2.7 - Importance of Physical Security Controls Flashcards
1
Q
Barricades
A
- Prevents access (limits to the prevention)
- Channel people through a specific access point
- keep other things out
- identify safety concerns and prevent injury
- Ex: a construction zone could set up a barricade to protect pedestrians
2
Q
Bollards
A
- concrete cones
- specific type of barricade
- designed to stop large items from passing through an area
- allows people, prevents cars and trucks
3
Q
Moat
A
- Water feature that creates a natural barricade
4
Q
Access Control Vestibule
A
- All doors normally unlocked
- Opening one door causes other to lock
- The configuration of the doors is dependent on configuration
- (ex: one door unlocks then all other immediately lock)
- (ex: all doors are locked so if you unlock one no others can be unlocked)
- allows person controlling access to data center to manage persons in and out
5
Q
Alarms
A
- usually circuit based
- circuit is opened or closed
- useful on the perimeter
- a type of physical security
- ex: door or window alarm
6
Q
Motion detection
A
- Radio reflection or passive infrared
- ## useful in areas not often in use
7
Q
Duress
A
- Duress button is triggered by a person
- Ex: a big red button
- panic button calls for reinforcements
8
Q
Signs
A
- Need signs so people know what to expect from an area
- Clear and specific instructions
- Keep people away from restricted areas
- Consider visitors who don’t’ know area at all
- Ex: Fire exits, chemical / construction or medical resources (might be useful to add contact details in case of emergency)
9
Q
CCTV
A
- Close circuit television
- especially if it’s an environment only accessible from that single facility
- Can replace physical guards
- Camera features are important (ex: motion recognition tied to an alarm or object detection can identify a license plate or a face)
- often many cameras are tied to a single recording device
10
Q
Industrial camoflage
A
- Conceal an important facility in plain site
- blends into the local environment
- usually no signage, or visual cues
- often have a guard gate and water features or planters that are bollards
11
Q
Guards and Access lists
A
- One of the best security features are people
- physical protection at reception area
- validates ID of existing employees
- Provides guest access
12
Q
ID Badge
A
- Picture, name, details
- must be worn at all times
- enforced by security guard
- can swipe and adds to visitor log
13
Q
Guards
A
- 2 person integrity / control
- minimizes exposure to an attack
- No single person has access to a physical asset
14
Q
Robot sentry
A
- Emerging technology
- Replace humans with automated tasks and have the humans perform more important tasks
15
Q
Biometrics
A
- Biometric authentication
- usually stores a mathematical representation of something you are (not the actual picture of your finger print)
- fingerprint difficult to change or replicate
- powerful physical controls but not full proof, should be combined with something like a code for authentication
- Ex: fingerprint, retina, voice print
16
Q
Door access controls
A
- Conventional - Lock and Key
- Deadbolt - physical bolt
- Electronic - keyless, PIN
- token-based: RFID badge, key fob, magnetic swipe card (like a hotel)
- biometric
- multifactor (smart card / pin)
17
Q
Cable locks
A
- Temporary security
- can connect to almost anything (ex: locking laptop to desk)
- most devices like laptops have a standard connector that reinforces the notch
- not designed for long-term protection (cables are pretty thin)
18
Q
USB Data blocker
A
- A USB connector that only connects to the power line component of a USB to get around the issue of juice
jacking - prevents the data portion from connecting via the USB
- Normally, don’t want to connect to unknown USB interfaces, even if you need a quick charge
- Prevent “juice jacking” - could be transferring data
- probably just want to bring your own power adaptor
19
Q
Proper lighting
A
- More lightening = more security
- Non Infrared cameras see better in light
- Many kinds and types of lighting, make sure you consider overall light levels, angles (avoiding shadows / glare is important for face recognition)
20
Q
Fencing
A
- Good way to protect perimeter, but also might be an advertisement that there is valuable stuff
- transparent or opaque (see through fence or not) depending on your needs
- robust fences / tall / can add razor wire
21
Q
Fire suppression
A
- Electronics require unique response to fire (not water)
- Detection (smoke, flame, heat detector)
- Suppress with water, where appropriate (not with electronics)
- Electronics - used to use Halon (not manufactured anymore b/c it destroys the ozone). Commonly replaced with Dupont FM-200
22
Q
Sensors
A
- Motion Detection
- needed for areas not commonly monitored by people
- Noise detection
- proximity reader (commonly used for electronic doors plus access card)
- Water detection (leaks)
- Data centers (common to have a heat sensor)
23
Q
Drones
A
- some security teams use drones (quickly cover large areas)
- may not be used for constant security, but for specific purposes (like site surveys, or damage assessment)
- many include motion / heat sensor
- high resolution video capture
24
Q
Faraday cage
A
- method of signal suppression
- Blocks electromagnetic fields
- Discovered by Michael Faraday in 1836
- mesh of conductive materials, so that radio signals don’t get out (Ex: microwave door)
- not a comprehensive solution
- not all signal types are blocked, some aren’t blocked at all
- also remember if you’re blocking radio signals, you could be blocking people’s ability to call for help in an emergency
25
Q
Screened subnet
A
- If you’re working on an internal network and realize you need to provide something to the internet, you might use a screened subnet
- might not want people getting into internal network
- network that does have a controlled access usually from firewall and people can access resources in the screened subnet
- Formerly known as a DMZ (Demilitarized Zone)
- An additional layer of security between the internet and you
- Public access to public resources
26
Q
PDS
A
- Protected Distribution System
- Physically securing your cabled network (protect your cables and fibers) since all the data flows through these
- would prevent an attacker from installing a tap in the middle of your cables
- could prevent a DoS
- Common to have periodic audits to ensure no one can gain access to your networking infrastructure
27
Q
Secure areas
A
- Should be part of your security policy
- Goal, preventing people from getting to physical access to your systems
- Secure offline data (backups are an important security concern)
28
Q
Air gap
A
- Provides physical separation between networks
- Ex: b/n different customer networks or b/n secure and unsecure networks
- Specialized networks require airgaps (ex: stock market networks, power systems/ SCADA, Airplanes, Nuclear power plant operations)
29
Q
Vaults
A
- A secure reinforced ROOM
- Store backup media
- Protect from disaster or theft
- Often onsite
30
Q
Safe
A
- Similar to a vault, but smaller
- less expensive to implement
- Space is limited inside
- But you could install in many different locations
31
Q
Hot Aisles / Cold Aisles
A
- Data centers, the racks generate a lot of heat
- Optimize Cooling in data centers to keep components at optimal temperatures
- Conserving energy is really energy intensive (therefore it’s separated into cold and hot aisles as a way to try to keep down energy costs)
- Cold aisles blows area in one direction, sent through equipment (where it heats up), ventilation sends it back into the cold aisle
32
Q
Data Destruction
A
- Disposal can become a legal issue (some information cannot be destroyed), consider offsite storage
- Physically destroying drives usually a better idea
33
Q
Data Sanitation
A
- Sometimes you want to reuse storage media (but need to be properly sanitized) to make sure nobody can recover any information
- Purging vs Wiping (partial vs full)
34
Q
Protect your rubbish
A
- Make sure garbage security is facility
- behind a fence with a lock
- Shred documents (governments will burn the good stuff)
- If you really want to make sure, pulp the paper, remove the ink and recycle the paper back to pulp
35
Q
Physical destruction harddrives
A
- Might want to use a shredder/ pulverizer on a hard drive (involves heavy machinery)
- Or you can use a drill/ hammer to poke a hole in the hard drive (quick and easy)
- You can also incinerate your hard drives (companies do this and needs to be very hot)
36
Q
Degausser
A
- Electromagnetically destroying data by removing the magnetic field
- renders the drive unusable (removes configuration information)
37
Q
Certificate of Destruction
A
- Provides evidence by 3rd party that they were able to destroy everything and they include serial numbers in the documentation
- Usually if you’re pulverizing or burning your hardware you have to send it to a third party
38
Q
Purging Media
A
- Removing only a PORTIO of the data
- Ex: remove it from an existing data store or remove some data from the database
39
Q
Wiping Data
A
- UNRECOVERABLE (can never be restored) removable of data on a storage device
- Usually overwrites the data storage locations
- Useful when you need to reuse or continue using the media
40
Q
SDelete
A
- File level overwriting
- Available on Windows Sysinternals
- option for removing files
41
Q
DBAN
A
- Darik’s Boot and Nuke
- Whole drive wipe secure data removal
- popular utility to remove data
