Security+ All-In-One Edition Chapter 6 – Physical Security

Download Report

Transcript Security+ All-In-One Edition Chapter 6 – Physical Security

Security+
All-In-One Edition
Chapter 7 – Physical Security
Brian E. Brzezicki
Note
Note: A LOT of this chapter is “missing” from
the book. That is the book is only 12 pages..I
have put over 70 slides in this chapter (one of
the longest) These things you should expect
to see on the exam. So pay extra attention to
these slides!
Physical Security
There is NO security without
Physical Security
We spend A LOT of money on logical (technical)
security. However without physical security there
is NO security. Physical security is a weak link
usually!
• Attackers can walk off with machines
• If I can get physical access to your machine I will
be able to get whatever info I want or load “bad”
software on it, or even just change the
root/administrator account password!
• Plug into a network and attack it from within!
Some physical Security Attacks
(187)
• LiveCDs (Knoppix, BackTrack)
• USB/CDs and “auto play” – talk about this
LATER
• No BIOS/Default BIOS passwords
• Copying off sensitive data to removable
media
• Disk Imaging (how?)
• Theft of equipment
Physical Security Layers (n/b)
• Deterrence – fences, guards, signs
• Reducing/Avoiding damage by Delaying
attackers – slow down the attackers (locks,
guards, barriers)
• Detection – motion sensors, smoke
detectors
• Incident assessment – response of guards,
and determination of damage level
• Response procedures – fire suppression,
law enforcement notification etc
Physical Security Terms and
Concepts
Bollards
Bollards (n/b)
Bollards are small concrete pillars,
sometimes containing lights or flowers.
They are used to stop people from driving
through a wall, often put between a
building and parking lot.
They can be arranged to form a natural path
for walking.
Fencing (n/b)
Can deter and delay intruders, first line of
defense
• Fences 3-4 feet high only deter casual
trespassers
• Fences 6-7 feet high are considered too
high to climb easily
• Fences 8 feet high should are considered
serious. Use for Critical areas
Walls (n/b)
You know what they are
• Choose a wall with the strength to support
the security application. This might also
include fire rating!
Zones (n/b)
Fences, Walls, Bollards, etc along with access
control mechanisms can be brought together
to create “security” zones. Each zone has
some different security level or work type.
• Example.
– Lobby – low security, public access
– Offices – medium security, restricted access
– R&D – high security, extremely restricted access
(see next slide)
Security Zones (n/b)
• Zones are used to physically separate areas
into different security areas.
•Each inner level
becomes more restricted
and more secure
•Stronger Access Control
and Monitoring at the
entry point to each zone
Lighting (n/b)
Lighting is obviously important in perimeter
security. It decreases the probability of
criminal activity.
• Each light should cover it’s own zone and
there should not be gaps in the coverage
• Coverage in fact should overlap.
• Lighting should be directed AWAY from
the security guards etc.
Locks (n/b)
• Mechanical – use a physical key (Warded
lock or tumbler)
– Warded lock – basic padlock, cheap (image)
– Tumbler lock – more piece that a warded lock,
key fits into a cylinder which moved the metal
pieces such that the bolt can slide into the
locked and unlocked position.
• Pin tumbler – uses pins
• Wafer – uses wafer (not very secure)
Warded Lock (n/b)
Tumbler Lock (n/b)
Attacks against key type locks (n/b)
Tension wrench – shaped like an L and is
used to apply tension to the cylinder, then
use a pick to manipulate the individual pins.
Pick – used in conjunction with a tension
wrench to manipulate the pins into place so
you can turn the cylinder
Visualization next slide
Lock Picking
Locks
• Combination locks – rather than use a key,
turn
Locks (n/b)
• Cipher locks – electronic locks
– Combination can be changed
– Combination can be different for different
people
– Can work during different times of day
– Can have emergency codes
– Can have “override codes”
Cipher Lock
Man Trap (n/b)
Man Trap (n/b)
• Avoids piggybacking
• Can trap intruder
Surveillance (n/b)
CCTVs and recording devices to record
video of site.
• It deters criminal activity
• Can be used later as evidence or to
determine what happened.
• CCTVs should generally have PTZ
capability, and auto-irises.
Intrusion Detection Systems (n/b)
IDS (physical IDS, NOT network IDS) – help
detect the physical presence of an
intruder.
Can be multiple types.
Electromechanical – traditional types,
determine a opening of a window by a
break in connectivity.
– Vibration sensors are also electromechanical
– Pressure pads are also electromechanical
IDS (n/b)
Photoelectric – uses light beams to detect when
something crosses the beam. (slide image)
Passive Infrared (PIR) – monitors heat signatures in a
room. (a lot of home automatically light systems are
of this type) (slide image)
Acoustical Detection – uses sound
Proximity detector/capacitance detectors – emits a
measurable magnetic field. If field is disrupted it sets
off the alarm. (usually this field is a very small area,
as magnetic fields disperse quickly as the area
increases)
Passive Infrared IDS
Passive Infrared
(PIR) – monitors
heat signatures in
a room. (a lot of
home automatic
light systems are
of this type)
Photoelectric IDS
Photoelectric –
uses light
beams to
detect when
something
crosses the
beam.
Personnel Access Controls
Personnel access controls
There are different technologies to grant access
to a building, generally called an “access
token”
• User activated – a user does something
(swipe cards, biometrics)
• Proximity devices/transponders – a system
recognizes the presence of an object.
(Electronic access control tokens) is a generic
term for proximity authentication systems)
Smart Cards Vs. Memory cards
What is memory Cards? (see slide)
What is a smart Card? (see slide)
How are they different?
Which is more secure?
Memory Cards
Smart Card
Biometrics (195)
• Bio – life, metrics - measure
• Biometrics verifies (authenticates) an
individuals identity by analyzing unique
personal attribute (something they ARE)
• Require enrollment before being used* (what
is enrollment? Any ideas)
• EXPENSIVE
• COMPLEX
Biometrics (195)
• Can be based on
– behavior (signature dynamics) – might change over
time
– Physical attribute (fingerprints, iris, retina scans)
– We will talk about the different types of biometrics
later
• Can give incorrect results
• False negative – Type 1 error* (annoying)
• False positive – Type 2 error* (very bad)
CER (n/b)
• Crossover Error Rate (CER)* is an important
metric that is stated as a percentage that
represents the point at which the false
rejection rate equals the false positive rate.
• Lower number CER is better/more accurate*.
(3 is better than an 4)
• Also called Equal Error Rate
• Use CER to compare vendors products
objectively
Biometrics (n/b)
• Systems can be calibrated, for example of
you adjust the sensitivity to decrease fall
positives, you probably will INCREASE false
negatives, this is where the CER come in.
(see next slide)
• Some areas (like military) are more
concerned with one error than the other (ex.
Would rather deny a valid user than accept an
invalid user)
• Can you think of any situations for each case?
CER (n/b)
Biometric problems? (n/b)
•
•
•
•
Expensive
Unwieldy
Intrusive
Can be slow (should not take more than 5-10
seconds)*
• Complex (enrollment)
Biometric Types Overview (n/b)
We will talk in more depth of each in the next
couple slides
• Fingerprint
• Hand Geometry
• Retina Scan
• Iris Scan
• Keyboard Dynamics
• Voice Print
• Facial Scan
Finger Print
Fingerprint (n/b)
• Measures ridge endings an bifurcations
(changes in the qualitative or topological
structure) and other details called “minutiae”
• Full fingerprint is stored, the scanners just
compute specific features and values and
sends those for verification against the real
fingerprint.
Hand Geometry (n/b)
• Overall shape of hand
• Length and width of fingers
• This is significantly different between
individuals
Retina Scan
Retina Scan (n/b)
• Reads blood vessel patterns on the back
of the eye.
• Patterns are extremely unique
Iris Scan
Iris Scan (n/b)
•
•
•
•
•
Measures colors
Measures rifts
Measures rings
Measures furrow (wrinkle, rut or groove)
Provides most assurance of all biometric
systems
• IRIS remains constant through adulthood
• Place scanner so sun does NOT shine
through aperture*
Keyboard dynamics (n/b)
• Measure the speeds and motions as you type,
including timed difference between characters
typed. For a given phrase
• This is more effective than a password
believe it or not, as it is hard to repeats
someone's typing style, where as it’s easy to
get someone's password.
Voice Print (n/b)
• Enrollment, you say several different phrases.
• Measures speech patterns, inflection and
intonation (i.e.. pitch and tone)
• For authentication words are jumbled.
Facial Scan
Facial Scan (n/b)
Geometric measurements of
• Bone structure
• Nose ridges
• Eye width
• Chin shape
• Forehead size
Biometrics wrap up
We covered a bunch of different biometrics
• Understand some are behavioral* based
– Voice print
– Keyboard dynamics
– Can change over time
• Some are physically based
– Fingerprint
– Iris scan
Biometrics wrap Up
• Fingerprints are probably the most commonly
used and cheapest
• Iris scanning provides the most “assurance”
• Some methods are intrusive
• Understand Type I and Type II errors
• Be able to define CER, is a lower CER value
better or worse?
• Privacy Issues
Device Security
Device Security
Devices can be stolen
• Use a drive encryption technology such as bit
locker or encrypting file system
• Use device or port locks to secure items
• Laptops
– should be inventoried
– “Lojack” type devices should be installed.
– Encrypt the Disks
(more)
Device Security
Be wary of USB devices and CDs etc that you
find or are given (bank story)
• Disable USB if possible
• \HKEY_LOCAL_MACHINE\System\CurrentC
ontrolSet\Services\UsbStor – set to 4 (from 3)
• Disable Auto Play
• Use privacy Screen
• Securely Dispose of Devices
Environmental Security
Fire Suppression
Different fire suppression types based on class
of fire
• A
• B
• C
• D
(we’ll talk about each of these)
Fire Suppression
A – Common Combustibles
• Use for: Wood, paper, laminates
• Uses water or foam as suppression
agent
B – Liquid
• Use for: gas or oil fires
• Use: Gas (CO2), foam, dry powders
Fire Suppression
C – Electrical
• Use on: electrical equipment and wires
• Uses: Gas, CO2, dry powder
D – Combustible materials
• Use on: combustible chemicals (sodium,
potassium)
• Uses: dry powder
Fire Suppression (Halon)
Before any type of dangerous gas (Halon, CO2) is
released there should be some type of warning
emitted. (CO2 will suffocate people)
Halon is a type of gas that used to be commonly
used, it is no longer used do to CFCs. (it is also
dangerous to people). It was banned by the
“Montreal protocol”* in 1987. effective
replacement is FM-200 or others on top of pg
444*
Fire Suppression Note
HVAC system should be set to shutdown
when an automatically suppression
system activates.
Now we need to understand automatic fire
suppression systems
Sprinkler Heads
The “Thermal Linkage” is
often a small glass tube with
colored liquid that is
designed to shatter at a fixed
temperature.
The fire will heat the Thermal
Linkage to its break point, at
which point the water in the
pipe will flow freely through
the opening at a high
pressure. The pressure of the
water causes it to spread in a
wide area when it hits the
deflector
Automatic fire suppression (n/b)
Sprinklers –
• Wet Pipe – high pressure water in pipe directly
above sprinkler heads
•Deluge – Type of wet pipe with a high volume of water
dispersal, not used for data centers.
Automatic fire suppression (n/b)
• Dry Pipe – Air in pipe overhead, water in
reservoir, released on fire detection
Automatic fire suppression (n/b)
• Pre action – like dry pipe, but a delay
exists before release. Best for computer
rooms if a water based system is used.
Fire random tidbit (n/b)
The space between the “ceiling” and the
actual floor above is called the “plenum”.
You should know this term, you should
understand that when running network
cables and other plastics insulated wiring,
you need to use a certain type of wire
called “plenum” wire, this is because
burning plastic gives off toxic gases and
small fires in plenum areas could distribute
toxic gases throughout the building air
systems.
Environmental Issues (n/b)
Improper environments can cause damage to
equipment or services
Water and Gas
• Make sure there are shutoff valves and that they
have positive drains (flow out instead of in, why?)
• Humidity
– Humidity must not be too high or too low
• Low – static
• High – rust/corrosion
– Hygrometer measures humidity
(more)
Environmental Issues (n/b)
• Static electricity – besides ensuring proper
humidity
– use anti-static flooring in data processing areas
– Don’t use carpeting in data centers
– Wear anti-static bands when working inside
computers.
Electric power issues (n/b)
There power interference that stops you from
getting “clean power” this is called “line
noise”.
Electric power issues (n/b)
Line Noise can be caused by the following
• Electromagnetic Interference –
electromagnetic that can create noise.
(motors can generate fields)
• Radio Frequency Interference – fluorescent
lights
Electrical Power Issues (n/b)
There are times where the voltage delivered falls
outside normal thresholds
Excess
• Spike – momentary high voltage
• Surge – prolonged
Shortage
• Sag/dip – momentary low voltage
• Brownout – prolonged low voltage
Loss
• Fault – momentary outage
• Black out
Electrical power issues (n/b)
• “In rush current” – when a bunch of things are
turned on, power demands are usually higher,
and may stress power supplies, causing a
sag/dip
• Try to have computer equipment on different
electrical supplies. Do not use microwaves or
vacuums on computer power lines.
Power best practices (n/b)
• Use surge protectors on desktops
• Do not daisy change surge protectors (see next
slide)
• Employ power monitor to detect current and voltage
changes
• Use regulators or line conditioners in computer
rooms
• Use UPS systems in computer rooms
• If possible shield power cables
• Do not run power over or under fluorescent lights
Computer Room (n/b)
• Temperature and Humidity levels should be
properly maintained
– Humidity too low, static electricity*
– Humidity too high, corrosion of metal parts*
• CR should be on separate electrical systems
than the rest of the building
• Should have redundant power systems and
UPS
Review Questions
Q. What feature can allow a windows computer to
automatically run a Trojan program on an inserted CD or
USB drive
Q. Which of the following water based automatic fire
suppression systems would be best used for a data center.
Q. Why is access to a network jack a risk?
Q. What is the CER in terms of biometrics
Q. What is a type 1 and type 2 error?
Review Questions
Q. If providing access to a bank vault, would I
prefer higher false positives or higher false
negatives?
Q. What type of fire rating is electrical fires?
Q. What is the difference between smart cards and
memory cards.
Q. What type of motion sensor detects a human
through emanated heat?