10 - Physical Security Requirements Flashcards
What are some elements that go into designing and planning a site for IT infrastructure?
- Secure Facility Plan: emphasizes mechanisms needed to secure the location
- Site Selection: Determining the safety of a location
- Visibility
- Natural Disasters
- Facility Design: Designing a safe facility that is up to code and secure from intrusion.
What is Critical Path Analysis?
The effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements.
What is Technology Convergence?
The tendency for various technologies to evolve and merge over time.
What are the different groups for physical security controls?
- Administrative: Facility construction and selection, site management, training, emergency response and procedures.
- Technical: Access controls, Intrusion detection, CCTV, monitoring, HVAC, Fire detection
- Physical: Fencing, lighting, locks, construction materials, mantraps, dogs and guards.
What order should security controls should be used?
- Deterrence
- Denial
- Detection
- Delay
What is an SLA?
A Service Level Agreement defines the response time a vendor will provide in the event of an equipment failure emergency.
What is MTTF/MTTR?
- MTTF (Mean Time To Failure): Expected lifetime of the device based on the environment
- MTTR (Mean Time To Repair): Average length of time required to perform a repair.
What is a Wiring Closet?
Where networking cables for a location are connected to other essential equipment such patch panels, switches, routers, etc. Can also include equipment for other components such as telephony systems, alarm systems, security systems, etc.
What are Server Rooms?
Enclosed, restricted, and protected rooms where your mission-critical servers and network devices are housed. The more human incompatible it is, the better.
a.k.a.: Data Centers, Communications rooms, wiring closets, server vaults, and IT closets.
What are Smartcards?
Credit-card sized IDs, badges, or security passes with an embedded magnetic strip, bar code, or integrated circuit chip which contain info about the holder so it can be used to authenticate.
What is a Proximity Reader?
A device that can be worn or held by a holder, when it passes a reader which checks the electromagnetic field for alterations and authenticates.
What are Intrusion Detection Systems?
Systems designed to detect an attempted intrusion, breach, or attack. Can be physical or digital.
What are Access Abuses?
Methods people use to gain access to an unauthorized area:
- Masquerading: Using someone else’s security ID to gain entry
- Piggybacking: The Following someone through a secured access point.
What is Emanation Security?
Protection against the interception of electrical signals that can contain confidential data. Such measures are:
- Faraday Cage: A box, room, or buidling designed with an external metal skin, often a wire mesh, that acts as EMI-absorbing material which prevents signals from entering or leaving.
- White Noise: Broadcasting false traffic to mask and hide real emanations.
- Control Zone: Areas where emanation is supported and allowed.
What are Media Storage Facilities?
A secure place where media, new and used, can be stored and tracked without fear of theft and corruption. Best practices:
- Store in locked unit
- Have someone managing the media
- Use check-in/check-out process
- Sanitize returned media:
- Zeroization: Erases data by replacing it with meaningless data like zeros.
- Verify data by checking hashes.