Module 04 - Physical Security

7/30/2019 Module 04 - Physical Security

1/37

Network Security

Administrator

Module IV:

Physical Security


2/37

EC-CouncilCopyright byEC-Council

All Rights reserved. Reproduction is strictly prohibited

Module Objectives

~Physical Security

~Types Of Attacks~Physical Security Threats

~Access Controls

~Mantrap

~Fire Safety

~ Laptop security

~ Biometric Device~Desktop Security

~ PC Security

~Dumpster Diving

~ Physical SecurityChecklist


3/37



Module Flow

Physical Security

Fire Safety

Laptop security

PC SecurityDumpster Diving

Biometric Device Desktop Security

Mantrap Access Controls

Types Of Attacks Physical Security

Threats

Physical Security

Checklist


4/37EC-CouncilCopyright byEC-Council


Physical Security

~ Attacker gaining access to physicalsecurity can obtain critical informationrelated to an organization

~ Few checks that should be ensured are:

Servers and work stations should besecured

Routers, switches and other networkequipment should be used as an accesspoint to the network

Wireless access point of the networkshould be protected

Laptops should be secured whenconnected externally on the network

IT assets should be managed and theftprevented




Internet Security

~ Trusted Networks

Networks inside the network securityperimeter

~ Untrusted Networks

Networks outside the security perimeter

lacking privileges over administrator andsecurity policies

~ Unknown Networks

Networks neither trusted nor untrusted

Resides outsides the security perimeter




Statistics

~ According to CSI/FBI Computer CrimeSecurity Survey 2005, nearly 40% ofvictims ignore reporting computer

intrusions

~ According to Nationwide MutualInsurance, 16% of the debit card victimsbear the cost of fraudulent purchases

~ A survey conducted by Nationwide onconsumers revealed that 21% of theinformation are accessed by hackers fromtheir home, car, mailbox, trash, wallet, etc

~ The Global State of Information Security2005, survey revealed that 37% hadinformation security strategy and 24% ofthe respondents are still in the

development process




Types of Attackers

~ The explorer

Intruder who browses through all the site to know howthings process

~ The discontented workers

Ex-employees and current employees who aredispleased with the organization

~ The spy

Intelligent agencies that deploy spies to gainconfidential information

~ The terrorist

Exploit computer systems to carry out terrorist attacks

~ The thief

Attacks information security by stealing credit cardnumbers from e-commerce site and breach bankaccounts




Types of Attackers (cont)

~ The hacktivist

Related to cyber form of activism

~

The script kiddies Utilize scripts and other automated attack tools,

ignorant of what to do when unauthorizedaccess is gained

~

Hacker for hire Sneaker for performing ethical hacking

Mercenary hacker for performing socialengineering attacks

~ The competition Some companys competing with each other

tend to attain others confidential information

~ Enemy countries

Rival countries attacking information securityof other countries




Physical Security Threats

~ Basic need for computers security is to avoidphysical access by unauthorized persons

~ Ensure security in following areas:

Access control

Constantly keep watch over unauthorized access ofdevices

Electricity

Guard against voltage fluctuations Climatic conditions

Regulate the temperature of place wherein devices arelocated

Fire

Prevent fire and install fire alerting mechanism

Water

Secure machinery from floods and moisture

Backups

Refrain back ups away from magnetic fields


10/37EC-Council

Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited

Physical Access Controls

~ Facilitates monitoring of thephysical activities of the people

within and outside the organization~ Facilities Management

Group of people who manage access

controls for a particular buildingstructure

~ Secure Facility

Physical location equipped with accesscontrols that intended to reduce therisks from physical threats


11/37EC-Council


Physical Security Controls

~ Walls, Fencing and Gates

Prevents unauthorized access to the secure

facility

~ Guards

Estimate each situation as it arise by

applying human reasoning~ Dogs

Protects most valuable resource by strong

sense of smell and hearing power~ ID Cards and Badges

Permits authorized individual accesswithin the secure facility


12/37EC-Council


Physical Security Controls

~ Electronic Monitoring

Records the events in areas that otherphysical security controls may miss,using VCRs and CCTs

~ Alarms and Alarm Systems

Provide notification for the occurrence

of predefined events using sensors andalarms

~ Computer Rooms and Wiring Closets

Guarantees the confidentiality, integrity

and availability of critical data by wiringsecretly

~ Interior Walls and Doors

Allows entry to only authorized people


13/37



Locks and Keys

~ Types of Lock

Mechanical

Having key of carefully shaped pieces of metal Electromechanical

Accepts keys like ID cards, radio signals, PINs

~ Categories of Lock Manual

Fixed into doors and cannot be changed

Programmable

Allows key changes and can be changed Electronic

Combination of sensor and mechanical lock and fixed into alarm system

Biometric

Uses physical characteristics of a person as a key


14/37



TEMPEST

~ Refers to investigating and understanding compromisedemanations (CE)

~ Compromising emanations are defined as unintentiorial

intelligence-bearing signals~ Sources of TEMPEST signals:

Functional sources:

Use switching transistors, oscillators. signal generators,synchronizers, line drivers, and line relays for generating

electromagnetic energy

Incidental sources:

Use electromechanical switches and brush-type motor forgenerating electromagnetic energy

~

TEMPEST signals: RED Baseband Signals (U)

Modulated Spurious Carriers (U)

(U) Impulsive Emanations

Propagation of TEMPEST Signals (U)


15/37



Mantrap

~ Provides alternate access for resources

~ Consists of two separate doors with an

a i r l o c k in between~ Restricts access to secure areas

~ Permits users to enter the first door andrequires authentication access to exit from the

second door~ Security is provided in three ways:

Pose difficulty in intruding into a single door

Evaluates a person before discharging

Permits only one user at a time


16/37



Mantrap: Diagrammatical Representation

Door 1

Inputs

Door 1

Outputs

Door 2

Inputs

Door 2

Outputs

Request for access (NormallyOpen)

Request for access (NormallyClosed)

Door Closed Switch(Closed = Secure)

Request for access(Normally Open)

Request for access(Normally Closed)

Door Closed Switch(Closed = Secure)

Magnetic Lock

Electric Strike

Green Light

Door 1 Inputs

Magnetic Lock

Electric Strike

Green Light00

Door 2 Inputs

Src:http://www.securitymagazine.com/Security/FILES/IMAGES/134664.gif

i f i i


17/37



Fire Safety: Fire Suppression, GaseousEmission Systems

~ Fire Suppression Portable System:

Class A (interrupts ability of the fuel to be ignited) Class B (removes oxygen from the fire)

Class C (uses nonconducting agents)

Class D (uses special agents for combustible metal fire)Wet-pipe system

Gaseous System: Dry-pipe system

Pre-action system

~ Gaseous Emission Systems Self-pressurizing or pressurized with additional agent


18/37



Fire Safety: Fire Detection

~ Major Categories

Manual:

Includes human responses, manually

activated alarms, etc

Automatic:

Includes automatic fire alarm consistingsensors

~ Basic Types Thermal Detection:

Senses the heat in area by fixed temperatureand rate of rise methods

Smoke Detection: Senses the smoke by photoelectric sensors,

ionization sensor and air-aspirating detectors

Flame Detection:

Senses the infrared or ultraviolet lightproduced by open flame


19/37



Failure of Supporting Utilities: Heating, Ventilation,Air Conditioning

~ Temperature

Extreme high or less temperature causes damage tosensitive hardware

~ Humidity

High Humidity:

Results in short-circuiting of electrical parts

Low Humidity: Increases the static electricity in the

environment

~ Static Electricity

Increases electrostatic discharge that causes damageto sensitive circuits or shuts down the system

~ Ventilation Shafts

Provides the way for intruders to break into the

system

F il f S i U ili i P M


20/37



Failures of Supporting Utilities: Power Management

and Conditioning

~ Grounding

Guarantees proper discharge of returning flow of

current to the ground~ Emergency Shutoff

Stops power immediately if risk due to currentarises

~ Water Problems

Less or excess of water both causes a real,dangerous threats

~

Structural Collapse Natural calamities causes failures of building

structures


21/37



Uninterruptible Power Supplies

~ Backup power source that detects interruption ofpower to the power equipment

Standby or Offline UPS:

Offline battery backup that senses the interruption of

power

Ferroresonant Standby UPS:

Enhancement of standby UPS having ferroresonant

transformer that provides power conditioning and linefiltering to primary power source

Line-Interactive UPS:

Having pair of inverters and converters that charges thebattery and gives power when needed

True Online UPS:

Primary power source acts as a battery that providescontinuous supply of power to the system


22/37



Skimming

~ Process where the accountinformation stored on the magneticstripe of a credit/debit card is copied

for using an ATM

~ Retrieves the PIN information

~ A skimming device is a small

electronic device that has the size of apager

~ Skimming devices are of two types:

Device that cause ATM tomalfunction

Device that do not cause ATM tomalfunction


23/37



Laptop Security: Physical Security Countermeasures

~ Deploy secure cable and locks to safeguardlaptops

~

Use safes made up of polycarbonate material~ Activate motion sensors and alarms for

tracking stolen laptops

~ Fix warning labels containing trackinginformation on the laptops to deter thieves

~ O t her so l u t i o n s app l i ed a r e:

Installing encryption software

Using personal firewall Disabling infrared ports, wireless cards

and plug out PCMCIA cards when not inuse

L t S it I f ti S it


24/37



Laptop Security: Information SecurityCountermeasures

~ Create passwords that are difficult to guess

~ Use device locking software to password protect USB ports and infrared ports

~ Perform regular updates on operating system software to identify loopholes and

vulnerabilities

~ Install antivirus and Spyware detection software

~ Other measures include:

Disabling unnecessary user accounts and sessions of last user login

Maintaining backup for all significant data stored


25/37



Biometric Device

~ Provides biological identification of personinvolving eyes, voice, fingerprints, etc

~ Performs either identification orauthentication

~ Scan technologies:

Finger scan:

Identifies the configuration of peaks andvalleys, or ridges, which distinguish onefingerprint from another

Facial scan:

Finding faces, matching faces against a

database, and manually resolving 'matches'returned by the facial-scan system

Retinal scan:

Automatically image who place their eyes in thecorrect position and authenticate users based

on the distinction of iris and the retina


26/37



Printer Security

~ Restrict the use of printers for sensitive research data

~ Be acquaint of the physical location of the printer as well as its functions andfeatures

~ Secure printer against physical threats like fire, flood and earthquakes

~ Hold knowledge on the printer services, replaced components and thediscarded non-repairable units

~

Modify and replace the chip on the printers circuit board to secure dataagainst third-party interception

~ Configure printer with printer server that allows multitasking and employsmechanisms to control access


27/37



Desktop Security

~ People:

Education and awareness:

Educating people about the vulnerabilities and awareness topromote security consciousness among the users

Enforcement:

Ensures the security policy designed is effective andimplemented

~ Process:

Level of governance required for each organization Policies, baselines and procedures for building

management support, system configuration andoperational steps respectively

User classification for desktop access and effective access

control

Review and audit to check and verify the complianceagainst baseline

Penetration testing for managing desktop security


28/37



Desktop Security (cont)

~ Technology:

Centralized management:

Authorizes client applications to desktop

Enables users to login from anywhere in the organization network and access

the authorized information Password protection:

Ensures authorized users is granted access to each application

Single Sign-On (SSO):

~ Passwords for multiple applications are captured and stored

permanently and auto verified against every subsequent access Desktop lock:

Protects unattended desktop from unauthorized access

Virus detection:

Detects the presence of virus on file stored via anti-virus software installed

File encryption:

Preserves the confidentiality and integrity of the information

Personal firewall:

~ Protects against external threats


29/37



PC Security: Boot Access

~ Dual booting:

Uses boot loader that enables the user to choosethe operating system to boot

Advantages: Installing multiple operating systems on a

single system minimizes the number ofrequired systems

Guides the user in installing operatingsystems like Linux on Windows platform

~ Boot devices:

Rescue disks used to recover corrupted systems

User can boot from the CD or the floppy

Examples:

Trinux

TOMSRTBT

i i


30/37



PC Security: BIOS Security

~ BIOS:

BIOS settings secures the system

Many tools exists that breach BIOS settings

Configuring BIOS and LILO settings prevents suchbreaches

Flashing the BIOS is another technique to devoid theBIOS C-MOS memory which involves three ways:

Identification and utilization of special jumper

Disable the small lithium battery on the motherboard

Electrically short out two or more pins form the C-MOS memory

OS S i O Ab


31/37



BIOS Security: LILO Abuse

~ Widely used boot loader for Linux known as Linux Loader

~ Configuring LILO writes prompt to the console and waits

for user input~ By default, boots Linux or Windows against no user input

~ /etc/lilo.conf, configuration file holds all the possible boot

options required by LILO~ Booting Linux to single user mode requires specifying:

LILO Boot : linux 1 (or)LILO Boot : linux t

P i S i


32/37



Premise Security

~ Premises is the physical area whereinthe hardware is located

~ Security should be thrust in thefollowing areas by identifying:

Malicious damage that threatens thebusiness requirements

Non-availability of essential services

Accidental damage

Equipment theft

Unauthorized access to confidentialinformation

Physical threats like fire, flood, etc

R ti A


33/37



Reception Area

~ Benchmark normal arrival routines of persons andcompare new arrival behavior

~ Offer proper space, correct eye contact and non

confrontational facial expressions or posture whileencountering people

~ Heed to intuition and sixth sense to prevent periloussituations to the organization

~ Council people based on the requirements by guidingthem to the respective staff who offer the genuineassistance

~ Distinct suspicious persons:

Thieves, who comprise ofopportunists andprobers

Solicitors and pedlars

Charity organizations

Ex-employees of the organization

People involved in moving office properties

Offi S it


34/37



Office Security

~ Weak elements of office involve work areas,garbage bins, consoles and laptops

~ Examples of locations that are prone to attacks:

Post fix attached to the monitor containingpasswords

Open desk draw containing sensitive information

Note book containing user names, system names andpasswords

Printouts, floppy disks, CD-ROMs, archive tapes andfax machines that hold information such as sourcecode, email, database records

Telephone list can be used to perform war dialingattack

Manuals, memos, charts, calendars and letterheadsthat contain confidential information, agendas,

network configuration, services, etc

D t Di i


35/37



Dumpster Diving

~ Searching the garbage of the targeted company toacquire information

~ Obtained information may include credit cardreceipts, phone books, calendars, manuals, tapes,CDs, floppies, etc

~ Sensitive information, though removed still

resides in the systems recycle bin and can berestored back to the normal location

~ Countermeasures:

Delete all contents from the storage device toprevent

Shredding of hard copies of data

Ph i l S it Ch kli t


36/37



Physical Security Checklist

~ Physical security protects:

Stored information resources

Operating location Functions of the information systems

~ Checklist for ensuring security are:

Fix strong windows and locks

Place servers in dedicated rooms behind lockeddoors and windows

Install air-conditioning and fire detection systems

Maintain an inventory of all systems, memory,processors, etc

Maintain backups of critical information

Insure business against unforeseen hazards

Summary


37/37



Summary

~ Attacker gaining access to physical security can obtain criticalinformation related to an organization

~ According to CSI/FBI Computer Crime Security Survey 2005, nearly

40% of victims ignore reporting computer intrusions~ Tempest refers to investigating and understanding compromised

emanations (CE)

~ Mantrap provides alternate access for resources

~ Skimming is a process where the account information stored on themagnetic stripe of a credit/debit card is copied for using an ATM

~ Biometric performs either identification or authentication

~ Printer Security restricts the use of printers for sensitive researchdata

~ Premises is the physical area wherein the hardware is located

~ Dumpster diving is searching the garbage of the targeted company toacquire information

Documents

Module 04 - Physical Security