Lesson 21 - Explain the Importance of Physical Site Security Controls Flashcards
Controls that restrict, detect, and monitor access to specific physical areas or assets through measures such as physical barriers, physical tokens, or biometric access controls.
Physical access controls
create access lists and identification mechanisms to allow approved persons through the barriers.
Authentication
create barriers around a resource so that access can be controlled through defined entry and exit points.
Authorization
keep a record of when entry/exit points are used and detect security breaches.
Accounting
Scanner that reads data from an RFID or NFC tag when in range.
proximity reader
A type of gateway that only allows one person through at a time.
turnstile
A secure entry system with two gateways, only one of which is open at any one time.
mantrap
Devices can be physically secured against theft using cable ties and padlocks. Some systems also feature lockable faceplates, preventing access to the power switch and removable drives.
Cable locks
Duplicating a smart card by reading (skimming) the confidential data stored on it.
Card cloning
Duplicating a smart card by reading (skimming) the confidential data stored on it.
Skimming
Hardware plug to prevent malicious data transfer when a device is plugged into a USB charging point.
USB data blocker
A device that transforms one type of energy into another (typically light into an electrical signal).
sensors
Installation of video cameras to supply security monitoring data to a centralized management station.
CCTV (closed circuit television)
A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.
Robot sentries
A type of network isolation that physically separates a network from all other networks.
air gapped
A wire mesh container that blocks external electromagnetic fields from entering into the container.
Faraday Cage
Building control systems maintain an optimum heating, cooling, and humidity level working environment for different parts of the building.
HVAC (Heating, Ventilation, Air Conditioning)
Arrangement of server racks to maximize the efficiency of cooling systems.
hot aisle/cold aisle
A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit.
(Electromagnetic Interference [EMI])
Arrangement of server racks to maximize the efficiency of cooling systems.
hot aisle/cold aisle
A disruption of electrical current that occurs when a magnetic field around one electrical circuit interferes with the signal being carried on an adjacent circuit.
(Electromagnetic Interference [EMI])
To reduce interference, data/network cabling should not be run parallel to power cabling. If EMI is a problem, shielded cabling can be installed. Alternatively, the copper cabling could be replaced with fiber optic cabling, which is not susceptible to EMI.
Fire detection and suppression systems are mandatory in most public and private commercial premises. Water-based fire suppression is a risk to computer systems, both in the event of fire and through the risk of flood. Alternatives include dry pipe and gas-based systems.
Fire suppression
The process of thorough and completely removing data from a storage medium so that file remanants cannot be recovered.
Media sanitization
Leftover information on a storage medium even after basic attempts have been made to remove that data.
Data remnants
The process of rendering a storage drive inoperable and its data unrecoverable by eliminating the drive’s magnetic charge.
Degaussing
exposing a hard disk to a powerful electromagnet disrupts the magnetic pattern that stores the data on the disk surface.
Note that SSDs, flash media, and optical media cannot be degaussed, only hard disk drives.
hitting a hard drive with a hammer can leave a surprising amount of recoverable data, so this type of destruction should be performed with industrial machinery.
Pulverizing
The standard method of sanitizing an HDD
overwriting
The most basic type of overwriting is called zero filling, which just sets each bit to zero.
A more secure method is to overwrite the content with one pass of all zeros, then a pass of all ones, and then a third pass in a pseudorandom pattern.
A method of sanitizing a drive using the ATA command set.
Secure Erase (SE)
Since 2001, the SATA and Serial Attached SCSI (SAS) specifications have included a Secure Erase (SE) command.
This command can be invoked using a drive/array utility or the hdparm Linux utility. On HDDs, this performs a single pass of zero-filling.
A method of sanitizing a drive by setting all bits to zero.
zero-filling