The Perimeter Protection Issues, Technique and Operation

The Perimeter Protection Issues, Technique and Operation

Assoc Prof Dr Zuraini Ismail / Hafiza Abas

Information Protection Requirements

o Classified information systems and the classified

material on them must be physically located in a

security area appropriate to the classification and

sensitivity of the data.

o Users have an important role in ensuring that the

system and associated classified information are

protected to the required levels.


• The classified information system and associated classified information must be physically located in a security area appropriate to the classification and sensitivity of the data.

• Classified information system equipment has varying separation distance requirements depending on the work performed (including computers, cables, telephones, radios, etc.).

• Users must check with their respective ISSO ( Info Sys Sec Officer) for the appropriate physical distance protection requirements before beginning classified work.

• Connections between classified systems and unclassified systems or networks are prohibited (dilarang).


• Removable classified electronic media may not be present in a work area containing unclassified systems that can read or write to similar media.

• Computer equipment may not be connected, disconnected, or moved unless authorized by the ISSO.

• Monitors, printers, and other devices that display or output classified information must be positioned to deter unauthorized individuals from reading the information without the knowledge of the user.

• During classified processing it is required that the classification level and category of the system accreditation be displayed on the monitor using a placard or sticker.


o The Physical (Environmental) Security domain addresses the threats (ancaman), vulnerabilities (kelemahan), and countermeasures (langkah-langkah) that can be utilized to physically protect an enterprise’s resources and sensitive information.

o These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.

Information Protection Environment

• Primary consideration in physical security is that nothing should impede (dihalang) “life safety goals.”o Eg.: Do not lock the only fire exit door from the

outside.

• Safety: Deals with the protection of life and assets against fire, natural disasters, and devastating accidents.

• Security: Addresses vandalism, theft (kecurian), and attacks (serangan) by individuals.

Physical Security Planning

• Physical security, like general information security, should be based on a layered defense model.

• Layers are implemented at the perimeter and moving towards an asset.

• Layers include: Deterrence, Delaying, Detection, Assessment, Response

http://www.softwaresecuritysolutions.com/layered-security.html

http://technet.microsoft.com/en-us/library/cc875841.aspx

http://www.secureworks.com/cyber-threat-intelligence/advanced-persistent-threats/assessment/

http://technet.microsoft.com/en-us/library/cc767969.aspx

http://www.ricoh.com/products/security/


• A physical security program must address:o Crime and disruption protection through deterrence

(fences, security guards, warning signs, etc.).o Reduction of damages through the use of delaying

mechanisms (e.g., locks, security personnel, etc.).o Crime or disruption (gangguan) detection (e.g., smoke

detectors, motion detectors, CCTV, etc.).o Incident assessment through response to incidents

and determination of damage levels.o Response procedures (fire suppression

mechanisms, emergency response processes, etc.).


• Before an effective physical security plan is rolled out:o Identify the teamo Carry out risk analysis to determine the

threats, vulnerabilities and calculate business impact on each threats.

o Work with the management to identify acceptable risk level for the physical security program


• Crime Prevention Through Environmental Design (CPTED)o Is a discipline that outlines how the proper design of

a physical environment can reduce crime by directly affecting human behavior.

o Crime deterrence (pencegahan) through environmental design.

o Concepts developed in 1960’s. As of 2004, elements of the CPTED approach have gained wide international acceptance due to law enforcement attempts to embrace it.


• CPTED has three main strategies:

o Natural Access Controlo Natural Surveillanceo Territorial Reinforcement

http://www.cityoftaylor.com/node/29575

http://targetcrime.ca/2009/02/22/solutions-for-safe-communities/


• Natural Access Controlo limits the opportunity for crime by taking

steps to clearly differentiate between public space and private space.

o By selectively placing entrances and exits, fencing, lighting and landscape to limit access or control flow, natural access control occurs.

http://wsblockwatchnet.wordpress.com/2011/05/25/crime-prevention-through-environmental-design-cpted-slides-from-our-may-24th-meeting/


• Natural Surveillance (pengawasan secara semula jadi)

o Increases the threat of apprehension by taking steps to increase the perception that people can be seen

o Natural surveillance occurs by designing the placement of physical features, activities and people in such a way as to maximize visibility and foster positive social interaction among legitimate users of private and public space.

http://www.lancastercsc.org/CPTED/Natural_Surveillance.html

The diagram shows good lines of sight on a neighborhood street. People and vehicles can clearly be seen from many different angles.

The following examples show how landscaping can affect lines of sight around a home. This first picture shows how the plants don't allow people to see the street or other people in the area easily. This creates place for people to hid or commit crimes that won't be easily caught.

This picture shows how appropriate plants and lighting can allow everyone to see what is happening on and near the street around a home. This reduces the incentive for a someone to commit a crime in the area.


• Territorial Reinforcemento Promotes social control through increased

definition of space and improved proprietary concern.

o Creates physical designs that highlight the company’s area of influence to give legitimate(sah) owners a sense of ownership.

o Accomplished through the use of walls, lighting, landscaping, etc.


• CPTED is not the same as Target Hardening

• Target hardening focuses on denying access through physical and artificial barriers (can lead to restrictions on use, enjoyment, and aesthetics of the environment).

• Target hardening refers to strengthening the security of your building so that it is difficult for criminals to attack.

• The goal is to increase the time and effort needed to compromise your facility to the point where a criminal will move on to a softer target.

• One way to begin a target hardening program is to consider Existence, Capability, and History.

Please Read:

httphttp://www.emeraldinsight.com/journals.htm?articleid=1529573&show=html


• Existence

Who may want to do you harm?

• Capability

What means have been used to carry out attacks against businesses like yours in the past?

• History.

Study the history of attacks against businesses like yours. What have attackers accomplished in the past?


• Issues with selecting a facility site:o Visibility (terrain, neighbors, population of area,

building markings)

o Surrounding area and external factors (crime rate, riots, terrorism, first responder locations)

o Accessibility (road access, traffic, proximity to transportation services)

o Natural Disasters (floods, tornados, earthquakes)


• Other facility considerations:o Physical construction materials and structure

composition Be familiar with: load, light frame construction

material, heavy timber construction material, incombustible material, dire resistant material (know the fire ratings and construction properties).


“Mantrap: A small room with two doors. The first door is locked; a person is identified and authenticated. Once the person is authenticated and access is authorized, the first door opens and allows the person into the mantrap. The person has to be authenticated again in order to open the second door and access a critical area. The mantrap area could have a weight sensing floor as an additional control to prevent literal piggybacking.


Automatic door lock configuration:

•“Fail safe:” If a power disruption occurs, the door defaults to being unlocked.

•“Fail secure:” If a power disruption occurs, the door defaults to being locked.


• Windows can also be used to promote physical security.

• Know the different types of glass:o Standardo Temperedo Acrylico Wiredo Laminatedo Solar Window Filmo Security Film

Insulated Glass


• Consider use of internal partitions carefully:o True floor to true ceiling to counter security

issueso Should never be used in areas that house

sensitive systems and devices

Power Supply

Power issues:o A continuous supply of electricity assures the

availability of company resources and business continuity.

o Data centers should be on a different power supply from the rest of the building

o Redundant power supplies: two or more feeds coming from two or more electrical substations

Ensuring Power Supply

o UPS Systems Maintain continuous supply of power Use voltage stabilizer Online UPS systems Standby UPS System

o Maintain proper operating temperature High temp can affect the power supply to cause

damage to devices Proper cooling systems PC and exhaust fans are working properly &

unobstructed

Types of Voltage Fluctuations

Power Excess (quick burst of voltage) Spike (momentary high voltage)) Surge (prolonged high voltage)

Power Failure Fault (momentary power outrage) Blackout (prolonged power lost, drops to

zero)Power Degradation (under voltage)

Sag/dip (short term power shortage) Brownout (under voltage) Inrush Current (initial surge to startup a load)

Common power supply problems

o Line Noise Distortion superimposed on power waveform

o Frequency Variation of power waveform

o Switching Transient Under-voltage or over-voltage up to a few

nanoseconds

o Harmonic Distortion Multiples of power freq superimposed on power

waveform.

*

Environmental Issues (in Brief)o Positive Drains: Contents flow out instead of

in.o Static Electricity due to low humidity,

hygrometer usedo Ventilation :

Closed loop == do not bring outside air in.

Positive pressurization

Internal Support System

Environmental Issues: Static Electricityo To prevent:

Use antistatic flooring in data processing areas Ensure proper humidity Proper grounding No carpeting in data centers Antistatic bands



Environmental Issues: Temperature

Computing components can be affected by temperature:

Magnetic Storage devices: 100 0F. Computer systems and peripherals: 175 0F. Paper products: 350 0F.

Kinds of Ventilation

Natural Ventilation Uncontrolled movement of air thro cracks,

small holes & vents.

Whole-house ventilation Controlled & uniform air movement.

Spot ventilation Controlled air movement that improve the

effectiveness of natural & whole-house ventilation by removing indoor pollutants and/or moisture at their very source.


• Fire Prevention: Includes training employees on how to react, supplying the right equipment, enabling fire suppression supply, proper storage of combustible elements.

• Fire Detection: Includes alarms, manual detection pull boxes, automatic detection response systems with sensors, etc.

• Fire Suppression: Is the use of a suppression agent to put out a fire.


American Society for Testing and American Society for Testing and Materials (Materials (ASTMASTM) )

is the organization that is the organization that creates the creates the standardsstandards that dictate how fire resistant that dictate how fire resistant ratings tests should be carried out and ratings tests should be carried out and how to properly interpret resultshow to properly interpret results.


o Fire needs oxygen and fuel to continue to grow.

o Ignition sources can include the failure of an electrical device, improper storage of materials, malfunctioning heating devices, arson, etc.

o Special note on “plenum areas:” The space above drop down ceilings, wall cavities, and under raised floors. Plenum areas should have fire detectors and should only use plenum area rated cabling.


Types of Fire:A: Common Combustibles

• Elements: Wood products, paper, laminates• Suppression: Water, foam

B: Liquid• Elements: Petroleum products and coolants• Suppression: Gas, CO2, foam, dry powders

C: Electrical• Elements: Electrical equipment and wires• Suppression: Gas, CO2, dry powders

D: Combustible Metals• Elements: magnesium, sodium, potassium• Suppression: Dry powder

K: Commercial Kitchens• Elements: Cooking oil fires• Suppression: Wet chemicals such as potassium

acetate.

Internal Support SystemInternal Support System

Types of Fire Detectorso Smoke Activatedo Heat Activated

Know the types and properties of each general category.


• Types of suppression agents: Water Halon and halon substitutes Foams Dry Powders CO2 Soda Acid

Know suppression agent properties and the types of fires that each suppression agent combats.

Know the types of fire extinguishers (A,B,C, D) that combat different types of fires.



Types of Sprinklers

Wet Pipe Systems (aka Closed Head System)

Dry Pipe Systems Pre action Systems Deluge Systems

Perimeter Security – Tools and Techniques

• The first line of defense is perimeter control at the site location, to prevent unauthorized access to the facility.

• Perimeter security has two modes: Normal facility operation Facility closed operation


Proximity protection components put in place to provide the following services:

Control of pedestrian and vehicle traffic Various levels of protection for different security

zones Buffers and delaying mechanisms to protect

against forced entry Limit and control entry points


Protection services can be provided by Access Control Mechanisms Physical Barriers Intrusion Detection Assessment Response Deterrents

Perimeter Intrusion Detection and Assessment System (PIDAS):

A type of fencing that has sensors on the wire mesh and base of the fence.

A passive cable vibration sensor sets off an alarm if an intrusion is detected.



Gates have 4 distinct types:

Class I: Residential usage Class II: Commercial usage, where general public

access is expected (eg., public parking lot, gated community, self storage facility)

Class III: Industrial usage, where limited access is expected (eg., warehouse property entrance not intended to serve public)

Class IV: Restricted access (eg., a prison entrance that is monitored either in person or via CCTV)


• Locks are inexpensive access control mechanisms that are widely accepted and used.

• Locks are considered delaying devices.• Know your locks.



Types of Locks

o Mechanical Locks Warded & Tumbler

o Combination Lockso Cipher Locks (aka programmable locks)

Smart lockso Device Locks

Cable locks, switch controls, slot locks, port controls, peripheral switch controls, cable traps


Lock Strengths:o Grade 1 (commercial and industrial use)o Grade 2 (heavy duty residential/light duty commercial)o Grade 3 (residential and consumer expendable)

•Cylinder Categorieso Low Security (no pick or drill resistance)o Medium Security (some pick resistance)o High Security (pick resistance through many different

mechanisms—used only in Grade 1 & 2 locks)

Lightingo Know lighting terms and types of lighting to use

in different situations (inside v. outside, security posts, access doors, zones of illumination).

o It is important to have the correct lighting when using various types of surveillance equipment.

o Lighting controls and switches should be in protected, locked, and centralized areas.


• Continuous lighting: An array of lights that provide an even amount of illumination across an area.

• Controlled lighting: An organization should erect lights and use illumination in such a way that does

not blind its neighbors or any passing cars, trains, or planes.

• Standby Lighting: Lighting that can be configured to turn on and off at different times so that

potential intruders think that different areas of the facility are populated. • Redundant or backup lighting: Should be available in case of power failures or emergencies.

• Response Area Illumination: Takes place when an IDS detects suspicious activities and turns on the lights

within the specified area.



Surveillance Devices

o These devices usually work in conjunction with guards or other monitoring mechanisms to extend their capacity.

o Know the factors in choosing CCTV, focal length, lens types (fixed v. zoom), iris, depth of field, illumination requirements


• Focal length: The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view.

• The sizes of images that will be shown on a monitor along with the area that can be covered by one camera are defined by focal length. o Short focal length = wider angle viewso Long focal length = narrower views


• Depth of field: Refers to the portion of the environment that is in focus.

• Shallow depth of focus: Provides a softer backdrop and leads viewers to the foreground object.

• Greater depth of focus: Not much distinction between objects in the foreground and background.


• Intrusion Detection Systems (IDS) are used to detect unauthorized entries and to alert a responsible entity to respond.

• Know the different types of IDS systems (electro-mechanical v. volumetric) and changes that can be detected by an IDS system.


• Patrol Force and GuardsUse in areas where critical reasoning skills are

required

• Auditing Physical AccessNeed to log and review such as

Date & time of access attemptEntry pointUser IDUnsuccessful access attempts


Final Concept to Guide in Assessing Physical Security Issues:

o Deterrenceo Delayo Detectiono Assessmento Response

Business

The Perimeter Protection Issues, Technique and Operation