Chapter 9 Flashcards
Comparing Physical Security Controls
Perimeter. Military bases and many other organizations erect a fence around the entire perimeter of their land. They often post security guards at gates to control access. In some cases, organizations install barricades to block vehicles.
Buildings. Buildings commonly have additional controls for both safety and security. For example, guards and locked doors restrict entry so only authorized personnel enter. Many buildings include lighting and video cameras to monitor the entrances and exits.
Secure work areas. Some companies restrict access to specific work areas when employees perform classified or restricted access tasks. In some cases, an organization restricts access to all internal work areas. In other words, visitors can enter the lobby of a building,
Server rooms. Servers and network devices such as routers and switches are normally stored in areas where only the appropriate IT personnel can access them.
Hardware. Additional physical security controls protect individual systems. For example, server rooms often have locking cabinets to protect servers and other equipment installed in the equipment bays. Cable locks protect laptop computers, and smaller devices can be stored in safes.
Access Badges
It’s possible to secure access to areas with proximity cards or smart cards that serve as access badges. Proximity cards are small credit card-sized cards that activate when they are close to a proximity card reader. Many organizations use these for access points, such as the entry to a building or the entry to a controlled area within a building. The door uses an electronic lock that only unlocks when the user passes the proximity card in front of a card reader.
Proximity cards are typically credit card-sized access cards. Users pass the card near a proximity card reader, and the card reader then reads data on the card. Some access control points use proximity cards with PINs for authentication.
security guards
Many organizations use security guards to control access to buildings and secure spaces. If employees have access badges, guards can check these badges before granting the employees access. Even if access badges aren’t used, guards can still verify people’s identities using other identification.
video surveillance.
Video surveillance provides the strong proof of a person’s location and activity. Digital access logs provide a record,
Noise detection.
Noise detection sensors can detect any noise or when noise exceeds a certain level. They work like motion detection sensors and alert on any sound to control lights or set off alarms. Some Airbnb hosts don’t want renters throwing parties in their houses. They can use noise sensors to detect when the noise levels exceed a certain level. Some noise sensors can detect specific sounds, such as smoke alarms or the sound of glass breaking.
Infrared.
Infrared sensors detect heat signatures in the form of infrared radiation emitted by people, animals, or objects. These sensors are commonly used for security purposes, as they can detect the presence of people or animals even in complete darkness. They are often integrated into security cameras and alarm systems to improve their detection capabilities.
Pressure.
Pressure sensors are designed to detect changes in pressure on a surface or in a specific area. These sensors can be used to detect when someone is walking on a floor or stepping on a mat. They can also be used to monitor doors and windows for forced entry attempts. In addition, pressure sensors can be used in access control systems to ensure that only authorized individuals can enter restricted areas.
Ultrasonic..
Ultrasonic sensors emit high-frequency sound waves and measure the time it takes for the sound waves to bounce back after hitting an object or surface. These sensors are used to detect the presence of people or objects and can also be used to measure distance. Ultrasonic sensors are commonly used in parking assistance systems, robotic navigation, and intrusion detection systems.
Remember This! Sensors monitor the environment and can detect changes. Common sensor types include motion and noise detection as well as sensors designed to monitor infrared temperature, pressure, microwaves, and ultrasonic waves.
Fencing, Lighting, and Alarms
Fences provide a barrier around a property and deter people from entering. When using a fence, it’s common to control access to the area via specific gates. Guards often monitor these gates and ensure only authorized individuals can enter.
Access control vestibules
Access control vestibules are critical components in data center security. As the first line of defense against unauthorized entry, these secure entry points provide a physical barrier between the outside world and the valuable assets housed within the data center.
An access control vestibule consists of two sets of interlocking doors, designed to create a secure compartment that allows only one person to enter at a time. These entry points are usually equipped with advanced security measures, such as biometric scanners, RFID card readers, or even facial recognition systems. These systems verify the identity of the individual seeking access, ensuring that only authorized personnel can gain entry. Access control vestibules prevent tailgating and deter unauthorized entry by trapping an individual between the two sets of doors if they attempt to bypass security.
Asset Management
Asset management is the process of tracking valuable assets throughout their life cycles. Asset management programs should include hardware, software, and data assets. From a security perspective, these asset management programs ensure that the organization knows what assets it owns, where those assets are located, and how they are secured. The core activities of any asset management program include:
An acquisition/procurement process that provides consistent procedures for identifying the need for new assets, evaluating the possible options for security, financial, and business requirements, and effectively onboarding and managing new vendors.
An assignment/accounting process that assigns each asset to a named owner who bears responsibility for the asset and a classification system that identifies the sensitivity and criticality of each asset to the organization.
A monitoring and asset tracking process that maintains an inventory of all of the assets owned by the organization and their current location. This process also benefits from periodic enumeration of assets where auditors
Hardware Asset Management
Organizations commonly implement hardware asset management processes to track servers, desktop computers, laptop computers, routers, switches, and other hardware assets. An effective asset management system can help reduce several vulnerabilities:
Architecture and design weaknesses. Asset management helps reduce architecture and design weaknesses by ensuring that purchases go through an approval process. The approval process does more than just compare costs. It also evaluates the purchase to ensure it fits in the overall network architecture.
System sprawl and undocumented assets.
System sprawl occurs when an organization has more systems than it needs, and the systems it owns are underutilized. Asset management begins before the hardware is purchased and helps prevent system sprawl by evaluating the purchase. Additionally, after the purchase is completed, asset management processes ensure the hardware is added to the asset management tracking system. This ensures that the assets are managed and tracked from the cradle to the grave.
Software Asset Management
Software asset management involves tracking and managing software licenses, installations, and usage within an organization. It helps ensure compliance with licensing agreements, optimizes software usage, and minimizes the risk of security vulnerabilities associated with unpatched or unauthorized software. Effective software asset management includes processes for acquiring, cataloging, and updating software, as well as monitoring usage and ensuring that licenses are maintained and renewed as necessary.
Data Asset Management
Data asset management focuses on the organization’s data assets, including databases, files, and other information repositories. It involves defining data ownership, classification, and access controls, as well as ensuring the integrity, availability, and confidentiality of data. Key aspects of data asset management include data governance, data quality management, and data lifecycle management. These processes help organizations maintain accurate, up-to-date, and secure data assets, enabling better decision-making and reducing the risk of data breaches or loss.
Platform Diversity
Defense in depth (also known as layered security) refers to the security practice of implementing several layers of protection. You can’t simply take a single action, such as installing locks at the entrance of a building and consider yourself protected. You must implement security at several different layers. This way, if one layer fails, you still have additional layers to protect you.
Vendor diversity
Vendor diversity is the practice of implementing security controls from different vendors to increase security.
Technology diversity
Technology diversity is the practice of using different technologies to protect an environment. For example, an organization may choose a data server room. They may start by limiting the access points, adding biometric locks to open the doors, and monitoring the access points with a CCTV system.
.
Control diversity
Control diversity is the use of different security controlcontrol categories, such as technical controls, physical controls, managerial controls, and operational controls. For example, technical security controls such as firewalls, intrusion detection systems (IDSs), and proxy servers help protect a network. Physical security controls can provide extra protection for the server room or other areas where these devices are located. Managerial and operational controls such as vulnerability assessments and penetration tests can help verify that these controls are working as expected.
Physical Attacks
We use physical security controls to protect against physical attacks. Our adversaries have a number of tools at their disposal to try to undermine our physical security.
Card Skimming and Card Cloning
Credit card skimming is the practice of capturing credit card data at the point of sale. Attackers often place a skimmer on automated teller machines (ATMs) or gas stations where users swipe their credit cards. The skimmer captures the data on the magnetic strip but also allows the transaction to go through. Some signs of a credit card skimmer are a broken security seal, a loose credit card reader, or a credit card reader that extends past the panel.
Card cloning refers to making a copy of a credit card using data captured from a magnetic strip. Attackers copy the data onto a blank card or overwrite the data on a stolen card. This is relatively easy to do when using the magnetic strip of a credit card. However, the use of chips in credit cards makes it much harder to copy because the chip encrypts the data. The primary indicator of a cloned credit card is unauthorized or fraudulent charges.
Brute Force Attacks
Brute force attacks against physical security attempt to simply crash right through physical security controls. For example, someone might try to drive a vehicle through the front door of a building to gain access to the facility. Or a brute force attack may be less dramatic, such as standing at the keypad used to protect access to a room and trying every possible combination of four-digit passcodes. Brute force attacks are very simple but they can be effective. They are also usually easily detectable in organizations with good security monitoring programs.
Environmental Attacks
.
If an attacker is able to disrupt these conditions by cutting off power to a facility, raising the temperature to cause equipment overheating, flooding it with water, or causing a similar catastrophe, those environmental attacks can be quite damaging.
Adding Redundancy and Fault Tolerance
Redundancy adds duplication to critical system
components and networks and provides fault tolerance. If a critical component has a fault, the duplication allows the service to continue as if a fault never occurred. In other words, a system with fault tolerance can suffer a fault, but it can tolerate it and continue to operate. Organizations often add redundancies to eliminate single points of failure:
Disk redundancies using RAID
NIC redundancy with NIC teaming
Server redundancies by adding load balancers
Power redundancies by adding dual power supplies, generators and/or UPSes
Site redundancies by adding hot, cold, or warm sites
Single Point of Failure
Disk. If a server uses a single drive, the system will crash if the single drive fails. A redundant array of inexpensive disks (RAID) provides fault tolerance for hard drives and is a relatively inexpensive method of adding fault tolerance to a system.
Server. If a server provides a critical service and its failure halts the service, it is a single point of failure. Load balancing provides fault tolerance for critical servers.
Power. If an organization only has one source of power for critical systems, the power is a single point of failure. However, elements such as uninterruptible power supplies (UPSes) and power generators provide fault tolerance for power outages.
Personnel. If there are tasks within an organization that only one person can perform, that person becomes a single point of failure.
Remember A single point of failure is any component whose failure results in the failure of an entire system. Elements such as RAID, load balancing, UPSes, and generators remove many single points of failure. RAID is an inexpensive method used to add fault tolerance and increase availability. If only one person knows how to perform specific tasks, that person can become a single point of failure.
