Physical (environmental) Security Flashcards

1
Q

Fire, what is the heat triangle.

A

For a fire to burn, it requires three elements (heat Triangle):
heat
oxygen
fuel.

Fire suppression and extinguishing systems fight fires by removing one of these three elements or by temporarily breaking up the chemical reaction between these three element

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Class A Fire:

A
Common Combustibles (Wood, Paper, furniture)
Extinguish: Water / Soda Acid
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Class B Fire:

A

Burnable fuels, such as gasoline or oil

Extinguish: CO2 , soda acid, or Halon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Class C Fire:

A

Electrical Fire:

Extinguish: CO2 or Halon

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Class D Fire:

A

Special (Chemical, Grease)
Extinguish: Total Immersion or Others.
* CISSP doesn’t really cover this :)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Water Damage:

A

Water: Water damage (and damage from liquids, in general) can occur from many different sources, including pipe breakage, firefighting efforts, leaking roofs, spilled drinks, flooding, and tsunamis. Wet computers and other electrical equipment pose a potentially lethal hazard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vibration / Movement:

A

Vibration and movement: Causes may include earthquakes, landslides, and explosions. Equipment may also be damaged by sudden or severe vibrations, falling objects, or equipment racks tipping over. More seriously, vibrations or movement may weaken structural integrity, causing a building to collapse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Severe Weather:

A

Includes hurricanes, tornadoes, high winds, severe thunderstorms and lightning, rain, snow, sleet, and ice. Such forces of nature may cause fires, water damage and flooding, structural damage, loss of communications and utilities, and personnel hazards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Electricity:

A

Electrostatic discharge (ESD): The ideal humidity range for computer equipment is 40 to 60 percent. Higher humidity causes condensation and corrosion. Lower humidity increases the potential for ESD (static electricity). A static charge of as little as 40V (volts) can damage sensitive circuits, and 2,000V can cause a system shutdown. The minimum discharge that can be felt by humans is 3,000V, and electrostatic discharges of over 25,000V are possible — so if you can feel it, it’s a problem for your equipment! The ideal humidity range for computer equipment is 40 to 60 percent.

• Electrical noise: Includes Electromagnetic Interference (EMI) and Radio Frequency Interference (RFI). EMI is generated by the different charges between the three electrical wires (hot, neutral, and ground) and can be common-mode noise (caused by hot and ground) or traverse-mode noise (caused by a difference in power between the hot and neutral wires). RFI is caused by electrical components, such as fluorescent lighting and electric cables. A transient is a momentary line-noise disturbance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Electrical Anomalies:

Mneuonic:
Bob Frequently Buys Shoes In Shoe
Stores

A
Blackout - loss of all power
Fault - Momentary loss of power
Brownout - prolonged power outage
Sag - Short drop in voltage
Inrush - initial power rush
Spike - Momentary rush of power
Surge - prolonged rush of power
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lightning Strikes (electricity):

A

Approximately 10,000 fires are started every year by lightning strikes in the United States alone, despite the fact that only 20 percent of all lightning ever reaches the ground. Lightning can heat the air in immediate contact with the stroke to 54,000° Fahrenheit (F), which translates to 30,000° Celsius (C), and lightning can discharge 100,000 amperes of electrical current. Now that’s an inrush!

It’s not the volts that kill — it’s the amps!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Magnetic Fields (electricity):

A

• Magnetic fields: Monitors and storage media can be permanently damaged or erased by magnetic fields.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Sabbotage / terrorism / war / theft / vandalism

A

Sabotage/terrorism/war/theft/vandalism: Both internal and external threats must be considered. A heightened security posture is also prudent during certain other disruptive situations — including labor disputes, corporate downsizing, hostile terminations, bad publicity, demonstrations/protests, and civil unrest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Equipment Failure:

A

Equipment failure: Equipment failures are inevitable. Maintenance and support agreements, ready spare parts, and redundant systems can mitigate the effects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Loss of Communication:

A

Loss of communications and utilities: Including voice and data; electricity; and heating, ventilation, and air conditioning (HVAC). Loss of communications and utilities may happen because of any of the factors
discussed in the preceding bullets, as well as human errors and mistakes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Personal Loss:

A

Can happen because of illness, injury, death, transfer, labor disputes, resignations, and terminations. The negative effects of a personnel loss can be mitigated through good security practices, such as documented procedures, job rotations, cross-training, and redundant functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Crime Prevention Through Environmental Design (CPTED)

A

Adopted by security practitioners in the design of public
and private buildings, offices, communities, and campuses since CPTED was first published in 1971.

CPTED focuses on designing facilities by using techniques such as unobstructed areas, creative lighting, and functional landscaping, which help to naturally deter crime through positive psychological effects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Natural access control ? (CPTED)

A
  • Use security zones to to limit / restrict movement.
  • Zones help differentiate between public, semi-private, and private areas that might require differing levels of protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Target Hardening ? (CPTED)

A

Target hardening complements natural access controls by using mechanical and/or operational controls, such as window and door locks, alarms, picture identification requirements, and visitor sign-in/out procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Natural Surveillance ? (CPTED)

A
  • Reduces criminal threats by making intruder activity more observable and easily detected.
  • maximizing visibility - windows over streets.
  • landscaping to eliminate hidden areas and create clear lines of sight.
  • installing open railings on stairways to improve visibility.
  • Using low-intensity lighting fixtures to eliminate shadows and reduce security-camera glare or blind spots
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Territorial Reinforcement (CPTED)

A
  • instills pride in the property, and has a greater chance of making intruders stand out.
  • Pick Up Litter, Clean up Graffiti, placing amenities.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Choosing a Secure Location:

A
  • Climatology / Natural Disasters - Flood plains, hurricane alley, evacuation routes.
  • Local Considerations: HIgh Crime Area, Flight Path.
  • Visibility - Is the site near another high visibility location ? Power Plant, government / military establishment.
  • Accessibility - local traffic patterns, convenience to airports, proximity to emergency services, housing costs
  • Utilities - Power, Fibre,
  • Joint Tenants - Will you have full access to environmental controls ?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Secure Facility - Other Considerations:

A
  • Exterior Walls - hurricane resistent, electrical dampner
  • Windows - Opague, fixed (none openable)
  • Interior Walls - be wary of security around secure areas
  • Floors - Load bearing (150lb), none conductive (raised)
  • Ceilings - Weight bearing, Fire Rated,
  • Doors - designed to resist force able entry, locks failopen, fire rated = adjacent wall.
  • Lighting - provide safety and discourage invaders
  • Wiring - comply with building and fire codes.
  • Electricity - load planning in certain areas.
  • HVAC - Humidity & env. levels must be controlled.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Physical (Environmental) Security Controls

A

Physical (environmental) security controls include a combination of:

  • physical access controls
  • technical controls
  • environmental and life safety controls
  • fire detection and suppression
  • administrative controls
25
Q

Physical access controls:

A
  • fencing
  • security guards
  • dogs
  • locks
  • storage areas
  • security badges
  • biometrics
26
Q

Physical Access - Fencing:

3-6-8 = Minimum Hate

A

Height General Effect
3–4 ft (1m) Deters casual trespassers
6–7 ft (2m) Too high to climb easily
8 ft (2.4m) + three-strand barbed wire Deters more determined intruders

27
Q

Physical Access - Man Trap:

A

A mantrap is a method of physical access control that consists of a double set of locked doors or turnstiles. The mantrap may be guarded or monitored, may require a different level of access to pass through each door or in a different direction

28
Q

Physical Access Security Guards (PRO):

A
  • Discernment: Guards can apply human judgment to different situations.
  • Visibility: Guards provide a visible deterrent, response, and control capability.
  • Multiple functions: Guards can also perform reception and visitor escort functions.
29
Q

Physical Access Security Guards (CON):

A
  • Unpredictability: Pre-employment screening and bonding doesn’t necessarily assure reliability or integrity.
  • Imperfections: Along with human judgment comes the element of human error.
  • Cost: Maintaining a full-time security force (including training) or outsourcing these functions can be very expensive.
30
Q

Physical Security - Guard Dogs:

A

Like human guards, dogs also provide a highly visible deterrent, response, and control capability. Additionally, guard dogs are typically more loyal and reliable than humans, with more acute sensory abilities.

Other considerations include

  • Limited judgment capability
  • Cost and maintenance
  • Potential liability issues
31
Q

Physical Security - Locks

A

Simplest way to restrict access to windows and doors is through a lock:

  • Preset -Basic mechanical lock, tumblers etc.
  • Programmable -Mechanical (use a keypad)
  • Electronic - Use a swipe card
32
Q

Storage Areas:

A

Storage areas that contain spare equipment and parts, consumables, and deliveries should be locked and controlled to help prevent theft.

Additionally, you should be aware of any hazardous materials being stored in such areas, as well as any environmental factors or restrictions that may affect the contents of the storage area.

33
Q

Security Badges:

A

Security badges (or access cards) are used for identification and authentication of authorized personnel entering a secure facility or area.

34
Q

A Photo Identification Card:

A

A photo identification card (also referred to as a dumb card) is a simple ID card that has a facial photograph of the bearer.

35
Q

Smart Cards:

A

Smart cards are digitally encoded cards that contain an integrated chip (IC) or magnetic stripe (possibly in addition to a photo).

  • Magnetic Strip - info encoded on the strip (credit card)
  • Optical-Coded - info encoded by laser onto digital dots
  • Smart Card - electrical contacts, user info, logical access
  • Proximity (passive) - electromagnetic from reader
  • Proximity (Field-powered) - RF transmitter
  • Proximity (Transponder) - Card & Reader contain a transceiver, control logic, and battery.

Can be used in 2 factor authentication.

36
Q

Biometric access controls

A

Biometrics provide the only absolute method for positively identifying an individual based on some unique physiological or behavioral characteristic
of that individual.

  • Finger scan
  • Hand geometry
  • Retina pattern
  • Iris pattern
  • Voice recognition
  • Signature dynamics
37
Q

Technical controls

A

Technical controls include monitoring and surveillance, intrusion detection systems (IDSs), and alarms that alert personnel to physical security threats and allow them to respond appropriately.`

38
Q

Surveillance:

A

Visual surveillance systems include:
photographic and electronic equipment
that provides detective and deterrent controls. When used to monitor or record live events, they’re a detective control. The visible use of these systems also provides a deterrent control.

Electronic systems such as closed-circuit television (CCTV) can extend and improve the monitoring and surveillance capability of security guards.
Photographic systems, including recording equipment, record events for later analysis or as evidence for disciplinary action and prosecution.

39
Q

Intrusion Detection (Physical Domain)

A
  • Systems that detect attempts to gain unauthourised physical access to a building or area.
  • Photoelectric sensors - Infrared Red beams
  • Dry Contact / metallic tape - alerts on a connection break
  • Motion (Wave) - motion changes frequency and alerts
  • Motion (Capacitance) - monitors a field for a change in capacitance, which is caused by movement.
  • Motion (audio) - triggered by abnormal sound.
40
Q

Alarms (Physical Domain)

A

Alarms are activated when a certain condition is detected. Examples of systems employing alarms include fire and smoke detectors, motion sensors and
intrusion detection systems (IDSs)

Alarms should have separate circuity and a backup power source.

41
Q

The Five types of Alarm System (physical Domain):

A
  • Local audible alarm, local to building, local response
  • Central- alerts are monitored by a central managed sys.
  • Proprietary: Same as Central just managed on premise.
  • Auxiliary : use local municipal fire and police circuits.
  • Remote: Same as auxiliary, save that it is not connected to local municipal curcuits, a remote system calls the police and plays a pre-recorded message.
42
Q

Environmental and life safety controls

A

These controls are necessary for maintaining a safe and acceptable operating environment for computers and personnel. These controls include electrical
power, HVAC, smoke detection, and fire detection and suppression.

43
Q

Environmental Safety - Electrical Power

A
  • Maintain proper humidity (40 - 60)
  • Ensure proper grounding
  • Use anti-static flooring, carpeting and floor mats.
  • Use a UPS
44
Q

Protective Controls - Electrical Power

A
  • Install powerline conditioners.
  • Ensure proper grounding.
  • Use shielded Cabling.
45
Q

Protective Controls - HVAC

A
  • ideal temp range for computers 50 - 80 degrees F.

* HVAC equipment should be dedicated, controlled, and monitored

46
Q

Fire Detection

A

There are 3 main systems:
* Heat-Sensing - rapid temp changes or a fixed value
* Flame-Sensing - flicker/ pulsing/ infrared light of flames
Smoke-Sensing - photoelectric - change in light intensity
Smoke-Sensing - Beam - smoke interrupts Beam
Smoke-Sensing - ioniation - disturbance in the force
Smoke-Sensing - Aspiration - Air sampling.

47
Q

Fire Suppression - Water

A

Used for a Class A Fire.

  • Wet Pipe - nozzle melts / ruptures releasing the water
  • Dry Pipe - On activation clapper value releases water
  • Deluge - Drown everything (Noah stylie)
  • Preaction - combination of wet and dry pipes.
48
Q

Fire Suppression - Gas

A
  • CO2 - (B,C) Must be within 50ft of electrical gear. removes the oxygen from the triangle.
  • Soda Acid - (A,B) removes the fuel from the triangle.
  • Gas-dischange - (B,C) seperate the triangle.
  • Halon - has been banned since 1987 because of ozone depletion.
49
Q

Administrative Controls

A

These controls include the policies and procedures necessary to ensure that physical access controls, technical controls, and environmental and life safety controls are properly implemented and achieve an overall physical security strategy.

50
Q

Restricted Areas

A
  • areas in which sensitive information is handled.
  • should be clearly marked as restricted.
  • authourised vs not personnel should be marked.
51
Q

Visitors

A
  • visitor policies should be clearly defined.
  • logs books and ID usage for validation are a must.
  • colour coded badges and escorts are also options.
52
Q

Personal Privacy

A
  • privacy rules must be clearly defined.

* employees must be aware and consent to to workplace monitoring.

53
Q

Safety

A
  • employee awareness to risks when traveling is recommended.
  • Safeguards within the workplace should be continuously reviewed.
54
Q

Audit trails and access logs

A

Audit trails and access logs are detective controls that provide a record of events.

55
Q

Asset classification and control

A

Asset classification and control, particularly physical inventories, are an important detective control.

56
Q

Emergency Procedures

A
  • These should be clearly documented and accessible to all employees.
  • Regular practice runs should be scheduled
  • The document should be regularly audited
57
Q

General HouseKeeping

A
  • None Smoking,

* removal of waste

58
Q

Pre-employment and post-employment procedures

A

These procedures include background and reference checks, obtaining security clearances, granting access, and termination procedures.