2.7 - Importance of Physical Security Controls Flashcards

1
Q

Barricades

A
  • Prevents access (limits to the prevention)
  • Channel people through a specific access point
  • keep other things out
  • identify safety concerns and prevent injury
  • Ex: a construction zone could set up a barricade to protect pedestrians
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Bollards

A
  • concrete cones
  • specific type of barricade
  • designed to stop large items from passing through an area
  • allows people, prevents cars and trucks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Moat

A
  • Water feature that creates a natural barricade
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Control Vestibule

A
  • All doors normally unlocked
  • Opening one door causes other to lock
  • The configuration of the doors is dependent on configuration
  • (ex: one door unlocks then all other immediately lock)
  • (ex: all doors are locked so if you unlock one no others can be unlocked)
  • allows person controlling access to data center to manage persons in and out
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Alarms

A
  • usually circuit based
  • circuit is opened or closed
  • useful on the perimeter
  • a type of physical security
  • ex: door or window alarm
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Motion detection

A
  • Radio reflection or passive infrared
  • ## useful in areas not often in use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Duress

A
  • Duress button is triggered by a person
  • Ex: a big red button
  • panic button calls for reinforcements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Signs

A
  • Need signs so people know what to expect from an area
  • Clear and specific instructions
  • Keep people away from restricted areas
  • Consider visitors who don’t’ know area at all
  • Ex: Fire exits, chemical / construction or medical resources (might be useful to add contact details in case of emergency)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CCTV

A
  • Close circuit television
  • especially if it’s an environment only accessible from that single facility
  • Can replace physical guards
  • Camera features are important (ex: motion recognition tied to an alarm or object detection can identify a license plate or a face)
  • often many cameras are tied to a single recording device
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Industrial camoflage

A
  • Conceal an important facility in plain site
  • blends into the local environment
  • usually no signage, or visual cues
  • often have a guard gate and water features or planters that are bollards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Guards and Access lists

A
  • One of the best security features are people
  • physical protection at reception area
  • validates ID of existing employees
  • Provides guest access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ID Badge

A
  • Picture, name, details
  • must be worn at all times
  • enforced by security guard
  • can swipe and adds to visitor log
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Guards

A
  • 2 person integrity / control
  • minimizes exposure to an attack
  • No single person has access to a physical asset
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Robot sentry

A
  • Emerging technology

- Replace humans with automated tasks and have the humans perform more important tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Biometrics

A
  • Biometric authentication
  • usually stores a mathematical representation of something you are (not the actual picture of your finger print)
  • fingerprint difficult to change or replicate
  • powerful physical controls but not full proof, should be combined with something like a code for authentication
  • Ex: fingerprint, retina, voice print
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Door access controls

A
  • Conventional - Lock and Key
  • Deadbolt - physical bolt
  • Electronic - keyless, PIN
  • token-based: RFID badge, key fob, magnetic swipe card (like a hotel)
  • biometric
  • multifactor (smart card / pin)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cable locks

A
  • Temporary security
  • can connect to almost anything (ex: locking laptop to desk)
  • most devices like laptops have a standard connector that reinforces the notch
  • not designed for long-term protection (cables are pretty thin)
18
Q

USB Data blocker

A
  • A USB connector that only connects to the power line component of a USB to get around the issue of juice
    jacking
  • prevents the data portion from connecting via the USB
  • Normally, don’t want to connect to unknown USB interfaces, even if you need a quick charge
  • Prevent “juice jacking” - could be transferring data
  • probably just want to bring your own power adaptor
19
Q

Proper lighting

A
  • More lightening = more security
  • Non Infrared cameras see better in light
  • Many kinds and types of lighting, make sure you consider overall light levels, angles (avoiding shadows / glare is important for face recognition)
20
Q

Fencing

A
  • Good way to protect perimeter, but also might be an advertisement that there is valuable stuff
  • transparent or opaque (see through fence or not) depending on your needs
  • robust fences / tall / can add razor wire
21
Q

Fire suppression

A
  • Electronics require unique response to fire (not water)
  • Detection (smoke, flame, heat detector)
  • Suppress with water, where appropriate (not with electronics)
  • Electronics - used to use Halon (not manufactured anymore b/c it destroys the ozone). Commonly replaced with Dupont FM-200
22
Q

Sensors

A
  • Motion Detection
  • needed for areas not commonly monitored by people
  • Noise detection
  • proximity reader (commonly used for electronic doors plus access card)
  • Water detection (leaks)
  • Data centers (common to have a heat sensor)
23
Q

Drones

A
  • some security teams use drones (quickly cover large areas)
  • may not be used for constant security, but for specific purposes (like site surveys, or damage assessment)
  • many include motion / heat sensor
  • high resolution video capture
24
Q

Faraday cage

A
  • method of signal suppression
  • Blocks electromagnetic fields
  • Discovered by Michael Faraday in 1836
  • mesh of conductive materials, so that radio signals don’t get out (Ex: microwave door)
  • not a comprehensive solution
  • not all signal types are blocked, some aren’t blocked at all
  • also remember if you’re blocking radio signals, you could be blocking people’s ability to call for help in an emergency
25
Q

Screened subnet

A
  • If you’re working on an internal network and realize you need to provide something to the internet, you might use a screened subnet
  • might not want people getting into internal network
  • network that does have a controlled access usually from firewall and people can access resources in the screened subnet
  • Formerly known as a DMZ (Demilitarized Zone)
  • An additional layer of security between the internet and you
  • Public access to public resources
26
Q

PDS

A
  • Protected Distribution System
  • Physically securing your cabled network (protect your cables and fibers) since all the data flows through these
  • would prevent an attacker from installing a tap in the middle of your cables
  • could prevent a DoS
  • Common to have periodic audits to ensure no one can gain access to your networking infrastructure
27
Q

Secure areas

A
  • Should be part of your security policy
  • Goal, preventing people from getting to physical access to your systems
  • Secure offline data (backups are an important security concern)
28
Q

Air gap

A
  • Provides physical separation between networks
  • Ex: b/n different customer networks or b/n secure and unsecure networks
  • Specialized networks require airgaps (ex: stock market networks, power systems/ SCADA, Airplanes, Nuclear power plant operations)
29
Q

Vaults

A
  • A secure reinforced ROOM
  • Store backup media
  • Protect from disaster or theft
  • Often onsite
30
Q

Safe

A
  • Similar to a vault, but smaller
  • less expensive to implement
  • Space is limited inside
  • But you could install in many different locations
31
Q

Hot Aisles / Cold Aisles

A
  • Data centers, the racks generate a lot of heat
  • Optimize Cooling in data centers to keep components at optimal temperatures
  • Conserving energy is really energy intensive (therefore it’s separated into cold and hot aisles as a way to try to keep down energy costs)
  • Cold aisles blows area in one direction, sent through equipment (where it heats up), ventilation sends it back into the cold aisle
32
Q

Data Destruction

A
  • Disposal can become a legal issue (some information cannot be destroyed), consider offsite storage
  • Physically destroying drives usually a better idea
33
Q

Data Sanitation

A
  • Sometimes you want to reuse storage media (but need to be properly sanitized) to make sure nobody can recover any information
  • Purging vs Wiping (partial vs full)
34
Q

Protect your rubbish

A
  • Make sure garbage security is facility
  • behind a fence with a lock
  • Shred documents (governments will burn the good stuff)
  • If you really want to make sure, pulp the paper, remove the ink and recycle the paper back to pulp
35
Q

Physical destruction harddrives

A
  • Might want to use a shredder/ pulverizer on a hard drive (involves heavy machinery)
  • Or you can use a drill/ hammer to poke a hole in the hard drive (quick and easy)
  • You can also incinerate your hard drives (companies do this and needs to be very hot)
36
Q

Degausser

A
  • Electromagnetically destroying data by removing the magnetic field
  • renders the drive unusable (removes configuration information)
37
Q

Certificate of Destruction

A
  • Provides evidence by 3rd party that they were able to destroy everything and they include serial numbers in the documentation
  • Usually if you’re pulverizing or burning your hardware you have to send it to a third party
38
Q

Purging Media

A
  • Removing only a PORTIO of the data

- Ex: remove it from an existing data store or remove some data from the database

39
Q

Wiping Data

A
  • UNRECOVERABLE (can never be restored) removable of data on a storage device
  • Usually overwrites the data storage locations
  • Useful when you need to reuse or continue using the media
40
Q

SDelete

A
  • File level overwriting
  • Available on Windows Sysinternals
  • option for removing files
41
Q

DBAN

A
  • Darik’s Boot and Nuke
  • Whole drive wipe secure data removal
  • popular utility to remove data