Physical Security
|
|
Physical security measures prevent your systems from being accessed in unauthorized ways, primarily preventing an unauthorized user from touching a system or device.
Most networked systems have developed high levels of sophistication and security from outside intruders. However, these systems are generally vulnerable to attacks, sabotage, and misuse internally. If an intruder has physical access to your systems, you should not consider them secure.
The following section discusses the aspects of physical security that affect your environment, including access controls, social engineering, and the environment.
Access Control
Access control is a critical part of physical security. Systems must operate in controlled environments to be secure. These environments must be, as much as possible, safe from intrusion. Computer system consoles can be a critical point of vulnerability because many administrative functions can be accomplished only from the system console. These consoles, as well as the systems, must be protected from physical access. This section discusses physical barriers and biometrics.
Physical Barriers
A key aspect of access control involves physical barriers. The objective of a physical barrier is to prevent access to computers and network systems. The most effective physical barrier implementations require that more than one physical barrier be crossed to gain access. This type of approach is called a multiple barrier system.
Your systems ideally should have a minimum of three physical barriers. The first barrier is the external entrance to the building. This barrier is protected by things like burglar alarms, external walls, and surveillance. The second barrier is the entrance to the computer center that is behind a locked door. The third is the entrance to the computer room itself. Each of these entrances can be individually secured, monitored, and protected with alarm systems. The outer barrier is referred to as a perimeter. Figure 6.1 illustrates this concept.
Figure 6.1: The three-layer security model
Although these three barriers will not always stop an intruder, they will potentially slow them down enough so that law enforcement can respond before an intrusion is fully developed.
High-security installations use a type of intermediate access control mechanism called a mantrap. Mantraps require visual identification, as well as authentication, to gain access. Mantraps are usually designed to retain an unauthorized person until authorities arrive. Figure 6.2 illustrates a mantrap. Notice in this case that the visual verification is accomplished using a security guard. In high security and military environments, an armed guard, as well as video surveillance, would be placed at the mantrap.
Figure 6.2: A mantrap in action
Once inside the facility, additional security and authentication may be required for further entrance. A mantrap makes it difficult for a facility to be overwhelmed, as the mantrap only allows one or two people into the facility at a time. A properly developed mantrap includes bulletproof glass, high-strength doors, and locks. The purpose of the mantrap is to physically contain a potentially hostile individual.
Perimeter Security
Perimeter security, whether physical or technological, is the first line of defense in your security model. In the case of a physical security issue, the intent is to prevent unauthorized access to resources inside a building or facility.
The network equivalent of physical perimeter security is intended to accomplish for a network what perimeter security does for a building. How do you keep unauthorized intruders from gaining access to systems and information in the network through the network?
In the physical environment, this is accomplished using locks, doors, surveillance systems, and alarm systems. This is not functionally any different from a network, which uses border routers, intrusion-detection systems, and firewalls to prevent unauthorized access. Figure 6.3 illustrates the systems used to prevent network intrusion.
Figure 6.3: Network perimeter defense
Very few security systems can be implemented that do not have weaknesses or vulnerabilities. A determined intruder can, with patience, overcome most security systems. The task may not be easy, and it may require careful planning and study. However, a determined adversary can usually figure out a way.
If you wanted to prevent intruders from entering your building, you could install improved door locks, coded alarm systems, and magnetic contacts on doors and windows. These measures might deter an intruder from breaking into your building. Remember that you cannot keep an intruder out of your building. However, you can make an intrusion riskier and more likely to be discovered if it happens.
 |
Recently, a small business noticed that its network traffic seemed to be very high in the late evening and early morning. The business could not find a network reason for why this was happening. Upon investigation, the security consultant found that a part-time employee had established a multiuser game server in his office. The game server was set to turn on after 10:00 P.M. and turn off at 5:30 A.M. This server was hidden under a desk, and it supported around 30 local game players. The part-time employee did not have a key to the building. An investigation was conducted to figure out how he gained access to the building after hours. The building had electronic locks on its outside entrances, and a pass card was needed to open the doors.
The investigation discovered that the employee and a friend had figured out a way to slide a piece of cardboard under one of the external doors. This activated the door mechanisms and unlocked them. This allowed the employee to access the building after hours. The door locks were designed to automatically unlock when someone was leaving the building. The intruders took advantage of this weakness in the doors to gain access.
|
Security Zones
A security zone is an area in a building where access is individually monitored and controlled. A large network, such as a large physical plant, can have many areas that require restricted access. In a building, floors, sections of floors, and even offices can be broken down into smaller areas. These smaller zones are referred to as security zones. In the physical environment, each floor is broken into two separate zones. An alarm system that identifies a zone of intrusion can inform security personnel where in the building an intruder is. Zone notification tells them where to begin looking when they enter the premises.
The networking equivalent of a security zone is a network security zone. They perform the same function. If a smaller network's sections are created, each zone can have its own security considerations and measures—just like a physical security zone. Figure 6.4 illustrates a larger network being broken down into three smaller zones. Notice that the first zone also contains a smaller zone where high-security information is stored. This allows layers of security to be built around sensitive information.
Figure 6.4: Network security zones
Partitioning
Partitioning a network is functionally the same as partitioning a building. In a building, walls exist to direct pedestrian flow, provide access control, and separate functional areas. This process allows information and property to be kept under physical lock and key. Partitions can either be temporary structures or they can be permanent. Hallways in an office building are usually built differently from internal office space. Hallways are usually more flame resistant, and they are referred to as fire corridors. These corridors allow people in the building to escape in the event of a fire. Fire corridor walls go from the floor to the ceiling, where internal walls can stop at the ceiling. Most office buildings have a false ceiling in them for lighting, wiring, and plumbing.
Network partitioning accomplishes the same function for a network as physical partitioning does for a building. Buildings have physical walls, while network partitioning involves the creation of private networks within the larger networks. These partitions can be isolated from each other using routers and firewalls.
Therefore, while the network systems are all connected together using wire, the functional view is that of many smaller networks. Figure 6.5 shows a partitioned network. It is important to realize that unless a physical device (such as a router) separates these partitioned networks, all of the signals are shared across the wire. This accomplishes the same function as a hallway or locked door—from a purely physical perspective.
Figure 6.5: Network partitioning separating networks from each other in a larger network
|
You have been asked to evaluate your building's security system. The president chose you because you understand computers, and after all, these new alarm systems are computerized.
In evaluating the environment, you notice that the building has a single control panel for the whole building. A few motion detectors are located in the main hallway. Beyond that, no additional security components are installed.
This situation is fairly normal in a small building. You could recommend enhancing the system by adding motion detectors in each major hallway. You could also install video surveillance cameras at all of the entrances. You would also want to consider upgrading your perimeter security by adding contact sensors on all of the doors and ground-floor windows.
Evaluate the building from a multi-tiered approach. Incorporate perimeter security, security zones, and surveillance where needed.
|
Biometrics
Biometric systems are those that use some kind of unique biological identifier to identify a person. Some of these unique identifiers include fingerprints, patterns on the retina, and handprints. Some of the devices that are used include hand scanners, retinal scanners, and potentially DNA scanners, and they can be used as part of the access control mechanisms. These devices should be coupled into security-oriented computer systems that record all access attempts. The devices should also be under surveillance in order to prevent individuals from bypassing them.
These technologies are becoming more reliable, and they will become widely used over the next few years. Many companies use smart cards as their primary method of access control. Implementations have been limited in many applications because of the high costs associated with these technologies.
As the cost of biometric devices continues to fall, their use will likely increase.
|
You are being asked to solve the problem of people forgetting their access control cards in the computer center. Hardly a day goes by when a company employee doesn't forget to bring his. Forgotten access cards cause a great deal of disruption in the workplace because someone has to constantly reissue smart cards. The company has tried almost everything it can think of short of firing people who forget their cards. What could you recommend to the company?
You may want to investigate either biometric devices (such as hand scanners) or number access locks that can be used in lieu of smart cards for access. These devices would allow people who forget their smart cards to enter areas that they should be able to access.
|
Social Engineering
Social engineering is the process by which intruders gain access to your facilities, your network, and your employees by exploiting the generally trusting nature of people. A social engineering attack may come from someone posing as a vendor or as an e-mail from a "traveling" executive who indicates that she forgot how to log on to the network or how to get into the building over the weekend. It is often difficult to determine whether the individual is legitimate or has nefarious intentions.
Social engineering attacks can be very subtle in the way they develop. They are also hard to detect. Let's take a look at some "classic" social engineering attacks.
Someone enters your building wearing a white lab jacket with a logo on it. He also has a toolkit. He approaches the receptionist and identifies himself as a copier repairman from a major local copier company. He indicates that he is here to do preventative service on your copier. In most cases, the receptionist will let him pass and tell him where the copier is. Once the "technician" is out of sight, the receptionist will probably not give him a second thought. Your organization has just been the victim of a social engineering attack. The attacker has now penetrated your first and possibly even your second layers of security. In many offices, including security-oriented offices, this individual would largely have access to your entire organization and would be able to pass freely anywhere he wanted. This attack did not take any particular talent or skill other than the ability to look like a copier repairman.
Let's look at one more example. (By the way, this is a true situation. It happened at a high-security government installation.) Access to the facility required passing through a series of manned checkpoints. These checkpoints were manned by professionally trained and competent security personnel. The employee decided to play a joke on the security department. He took an old employee badge that he had, cut his picture out of it, and pasted a picture of Mickey Mouse into the location where his picture was supposed to be. He was able to gain access to the facility for two weeks before he was caught.
Social engineering attacks like these are very easy to accomplish in most organizations. Even if your organization uses biometric devices, magnetic card strips, or other electronic measures, social engineering attacks are still relatively easy. A favorite method of gaining entry to electronically locked systems is to follow someone through the door that they just unlocked. Many people wouldn't even think twice about this event. It happens all the time.
Preventing social engineering attacks involves more than just training on how to detect and prevent them. It also involves making sure that people stay alert. Social engineering is very easy to do even with all of today's technology at our disposal.
|
You have just received a call from someone purporting to be from your ISP. She claims that she needs to perform remote maintenance on your network. She says that a setting in your router is wrong, and she needs to change it. How should you handle this?
First of all, remember the discussion about social engineering. How do you know that this person really is from your ISP? You will want to take a phone number down, and tell her that you will call her right back. You should also ask for the main number and her extension. Call the main number. Attempt to verify that this is really the company you are working with, and that the individual is actually part of the maintenance group. If you are still uncertain, call your marketing representative, or other known number from your phone, and asked to be transferred to this individual.
|
Environment
The environment your business operates in is bigger than the mere physical facility that houses your computers and employees. It also includes wireless cells, physical locations, shielding, and fire suppression. The following sections discuss these four areas to help you prepare for the exam.
Wireless Cells
The advent of wireless technology has created a wealth of solutions and problems for security professionals. The ability to use small low-powered devices, such as cell phones, makes this technology attractive for mobile workers. Manufacturers now make smart phones that can also act as PDAs. Adapters are available for most PC systems that allow them connection to cell phones. New cell sites are being added internationally, and the coverage area of cell phones is increasing exponentially.
The technology is based upon small low-powered transmitters located strategically throughout a coverage area. A cell provider is given approximately 800 separate frequencies to use in a coverage area. The frequencies are then broken down into roughly 56 channels in a single cell. Figure 6.6 shows this coverage scheme.
Figure 6.6: Cell system in a metropolitan area
The individual cells have a high level of computer intelligence, and they hand off conversations to each other automatically. Cell phones in the U.S. operate in the 824MHz to 894MHz range. The Federal Communications Commission requires police scanners to bypass these frequencies in the United States. Most other countries do not require this frequency blocking in communications equipment.
| Note | It is a federal crime to monitor or eavesdrop on these frequencies. |
Cell phones use analog as well as digital transmission capabilities. The analog cell systems allow approximately 60 simultaneous conversations to occur in a single cell. Digital technology expands that to about 180 simultaneous conversations. New applications, which will allow for cell-based banking and other transactions, are being added to cell technology.
Global System for Mobile Communications (GSM), the newest standard for cell systems, does offer encryption. GSM works in conjunction with a Subscriber Identification Module (SIM), allowing users to change phones. The SIM is a removable card that can be moved from one phone to another. Unfortunately, U.S. and European cell standards are not interchangeable, although many manufacturers are now selling dual-mode phones.
Many people believe that cell phones are untraceable, and that you cannot determine the location of a cellular user. This is not the case. When a cell phone is turned on, it immediately identifies itself to the cell that is closest to it. The cell systems can triangulate a cell user to within a few feet. This can be done even if the phone is not in use, but is merely turned on. The point of origin can be determined in only a few moments because the process is largely computerized.
|
You have become increasingly concerned about secure access to your network using wireless devices. Many managers and other employees use wireless PDAs to communicate when they are away from the office. What can you do to secure these devices?
You may want to implement a wireless security protocol (such as WTLS or ECC) in these devices and in your network. This would allow communications to occur between wireless users and your network. ECC is discussed in Chapter 7, "Cryptography Basics and Methods," and it is becoming a standard for wireless communications security.
|
Location
The location of your computer facility is critical to its security. Computer facilities must be placed in a location that is physically possible to secure. Additionally, the location must have the proper environment capabilities to manage temperature, humidity, and other factors necessary to the health of your computer systems.
Environmental Systems
Many computer systems require temperature and humidity control for reliable service. The larger servers, communications equipment, and drive arrays generate large amounts of heat. This is especially true of mainframe and older minicomputers.
An environmental system for this type of equipment is a significant expense beyond the actual computer system costs. Fortunately, newer systems operate in a wider temperature range. Most new systems are designed to operate in an office environment.
If the computer systems you are responsible for require special environmental considerations, you will need to establish cooling and humidity control. Ideally, systems are located in the middle of the building, and they are ducted separately from the rest of the system. It is a common practice for modern buildings to use a zone-based air conditioning environment. This allows the environmental plant to be turned off when the building is not occupied. A computer room will typically require full-time environmental control.
| Note | Environmental systems should be monitored to prevent the humidity levels of a computer center from dropping below 50 percent. Electrostatic damage is likely to occur when humidity levels get too low. |
Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from electrostatic shock. Most environmental systems also regulate humidity; however, a malfunctioning system can cause the humidity to be almost entirely extracted from a room. Make sure that environmental systems are regularly serviced.
Environmental concerns also include considerations about water and flood damage, as well as fire suppression. Computer rooms should have fire and moisture detectors. Most office buildings have water pipes and other moisture-carrying systems in the ceiling. If a water pipe bursts (which is common in minor earthquakes), the computer room could become flooded. Water and electricity do not mix. Moisture monitors would automatically kill power in a computer room if moisture were detected.
Fire, no matter how small, can cause damage to computer systems. Apart from the high heat that can melt or warp plastics and metals, the smoke from the fire can permeate the computers. Smoke particles are large enough to lodge under the read/write head of a hard disk, thereby causing data loss. Finally, the fire-suppression systems in most buildings consist of water under pressure. The water damage from even a very small fire could wipe out an entire data center.
| Note | The three critical components of any fire are heat, fuel, and oxygen. If any component of this trilogy is removed, a fire is not possible. Most fire suppression systems work on this concept. |
Power Systems
Computer systems are susceptible to power and interference problems. A computer requires a steady input of AC power to produce reliable DC voltage for its electronic systems. Power systems are designed to operate in a wide band of power characteristics. Power systems help keep the electrical service constant, and they ensure smooth operations. The products that solve most electrical line problems include surge protectors, power conditioners, and backup power supplies:
Surge Protectors Surge protectors protect electrical components from momentary or instantaneous increases (called spikes) in a power line. Most surge protectors shunt a voltage spike to ground through the use of small devices called Metal Oxide Varistors (MOVs). Large-scale surge protectors are usually found in building power supplies or at power feed points in the building. Portable surge protectors can be purchased as part of an extension cord or power strip. If subsequent surges occur, the surge protector may not prevent them from being passed through the line to the computer system. Surge protectors are passive devices, and they accomplish no purpose until a surge occurs.
Power Conditioners Power conditioners are active devices that effectively isolate and regulate voltage in a building. These devices are usually active devices that monitor the power in the building and clean it up. Power conditioners usually include filters, surge suppressors, and temporary voltage regulation. Power conditioners can also activate backup power supplies. Power conditioners can be part of the overall building power scheme. It is also common to see power conditioners dedicated strictly to computer rooms.
Backup Power Backup power is usually used in situations where continuous power is needed in the event of a power loss. These types of systems are usually designed either for a short-term duration, as in the case of a battery backup system, or for long-term uses as in an Uninterruptible Power Supply (UPS). UPS systems usually use batteries to provide short- term power. Longer-term backup power comes from power generators that frequently have their own power-loss-sensing circuitry. Power generators kick in if a power loss is detected, and they provide power until disabled. The generators require a short amount of time to start providing power, and the battery backup systems provide time for the generators to come online. Most generator systems do not automatically turn off when power is restored to a building. Generators are turned off manually. This is necessary because it is very common for several false starts to occur before power is restored from the power grid.
Most power generators are either gas or diesel operated, and they require preventative maintenance on a regular basis. These systems are not much use if they do not start when needed or they fail because no oil is in the motor. Newer systems are becoming available that are based on fuel cell technology. These will probably be very reliable and require less maintenance.
Shielding
Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities. This section discusses the problems of electromagnetic and radio frequency interference. In a fixed facility, such as a computer center, electronic shielding can be provided by surrounding the computer room with a Faraday Cage. A Faraday Cage usually consists of an electrically conductive wire mesh or other conductor woven into a "cage" that surrounds a room. This conductor is then grounded. Because of this cage, few electromagnetic signals can either enter or leave the room, thereby reducing the ability of someone to "eavesdrop" on a computer conversation. In order to verify the functionality of the cage, RF emissions from the room are tested with special measuring devices.
Electromagnetic Interference and Radio Frequency Interference
Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI) are two additional environmental considerations. Motors, lights, and other types of electromechanical objects cause EMI. EMI can cause circuit overload, spikes, or electrical component failure. EMI can be minimized by making sure that all signal lines are properly shielded and grounded. Devices that generate EMI should be as physically distant from cabling as is feasible. This type of energy tends to dissipate very quickly with distance. Figure 6.7 shows a motor generating EMI. In this example, the data cable next to it is picking up the EMI. This causes the signal to deteriorate, and it may eventually cause the line to be unusable. The gray area in the illustration is representative of the interference generated by the motor.
Figure 6.7: Electromagnetic interference (EMI) pickup in a data cable
RFI is the byproduct of electrical processes, similar to EMI. The major difference is that RFI is usually projected across a radio spectrum. Motors with defective brushes can generate RFI, as can a number of other devices. If RF levels become too high, it can cause the receivers in wireless units to become deaf. This process is called desensitizing, and it occurs because of the volume of RF energy present. This can occur even if the signals are on different frequencies. Figure 6.8 demonstrates the desensitizing process occurring with a WAP. The only solutions in this situation would be to move the devices farther apart or to turn the RFI generator off.
Figure 6.8: RF Desensitization occurring as a result of cellular phone interference
TEMPEST
TEMPEST is the name of a project commenced by the U.S. government in the late 1950s. Tempest was concerned with reducing electronic noise from devices that would divulge intelligence about systems and information. This program has become a standard for computer systems certification. TEMPEST shielding protection means that a computer system does not emit any significant amounts of EMI or RFI. For a device to be approved as a TEMPEST device, it must undergo extensive testing. This testing is done to very exacting standards dictated by the U.S. government. TEMPEST-certified equipment frequently costs twice as much as non-TEMPEST equipment.
Fire Suppression
Fire suppression is a key consideration in a computer center design. Two primary types of fire suppression systems are in use. These are fire extinguishers and fixed systems. Fixed systems are usually part of the building systems. Fire extinguishers are portable systems.
Fire Extinguishers
The selection and use of fire extinguishers is critical. Four primary types of fire extinguishers are available. They are classified by the types of fires they put out, as class A, B, C, and D. Table 6.1 describes the four types of fires and the capabilities of various extinguishers.
| Type | Use | Retardant Composition |
|---|---|---|
| A | Wood and Paper | Largely water or chemical |
| B | Flammable Liquids | Fire-retardant chemicals |
| C | Electrical | Nonconductive chemicals |
| D | Flammable Metals | Varies, type specific |
Several multipurpose types of extinguishers combine extinguisher capabilities in a single bottle. The more common multipurpose extinguishers are A-B, B-C, and ABC.
The recommended procedure for using a fire extinguisher is called the PASS method. PASS stands for Pull, Aim, Squeeze, and Sweep. Fire extinguishers usually operate for only a few seconds. Make sure you do not fixate on a single spot if you need to use one. Most fire extinguishers have a limited effective range of from three to eight feet.
A major concern with electrical fires is that they can reoccur very quickly if the voltage is not removed. Make sure that you remove voltage from systems when a fire occurs.
Most fire extinguishers require an annual inspection. This is a favorite area of citation by fire inspectors. You can contract with services to do this on a regular basis. They will come out and inspect or replace fire extinguishers according to a scheduled agreement.
Fixed Systems
The most common fixed systems combine fire detectors with fire suppression systems. The detectors usually trigger either because of a rapid temperature change or because of excessive smoke.
Most systems use either water sprinklers or fire-suppressing gas. Water systems work with overhead nozzle systems, such as illustrated in Figure 6.9. These systems are the most common systems in modern buildings. Water systems are relatively inexpensive, reliable, and require little maintenance. Water systems cause extreme damage to energized electrical equipment such as computers. These systems can be tied into relays that terminate power to computer systems before they release water into the building.
Figure 6.9: Water-based fire suppression system
The gas-based systems were originally designed to use carbon dioxide, or later Halon gas. Halon gas is not used anymore because it damages the ozone layer. Environmentally acceptable substitutes are now available for gas systems. The principle of a gas system is that is displaces the oxygen in the room and removes this necessary component of a fire.
| Warning | Evacuate the room immediately in the event of a fire. Gas-based systems work by removing oxygen from the fire. This can suffocate anyone in the room as well. |
The major drawback to gas-based systems is that they require sealed environments to operate. Special ventilation systems are usually installed in gas systems to limit air circulation when the gas is released. Gas systems are also very expensive, and they are usually only implemented in computer rooms or other areas where water would cause damage to technology or other intellectual property.
|
|
EAN: 2147483647
Pages: 167