Section 18: Facilities Security Flashcards
Three types of fire suppression
handheld, sprinklers, special hazard protection
Five categories of fires
A, B, C, D, K
What is a class C fire?
Electrical fire (use C02 extinguisher)
Class D fires
battery fire with combustible stuff
C02 extinguisher
Takes out oxygen from room, safe for computers
Wet pipe sprinkler system
Waiting for bulb to melt and water will spray and is waiting to go to be sprayed
Dry Pip sprinkler system
Pipes filled with pressurized air
pre action sprinkler system
similar to dry pipe but won’t activate until heat or smoke is detected
Hot and cold aisles
server racks are back to back where AC is blowing in a lane through the exhaust lanes
What should humidity be at?
40%
Faraday Cage
Shielding installed around an entire room that prevents electromagnetic energy and radio frequencies from entering or leaving the room
TEMPEST
US Government standards for the level of shielding required in a building to ensure emissions and interference cannot enter or exit the facility
Vehicles connect numerous subsystems over a ________
controller area network (CAN)
The primary external interface is the _________
Onboard Diagnostics module (ODB-II)
There is no _________ in a CAN
authentication; any message that’s sent to the vehicle has to be accepted; really scary - can control the vehicle
How are cars hacked
Attach the exploit to OBD-II, onboard cellular, onboard Wi-Fi
Most smart devices use an embedded version of what?
Linux or Android
Best thing you can do for IoT devices?
Segment them from your network
Embedded System
Computer system that’s designed to perform a specific dedicated function (like an IV or something like that)
PLC
Programmable Logic Controller = a type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems
System on Chop (SoC)
A processor that integrates the platform function on a chip (like a Roomba)
RTOS
Real time operating system - a type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks
FGPA
field programmable gate array - a processor that can be programmed to perform a specific function by a customer rather than at the time of the manufacture
Operational Technology
A communications network designed to implement an industrial control system rather than data networking (opening and shutting valves, dials, gauges, stuff like that)
Industrial systems prioritize
Availability
ICS
Industrial Control System - a network that manages embedded systems (power station, water suppliers, etc.)
Fieldbus
Digital serial data communications used in operational technology networks to link PLCs
Human-Machine Interface (HMI)
Input and output controls on a PLC to allow a user to configure and monitor the system
Data Historian
Software that aggregates and catalogs data from multiple sources within an industrial control system
SCADA
Supervisory Control and Data Acquisition - A type of industrial control system that manages large-scale, multiple site stuff (some kind of a WAN connection is used, for example the electric meter is part of a SCADA network)
Modbus
A communications protocol used in operational technology networks
Four key controls for mitigating attacks in specialized systems
Establish administrative control over OT networks by recruiting staff with relevant expertise
Implement the minimum network links by disabling unnecessary links, ports and protocols
Develop and test a patch management program for Operational Technology networks
Perform regular audits of logical and physical access to systems to detect possible vulnerabilities and intrusions
Premise Systems
Systems used for building automation and physical access security
PACS
Physical Access Control System - centralized configuration of the physical controls that you have in place. Often installed and maintained by an external supplier and are therefore omitted from risk and vulnerability assessments by analysts.
