CH18 Facilities Security Flashcards
Which of the following is NOT considered part of the Internet of Things?
a. SCADA
b. ICS
c. Smart Television
d. Laptop
d. Laptop
Supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS), internet-connected televisions, thermostats, and many other things examples of devices classified as the Internet of Things (IoT).
A laptop would be better classified as a computer or host than as part of the Internet of Things.
The Internet of things (IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
Syed is developing a vulnerability scanner program for a large network of sensors that are used to monitor his company’s transcontinental oil pipeline. What type of network is this?
a. SoC
b. CAN
c. SCADA
d. BAS
c. SCADA
SCADA (supervisory control and data acquisition) networks is a type of network that works off of an ICS (industry control system) and is used to maintain sensors and control systems over large geographic areas.
A building automation system (BAS) for offices and data centers (“smart buildings”) can include physical access control systems, but also heating, ventilation, and air conditioning (HVAC), fire control, power and lighting, and elevators and escalators.
An analyst is reviewing the logs from the network and notices that there have been multiple attempts from the open wireless network to access the networked HVAC control system. The open wireless network must remain openly available so that visitors are able to access the internet. How can this type of attack be prevented from occurring in the future?
a. Implements a VLAN to separate the HAVC control system from the open wireless network
b. Install an IDS to protect the HVAC system
c. Enable NAC on the open wireless network
d. Enable WPA2 security on the open wireless network
a. Implement a VLAN to separate the HAVC control system from the open wireless network.
A VLAN is useful to segment out network traffic to various parts of the network, and can stop someone from the open wireless network from being able to attempt to login to the HVAC controls.
Dion Training has set up a lab consisting of 12 laptops for students to use outside of normal classroom hours. The instructor is worried that a student may try to steal one of the laptops. Which of the following physical security measures should be used to ensure the laptop is not stolen or moved out of the lab environment?
a. USB lock
b. Biometric locks
c. Cable locks
d. Key fob
c. Cable locks
OBJ-2.7: The Kensington lock is a small hole found on almost every portable computer or laptop made after 2000. It allows a cable lock to be attached to a portable computer or laptop to lock it to a desk and prevent theft. These locks often use a combination lock or padlock type of locking system. These locks do not affect the user’s ability to use the laptop or device. It only prevents them from moving the laptop from the area. A biometric lock is any lock that can be activated by biometric features, such as a fingerprint, voiceprint, or retina scan. Biometric locks make it more difficult for someone to counterfeit the key used to open the lock or a user’s account. A smart card is a form of hardware token. A key fob generates a random number code synchronized to a code on the server. The code changes every 60 seconds or so. This is an example of a one-time password. A SecureID token is an example of a key fob that is produced by RSA. USB lock prevents unauthorized data transfer through USB ports, reducing the risk of data leakage, data theft, computer viruses, and malware by physically locking and blocking the USB Ports.
(Sample Simulation – On the real exam for this type of question, you would have to fill in the blanks by dragging and dropping them into place.)
Server in the Data Center with 4 blank spaces to fill
Choices :
mantrap Cable lock
Biometrics GSP racking
Proximity badges FM-200
Remote wipe Strong password
Antivirus ECC
Using the image provided, select four security features that you should use to best protect your servers in the data center. This can include physical, logical, or administrative protections.
a. Antivirus, Mantrap, Cable lock, GPS tracking
b. Strong passwords, Biometrics, mantrap, Cable lock
c. GPS tracking, Biometrics, Proximity badges, Remote wipe
d. FM-200, Biometric locks, Mantrap, Antvirus
d. FM-200, Biometric locks, Mantrap, Antvirus
OBJ-2.7: The best option based on your choices is FM-200, Biometric locks, Mantrap, and Antivirus. FM-200 is a fire extinguishing system commonly used in data centers and server rooms to protect the servers from fire. Biometric locks are often used in high-security areas as a lock on the access door. Additionally, biometric authentication could be used for a server by using a USB fingerprint reader. Mantraps often are used as part of securing a data center as well. This area creates a boundary between a lower security area (such as the offices) and the higher security area (the server room). Antivirus should be installed on servers since they can use signature-based scans to ensure files are safe before being executed.
The local electric power plant contains both business networks and ICS/SCADA networks to control their equipment. Which technology should the power plant’s security administrators look to implement first as part of configuring better defenses for the ICS/SCADA systems?
a. Automated patch deployment
b. Anti-virus software
c. Log consolidation
d. Intrusion prevention system
d. Intrusion prevention system
OBJ-2.6: Since this question is focused on the ICS/SCADA network, the best solution would be implementing an Intrusion Prevention System. ICS/SCADA machines utilize very specific commands to control the equipment and to prevent malicious activity. You could set up strict IPS rules to prevent unknown types of actions from being allowed to occur. Log consolidation is a good idea, but it won’t prevent an issue and therefore isn’t the most critical thing to add first. Automated patch management should not be conducted, as ICS/SCADA systems must be tested before conducting any patches. Often, patches will break ICS/SCADA functionality. Antivirus software may or may not be able to run on the equipment, as well, since some ICS/SCADA systems often do not rely on standard operating systems like Windows.
