Section 18 - Facilities Security

Question 1

What are the three types of fire suppression?

Answer 1

Fire Extinguishers
Sprinkler Systems
Special Hazard Protection Systems

Question 2

In order to choose which type of fire extinguisher to use you need to be able to identify the class of fire you’re trying to put out. What are the five different categories?

Answer 2

A, B, C, D, and K

Question 3

What does a Class A fire consist of?

Answer 3

Combustible materials, things like wood and paper

Question 4

How do you put out a Class A fire?

Answer 4

A water-based extinguisher

This should have a green triangle label on it for quick identification

Question 5

What does a Class B fire consist of?

Answer 5

Flammable gases or liquids

Question 6

How do you put out a Class B fire?

Answer 6

A dry chemical agent or C02 based fire extinguisher

These are labeled with a red square

Question 7

What does a Class C fire consist of?

Answer 7

Electrical fire

Question 8

How do you put out a Class C fire?

Answer 8

Firstly, shut off power to the room. This might put out the fire on its own.

If it doesn’t, look for a CO2 based extinguisher or one with a blue circle on it for Class C fires.

Question 9

What does a Class D fire consist of?

Answer 9

Combustible metals like magnesium, titanium and lithium

** Most laptops have lithium batteries which is why we must be considerate of these types of fires

Question 10

How do you put out a Class D fire?

Answer 10

Look for an extinguisher that has a yellow decagon on it and the extinguisher itself is going to be fully yellow in color for easy identification

Question 11

What does a Class K fire consist of?

Answer 11

Cooking oil

Question 12

How do you put out a Class K fire?

Answer 12

This type of fire is symbolized by a black hexagon and the systems that are going to extinguish them have that black hexagon on them as well

Question 13

What are the three types of extinguishers you’ll most likely see?

Answer 13

ABC Extinguisher
BC Extinguisher
Yellow Extinguisher

Question 14

How does an ABC extinguisher put out fires?

Answer 14

Using dry chemicals

** You should avoid using this on computer equipment because the chemical is corrosive and destructive to electrical components

Question 15

How does a BC extinguisher put out fires?

Answer 15

This most often uses CO2 and is safe to use on computers.

This is the extinguisher used for Class B and C fires.

** Be careful because these extinguishers displace oxygen and people may struggle to breathe

Question 16

What are the three different types of sprinkler systems?

Answer 16

wet pipe
dry pipe
pre-action

Question 17

What is a wet pipe sprinkler system?

Answer 17

This system means that there’s water already filling all of the sprinkler pipes and it’s just waiting for the red glass bulb to be broken or melt from a fire. If that happens, the system is triggered.

Question 18

What is a dry pipe sprinkler system?

Answer 18

In this type of system, the pipes are filled with pressurized air and only pushes water into those pipes when it’s needed to combat a fire.

Question 19

What is a pre-action sprinkler system?

Answer 19

Similar to a dry pipe system except it can be set off if heat or smoke is detected and it won’t wait until there’s a full fire that causes that red bulb to break or melt

Question 20

Using a sprinkler system in a server room is a bad idea, for this reason most workplaces will instead use what?

Answer 20

Clean Agent System

Fire suppression system that relies upon gas (HALON, FM-200, or CO2) instead of water to extinguish a fire

** If you work in a facility that utilizes this, make sure to leave the room immediately if this is ever triggered because the gas will suffocate the fire and you.

Question 21

What does HVAC stand for?

Answer 21

Heating, Ventilation and Air Conditioning

Question 22

Humidity in a server room should be kept around what percentage?

Answer 22

40%

Question 23

What is a Faraday cage?

Answer 23

Another type of shielding used in high security environments. This is usually installed around the entire room so that the electromagnetic energy cannot get in or out of it.

Question 24

What is TEMPEST?

Answer 24

U.S. Government standards for the level of shielding required in a building to ensure emissions and interference cannot enter or exit the facility

*** TEMPEST certified buildings are resistant to the effects of EMP

Question 25

What is EMP?

Answer 25

Electromagnetic Pulse

This is a high energy pulse that could otherwise destroy the electronics that are within range of that EMP.

Question 26

What is CAN?

Answer 26

Controller Area Network

A digital serial data communications network used within vehicles

*** Vehicles have a lot of different subsystems on them and a CAN connects those together.

Question 27

How can we as somebody in the car interact with your CAN network?

Answer 27

The primary method is known as an OBD-II which has an Onboard Diagnostic module

** Basically, the computer within you car accessed by the touch screen in your car that you can mess with.

Question 28

A CAN bus has no concept of what?

Answer 28

Source addressing or message authentication

Question 29

How can attackers get into a vehicle and modify it?

Answer 29

1. Locally - they can attach an exploit locally to the OBD-II (this is not something that can only be done if someone is in your car, most cars have plugs underneath them that allows them to access the OBD-II as well)
2. Onboard cellular - if your car has a cell modem built into it, that means you have connection to the outside world which means they have a connection to you.
3. Onboard Wi-Fi - If someone is driving close to you and can reach your wifi, then there’s a link between that wifi and the CAN. Someone can then get message into your CAN and cause issues.

Question 30

What is IoT?

Answer 30

Internet of Things

A group of objects (electronic or not) that are connected to the wider Internet by using embedded electronic components

Question 31

Most smart devices use an embedded version of what as their OS?

Answer 31

Linux or Android

Question 32

If you’re planning on installing smart devices (such as lights, fridges, etc) in your facility what is one of the best things you can do to protect your network?

Answer 32

Segment these devices off into their own network so that they’re not talking to the rest of the corporate network

Question 33

What are Embedded Systems?

Answer 33

A computer system that is designed to perform a specific dedicated function

Question 34

Embedded systems are considered ___ ___ where frequent changes are not made or allowed

Answer 34

static environments

** for example, most electric meters can be digitally read and accessed via the internet but when is the last time you upgraded the software on this? That is because these systems are stripped down to perform one thing and one thing only.

Question 35

What is a PLC?

Answer 35

Programmable Logic Controller

A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems

*** think of your lawn sprinkler system

Question 36

What is SoC?

Answer 36

System-on-Chip

A processor that integrates the platform functionality of multiple logical controllers onto a single chip

*** example: Roomba or robot vacuum cleaner

Question 37

What is RTOS?

Answer 37

Real Time Operating System

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks

*** For example, if you’re running something that has to open or shut a valve inside of a nuclear plant, can you have the ability for that to be offline at any point? No. That’s where the idea of RTOS comes from because most embedded systems typically cannot tolerate reboots or crashes when it comes to their OS. When you think of RTOS, think of an OS that is often used with an embedded system, especially in critical applications. Like the auto pilot feature in planes.

Question 38

What is FPGA?

Answer 38

Field Programmable Gate Array

A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture

*** Unlike a system on a chip whose logic cannot be configured, FPGA allows the customer to change the programming logic. This allows them to run a specific application instead of using one specific to an integrated circuit.

Question 39

What is OT?

Answer 39

Operational Technology

A communications network designed to implement an industrial control system rather than data networking

*** With OT, we’re not talking about end-user machine like Windows 10 host sitting on a network. Instead, we’re talking about technology and computers able to do things in the physical world like open/shut valves, manufacturing, create power generation in a power plant.

Question 40

Industrial systems prioritize what over confidentiality?

Answer 40

Availability and integrity

*** OT was originally designed to do manufacturing and so anytime the plant was down, you loss out on money. That is why availability is paramount.

Question 41

What is ICS?

Answer 41

Industrial Control Systems

A network that manages embedded devices

*** So, if you work in some place like an electrical power station or a water supplier you might work in telecommunications in the backbones. All of these use OT by using ICS.

Question 42

What is Fieldbus?

Answer 42

Digital serial data communications used in operational technology networks to link PLCs

** This is something that ICS uses.

Question 43

What is HMI?

Answer 43

Human-Machine Interface

Input and output controls on a PLC to allow a user to configure and monitor the system

** This is what allows the ability to talk to these PLC machines and tell them what to do. It is the input and output controls on a PLC that allows a user to configure and monitor the system. For example, if you are trying to tell a system to open a valve an HMI would be responsible having the buttons to press on a touch screen to begin that process.

Question 44

What is a Data Historian?

Answer 44

Software that aggregates and catalogs data from multiple sources within an industrial control system

Question 45

What is SCADA?

Answer 45

Supervisory Control and Data Acquisition

A type of industrial control system (ICS) that manages large-scale, multiple-site devices and equipment spread over a geographic region

*** ICS is looking at one plant while SCADA is multiple plants.

Question 46

SCADA typically run as software on ___ ___ to gather data from and manage plant devices and equipment with embedded PLCs

Answer 46

ordinary computers

Question 47

What is Modbus?

Answer 47

A communications protocol used in operational technology networks

*** In IT networks we use TCP/IP. In OT networks however, they use Modbus. This is going to give the control servers and the SCADA host the ability to query and change configurations of each PLC.

Question 48

What are the four key controls for mitigating vulnerabilities in specialized systems?

Answer 48

1. Establish administrative control over OT networks by recruiting staff with relevant expertise
2. Implement the minimum network links by disabling unnecessary links, services and protocols
3. Develop and test a patch management program for OT networks
4. Perform regular audits of logical and physical access to systems to detect possible vulnerabilities and intrusions

Question 49

What are two things that can cause problems on OT networks?

Answer 49

Enumerations tools and vulnerability scanners

Question 50

What is a Premise System?

Answer 50

A system used for building automation and physical access security

** These are a different type of network; often they’ll be a third network in your organization. For example, if you need to use a card and a pin to get into the front door of your building this would be a part of your Premise System. Also, security cameras would be a part of your premise system.

Question 51

What is BAS?

Answer 51

Building Automation System

Components and protocols that facilitate the centralized configuration and monitoring of mechanical and electrical systems within offices and data centers

*** These turn on/off AC, elevators, lights, etc.

Question 52

What is PACS?

Answer 52

Components and protocols that facilitate the centralized configuration and monitoring of security mechanisms within offices and data centers