespasser
- 6’ to 7’ (2 meters); Too hard to climb easily
-8’ with 3 strands of barbed wire (2.4 meters); Deters intruders |
|
|
Term
|
Definition
| Physical access control routed though a set of double doors that may be monitored by a guard |
|
|
Term
|
Definition
-Floodlights
-Street lights
-Searchlights |
|
|
Term
|
Definition
| Typical Door Locks, must remove lock to change key |
|
|
Term
|
Definition
| Mechanical or electronic, dial combination lock |
|
|
Term
|
Definition
| Keypad, numbers change randomly |
|
|
Term
| Closed Circuit Television (CCTV) |
|
Definition
-Monitoring - preventative control
-Recording - detective control
-Visual surveillance
-Record for analysis
-Photographic or Electronic |
|
|
Term
| Facility Access Control Devices |
|
Definition
Security Access Cards; two types
1.Photo image – dumb
2.Digitally Encoded – smart |
|
|
Term
|
Definition
-Simple ID cards
-Require decision by guards |
|
|
Term
|
Definition
-Contain chips or magnetic stripes
-Card reader makes decisions as to access
-Can provide logging of activity
-Multi level access groupings
-Smart Card - ATM Card may require PIN
-Smart Card may be coupled with a token |
|
|
Term
| Wireless Proximity Readers |
|
Definition
-Does not require physically inserting the card
-Card reader senses the card; Two Types:
1.User Activated – transmits keystroke sequence to a wireless keypad reader
2.System Sensing – senses card |
|
|
Term
| Transponders (Wireless Proximity Reader) |
|
Definition
-Both card and reader contain active electronics, transmitter, battery
-Reader sends signal, card sends signal back |
|
|
Term
| Field Powered Devices (Wireless Proximity Reader) |
|
Definition
| Contain active electronics on the card |
|
|
Term
| Passive Devices (Wireless Proximity Reader) |
|
Definition
| Card contains no battery, senses electromagnetic field of reader and transmits frequency using power of reader |
|
|
Term
|
Definition
1.Photo ID: Facial photograph
2.Optical coded: Laser burned lattice of digital dots
3. Electric circuit: Printed chip on the card
4.Magnetic stripe: Stripe of magnetic material
5.Magnetic strip: Rows of copper strings
6.Passive electronic: Electrically-tuned circuitry read by RF
7.Active electronic: Badge transmits encoded electronics |
|
|
Term
|
Definition
| Are physical access devices |
|
|
Term
| Intrusion Detection Alarms |
|
Definition
n Identifying attempts to access a building; Two most common types:
1.Photoelectric sensors
2.Dry contact switches |
|
|
Term
|
Definition
-Receive beam of light from tight emitter
-Can be visible light, white light or infrared
-Alarm sounds if beam is broken
-Can be avoided if seen
-Invisible Infrared is often used
-Employing substitute light source can fool sensor |
|
|
Term
|
Definition
-Most common
-Metallic foil tape on windows and doors
-Easy and cheap |
|
|
Term
|
Definition
1. Wave Pattern
-Generate frequency wave pattern
-Sound alarm if disturbed
-Can be low frequency, ultrasonic, or microwave
2.Capacitance
-Monitor electrical field surrounding object
-Spot protections within a few inches of the object
-Not for entire room
-Penetration of field changes capacitance |
|
|
Term
|
Definition
-Passive, no generation of fields
-Simply monitor room for abnormal noise
-High number of false positives |
|
|
Term
|
Definition
-Rings an audible signal
-Must be protected from tampering
-Audible for at least 400 ft
-Requires guards to respond locally |
|
|
Term
|
Definition
-Private security firms
-Central station
-Offer CCTV monitoring
-Reporting
-Commonly 10 minutes or less travel time |
|
|
Term
| Proprietary Alarm Systems |
|
Definition
-Similar to central
-The company owns monitoring
-Like local but with features of the central system |
|
|
Term
| Auxiliary Station Systems |
|
Definition
-Any of the previous three may have auxiliary alarms ring at the fire or police station.
-Need permission from local authorities |
|
|
Term
| Computer Inventory Control |
|
Definition
-Control of equipment from theft
-PC Control and laptop control |
|
|
Term
|
Definition
-Cable locks – anchor the PC to the desk
-Port Controls – secure data ports (i.e. floppy drive) or serial or data ports and prevent their use
-Switch Controls – cover for on/off switch which prevent user from switching off file servers
-Peripheral switch controls – lockable switches prevent keyboard from being used
-Electronic Security Boards – inserted into a PC slot require password to boot, also included in BIOS |
|
|
Term
|
Definition
|
|
Term
| Require storage, destruction or reuse |
|
Definition
-Data backups
-CDs
-Diskettes
-Hard Drives
-Paper printout |
|
|
Term
|
Definition
-Clearing – overwriting data media to be reused in same environment
-Purging – degaussing or overwriting to be used in another environment
-Destruction – completely destroying |
|
|
Term
| Common Problems w/Object reuse |
|
Definition
-Erasing just deletes file header not data
-Damaged sectors may not be over written
-Rewriting may not write over all data areas, (slack space)
-Degauser equipment failure
-Inadequate number of formats |
|
|
Term
| Data Destruction and Reuse common pratices |
|
Definition
-Must reformat seven times according to TCSEC Orange Book standards
-Shredders should crosscut
-Military will burn reports |
|
|
Term
|
Definition
1.On-Site – areas within the facility
2.Off-site – areas outside the facility, data backup service |
|
|
