McGraw-Hill/IrwinMcGraw-Hill/Irwin CopyrightCopyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.© 2007 by The McGraw-Hill Companies, Inc. All rights reserved.

Information Assurance for the Enterprise: Information Assurance for the Enterprise: A Roadmap to Information SecurityA Roadmap to Information Security, by Schou and Shoemaker, by Schou and Shoemaker

Chapter 8

Physical Security

8-8-22

Objectives

Manage the problems of dispersion and diversity Factor the concept of secure space into a

physical security scheme Construct a security process using a security

plan Mitigate physical security threats

8-8-33

Physical Security

Physical security safeguards assets from non-digital threatsProtects information processing facilities and

equipment from deliberate or accidental harmMore involved and complexEssential to protecting information asset base

Uncontrolled physical space makes it easy for an attacker to subvert most security measuresProximity to the equipment allows attackers to

mount attacks more easily

8-8-44

Problems of Dispersion and Diversity

Physical security accounting and controlling processes have become more difficult with the advent of distributed systemsDifficult to secure effectively because network

resources are diverse and widely distributedExternal parts of a network

• Telephone, cable lines, broadband interface

Protection of less obvious non-computerized information repositories

8-8-55

Problems of Dispersion and Diversity

Collections of assets have different protection requirements

Establishing safeguards: Physical asset accounting framework that

itemizes the physical records and resources This framework requires maintaining a perpetual

inventory of tangible assets as well as rules for controlling each asset

• Combination of a defined set of assets and the associated controls is called secure space

8-8-66

The Joy of Secure Space

Safeguarding a facility requires deliberately creating a secure spaceDefine physical perimeter or boundaryDeploy countermeasures to assure the security,

confidentiality, and integrity of the itemsDelineate the boundary of all controlled locationsFactors to be considered in establishing a secure

space:• Location• Access• Control

8-8-77

The Joy of Secure Space

Factor 1: Ensuring the locationSecure physical assets proportionate to the risks

resulting from unauthorized access to that facility Factor 2: Ensuring controlled access

Access is a privilege, which is individually assigned and enforced, rather than a right

Factor 3: Ensuring control of secure spaceBased on the specification and enforcement of a

set of behaviors that can be objectively monitored

8-8-88

Physical Security Process and Plan

Physical security processGuarantees that the effective safeguards are in

placeEffectiveness is ensured by making certain that:

• Threats have been identified• Associated vulnerabilities have been accurately

characterized, prioritized, and addressed

Implemented through planningSupervised and enforced by consistent and

ongoing management

8-8-99

Physical Security Process

Identify the items to be protected Three classes of items requiring assurance:

Equipment – includes tangible things such as hardware and network connections

People – involves human resources and is part of the personnel security process

Environment – includes hazards associated with the environment as well as the safety requirements of the physical space

8-8-1010

Physical Security Plan

Should be developed once an understanding of the threat environment has been developedEstablishes a response to events that represent

potential harm and that have a reasonable probability of occurrence

Responds to a threat by recommending the deployment of a set of countermeasures

Effective planning for all contingencies ensures efficient disaster recovery

8-8-1111

Physical Security Plan Ensuring effective planning

Implemented through a formal, organization-wide plan aligned with both business and information assurance goals

Should specify the threats associated with the protected items in the secure space and specify countermeasures

Should be able to respond to all credible threats in advance

Establish controls to ensure that the secure space is not susceptible to intrusion and that sensitive materials are stored in secure containers

Should ensure that the organization responds effectively to natural disasters

Implementation plan is overseen by the audit function that monitors and enforces accountability

8-8-1212

Physical Security Plan

Defense in-depth countermeasuresBuilt around measures to extend the time it takes

for a threat to cause harmInvolves design of the steps to detect, assess,

and report probable physical threats or intrusions In the threat assessment process, a decision has

to be made about the probabilities of occurrence and harm

• The outcome of that assessment should produce a manageable set of threats, which are likely to occur for that particular space

8-8-1313

Physical Security Targets and Threats

It is important to factor four threat types into a comprehensive physical security plan:FacilitiesEquipmentPeopleEnvironment

8-8-1414

Threats to the Facility Ensuring clean and steady power

Power problems affect computers in three ways: • Damage the hardware, causing downtime • Affect network availability – lost productivity • Result in a loss of data

Potential infrastructure hazards to look for are:• Voltage swings• Drains• Hazardous wiring

Eliminating fluctuations• Surge suppressors, Uninterruptible Power Supplies

Ensure that access to physical controls is enforced

8-8-1515

Threats to the Facility

Ensuring other building systemsEnsure that other critical building systems are

reliable such as:• Heating• Ventilation• Air conditioning • Plumbing• Water supply systems

8-8-1616

Safeguarding Equipment

Physical security process safeguards tangible items, they include:Communication, processing, storage, and input

or output devices Countermeasures assure safety and security Conventional physical access control measures

establish the integrity of controlled spacesMeasures include locks, passcards, RFID,

swipecard readers, video cameras, and safesMay also include human-based monitoring and

control methods

8-8-1717

Safeguarding Equipment

Protecting networks: ensuring integrity over a wide areaPrevent unauthorized access

• Technical countermeasures for security include:• Interruption sensors• Line monitors• Emanations security

Security failures on networks:• Unauthorized users intercept information by physically

accessing network equipment• If the network is unable to carry out its transmission

functions

8-8-1818

Safeguarding Equipment

Protecting portable devices Problem of ubiquitous portability requires

adherence to the following principles:• Ensure that the device itself is always controlled

• Assign individual responsibility and enforce accountability for all portable devices

• Ensure that the data on the device is secure• Ensure that sensitive data cannot be transported nor

displayed without authorization and accountability

• Ensure controls that are provided to ensure security of a portable item are easy for end-users to follow

8-8-1919

Controlling Access by People

Effective access control requires:Designing a layered defense in the physical

environmentContinuous monitoring and access control built in

Heart of access control systems is the ability to:Grant convenient physical access to authorized

peopleCompletely deny access to unauthorized ones

8-8-2020

Controlling Access by People

Mechanisms for restricting physical access include:Perimeter controls

Controls include restriction devices such as:Natural barriersFence systemsWallsSupplemented with mechanical barriers

• Secure windows, doors, and locks

8-8-2121

Controlling Access by People

Perimeter controls: barriersNatural barriers Structural barriers

• Fences define the secure areas and enforce entry only at designated points

• Gates and bollards are part of the restriction system• Closed circuit television (CCTV) • Monitors which provide three levels of control:

• Detection – detects the presence of an object• Recognition – determines the type of object• Identification – determines the object details

8-8-2222

Controlling Access by People

Perimeter controls: intrusion detectionEnsures the integrity of a physical spaceMonitors suspicious traffic, tracks intruders, and

subsequently marks security holes discoveredBased on monitoring sensors and observing

actions along the perimeterRetrospective monitoring uses security logs or

audit data to detect unauthorized accessesSensors installed at each access point establish

perimeter protection

8-8-2323

Controlling Access by People

Perimeter controls: guards and patrolsLow-tech, labor-intensive approach to access

control• Provide an effective deterrent to unauthorized entry• Less expensive and no less reliable than automated

systems• Not passive and cannot be disconnected or sabotaged

as with high-tech solutions• They are subject to error

8-8-2424

Controlling Access by People

Perimeter controls: structural and mechanical barriersDoors and windows have to be strictly controlled

since they are the most likely point of access Considerations in determining which type of

structure to be used:• Whether to employ a hollow-core versus solid-core

technology• How to identify and address hinge and doorframe

vulnerabilities• Whether to monitor use through contact devices such

as switches and pressure plates

8-8-2525

Controlling Access by People Mechanical barrier devices: locks

Most widely accepted and employed barrier device

Types of locks include:• Cipher locks• Combination locks• Deadbolt locks• Smart locks

Keys are the authentication tokens for locks:• Security element rests with the control of keys• Most effective when used in a two-factor

authentication system• Example: with a door PIN

8-8-2626

Controlling Access by People

Biometric systemsAn emerging authentication tool in physical

access controlBased on exclusive physical attributes, which

can be read and digitizedCan be used in conjunction with smart cardsProblem: scanning errors occur leading to false

positives and false negatives

8-8-2727

Controlling Access by People

Doubling the assurance: multiple factor authenticationUses of more than one form of authentication to

control access; based on three broad categories:• What you are (for example, biometrics)• What you have (for example, tokens)• What you know (for example, passwords)

Simple multiple-factor authentication requires confirmation of at least two factors

Three-factor authentication combines three types

8-8-2828

Controlling Access by People

Ensuring against the well-intentioned human beingAccidents and non-intentional acts are the most

frequent cause of human-based harm• Proactive way to address human error is through

training and drills• Keeps people continuously aware of their security

responsibilities• It has to be continuous to be effective

• Basic rule of thumb is a corollary to Murphy’s Law: • A disaster plan is an appropriate countermeasure

8-8-2929

Mitigating the Effects of Natural Disasters and Fires

Response or disaster planning is the primary means of assuring against the broad category of natural disasters

Disaster response countermeasures center on:AwarenessAnticipationPreparation

8-8-3030

Mitigating the Effects of Natural Disasters and Fires

Planning for fire preventionComputers and their components are extremely

flammable devicesThree primary issues associated with fire

protection:• Prevention – reduction in the causes and sources• Detection – receiving a warning of fire• Suppression – extinguishing and containing a fire

8-8-3131

Mitigating the Effects of Natural Disasters and Fires

Preventing firesGood building design improves the chances of

prevention• The use of fire-resistant materials in walls, doors, and

furnishings

Reduce the number of combustible materials in the surrounding environment

Proactive approach to fire protection is fire-prevention awareness for employees

• Response drills such as a fire drill

8-8-3232

Mitigating the Effects of Natural Disasters and Fires

Fire detectionProvides warning as close to the fire event as

possible• Most common are the ionization-type smoke

detectors, which detect charged particles in smoke

8-8-3333

Mitigating the Effects of Natural Disasters and Fires

Fire detection (cont’d)Some kinds of non-equipment-related fires do

not produce smokeTwo related types of detectors are:

• Photoelectric or optical detectors – react to light blockage caused by smoke particles

• Heat sensing – react to the heat of a fire

Downside in both methods – the fire has to be advanced enough to detect

8-8-3434

Mitigating the Effects of Natural Disasters and Fires

Fire suppressionThe first line of defense is the fire suppression

systemHaving the right type of fire extinguisher

• Know that fire extinguishers have limited use• Halon is effective and it was the fire suppression agent

of choice • FM200 (FM-200/heptafluoropropane)

• Extinguishes a fire by both robbing it of oxygen and by its physical suppression effect

• Water sprinkler system