Chapter 19: Physical Security Requirements Flashcards
What is the purpose of phyiscal security?
To protect against physical threats.
What are the most common physical threats?
fire and smoke, water (rising or falling), earch movement (earthquakes, landslides, volcanoes), storms (wind, lightning, rain, snow, sleet), sabotage and vandalism, explosion or destruction, building collapse, toxic materials, utility loss (power, heating, cooling, air, water), equipment failure, theft, personnel loss (illness, strikes, access, transport).
What is a Secure Facility Plan?
.
What is Critical Path Analysis?
A systematic effort to identify relationships between missin-critical applications, processes,a nd operations and all the necessary supporting elements.
What are administrative phyiscal security controls?
Facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures
What are technical phyiscal security controls?
access controls, intrusion detection, alarms, CCTV, monitoring, heating, ventilating, and air conditioning, power supplies, fire detection and suppression.
What are physical controls for physical security?
fencing, lighting, locks, construction materials, mantraps, dogs, and guards.
What is the functional order in which controls should be used?
- Deterrence
- Denial
- Detection
- Delay
What is the most important consideration in site selection?
Security. This includes susceptibility to riots, vandalism, break ins, location in a high crime area, or environmental factors such as flooding/weather/ fault lines, etc.
What are the tradeoffs on number of entrances?
Single entrances improve security, multiple improve evacuation.
What issues should be considered in facility design?
Combustibility, fire rating, construction materials, load rating, placement, control of walls, doors, ceilings, flooring, HVAC, power, water, sewage, gas.
Forced intrusion, emerency access, resistance to entry, direction of entries and exits, use of alarms and conductivity.
How should work areas be laid out with regards to asset value?
Higher value assets should have more restricted access. Duh.
How should areas of different sensitivity be separated?
Use floor to ceiling walls. If false or suspended ceilings, or raised floors exist, the walls should block those areas as well.
Should central server rooms be human-compatible?
They don’t have to be. The more incompatible they are, the more protection it offers. Making a room human-incompatible can be accomplished by using Halotron, PyroGen, or other oxygen displacement fire suppression. Also, closely spaced equipment and low or no lighting.
Where should server rooms be located?
In the center of the building.
What risk exists if visitors are not tracked?
Not tracking visitors when they are allowed into a protected area can result in malicious activity against the most protected assets.
How tall should a fence be to discourage casual trespassers?
3-4 feet
How tall should a fence be to discourage most intruders?
6-7 feet
How tall should a fence be to deter determined intruders?
8 feet with 3 strands of barbed wire
What is a gate?
A controlled entry point in a fence.
What are the design considerations of a gate?
It’s deterrent level must be the same as the fence to sustain its effectiveness. Hinges and locking mechanisms may need to be hardened against tampering. Keep the number of gates to a minimum.
What is a turnstile?
A form of gate that only allows one person to enter at a time.
What is a mantrap?
A set of double doors often protected bya guard taht prevents piggybacking and can trap individuals at the discretion of security personnel.
How should lighting be designed?
It shouldn’t highlight the positions of guards, dogs, patrol posts, or other similar security elements. It should be combined with those elements. It shouldn’t be a nuisance to neighbors, and shouldn’t cause a glare or distraction to security elements.
What is an alternative to security guards?
Dogs.
What are the trade offs to using dogs vs guards.
Guards are extremely effective, but costly and require a high level of mainenance. They also impose insurance and liability requirements.
What are preset locks?
Typical key based locks.
What is shimming?
An attack on key-basd locks. Picking.
What are the types of motion detectors?
Infrared, heat-based, wave pattern, capacitance, photoelectric, and passive audio.
How does an infrared motion detector work?
It monitors for significant or meaningful changes in the infrared lighting pattern of a monitored area.
How does a heat-based motion detector work?
It monitors for significant or meaningful changes in the heat levels or patterns of a monitored area.
How does a wave pattern motion detector work?
It transmits a constant low ultrasonic or high microwave frequency signal into the monitored area and monitors for changes or disturbances in the reflected pattern.
How does a capacitance motion detector work?
It senses changes in the electrical or magnetic field surrounding a monitored object.
How does a photoelectric motion detector work?
It sense changes in visible light levels for the monitored area. Usually deployed in internal rooms that are kept dark.
How does a passive audio motion detector work?
It listens for abnormal sounds in the monitored area.
What are the different types of intrusion alarms?
deterrent, repellant, notification
What are the different location types of intrusion alarms?
Local, central/proprietary, auxilary.
What is secondary verification?
Another method to determine if an alarm is false. For example, CCTV coverage of an area with motion detectors.
What is a smart card?
A credit-card sized ID, badge, or security pass with an embedded magnetic strip, bar code, or IC.
What is a proximity reader?
A passive, field powered device, or a transponder that reads a smart card to control access.
List the different access abuses we need to look for.
Propping open doors, bypassing locks, masquerading, piggybacking.
What is TEMPEST?
Intercepting electronic signals from equipment to gain information.
How do you defeat TEMPEST?
Use a faraday cage to control signal propagation, broadcast white noise to mask or hide the presence of real emanations, or implement a control zone, which is just a smaller faraday cage.
What should the priority of physical security be?
Protecting human life, then restoring the safety of the environment, then restoring utilities necessary for IT infrastructure.
What is a UPS?
A self-charging battery that can be used to supply consistent, clean power to sensitive equipment.
What is a power fault?
A momentary loss of power.
What is a blackout?
A complete loss of power.
What is a (power) sag?
A momentary low voltage.
What is a brownout?
Prolonged low voltage.
What is a (power) spike?
Momentary high voltage.
What is a (power) surge?
Prolonged high voltage.
What is a (power) inrush?
An initial surge of power usually associated with connecting to a power source.
What is (power) noise?
A steady interfering power disturbance or fluctuation.
What is a (power) transient?
A short duration of line noise disturbance.
What is clean power?
Nonfluctuating, pure power.
What is a ground?
The wire in an electrical circuit that is grounded.
What are the two types of electromagnetic interference?
Common mode and transverse mode.
What is common mode electromagnetic interference?
Noise generated by a difference in power between the hot and ground wires of a power source or operating electrical equipment.
What is transverse mode electromagnetic interference?
Generated by a difference in power between the hot and neutral wires of a power source or operating electrical equipment.
What is RFI?
Radio Frequency Interference
What causes RFI?
A wide range of common electrical appliances, such as lights, electrical cables, space heaters, computers, elevators, motors, electric magnets.
Within what limits should rooms intended to house computers be kept?
60-75F, 40-60 % humidity.
Fire triangle?
Dubious p 767
What is the cause of most data center fires?
Overloaded electrical distribution outlets
What is a class A fire extinguisher for?
Common combustibles
What is a class B fire extinguisher for?
Liquids
What is a class C fire extinguisher for?
Electrical
What si a class D fire extinguisher for?
Metals
What is the suppression material in a class A fire extinguisher?
Water, soda acid
What is the suppression material in a class B fire extinguisher?
CO2, halon, soda acid
What is the suppression material in a class C fire extinguisher?
CO2, halon
What is the suppression material in a class D fire extinguisher?
Dry powder
What are the four main types of water suppression systems?
wet pipe, dry pipe, deluge, preaction
What is a wet pipe water suppression system?
One that is always full of water. Immediate discharge.
What is a dry pipe water suppression system?
One containing compressed air. When triggered, a water valve opens that then fills the pipes.
What is a deluge water suppression system?
A dry pipe system that uses larger pipes and therefore delivers a significantly larger volume of water. Inappropriate for areas containing IT systems.
What is a preaction suppression system?
A combination dry/wet pipe system. It’s dry until the initial stages of a fire, but doesn’t trigger until a head is melted by heat. Can manually stop release.
