Computer Science Computer Security - Assignment

285

Chap ter 10 Phys i cal Se cu rity Re quire ments

THE CISSP EXAM TOP ICS COV ERED IN THIS CHAP TER IN CLUDE:

Do main 3: Se cu rity Ar chi tec ture and En gi neer ing 3.10 Ap ply se cu rity prin ci ples to site and fa cil ity de sign

3.11 Im ple ment site and fa cil ity se cu rity con trols

3.11.1 Wiring clos ets/in ter me di ate dis tri bu tion fa cil i ties

3.11.2 Server rooms/data cen ters

3.11.3 Me dia stor age fa cil i ties

3.11.4 Ev i dence stor age

3.11.5 Re stricted and work area se cu rity

3.11.6 Util i ties and Heat ing, Ven ti la tion, and Air Con di tion ing (HVAC)

3.11.7 En vi ron men tal is sues

3.11.8 Fire pre ven tion, de tec tion, and sup pres sion

Do main 7: Se cu rity Op er a tions 7.15 Im ple ment and man age phys i cal se cu rity

7.15.1 Perime ter se cu rity con trols

7.15.2 In ter nal se cu rity con trols

The topic of phys i cal and en vi ron men tal se cu rity is ref er enced in sev eral do mains. The two pri mary oc cur rences are in do main 3, “Se cu rity Ar chi tec ture and En gi neer ing,” and do main 7, “Se cu rity Op er a tions.” Sev eral sub sec tions of these two do mains of the Com mon Body of Knowl edge (CBK) for the CISSP cer ti fi ca tion exam deal with top ics and is sues re lated to fa cil ity se cu rity, in clud ing foun da tional prin ci ples, de sign and im ple men ta tion, fire pro tec tion, perime ter se cu rity, in ter nal se cu rity, and many more.

The pur pose of phys i cal se cu rity is to pro tect against phys i cal threats. The fol low ing phys i cal threats are among the most com mon: fire and smoke, wa ter (ris ing/fall ing), earth move ment (earth quakes, land slides, vol ca noes), storms (wind, light ning, rain, snow, sleet, ice), sab o tage/van dal ism, ex plo sion/de struc tion, build ing col lapse, toxic ma te ri als, util ity loss (power, heat ing, cool ing, air, wa ter), equip ment fail ure, theft, and per son nel loss (strikes, ill ness, ac cess, trans port).

This chap ter ex plores these is sues and dis cusses safe guards and coun ter mea sures to pro tect against them. In many cases, you’ll need a dis as ter re cov ery plan or a busi ness con ti nu ity plan should a se ri ous phys i cal threat (such as an ex plo sion, sab o tage, or nat u ral dis as ter) oc cur. Chap ter 3, “Busi ness Con ti nu ity Plan ning,” and Chap ter 18, “Dis as ter Re cov ery Plan ning,” cover those top ics in de tail.

Ap ply Se cu rity Prin ci ples to Site and Fa cil ity De sign It should be bla tantly ob vi ous at this point that with out con trol over the phys i cal en vi ron ment, no

col lec tion of ad min is tra tive, tech ni cal, or log i cal ac cess con trols can pro vide ad e quate se cu rity. If a ma li cious per son can gain phys i cal ac cess to your fa cil ity or equip ment, they can do just about any thing they want, from de struc tion to dis clo sure or al ter ation. Phys i cal con trols are your first line of de fense, and peo ple are your last.

There are many as pects of im ple ment ing and main tain ing phys i cal se cu rity. A core el e ment is se lect ing or de sign ing the fa cil ity to house your in for ma tion tech nol ogy (IT) in fra struc ture and your or ga ni za tion’s op er a tions. The process of se lect ing or de sign ing fa cil i ties se cu rity al ways starts with a plan.

Se cure Fa cil ity Plan

286

A se cure fa cil ity plan out lines the se cu rity needs of your or ga ni za tion and em pha sizes meth ods or mech a nisms to em ploy to pro vide se cu rity. Such a plan is de vel oped through a process known as crit i cal path anal y sis. Crit i cal path anal y sis is a sys tem atic ef fort to iden tify re la tion ships be tween mis sion-crit i cal ap pli ca tions, pro cesses, and op er a tions and all the nec es sary sup port ing el e ments. For ex am ple, an e- com merce server used to sell prod ucts over the web re lies on in ter net ac cess, com puter hard ware, elec tric ity, tem per a ture con trol, stor age fa cil ity, and so on.

When crit i cal path anal y sis is per formed prop erly, a com plete pic ture of the in ter de pen den cies and in ter ac tions nec es sary to sus tain the or ga ni za tion is pro duced. Once that anal y sis is com plete, its re sults serve as a list of items to se cure. The first step in de sign ing a se cure IT in fra struc ture is pro vid ing se cu rity for the ba sic re quire ments of the or ga ni za tion and its com put ers. These ba sic re quire ments in clude elec tric ity, en vi ron men tal con trols (in other words, a build ing, air con di tion ing, heat ing, hu mid ity con trol, and so on), and wa ter/sewage.

While ex am in ing for crit i cal paths, it is also im por tant to eval u ate com pleted or po ten tial tech nol ogy con ver gence. Tech nol ogy con ver gence is the ten dency for var i ous tech nolo gies, so lu tions, util i ties, and sys tems to evolve and merge over time. Of ten this re sults in mul ti ple sys tems per form ing sim i lar or re dun dant tasks or one sys tem tak ing over the fea ture and abil i ties of an other. While in some in stances this can re sult in im proved ef fi ciency and cost sav ings, it can also rep re sent a sin gle point of fail ure and be come a more valu able tar get for hack ers and in trud ers. For ex am ple, if voice, video, fax, and data traf fic all share a sin gle con nec tion path rather than in di vid ual paths, a sin gle act of sab o tage to the main con nec tion is all that is re quired for in trud ers or thieves to sever ex ter nal com mu ni ca tions.

Se cu rity staff should par tic i pate in site and fa cil ity de sign con sid er a tions. Oth er wise, many im por tant as pects of phys i cal se cu rity es sen tial for the ex is tence of log i cal se cu rity may be over looked. With se cu rity staff in volved in the phys i cal fa cil ity de sign, you can be as sured that your long-term se cu rity goals as an or ga ni za tion will be sup ported not just by your poli cies, per son nel, and elec tronic equip ment, but by the build ing it self.

Site Se lec tion Site se lec tion should be based on the se cu rity needs of the or ga ni za tion. Cost, lo ca tion, and size are

im por tant, but ad dress ing the re quire ments of se cu rity should al ways take prece dence. When choos ing a site on which to build a fa cil ity or se lect ing a pre ex ist ing struc ture, be sure to ex am ine ev ery as pect of its lo ca tion care fully.

Se cur ing as sets de pends largely on site se cu rity, which in volves nu mer ous con sid er a tions and sit u a tional el e ments. Site lo ca tion and con struc tion play a cru cial role in the over all site se lec tion process. Sus cep ti bil ity to ri ots, loot ing, break-ins, and van dal ism or lo ca tion within a high-crime area are ob vi ously all poor choices but can not al ways be dic tated or con trolled. En vi ron men tal threats such as fault lines, tor nado/hur ri cane re gions, and close prox im ity to other nat u ral dis as ters present sig nif i cant is sues for the site se lec tion process as well be cause you can’t al ways avoid such threats.

Prox im ity to other build ings and busi nesses is an other cru cial con sid er a tion. What sorts of at ten tion do they draw, and how does that af fect your op er a tion or fa cil ity? If a nearby busi ness at tracts too many vis i tors, gen er ates lots of noise, causes vi bra tions, or han dles dan ger ous ma te ri als, they could harm your em ploy ees or build ings. Prox im ity to emer gency-re sponse per son nel is an other con sid er a tion, along with other el e ments. Some com pa nies can af ford to buy or build their own cam puses to keep neigh bor ing el e ments out of play and to en able tighter ac cess con trol and mon i tor ing. How ever, not ev ery com pany can ex er cise this op tion and must make do with what’s avail able and af ford able in stead.

At a min i mum, en sure that the build ing is de signed to with stand fairly ex treme weather con di tions and that it can de ter or fend off overt break-in at tempts. Vul ner a ble en try points such as win dows and doors tend to dom i nate such anal y sis, but you should also eval u ate ob jects (trees, shrubs, or man-made items) that can ob scure break-in at tempts.

Vis i bil ity

Vis i bil ity is im por tant. What is the sur round ing ter rain? Would it be easy to ap proach the fa cil ity by ve hi cle or on foot with out be ing seen? The makeup of the sur round ing area is also im por tant. Is it in or near a res i den tial, busi ness, or in dus trial area? What is the lo cal crime rate? Where are the clos est emer gency ser vices lo cated (fire, med i cal, po lice)? What unique haz ards may be found in the vicin ity (chem i cal plants, home less shel ters, uni ver si ties, con struc tion sites, and so on)?

An other el e ment of vis i bil ity is re lated to the area mon i tored by a se cu rity cam era. Be sure the lo ca tions and ca pa bil i ties of the se cu rity cam eras are co or di nated with the in te rior and ex te rior de sign of the fa cil ity. Cam eras should be po si tioned to have clear site lines of all ex te rior walls, en trance and exit points, and in te rior hall ways.

Nat u ral Dis as ters

287

An other con cern is the po ten tial im pact that nat u ral dis as ters could make in the area. Is it prone to earth quakes, mud slides, sink holes, fires, floods, hur ri canes, tor na does, fall ing rocks, snow, rain fall, ice, hu mid ity, heat, ex treme cold, and so on? You must pre pare for nat u ral dis as ters and equip your IT en vi ron ment to ei ther sur vive an event or be re placed eas ily. As men tioned ear lier, the top ics of busi ness con ti nu ity and dis as ter plan ning are cov ered in Chap ters 3 and 18, re spec tively.

Fa cil ity De sign When de sign ing the con struc tion of a fa cil ity, you must un der stand the level of se cu rity that your

or ga ni za tion needs. A proper level of se cu rity must be planned and de signed be fore con struc tion be gins.

Im por tant is sues to con sider in clude com bustibil ity, fire rat ing, con struc tion ma te ri als, load rat ing, place ment, and con trol of items such as walls, doors, ceil ings, floor ing, HVAC, power, wa ter, sewage, gas, and so on. Forced in tru sion, emer gency ac cess, re sis tance to en try, di rec tion of en tries and ex its, use of alarms, and con duc tiv ity are other im por tant as pects to eval u ate. Ev ery el e ment within a fa cil ity should be eval u ated in terms of how it could be used for and against the pro tec tion of the IT in fra struc ture and per son nel (for ex am ple, pos i tive flows for air and wa ter from in side a fa cil ity to out side its bound aries).

There’s also a well-es tab lished school of thought on “se cure ar chi tec ture” that’s of ten called Crime Pre ven tion through En vi ron men tal De sign (CPTED). The guid ing idea is to struc ture the phys i cal en vi ron ment and sur round ings to in flu ence in di vid ual de ci sions that po ten tial of fend ers make be fore com mit ting any crim i nal acts. The In ter na tional CPTED As so ci a tion is an ex cel lent source for in for ma tion on this sub ject (www.cpted.net), as is Os car New man’s book Cre at ing De fen si ble Space, pub lished by HUD’s Of fice of Pol icy De vel op ment and Re search (you can ob tain a free PDF down load at www.de fen si blespace.com/book.htm).

Im ple ment Site and Fa cil ity Se cu rity Con trols The se cu rity con trols im ple mented to man age phys i cal se cu rity can be di vided into three groups:

ad min is tra tive, tech ni cal, and phys i cal. Be cause these are the same cat e gories used to de scribe ac cess con trols, it is vi tal to fo cus on the phys i cal se cu rity as pects of these con trols. Ad min is tra tive phys i cal se cu rity con trols in clude fa cil ity con struc tion and se lec tion, site man age ment, per son nel con trols, aware ness train ing, and emer gency re sponse and pro ce dures. Tech ni cal phys i cal se cu rity con trols in clude ac cess con trols; in tru sion de tec tion; alarms; closed-cir cuit tele vi sion (CCTV); mon i tor ing; heat ing, ven ti la tion, and air con di tion ing (HVAC) power sup plies; and fire de tec tion and sup pres sion. Phys i cal con trols for phys i cal se cu rity in clude fenc ing, light ing, locks, con struc tion ma te ri als, mantraps, dogs, and guards.

 Cor po rate vs. Per sonal Prop erty

Many busi ness en vi ron ments have both vis i ble and in vis i ble phys i cal se cu rity con trols. You see them at the post of fice, at the cor ner store, and in cer tain ar eas of your own com put ing en vi ron ment. They are so per va sive that some peo ple choose where they live based on their pres ence, as in gated ac cess com mu ni ties or se cure apart ment com plexes.

Al i son is a se cu rity an a lyst for a ma jor tech nol ogy cor po ra tion that spe cial izes in data man age ment. This com pany in cludes an in-house se cu rity staff (guards, ad min is tra tors, and so on) that is ca pa ble of han dling phys i cal se cu rity breaches.

Brad ex pe ri enced an in tru sion—into his per sonal ve hi cle in the com pany park ing lot. He asks Al i son whether she ob served or recorded any one break ing into and en ter ing his ve hi cle, but this is a per sonal item and not a com pany pos ses sion, and she has no con trol or reg u la tion over dam age to em ployee as sets.

This is un der stand ably un nerv ing for Brad, but he un der stands that she’s pro tect ing the busi ness and not his be long ings. When or where would you think it would be nec es sary to im ple ment se cu rity mea sures for both? The usual an swer is any where busi ness as sets are or might be in volved. Had Brad been us ing a com pany ve hi cle parked in the com pany park ing lot, then per haps Al i son could make al lowances for an in ci den tal break-in in volv ing Brad’s things, but even then she isn’t re spon si ble for their safe keep ing. On the other hand, where key peo ple are also im por tant as sets (ex ec u tive staff at most en ter prises, se cu rity an a lysts who work in sen si tive po si tions, heads of state, and so forth), pro tec tion and safe guards usu ally ex tend to em brace them and their be long ings as part of as set pro tec tion and risk mit i ga tion. Of course, if dan ger to em ploy ees or what they carry with them be comes a prob lem, se cur ing the park ing garage with key cards and in stalling CCTV mon i tors on ev ery floor be gins to make sense. Sim ply put, if the costs of al low ing break-ins to oc cur ex ceeds that of in stalling pre ven tive mea sures, it’s pru dent to put them in place.

288

When de sign ing phys i cal se cu rity for an en vi ron ment, fo cus on the func tional or der in which con trols should be used. The or der is as fol lows:

1. De ter rence

2. De nial

3. De tec tion

4. De lay

Se cu rity con trols should be de ployed so that ini tial at tempts to ac cess phys i cal as sets are de terred (bound ary re stric tions ac com plish this). If de ter rence fails, then di rect ac cess to phys i cal as sets should be de nied (for ex am ple, locked vault doors). If de nial fails, your sys tem needs to de tect in tru sion (for ex am ple, us ing mo tion sen sors), and the in truder should be de layed suf fi ciently in their ac cess at tempts to en able au thor i ties to re spond (for ex am ple, a ca ble lock on the as set). It’s im por tant to re mem ber this or der when de ploy ing phys i cal se cu rity con trols: first de ter rence, then de nial, then de tec tion, then de lay.

Equip ment Fail ure No mat ter the qual ity of the equip ment your or ga ni za tion chooses to pur chase and in stall, even tu ally it

will fail. Un der stand ing and pre par ing for this even tu al ity helps en sure the on go ing avail abil ity of your IT in fra struc ture and should help you to pro tect the in tegrity and avail abil ity of your re sources.

Pre par ing for equip ment fail ure can take many forms. In some non-mis sion-crit i cal sit u a tions, sim ply know ing where you can pur chase re place ment parts for a 48-hour re place ment time line is suf fi cient. In other sit u a tions, main tain ing on site re place ment parts is manda tory. Keep in mind that the re sponse time in re turn ing a sys tem to a fully func tion ing state is di rectly pro por tional to the cost in volved in main tain ing such a so lu tion. Costs in clude stor age, trans porta tion, pre-pur chas ing, and main tain ing on site in stal la tion and restora tion ex per tise. In some cases, main tain ing on site re place ments is not fea si ble. For those cases, es tab lish ing a ser vice-level agree ment (SLA) with the hard ware ven dor is es sen tial. An SLA clearly de fines the re sponse time a ven dor will pro vide in the event of an equip ment fail ure emer gency.

Ag ing hard ware should be sched uled for re place ment and/or re pair. The sched ule for such op er a tions should be based on the mean time to fail ure (MTTF) and mean time to re pair (MTTR) es ti mates es tab lished for each de vice or on pre vail ing best or ga ni za tional prac tices for man ag ing the hard ware life cy cle. MTTF is the ex pected typ i cal func tional life time of the de vice given a spe cific op er at ing en vi ron ment. MTTR is the av er age length of time re quired to per form a re pair on the de vice. A de vice can of ten un dergo nu mer ous re pairs be fore a cat a strophic fail ure is ex pected. Be sure to sched ule all de vices to be re placed be fore their MTTF ex pires. An ad di tional mea sure ment is that of the mean time be tween fail ures (MTBF). This is an es ti ma tion of the time be tween the first and any sub se quent fail ures. If the MTTF and MTBF val ues are the same or fairly sim i lar, man u fac tur ers of ten only list the MTTF to rep re sent both val ues.

When a de vice is sent out for re pairs, you need to have an al ter nate so lu tion or a backup de vice to fill in for the du ra tion of the re pair time. Of ten, wait ing un til a mi nor fail ure oc curs be fore a re pair is per formed is sat is fac tory, but wait ing un til a com plete fail ure oc curs be fore re place ment is an un ac cept able se cu rity prac tice.

Wiring Clos ets

Wiring clos ets used to be a small closet where the telecom mu ni ca tions ca bles were or ga nized for the build ing us ing punch-down blocks. To day, a wiring closet is still used for or ga ni za tional pur poses, but it serves as an im por tant in fra struc ture pur pose as well. A mod ern wiring closet is where the net work ing ca bles for a whole build ing or just a floor are con nected to other es sen tial equip ment, such as patch pan els, switches, routers, lo cal area net work (LAN) ex ten ders, and back bone chan nels. Other more tech ni cal names for wiring clos ets in clude premises wire dis tri bu tion room andin ter me di ate dis tri bu tion fa cil i ties (IDF). It is fairly com mon to have one or more racks of in ter con nec tion de vices sta tioned in a wiring closet (see Fig ure 10.1).

Larger build ings may re quire mul ti ple wiring clos ets in or der to stay within the max i mum ca ble run lim i ta tions. For the com mon cop per-based twisted-pair ca bling, the max i mum run length is 100 me ters. How ever, in elec tri cally noisy en vi ron ments, this run length can be sig nif i cantly re duced. Wiring clos ets also serve as a con ve nient lo ca tion to link mul ti ple floors to gether. In such a mul ti story con fig u ra tion, the wiring clos ets are of ten lo cated di rectly above or be low each other on their re spec tive floor.

289

FIG URE 10.1 A typ i cal wiring closet Source: https://www.flickr.com/pho tos/cloned milk men/4390901323/

Wiring clos ets are also com monly used to house and man age the wiring for many other im por tant el e ments of a build ing, in clud ing alarm sys tems, cir cuit breaker pan els, tele phone punch-down blocks, wire less ac cess points, and video sys tems, in clud ing se cu rity cam eras.

Wiring closet se cu rity is ex tremely im por tant. Most of the se cu rity for a wiring closet fo cuses on pre vent ing phys i cal unau tho rized ac cess. If an unau tho rized in truder gains ac cess to the area, they may be able to steal equip ment, pull or cut ca bles, or even plant a lis ten ing de vice. Thus, the se cu rity pol icy for the wiring closet should in clude a few ground rules, such as the fol low ing:

Never use the wiring closet as a gen eral stor age area.

Have ad e quate locks, which might in clude bio met ric el e ments.

Keep the area tidy.

Do not store flammable items in the area.

Set up video sur veil lance to mon i tor ac tiv ity in side the wiring closet.

Use a door open sen sor to log en tries.

Do not give keys to any one ex cept the au tho rized ad min is tra tor.

Per form reg u lar phys i cal in spec tions of the wiring closet’s se cu rity and con tents.

In clude the wiring closet in the or ga ni za tion’s en vi ron men tal man age ment and mon i tor ing, in or der to en sure ap pro pri ate en vi ron men tal con trol and mon i tor ing, as well as de tect dam ag ing con di tions such as flood ing or fire.

It is also im por tant to no tify your build ing man age ment of your wiring closet se cu rity pol icy and ac cess re stric tions. This will fur ther re duce unau tho rized ac cess at tempts.

290

Wiring clos ets are just one el e ment of a ca ble plant man age ment pol icy. A ca ble plant is the col lec tion of in ter con nected ca bles and in ter me di ary de vices (such as cross-con nects, patch pan els, and switches) that es tab lish the phys i cal net work. El e ments of a ca ble plant in clude the fol low ing:

En trance fa cil ity: Also known as the de mar ca tion point, this is the en trance point to the build ing where the ca ble from the provider con nects the in ter nal ca ble plant.

Equip ment room: This is the main wiring closet for the build ing, of ten con nected to or ad ja cent to the en trance fa cil ity.

Back bone dis tri bu tion sys tem: This pro vides wired con nec tions be tween the equip ment room and the telecom mu ni ca tions rooms, in clud ing cross-floor con nec tions.

Telecom mu ni ca tions room: Also known as the wiring closet, this serves the con nec tion needs of a floor or a sec tion of a large build ing by pro vid ing space for net work ing equip ment and ca bling sys tems. It also serves as the in ter con nec tion point be tween the back bone dis tri bu tion sys tem and the hor i zon tal dis tri bu tion sys tem.

Hor i zon tal dis tri bu tion sys tem: This pro vides the con nec tion be tween the telecom mu ni ca tion room and work ar eas, of ten in clud ing ca bling, cross-con nec tion blocks, patch pan els, and sup port ing hard ware in fra struc ture (such as ca ble trays, ca ble hang ers, and con duits).

Server Rooms/Data Cen ters Server rooms, data cen ters, com mu ni ca tions rooms, wiring clos ets, server vaults, and IT clos ets are

en closed, re stricted, and pro tected rooms where your mis sion-crit i cal servers and net work de vices are housed. Cen tral ized server rooms need not be hu man com pat i ble. In fact, the more hu man in com pat i ble a server room is, the more pro tec tion it will of fer against ca sual and de ter mined at tacks. Hu man in com pat i bil ity can be ac com plished by in clud ing Halotron, Py ro Gen, or other halon-sub sti tute oxy gen-dis place ment fire de tec tion and ex tin guish ing sys tems, low tem per a tures, lit tle or no light ing, and equip ment stacked with lit tle room to ma neu ver. Server rooms should be de signed to sup port op ti mal op er a tion of the IT in fra struc ture and to block unau tho rized hu man ac cess or in ter ven tion.

Server rooms should be lo cated at the core of the build ing. Try to avoid lo cat ing these rooms on the ground floor, on the top floor, and in the base ment when ever pos si ble. Ad di tion ally, the server room should be lo cated away from wa ter, gas, and sewage lines. These pose too large a risk of leak age or flood ing, which can cause se ri ous dam age and down time.

The walls of your server room should also have a one-hour min i mum fire rat ing.

 Mak ing Servers In ac ces si ble

The run ning joke in the IT se cu rity realm is that the most se cure com puter is one that is dis con nected from the net work and sealed in a room with no doors or win dows. No, se ri ously, that’s the joke. But there’s a mas sive grain of truth and irony in it as well.

Car los op er ates se cu rity pro cesses and plat forms for a fi nan cial bank ing firm, and he knows all about one-way sys tems and un reach able de vices. Sen si tive busi ness trans ac tions oc cur in frac tions of a sec ond, and one wrong move could pose se ri ous risks to data and in volved par ties.

In his ex pe ri ence, Car los knows that the least ac ces si ble and least hu man-friendly places are his most valu able as sets, so he stores many of his ma chines in side a sep a rate bank vault. You’d have to be a tal ented bur glar, a skilled safe cracker, and a de ter mined com puter at tacker to breach his se cu rity de fenses.

Not all busi ness ap pli ca tions and pro cesses war rant this ex treme sort of pre ven tion. What se cu rity rec om men da tions might you sug gest to make a server more in con ve nient or in ac ces si ble, short of ded i cat ing a vault? An in te rior room with lim ited ac cess, no win dows, and only one en try/exit point makes an ex cel lent sub sti tute when an empty vault isn’t avail able. The key is to se lect a space with lim ited ac cess and then to es tab lish se ri ous hur dles to en try (es pe cially unau tho rized en try). CCTV mon i tor ing on the door and mo tion de tec tors in side the space can also help main tain proper at ten tion to who is com ing and go ing.

For many or ga ni za tions their dat a cen ter and their server room are one and the same. For some or ga ni za tions, a dat a cen ter is an ex ter nal lo ca tion used to house the bulk of their back end com puter servers,

291

data stor age equip ment, and net work man age ment equip ment. This could be a sep a rate build ing nearby the pri mary of fices or it could be a re mote lo ca tion. A dat a cen ter might be owned and man aged ex clu sively by your or ga ni za tion, or it could be a leased ser vice from a dat a cen ter provider. A dat a cen ter could be a sin gle- ten ant con fig u ra tion or a mul ti tenant con fig u ra tion. No mat ter what the vari a tion, in ad di tion to the con cerns of a server room, many other con cepts are likely rel e vant.

In many dat a cen ters and server rooms, a va ri ety of tech ni cal con trols are em ployed as ac cess con trol mech a nisms to man age phys i cal ac cess. These in clude, but are not lim ited to: smart/dumb cards, prox im ity read ers, bio met rics, in tru sion de tec tion sys tems (IDSs), and a de sign based around de fense in depth.

Smart cards

Smart cards are credit-card-sized IDs, badges, or se cu rity passes with an em bed ded mag netic strip, bar code, or in te grated cir cuit chip. They con tain in for ma tion about the au tho rized bearer that can be used for iden ti fi ca tion and/or au then ti ca tion pur poses. Some smart cards can even process in for ma tion or store rea son able amounts of data in a mem ory chip. A smart card may be known by sev eral phrases or terms:

An iden tity to ken con tain ing in te grated cir cuits (ICs)

A pro ces sor IC card

An IC card with an ISO 7816 in ter face

Smart cards are of ten viewed as a com plete se cu rity so lu tion, but they should not be con sid ered com plete by them selves. As with any sin gle se cu rity mech a nism, smart cards are sub ject to weak nesses and vul ner a bil i ties. Smart cards can fall prey to phys i cal at tacks, log i cal at tacks, Tro jan horse at tacks, or so cial- en gi neer ing at tacks. In most cases, a smart card is used in a mul ti fac tor con fig u ra tion. Thus, theft or loss of a smart card does not re sult in easy im per son ation. The most com mon form of mul ti fac tor used in re la tion to a smart card is the re quire ment of a PIN. You’ll find ad di tional in for ma tion about smart cards in Chap ter 13, “Man ag ing Iden tity and Au then ti ca tion.”

Mem ory cards are ma chine-read able ID cards with a mag netic strip. Like a credit card, debit card, or ATM card, mem ory cards can re tain a small amount of data but are un able to process data like a smart card. Mem ory cards of ten func tion as a type of two-fac tor con trol: the card is “some thing you have” and its per sonal iden ti fi ca tion num ber (PIN) is “some thing you know.” How ever, mem ory cards are easy to copy or du pli cate and are in suf fi cient for au then ti ca tion pur poses in a se cure en vi ron ment.

Prox im ity Read ers

In ad di tion to smart/dumb cards, prox im ity read ers can be used to con trol phys i cal ac cess. A prox im ity reader can be a pas sive de vice, a field-pow ered de vice, or a transpon der. The prox im ity de vice is worn or held by the au tho rized bearer. When it passes a prox im ity reader, the reader is able to de ter mine who the bearer is and whether they have au tho rized ac cess. A pas sive de vice re flects or oth er wise al ters the elec tro mag netic field gen er ated by the reader. This al ter ation is de tected by the reader.

The pas sive de vice has no ac tive elec tron ics; it is just a small mag net with spe cific prop er ties (like an titheft de vices com monly found on DVDs). A field-pow ered de vice has elec tron ics that ac ti vate when the de vice en ters the elec tro mag netic field that the reader gen er ates. Such de vices ac tu ally gen er ate elec tric ity from an EM field to power them selves (such as card read ers that re quire only that the ac cess card be waved within inches of the reader to un lock doors). A transpon der de vice is self-pow ered and trans mits a sig nal re ceived by the reader. This can oc cur con sis tently or only at the press of a but ton (like a garage door opener or car alarm key fob).

In ad di tion to smart/dumb cards and prox im ity read ers, phys i cal ac cess can be man aged with ra dio- fre quency iden ti fi ca tion (RFID) or bio met ric ac cess con trol de vices. See Chap ter 13 for a de scrip tion of bio met ric de vices. These and other de vices, such as ca ble locks, can sup port the pro tec tion and se cur ing of equip ment.

In tru sion De tec tion Sys tems

In tru sion de tec tion sys tems (IDSs) are sys tems—au to mated or man ual—de signed to de tect an at tempted in tru sion, breach, or at tack; the use of an unau tho rized en try/point; or the oc cur rence of some spe cific event at an unau tho rized or ab nor mal time. In tru sion de tec tion sys tems used to mon i tor phys i cal ac tiv ity may in clude se cu rity guards, au to mated ac cess con trols, and mo tion de tec tors as well as other spe cialty mon i tor ing tech niques. These are dis cussed in more de tail in the later sec tions “Mo tion De tec tors” and “In tru sion Alarms.”

Phys i cal in tru sion de tec tion sys tems, also called bur glar alarms, de tect unau tho rized ac tiv i ties and no tify the au thor i ties (in ter nal se cu rity or ex ter nal law en force ment). The most com mon type of sys tem uses a sim ple cir cuit (aka dry con tact switches) con sist ing of foil tape in en trance points to de tect when a door or win dow has been opened.

292

An in tru sion de tec tion mech a nism is use ful only if it is con nected to an in tru sion alarm. (See “In tru sion Alarms” later in this chap ter.) An in tru sion alarm no ti fies au thor i ties about a breach of phys i cal se cu rity.

There are two as pects of any in tru sion de tec tion and alarm sys tem that can cause it to fail: how it gets its power and how it com mu ni cates. If the sys tem loses power, the alarm will not func tion. Thus, a re li able de tec tion and alarm sys tem has a bat tery backup with enough stored power for 24 hours of op er a tion.

If com mu ni ca tion lines are cut, an alarm may not func tion and se cu rity per son nel and emer gency ser vices will not be no ti fied. Thus, a re li able de tec tion and alarm sys tem in cor po rates a heart beat sen sor for line su per vi sion. A heart beat sen sor is a mech a nism by which the com mu ni ca tion path way is ei ther con stantly or pe ri od i cally checked with a test sig nal. If the re ceiv ing sta tion de tects a failed heart beat sig nal, the alarm trig gers au to mat i cally. Both mea sures are de signed to pre vent in trud ers from cir cum vent ing the de tec tion and alarm sys tem.

Ac cess Abuses

No mat ter what form of phys i cal ac cess con trol is used, a se cu rity guard or other mon i tor ing sys tem must be de ployed to pre vent abuse, mas querad ing, and pig gy back ing. Ex am ples of abuses of phys i cal ac cess con trols are prop ping open se cured doors and by pass ing locks or ac cess con trols. Mas querad ing is us ing some one else’s se cu rity ID to gain en try into a fa cil ity. Pig gy back ing is fol low ing some one through a se cured gate or door way with out be ing iden ti fied or au tho rized per son ally. De tect ing abuses like these can be done by cre at ing au dit trails and re tain ing ac cess logs.

Au dit trails and ac cess logs are use ful tools even for phys i cal ac cess con trol. They may need to be cre ated man u ally by se cu rity guards. Or they can be gen er ated au to mat i cally if suf fi cient au to mated ac cess con trol mech a nisms (such as smart cards and cer tain prox im ity read ers) are in use. The time at which a sub ject re quests en try, the re sult of the au then ti ca tion process, and the length of time the se cured gate re mains open are im por tant el e ments to in clude in au dit trails and ac cess logs. In ad di tion to us ing the elec tronic or pa per trail, con sider mon i tor ing en try points with closed cir cuit tele vi sion (CCTV) or se cu rity cam eras. CCTV en ables you to com pare the au dit trails and ac cess logs with a vis ual record ing of the events. Such in for ma tion is crit i cal to re con struct the events for an in tru sion, breach, or at tack.

Em a na tion Se cu rity

Many elec tri cal de vices em anate elec tri cal sig nals or ra di a tion that can be in ter cepted by unau tho rized in di vid u als. These sig nals may con tain con fi den tial, sen si tive, or pri vate data. Ob vi ous ex am ples of em a na tion de vices are wire less net work ing equip ment and mo bile phones, but many other de vices are vul ner a ble to in ter cep tion. Other ex am ples in clude mon i tors, modems, and in ter nal or ex ter nal me dia drives (hard drives, USB thumb drives, CDs, and so on). With the right equip ment, unau tho rized users can in ter cept elec tro mag netic or ra dio fre quency sig nals (col lec tively known as em a na tions) from these de vices and in ter pret them to ex tract con fi den tial data.

Clearly, if a de vice emits a sig nal that some one out side your or ga ni za tion can in ter cept, some se cu rity pro tec tion is needed. The types of coun ter mea sures and safe guards used to pro tect against em a na tion at tacks are known as TEM PEST coun ter mea sures. TEM PEST was orig i nally a gov ern ment re search study aimed at pro tect ing elec tronic equip ment from the elec tro mag netic pulse (EMP) emit ted dur ing nu clear ex plo sions. It has since ex panded to a gen eral study of mon i tor ing em a na tions and pre vent ing their in ter cep tion. Thus, TEM PEST is now a for mal name for a broad cat e gory of ac tiv i ties.

TEM PEST coun ter mea sures in clude Fara day cages, white noise, and con trol zones.

Fara day Cage A Fara day cage is a box, mo bile room, or en tire build ing de signed with an ex ter nal metal skin, of ten a wire mesh that fully sur rounds an area on all sides (in other words, front, back, left, right, top, and bot tom). This metal skin acts as an elec tro mag netic in ter fer ence (EMI)-ab sorb ing ca pac i tor (which is why it’s named af ter Michael Fara day, a pi o neer in the field of elec tro mag netism) that pre vents elec tro mag netic sig nals (em a na tions) from ex it ing or en ter ing the area that the cage en closes. Fara day cages are quite ef fec tive at block ing EM sig nals. In fact, in side an ac tive Fara day cage, mo bile phones do not work, and you can’t pick up broad cast ra dio or tele vi sion sta tions.

White Noise White noise sim ply means broad cast ing false traf fic at all times to mask and hide the pres ence of real em a na tions. White noise can con sist of a real sig nal from an other source that is not con fi den tial, a con stant sig nal at a spe cific fre quency, a ran domly vari able sig nal (such as the white noise heard be tween ra dio sta tions or tele vi sion sta tions), or even a jam sig nal that causes in ter cep tion equip ment to fail. White noise is most ef fec tive when cre ated around the perime ter of an area so that it is broad cast out ward to pro tect the in ter nal area where em a na tions may be needed for nor mal op er a tions.

293

White noise de scribes any ran dom sound, sig nal, or process that can drown out

mean ing ful in for ma tion. This can vary from au di ble fre quen cies to in audi ble elec tronic trans mis sions, and it may even in volve the de lib er ate act of cre at ing line or traf fic noise to dis guise ori gins or dis rupt lis ten ing de vices.

Con trol Zone A third type of TEM PEST coun ter mea sure, a con trol zone, is sim ply the im ple men ta tion of ei ther a Fara day cage or white noise gen er a tion or both to pro tect a spe cific area in an en vi ron ment; the rest of the en vi ron ment is not af fected. A con trol zone can be a room, a floor, or an en tire build ing. Con trol zones are those ar eas where em a na tion sig nals are sup ported and used by nec es sary equip ment, such as wire less net work ing, mo bile phones, ra dios, and tele vi sions. Out side the con trol zones, em a na tion in ter cep tion is blocked or pre vented through the use of var i ous TEM PEST coun ter mea sures.

Me dia Stor age Fa cil i ties Me dia stor age fa cil i ties should be de signed to se curely store blank me dia, re us able me dia, and in stal la tion

me dia. Whether hard drives, flash mem ory de vices, op ti cal disks, or tapes, me dia should be con trolled against theft and cor rup tion. New blank me dia should be se cured to pre vent some one from steal ing it or plant ing mal ware on it.

Me dia that is reused, such as thumb drives, flash mem ory cards, or por ta ble hard drives, should be pro tected against theft and data rem nant re cov ery. Data rem nants are the re main ing data el e ments left on a stor age de vice af ter a stan dard dele tion or for mat ting process. Such a process clears out the di rec tory struc ture and marks clus ters as avail able for use but leaves the orig i nal data in the clus ters. A sim ple un- dele tion util ity or data re cov ery scan ner can of ten re cover ac cess to these files. Re strict ing ac cess to me dia and us ing se cure wip ing so lu tions can re duce this risk.

In stal la tion me dia needs to be pro tected against theft and mal ware plant ing. This will en sure that when a new in stal la tion needs to be per formed, the me dia is avail able and safe for use.

Here are some means of im ple ment ing se cure me dia stor age fa cil i ties:

Store me dia in a locked cab i net or safe.

Have a li brar ian or cus to dian who man ages ac cess to the locked me dia cab i net.

Use a check-in/check-out process to track who re trieves, uses, and re turns me dia from stor age.

For re us able me dia, when the de vice is re turned, run a se cure drive san i ti za tion or ze roiza tion (a pro ce dure that erases data by re plac ing it with mean ing less data such as ze roes) process to re move all data rem nants.

Me dia can also be ver i fied us ing a hash-based in tegrity check mech a nism to en sure ei ther that valid files re main valid or that a me dia has been prop erly and fully san i tized to re tain no rem nants of pre vi ous use.

For more se cu rity-in ten sive or ga ni za tions, it may be nec es sary to place a se cu rity no ti fi ca tion la bel on me dia to in di cate its use clas si fi ca tion or em ploy RFID/NFC as set track ing tags on me dia. It also might be im por tant to use a stor age cab i net that is more like a safe than an of fice sup ply shelf. Higher lev els of pro tec tion could also in clude fire, flood, elec tro mag netic field, and tem per a ture mon i tor ing and pro tec tion.

Ev i dence Stor age

Ev i dence stor age is quickly be com ing a ne ces sity for all busi nesses, not just law en force ment–re lated or ga ni za tions. As cy ber crime events con tinue to in crease, it is im por tant to re tain logs, au dit trails, and other records of dig i tal events. It also may be nec es sary to re tain im age copies of drives or snap shots of vir tual ma chines for fu ture com par i son. This may be re lated to in ter nal cor po rate in ves ti ga tions or to law en force ment–based foren sic anal y sis. In ei ther case, pre serv ing datasets that might be used as ev i dence is es sen tial to the fa vor able con clu sion to a cor po rate in ter nal in ves ti ga tion or a law en force ment in ves ti ga tion of cy ber crime.

Se cure ev i dence stor age is likely to in volve the fol low ing:

A ded i cated stor age sys tem dis tinct from the pro duc tion net work

Po ten tially keep ing the stor age sys tem off line when not ac tively hav ing new datasets trans ferred to it

Block ing In ter net con nec tiv ity to and from the stor age sys tem

Track ing all ac tiv i ties on the ev i dence stor age sys tem

Cal cu lat ing hashes for all datasets stored on the sys tem

294

Lim it ing ac cess to the se cu rity ad min is tra tor and le gal coun sel

En crypt ing all datasets stored on the sys tem

There may be ad di tional se cu rity re quire ments for an ev i dence stor age so lu tion based on your lo cal reg u la tions, in dus try, or con trac tual obli ga tions.

Re stricted and Work Area Se cu rity The de sign and con fig u ra tion of in ter nal se cu rity, in clud ing work ar eas and vis i tor ar eas, should be

con sid ered care fully. There should not be equal ac cess to all lo ca tions within a fa cil ity. Ar eas that con tain as sets of higher value or im por tance should have more re stricted ac cess. For ex am ple, any one who en ters the fa cil ity should be able to ac cess the re strooms and the pub lic tele phone with out go ing into sen si tive ar eas, but only net work ad min is tra tors and se cu rity staff should have ac cess to the server room. Valu able and con fi den tial as sets should be lo cated in the heart or cen ter of pro tec tion pro vided by a fa cil ity. In ef fect, you should fo cus on de ploy ing con cen tric cir cles of phys i cal pro tec tion. This type of con fig u ra tion re quires in creased lev els of au tho riza tion to gain ac cess into more sen si tive ar eas in side the fa cil ity.

Walls or par ti tions can be used to sep a rate sim i lar but dis tinct work ar eas. Such di vi sions de ter ca sual shoul der surf ing or eaves drop ping (shoul der surf ing is the act of gath er ing in for ma tion from a sys tem by ob serv ing the mon i tor or the use of the key board by the op er a tor). Floor-to-ceil ing walls should be used to sep a rate ar eas with dif fer ing lev els of sen si tiv ity and con fi den tial ity (where false or sus pended ceil ings are present, walls should cut these off as well to pro vide an un bro ken phys i cal bar rier be tween more and less se cure ar eas).

Each work area should be eval u ated and as signed a clas si fi ca tion just as IT as sets are clas si fied. Only peo ple with clear ance or clas si fi ca tions cor re spond ing to the clas si fi ca tion of the work area should be al lowed ac cess. Ar eas with dif fer ent pur poses or uses should be as signed dif fer ent lev els of ac cess or re stric tions. The more ac cess to as sets the equip ment within an area of fers, the more im por tant be come the re stric tions that are used to con trol who en ters those ar eas and what ac tiv i ties they are al lowed to per form.

Your fa cil ity se cu rity de sign process should sup port the im ple men ta tion and op er a tion of in ter nal se cu rity. In ad di tion to the man age ment of work ers in proper work spa ces, you should ad dress vis i tors and vis i tor con trol. Should there be an es cort re quire ment for vis i tors, and what other forms of vis i tor con trol should be im ple mented? In ad di tion to ba sic phys i cal se cu rity tools such as keys and locks, mech a nisms such as mantraps, video cam eras, writ ten logs, se cu rity guards, and RFID ID tags should be im ple mented.

An ex am ple of a se cure or re stricted work area is that of the Sen si tive Com part mented In for ma tion Fa cil ity (SCIF). A SCIF is of ten used by gov ern ment and mil i tary con trac tors to pro vide a se cure en vi ron ment for highly sen si tive data stor age and com pu ta tion. The pur pose of a SCIF is to store, view, and up date sen si tive com part mented in for ma tion (SCI), which is a type of clas si fied in for ma tion. A SCIF has re stricted ac cess to limit en trance to those in di vid u als with a spe cific busi ness need and au tho riza tion to ac cess the data con tained within. This is usu ally de ter mined by the in di vid ual’s clear ance level and SCI ap proval level. In most cases, a SCIF has re stric tions against us ing or pos sess ing pho tog ra phy, video, or other record ing de vices while in the se cured area. A SCIF can be es tab lished in a ground-based fa cil ity, an air craft, or float ing plat form. A SCIF can be a per ma nent in stal la tion or a tem po rary es tab lish ment. A SCIF is typ i cally lo cated within a struc ture, al though an en tire struc ture can be im ple mented as a SCIF.

Util i ties and HVAC Con sid er a tions

Power sup plied by elec tric com pa nies is not al ways con sis tent and clean. Most elec tronic equip ment de mands clean power to func tion prop erly. Equip ment dam age from power fluc tu a tions is a com mon oc cur rence. Many or ga ni za tions opt to man age their own power through var i ous means. An un in ter rupt ible power sup ply (UPS) is a type of self-charg ing bat tery that can be used to sup ply con sis tent clean power to sen si tive equip ment. A UPS func tions by tak ing power in from the wall out let, stor ing it in a bat tery, pulling power out of the bat tery, and then feed ing that power to what ever de vices are con nected to it. By di rect ing cur rent through its bat tery, it is able to main tain a con sis tent clean power sup ply. This con cept is known as a dou ble con ver sion UPS. A UPS has a sec ond func tion, one that is of ten used as a sell ing point: it pro vides con tin u ous power even af ter the pri mary power source fails. A UPS can con tinue to sup ply power for min utes or hours, de pend ing on its ca pac ity and how much power the equip ment at tached to it needs. The switch ing from power grid to bat tery-sup plied power oc curs in stan ta neously with no in ter rup tion of power sup plied to the equip ment.

An other form of UPS is the line-in ter ac tive UPS. This type of sys tem has a surge pro tec tor, bat tery charger/in verter, and volt age reg u la tor po si tioned be tween the grid power source and the equip ment. The bat tery is not in-line un der nor mal con di tions. If the grid fails, the power is pulled from the bat tery in verter and volt age reg u la tor to pro vide un in ter rupted power to the equip ment.

A bat tery backup or fail-over bat tery is not a form of UPS as there is usu ally a pe riod of time (even if just a mo ment) of com plete power loss to the equip ment as the grid source of power fails and a switch ing event

295

oc curs to re trieve power from a bat tery.

An other means to en sure that equip ment is not harmed by power fluc tu a tions re quires use of power strips with surge pro tec tors. A surge pro tec tor in cludes a fuse that will blow be fore power lev els change enough to cause dam age to equip ment. How ever, once a surge pro tec tor’s fuse or cir cuit is tripped, cur rent flow is com pletely in ter rupted. Surge pro tec tors should be used only when in stant ter mi na tion of elec tric ity will not cause dam age or loss to the equip ment. Oth er wise, a UPS should be em ployed in stead.

If main tain ing op er a tions for a con sid er able time in spite of a brownout or black out is a ne ces sity, on site elec tric gen er a tors are re quired. Such gen er a tors turn on au to mat i cally when a power fail ure is de tected. Most gen er a tors op er ate us ing a fuel tank of liq uid or gaseous pro pel lant that must be main tained to en sure re li a bil ity. Elec tric gen er a tors are con sid ered al ter nate or backup power sources.

The prob lems with power are nu mer ous. Here is a list of terms as so ci ated with power is sues you should know:

Fault: A mo men tary loss of power

Black out: A com plete loss of power

Sag: Mo men tary low volt age

Brownout: Pro longed low volt age

Spike: Mo men tary high volt age

Surge: Pro longed high volt age

In rush: An ini tial surge of power usu ally as so ci ated with con nect ing to a power source, whether pri mary or al ter nate/sec ondary

Noise: A steady in ter fer ing power dis tur bance or fluc tu a tion

Tran sient: A short du ra tion of line noise dis tur bance

Clean: Non fluc tu at ing pure power

Ground: The wire in an elec tri cal cir cuit that is grounded

When ex pe ri enc ing a power is sue, it is im por tant to de ter mine where the fault is oc cur ring. If the is sue takes place out side your me ter then it is to be re paired by the power com pany, whereas any in ter nal is sues are your re spon si bil ity.

Noise

Noise can cause more than just prob lems with how equip ment func tions; it can also in ter fere with the qual ity of com mu ni ca tions, trans mis sions, and play back. Noise gen er ated by elec tric cur rent can af fect any means of data trans mis sion that re lies on elec tro mag netic trans port mech a nisms, such as tele phone, cel lu lar, tele vi sion, au dio, ra dio, and net work mech a nisms.

There are two types of elec tro mag netic in ter fer ence (EMI): com mon mode and tra verse mode. Com mon mode noise is gen er ated by a dif fer ence in power be tween the hot and ground wires of a power source or op er at ing elec tri cal equip ment. Tra verse mode noise is gen er ated by a dif fer ence in power be tween the hot and neu tral wires of a power source or op er at ing elec tri cal equip ment.

Ra dio-fre quency in ter fer ence (RFI) is an other source of noise and in ter fer ence that can af fect many of the same sys tems as EMI. A wide range of com mon elec tri cal ap pli ances gen er ate RFI, in clud ing flu o res cent lights, elec tri cal ca bles, elec tric space heaters, com put ers, el e va tors, mo tors, and elec tric mag nets, so it’s im por tant to lo cate all such equip ment when de ploy ing IT sys tems and in fra struc ture el e ments.

Pro tect ing your power sup ply and your equip ment from noise is an im por tant part of main tain ing a pro duc tive and func tion ing en vi ron ment for your IT in fra struc ture. Steps to take for this kind of pro tec tion in clude pro vid ing for suf fi cient power con di tion ing, es tab lish ing proper ground ing, shield ing all ca bles, and lim it ing ex po sure to EMI and RFI sources.

Tem per a ture, Hu mid ity, and Static

In ad di tion to power con sid er a tions, main tain ing the en vi ron ment in volves con trol over the HVAC mech a nisms. Rooms in tended pri mar ily to house com put ers should gen er ally be kept be tween 60 and 75 de grees Fahren heit (15 and 23 de grees Cel sius). How ever, there are some ex treme en vi ron ments that run their equip ment as low as 50 de grees Fahren heit and oth ers that run above 90 de grees Fahren heit. Hu mid ity in a com puter room should be main tained be tween 40 and 60 per cent. Too much hu mid ity can cause cor ro sion. Too lit tle hu mid ity causes static elec tric ity. Even on an ti static car pet ing, if the en vi ron ment has low hu mid ity it is still pos si ble to gen er ate 20,000-volt static dis charges. As you can see in Ta ble 10.1, even min i mal lev els of static dis charge can de stroy elec tronic equip ment.

296

TA BLE 10.1 Static volt age and dam age

Static volt age Pos si ble dam age 40 De struc tion of sen si tive cir cuits and other elec tronic com po nents 1,000 Scram bling of mon i tor dis plays 1,500 De struc tion of data stored on hard drives 2,000 Abrupt sys tem shut down 4,000 Printer jam or com po nent dam age 17,000 Per ma nent cir cuit dam age

Wa ter Is sues (e.g., Leak age, Flood ing)

Wa ter is sues, such as leak age and flood ing, should be ad dressed in your en vi ron men tal safety pol icy and pro ce dures. Plumb ing leaks are not an ev ery day oc cur rence, but when they do hap pen, they can cause sig nif i cant dam age.

Wa ter and elec tric ity don’t mix. If your com puter sys tems come in con tact with wa ter, es pe cially while they are op er at ing, dam age is sure to oc cur. Plus, wa ter and elec tric ity cre ate a se ri ous risk of elec tro cu tion for nearby per son nel. When ever pos si ble, lo cate server rooms, dat a cen ters, and crit i cal com puter equip ment away from any wa ter source or trans port pipes. You may also want to in stall wa ter de tec tion cir cuits on the floor around mis sion-crit i cal sys tems. Wa ter-de tec tion cir cuits will sound an alarm and alert you if wa ter is en croach ing upon the equip ment.

To min i mize emer gen cies, be fa mil iar with shut off valves and drainage lo ca tions. In ad di tion to mon i tor ing for plumb ing leaks, you should eval u ate your fa cil ity’s abil ity to han dle se vere rain or flood ing in its vicin ity. Is the fa cil ity lo cated on a hill or in a val ley? Is there suf fi cient drainage? Is there a his tory of flood ing or ac cu mu la tion of stand ing wa ter? Is a server room in the base ment or on the first floor?

Fire Pre ven tion, De tec tion, and Sup pres sion Fire pre ven tion, de tec tion, and sup pres sion must not be over looked. Pro tect ing per son nel from harm

should al ways be the most im por tant goal of any se cu rity or pro tec tion sys tem. In ad di tion to pro tect ing peo ple, fire de tec tion and sup pres sion is de signed to keep dam age caused by fire, smoke, heat, and sup pres sion ma te ri als to a min i mum, es pe cially as re gards the IT in fra struc ture.

Stan dard fire pre ven tion and res o lu tion train ing in volve knowl edge of the fire tri an gle (see Fig ure 10.2). The three cor ners of the tri an gle rep re sent fire, heat, and oxy gen. The cen ter of the tri an gle rep re sents the chem i cal re ac tion among these three el e ments. The point of the fire tri an gle is to il lus trate that if you can re move any one of the four items from the fire tri an gle, the fire can be ex tin guished. Dif fer ent sup pres sion medi ums ad dress dif fer ent as pects of the fire:

Wa ter sup presses the tem per a ture.

Soda acid and other dry pow ders sup press the fuel sup ply.

CO2 sup presses the oxy gen sup ply.

Halon sub sti tutes and other non flammable gases in ter fere with the chem istry of com bus tion and/or sup press the oxy gen sup ply.

297

FIG URE 10.2 The fire tri an gle

When se lect ing a sup pres sion medium, con sider what as pect of the fire tri an gle it ad dresses, what this re ally rep re sents, how ef fec tive the sup pres sion medium usu ally is, and what im pact the sup pres sion medium will ex ert on your en vi ron ment.

In ad di tion to un der stand ing the fire tri an gle, you should un der stand the stages of fire. Fires go through nu mer ous stages, and Fig ure 10.3 ad dresses the four most vi tal stages.

FIG URE 10.3 The four pri mary stages of fire

Stage 1: The In cip i ent Stage At this stage, there is only air ion iza tion but no smoke.

Stage 2: The Smoke Stage In Stage 2, smoke is vis i ble from the point of ig ni tion.

Stage 3: The Flame Stage This is when a flame can be seen with the naked eye.

Stage 4: The Heat Stage At Stage 4, the fire is con sid er ably fur ther down the timescale to the point where there is an in tense heat buildup and ev ery thing in the area burns.

The ear lier a fire is de tected, the eas ier it is to ex tin guish and the less dam age it and its sup pres sion medium(s) can cause.

298

One of the ba sics of fire man age ment is proper per son nel aware ness train ing. Ev ery one should be thor oughly fa mil iar with the fire sup pres sion mech a nisms in their fa cil ity. Ev ery one should also be fa mil iar with at least two evac u a tion routes from their pri mary work area and know how to lo cate evac u a tion routes else where in the fa cil ity. Per son nel should be trained in the lo ca tion and use of fire ex tin guish ers. Other items to in clude in fire or gen eral emer gency-re sponse train ing in clude car diopul monary re sus ci ta tion (CPR), emer gency shut down pro ce dures, and a pre-es tab lished ren dezvous lo ca tion or safety ver i fi ca tion mech a nism (such as voice mail).

Most fires in a dat a cen ter are caused by over loaded elec tri cal dis tri bu tion out lets.

Fire Ex tin guish ers

There are sev eral types of fire ex tin guish ers. Un der stand ing what type to use on var i ous forms of fire is es sen tial to ef fec tive fire sup pres sion. If a fire ex tin guisher is used im prop erly or the wrong form of fire ex tin guisher is used, the fire could spread and in ten sify in stead of be ing quenched. Fire ex tin guish ers are to be used only when a fire is still in the in cip i ent stage. Ta ble 10.2 lists the three com mon types of fire ex tin guish ers.

TA BLE 10.2 Fire ex tin guisher classes

Class Type Sup pres sion ma te rial A Com mon com bustibles Wa ter, soda acid (a dry pow der or liq uid chem i cal) B Liq uids CO2, halon*, soda acid C Elec tri cal CO2, halon* D Metal Dry pow der

* Halon or an EPA-ap proved halon sub sti tute

Wa ter can not be used on Class B fires be cause it splashes the burn ing liq uids and such

liq uids usu ally float on wa ter. Wa ter can not be used on Class C fires be cause of the po ten tial for elec tro cu tion. Oxy gen sup pres sion can not be used on metal fires be cause burn ing metal pro duces its own oxy gen.

Fire De tec tion Sys tems

To prop erly pro tect a fa cil ity from fire re quires in stalling an au to mated de tec tion and sup pres sion sys tem. There are many types of fire de tec tion sys tems. Fixed-tem per a ture de tec tion sys tems trig ger sup pres sion when a spe cific tem per a ture is reached. The trig ger is usu ally a metal or plas tic com po nent that is in the sprin kler head and melts at a spe cific tem per a ture. There is also a ver sion with a small glass vial con tain ing chem i cals that va por ize to over pres sur ize the con tainer at a spe cific tem per a ture. Rate-of-rise de tec tion sys tems trig ger sup pres sion when the speed at which the tem per a ture changes reaches a spe cific level. Flame- ac tu ated sys tems trig ger sup pres sion based on the in frared en ergy of flames. Smoke-ac tu ated sys tems use pho to elec tric or ra dioac tive ion iza tion sen sors as trig gers. In cip i ent smoke de tec tion sys tems, also known as as pi rat ing sen sors, are able to de tect the chem i cals typ i cally as so ci ated with the very early stages of com bus tion be fore a fire is oth er wise de tectible via other means.

Most fire-de tec tion sys tems can be linked to fire re sponse ser vice no ti fi ca tion mech a nisms. When sup pres sion is trig gered, such linked sys tems will con tact the lo cal fire re sponse team and re quest aid us ing an au to mated mes sage or alarm.

To be ef fec tive, fire de tec tors need to be placed strate gi cally. Don’t for get to place them in side dropped ceil ings and raised floors, in server rooms, in pri vate of fices and pub lic ar eas, in HVAC vents, in el e va tor shafts, in the base ment, and so on.

As for sup pres sion mech a nisms used, they can be based on wa ter or on a fire sup pres sion gas sys tem. Wa ter is com mon in hu man-friendly en vi ron ments, whereas gaseous sys tems are more ap pro pri ate for com puter rooms where per son nel typ i cally do not re side.

Wa ter Sup pres sion Sys tems

There are four main types of wa ter sup pres sion sys tems:

A wet pipe sys tem (also known as a closed head sys tem) is al ways full of wa ter. Wa ter dis charges im me di ately when sup pres sion is trig gered.

299

A dry pipe sys tem con tains com pressed air. Once sup pres sion is trig gered, the air es capes, open ing a wa ter valve that in turn causes the pipes to fill and dis charge wa ter into the en vi ron ment.

A del uge sys tem is an other form of dry pipe sys tem that uses larger pipes and there fore de liv ers a sig nif i cantly larger vol ume of wa ter. Del uge sys tems are in ap pro pri ate for en vi ron ments that con tain elec tron ics and com put ers.

A pre ac tion sys tem is a com bi na tion dry pipe/wet pipe sys tem. The sys tem ex ists as a dry pipe un til the ini tial stages of a fire (smoke, heat, and so on) are de tected, and then the pipes are filled with wa ter. The wa ter is re leased only af ter the sprin kler head ac ti va tion trig gers are melted by suf fi cient heat. If the fire is quenched be fore sprin klers are trig gered, pipes can be man u ally emp tied and re set. This also al lows man ual in ter ven tion to stop the re lease of wa ter be fore sprin kler trig ger ing oc curs.

Pre ac tion sys tems are the most ap pro pri ate wa ter-based sys tem for en vi ron ments that house both com put ers and hu mans to gether.

The most com mon cause of fail ure for a wa ter-based sys tem is hu man er ror, such as turn ing

off a wa ter source when a fire oc curs or trig ger ing wa ter re lease when there is no fire.

Gas Dis charge Sys tems

Gas dis charge sys tems are usu ally more ef fec tive than wa ter dis charge sys tems. How ever, gas dis charge sys tems should not be used in en vi ron ments in which peo ple are lo cated. Gas dis charge sys tems usu ally re move the oxy gen from the air, thus mak ing them haz ardous to per son nel. They em ploy a pres sur ized gaseous sup pres sion medium, such as CO2, halon, or FM-200 (a halon re place ment).

Halon is an ef fec tive fire sup pres sion com pound (it starves a fire of oxy gen by dis rupt ing the chem i cal re ac tion be tween oxy gen and com bustible ma te ri als), but it de grades into toxic gases at 900 de grees Fahren heit. Also, it is not en vi ron men tally friendly (it is an ozone-de plet ing sub stance). In 1994, the EPA banned the man u fac ture of halon in the United States. It is also il le gal to im port halon man u fac tured af ter 1994. (Pro duc tion of halon 1301, halon 1211, and halon 2403 ceased in de vel oped coun tries on De cem ber 31, 2003.) How ever, ac cord ing to the Mon treal Pro to col, you can ob tain halon by con tact ing a halon re cy cling fa cil ity. The EPA seeks to ex haust ex ist ing stocks of halon to take this sub stance out of cir cu la tion.

Ow ing to is sues with halon, it is of ten re placed by a more eco log i cally friendly and less toxic medium. The fol low ing list item izes var i ous EPA-ap proved sub sti tutes for halon (see http://www.epa.gov/ozone/snap/fire/halon reps.html for more in for ma tion):

FM-200 (HFC-227ea)

CEA-410 or CEA-308

NAF-S-III (HCFC Blend A)

FE-13 (HCFC-23)

Ar gon (IG55) or Ar gonite (IG01)

In er gen (IG541)

Aero-K (mi cro scopic potas sium com pounds in aerosol form)

You can also re place halon sub sti tutes with low-pres sure wa ter mists, but such sys tems are usu ally not em ployed in com puter rooms or elec tri cal equip ment stor age fa cil i ties. A low-pres sure wa ter mist is a va por cloud used to quickly re duce the tem per a ture in an area.

Dam age

Ad dress ing fire de tec tion and sup pres sion in cludes deal ing with pos si ble con tam i na tion and dam age caused by a fire. The de struc tive el e ments of a fire in clude smoke and heat, but they also in clude the sup pres sion me dia, such as wa ter or soda acid. Smoke is dam ag ing to most stor age de vices. Heat can dam age any elec tronic or com puter com po nent. For ex am ple, tem per a tures of 100 de grees Fahren heit can dam age stor age tapes, 175 de grees can dam age com puter hard ware (that is, cen tral pro cess ing unit [CPU] and ran dom-ac cess mem ber [RAM]), and 350 de grees can dam age pa per prod ucts (through warp ing and dis col oration).

Sup pres sion me dia can cause short cir cuits, ini ti ate cor ro sion, or oth er wise ren der equip ment use less. All these is sues must be ad dressed when de sign ing a fire re sponse sys tem.

300

Don’t for get that in the event of a fire, in ad di tion to dam age caused by the flames and your

cho sen sup pres sion medium, mem bers of the fire de part ment may in flict dam age us ing their hoses to spray wa ter and their axes while search ing for hot spots.

Im ple ment and Man age Phys i cal Se cu rity Many types of phys i cal ac cess con trol mech a nisms can be de ployed in an en vi ron ment to con trol, mon i tor,

and man age ac cess to a fa cil ity. These range from de ter rents to de tec tion mech a nisms. The var i ous sec tions, di vi sions, or ar eas within a site or fa cil ity should be clearly des ig nated as pub lic, pri vate, or re stricted. Each of these ar eas re quires unique and fo cused phys i cal ac cess con trols, mon i tor ing, and pre ven tion mech a nisms. The fol low ing sec tions dis cuss many such mech a nisms that may be used to sep a rate, iso late, and con trol ac cess to var i ous ar eas of a site, in clud ing perime ter and in ter nal se cu rity.

Perime ter Se cu rity Con trols

The ac ces si bil ity to the build ing or cam pus lo ca tion is also im por tant. Sin gle en trances are great for pro vid ing se cu rity, but mul ti ple en trances are bet ter for evac u a tion dur ing emer gen cies. What types of roads are nearby? What means of trans porta tion are eas ily ac ces si ble (trains, high way, air port, ship ping)? What about traf fic lev els through out the day?

Keep in mind that ac ces si bil ity is also con strained by the need for perime ter se cu rity. The needs of ac cess and use should meld and sup port the im ple men ta tion and op er a tion of perime ter se cu rity. The use of phys i cal ac cess con trols and mon i tor ing per son nel and equip ment en ter ing and leav ing as well as au dit ing/log ging all phys i cal events are key el e ments in main tain ing over all or ga ni za tional se cu rity.

Fences, Gates, Turn stiles, and Mantraps

A fence is a perime ter-defin ing de vice. Fences are used to clearly dif fer en ti ate be tween ar eas that are un der a spe cific level of se cu rity pro tec tion and those that aren’t. Fenc ing can in clude a wide range of com po nents, ma te ri als, and con struc tion meth ods. It can con sist of stripes painted on the ground, chain link fences, barbed wire, con crete walls, and even in vis i ble perime ters us ing laser, mo tion, or heat de tec tors. Var i ous types of fences are ef fec tive against dif fer ent types of in trud ers:

Fences 3 to 4 feet high de ter ca sual tres passers.

Fences 6 to 7 feet high are too hard to climb eas ily and de ter most in trud ers, ex cept de ter mined ones.

Fences 8 or more feet high with three strands of barbed wire de ter even de ter mined in trud ers.

A gate is a con trolled exit and en try point in a fence. The de ter rent level of a gate must be equiv a lent to the de ter rent level of the fence to sus tain the ef fec tive ness of the fence as a whole. Hinges and lock ing/clos ing mech a nisms should be hard ened against tam per ing, de struc tion, or re moval. When a gate is closed, it should not of fer any ad di tional ac cess vul ner a bil i ties. Keep the num ber of gates to a min i mum. They can be mon i tored by guards. When they’re not pro tected by guards, use of dogs or CCTV is rec om mended.

A turn stile (see Fig ure 10.4) is a form of gate that pre vents more than one per son at a time from gain ing en try and of ten re stricts move ment in one di rec tion. It is used to gain en try but not to exit, or vice versa. A turn stile is ba si cally the fenc ing equiv a lent of a se cured re volv ing door.

301

FIG URE 10.4 A se cure phys i cal bound ary with a mantrap and a turn stile

A mantrap is a dou ble set of doors that is of ten pro tected by a guard (also shown in Fig ure 10.4) or some other phys i cal lay out that pre vents pig gy back ing and can trap in di vid u als at the dis cre tion of se cu rity per son nel. The pur pose of a mantrap is to im mo bi lize a sub ject un til their iden tity and au then ti ca tion is ver i fied. If a sub ject is au tho rized for en try, the in ner door opens, al low ing en try into the fa cil ity or onto the premises. If a sub ject is not au tho rized, both doors re main closed and locked un til an es cort (typ i cally a guard or a po lice of fi cer) ar rives to es cort the sub ject off the prop erty or ar rest the sub ject for tres pass ing (this is called a de lay fea ture). Of ten a mantrap in cludes a scale to pre vent pig gy back ing or tail gat ing.

An other key el e ment of phys i cal se cu rity, es pe cially for data cen ters, gov ern ment fa cil i ties, and highly se cure or ga ni za tions, is se cu rity bol lards, which pre vent ve hi cles from ram ming ac cess points. These can be per ma nently fixed in place or au to mat i cally rise from their in stalled base at a fixed time or an alert. They are of ten dis guised as planters or other ar chi tec tural el e ments.

Light ing

Light ing is a com monly used form of perime ter se cu rity con trol. The pri mary pur pose of light ing is to dis cour age ca sual in trud ers, tres passers, prowlers, or would-be thieves who would rather per form their mis deeds in the dark. How ever, light ing is not a strong de ter rent. It should not be used as the pri mary or sole pro tec tion mech a nism ex cept in ar eas with a low threat level.

Light ing should not il lu mi nate the po si tions of guards, dogs, pa trol posts, or other sim i lar se cu rity el e ments. It should be com bined with guards, dogs, CCTV, or some other form of in tru sion de tec tion or sur veil lance mech a nism. Light ing must not cause a nui sance or prob lem for nearby res i dents, roads, rail ways, air ports, and so on. It should also never cause glare or re flec tive dis trac tion to guards, dogs, and mon i tor ing equip ment, which could oth er wise aid at tack ers dur ing break-in at tempts.

It is gen er ally ac cepted as a de facto stan dard that light ing used for perime ter pro tec tion should il lu mi nate crit i cal ar eas with 2 foot-can dles of power. An other com mon is sue for the use of light ing is the place ment of the lights. Stan dards seem to in di cate that light poles should be placed the same dis tance apart as the di am e ter of the il lu mi nated area cre ated by il lu mi na tion el e ments. Thus, if a lighted area is 40 feet in di am e ter, poles should be 40 feet apart.

Se cu rity Guards and Dogs

All phys i cal se cu rity con trols, whether static de ter rents or ac tive de tec tion and sur veil lance mech a nisms, ul ti mately rely on per son nel to in ter vene and stop ac tual in tru sions and at tacks. Se cu rity guards ex ist to ful fill this need. Guards can be posted around a perime ter or in side to mon i tor ac cess points or watch de tec tion and sur veil lance mon i tors. The real ben e fit of guards is that they are able to adapt and re act to var i ous con di tions or sit u a tions. Guards can learn and rec og nize at tack and in tru sion ac tiv i ties and pat terns, can ad just to a chang ing en vi ron ment, and can make de ci sions and judg ment calls. Se cu rity guards are of ten an ap pro pri ate se cu rity con trol when im me di ate sit u a tion han dling and de ci sion mak ing on site is nec es sary.

Un for tu nately, us ing se cu rity guards is not a per fect so lu tion. There are nu mer ous dis ad van tages to de ploy ing, main tain ing, and re ly ing on se cu rity guards. Not all en vi ron ments and fa cil i ties sup port se cu rity guards. This may be be cause of ac tual hu man in com pat i bil ity or the lay out, de sign, lo ca tion, and con struc tion of the fa cil ity. Not all se cu rity guards are them selves re li able. Pre screen ing, bond ing, and train ing do not guar an tee that you won’t end up with an in ef fec tive or un re li able se cu rity guard.

302

Even if a guard is ini tially re li able, guards are sub ject to phys i cal in jury and ill ness, take va ca tions, can be come dis tracted, are vul ner a ble to so cial en gi neer ing, and may be come un em ploy able be cause of sub stance abuse. In ad di tion, se cu rity guards usu ally of fer pro tec tion only up to the point at which their life is en dan gered. Ad di tion ally, se cu rity guards are usu ally un aware of the scope of the op er a tions within a fa cil ity and are there fore not thor oughly equipped to know how to re spond to ev ery sit u a tion. Fi nally, se cu rity guards are ex pen sive.

Guard dogs can be an al ter na tive to se cu rity guards. They can of ten be de ployed as a perime ter se cu rity con trol. As a de tec tion and de ter rent, dogs are ex tremely ef fec tive. How ever, dogs are costly, re quire a high level of main te nance, and im pose se ri ous in sur ance and li a bil ity re quire ments.

 De ploy ing Phys i cal Ac cess Con trols

In the real world, you will de ploy mul ti ple lay ers of phys i cal ac cess con trols to man age the traf fic of au tho rized and unau tho rized in di vid u als within your fa cil ity. The out er most layer will be light ing. The en tire outer perime ter of your site should be clearly lit. This en ables easy iden ti fi ca tion of per son nel and makes it eas ier to no tice in tru sions and in tim i date po ten tial in trud ers. Just in side the lighted area, place a fence or wall de signed to pre vent in tru sion. Spe cific con trolled points along that fence or wall should be points for en try or exit. These should have gates, turn stiles, or mantraps all mon i tored by CCTV and se cu rity guards. Also bol lards can be used to pre vent ram ming of ac cess points with ve hi cles. Iden ti fi ca tion and au then ti ca tion should be re quired at all en try points be fore en trance is granted.

Within the fa cil ity, ar eas of dif fer ent sen si tiv ity or con fi den tial ity lev els should be dis tinctly sep a rated and com part men tal ized. This is es pe cially true for pub lic ar eas and ar eas ac ces si ble to vis i tors. An ad di tional iden ti fi ca tion/au then ti ca tion process to val i date the need to en ter should be re quired when any one moves from one area to an other. The most sen si tive re sources and sys tems should be iso lated from all but the most priv i leged per son nel and lo cated at the cen ter or core of the fa cil ity.

In ter nal Se cu rity Con trols If a fa cil ity em ploys re stricted ar eas to con trol phys i cal se cu rity, a mech a nism to han dle vis i tors is

re quired. Of ten an es cort is as signed to vis i tors, and their ac cess and ac tiv i ties are mon i tored closely. Fail ing to track the ac tions of out siders when they are al lowed into a pro tected area can re sult in ma li cious ac tiv ity against the most pro tected as sets. Vis i tor con trol can also ben e fit from the use of keys, com bi na tion locks, badges, mo tion de tec tors, in tru sion alarms, and more.

Keys and Com bi na tion Locks

Locks keep closed doors closed. They are de signed and de ployed to pre vent ac cess to ev ery one with out proper au tho riza tion. A lock is a crude form of an iden ti fi ca tion and au tho riza tion mech a nism. If you pos sess the cor rect key or com bi na tion, you are con sid ered au tho rized and per mit ted en try. Key-based locks are the most com mon and in ex pen sive forms of phys i cal ac cess con trol de vices. These are of ten known as pre set locks. These types of locks are sub ject to pick ing, which is of ten cat e go rized un der a class of lock mech a nism at tacks called shim ming.

 Us ing Locks

Keys or com bi na tion locks—which do you choose and for what pur poses?

Ul ti mately, there will al ways be for get ful users. Elise con stantly for gets her com bi na tion, and Fran cis can never re mem ber to bring his se cu rity key card to work. Gino main tains a pes simistic out look in his ad min is tra tive style, so he’s keen on putting com bi na tions and key card ac cesses in all the right places.

Un der what cir cum stances or con di tions might you em ploy a com bi na tion lock, and where might you in stead opt for a key or key card? What op tions put you at greater risk of loss if some one dis cov ers the com bi na tion or finds the key? Can you be cer tain that these sin gle points of fail ure do not sig nif i cantly pose a risk to the pro tected as sets?

Many or ga ni za tions typ i cally uti lize sep a rate forms of key or com bi na tion ac cesses through out sev eral ar eas of the fa cil ity. Key and key card ac cess is granted at se lect shared en try points (ex te rior ac cess into the build ing, ac cess into in te rior rooms), and com bi na tion locks con trol ac cess to in di vid ual en try points (stor age lock ers, file cab i nets, and so on).

303

Pro gram mable or com bi na tion locks of fer a broader range of con trol than pre set locks. Some pro gram mable locks can be con fig ured with mul ti ple valid ac cess com bi na tions or may in clude dig i tal or elec tronic con trols em ploy ing key pads, smart cards, or ci pher de vices. For in stance, an elec tronic ac cess con trol (EAC) lock in cor po rates three el e ments: an elec tro mag net to keep the door closed, a cre den tial reader to au then ti cate sub jects and to dis able the elec tro mag net, and a sen sor to reen gage the elec tro mag net when the door is closed.

Locks serve as an al ter na tive to se cu rity guards as a perime ter en trance ac cess con trol de vice. A gate or door can be opened and closed to al low ac cess by a se cu rity guard who ver i fies your iden tity be fore grant ing ac cess, or the lock it self can serve as the ver i fi ca tion de vice that also grants or re stricts en try.

Badges

Badges, iden ti fi ca tion cards, and se cu rity IDs are forms of phys i cal iden ti fi ca tion and/or elec tronic ac cess con trol de vices. A badge can be as sim ple as a name tag in di cat ing whether you are a valid em ployee or a vis i tor. Or it can be as com plex as a smart card or to ken de vice that em ploys mul ti fac tor au then ti ca tion to ver ify and prove your iden tity and pro vide au then ti ca tion and au tho riza tion to ac cess a fa cil ity, spe cific rooms, or se cured work sta tions. Badges of ten in clude pic tures, mag netic strips with en coded data, and per sonal de tails to help a se cu rity guard ver ify iden tity.

Badges can be used in en vi ron ments in which phys i cal ac cess is pri mar ily con trolled by se cu rity guards. In such con di tions, the badge serves as a vis ual iden ti fi ca tion tool for the guards. They can ver ify your iden tity by com par ing your pic ture to your per son and con sult a printed or elec tronic ros ter of au tho rized per son nel to de ter mine whether you have valid ac cess.

Badges can also serve in en vi ron ments guarded by scan ning de vices rather than se cu rity guards. In such con di tions, a badge can be used ei ther for iden ti fi ca tion or for au then ti ca tion. When a badge is used for iden ti fi ca tion, it is swiped in a de vice, and then the badge owner must pro vide one or more au then ti ca tion fac tors, such as a pass word, passphrase, or bi o log i cal trait (if a bio met ric de vice is used). When a badge is used for au then ti ca tion, the badge owner pro vides an ID, user name, and so on and then swipes the badge to au then ti cate.

Mo tion De tec tors

A mo tion de tec tor, or mo tion sen sor, is a de vice that senses move ment or sound in a spe cific area. Many types of mo tion de tec tors ex ist, in clud ing in frared, heat, wave pat tern, ca pac i tance, pho to elec tric, and pas sive au dio.

An in frared mo tion de tec tor mon i tors for sig nif i cant or mean ing ful changes in the in frared light ing pat tern of a mon i tored area.

A heat-based mo tion de tec tor mon i tors for sig nif i cant or mean ing ful changes in the heat lev els and pat terns in a mon i tored area.

A wave pat tern mo tion de tec tor trans mits a con sis tent low ul tra sonic or high mi crowave fre quency sig nal into a mon i tored area and mon i tors for sig nif i cant or mean ing ful changes or dis tur bances in the re flected pat tern.

A ca pac i tance mo tion de tec tor senses changes in the elec tri cal or mag netic field sur round ing a mon i tored ob ject.

A pho to elec tric mo tion de tec tor senses changes in vis i ble light lev els for the mon i tored area. Pho to elec tric mo tion de tec tors are usu ally de ployed in in ter nal rooms that have no win dows and are kept dark.

A pas sive au dio mo tion de tec tor lis tens for ab nor mal sounds in the mon i tored area.

In tru sion Alarms

When ever a mo tion de tec tor reg is ters a sig nif i cant or mean ing ful change in the en vi ron ment, it trig gers an alarm. An alarm is a sep a rate mech a nism that trig gers a de ter rent, a re pel lent, and/or a no ti fi ca tion.

De ter rent Alarms Alarms that trig ger de ter rents may en gage ad di tional locks, shut doors, and so on. The goal of such an alarm is to make fur ther in tru sion or at tack more dif fi cult.

Re pel lant Alarms Alarms that trig ger re pel lants usu ally sound an au dio siren or bell and turn on lights. These kinds of alarms are used to dis cour age in trud ers or at tack ers from con tin u ing their ma li cious or tres pass ing ac tiv i ties and force them off the premises.

No ti fi ca tion Alarms Alarms that trig ger no ti fi ca tion are of ten silent from the in truder/at tacker per spec tive but record data about the in ci dent and no tify ad min is tra tors, se cu rity guards, and law en force ment. A record ing of an in ci dent can take the form of log files and/or CCTV tapes. The pur pose of a silent alarm is to bring au tho rized se cu rity per son nel to the lo ca tion of the in tru sion or at tack in hopes of catch ing the per son(s) com mit ting the un wanted or unau tho rized acts.

304

Alarms are also cat e go rized by where they are lo cated: lo cal, cen tral ized or pro pri etary, or aux il iary.

Lo cal Alarm Sys tem Lo cal alarm sys tems must broad cast an au di ble (up to 120 deci bel [db]) alarm sig nal that can be eas ily heard up to 400 feet away. Ad di tion ally, they must be pro tected from tam per ing and dis able ment, usu ally by se cu rity guards. For a lo cal alarm sys tem to be ef fec tive, there must be a se cu rity team or guards po si tioned nearby who can re spond when the alarm is trig gered.

Cen tral Sta tion Sys tem The alarm is usu ally silent lo cally, but off site mon i tor ing agents are no ti fied so they can re spond to the se cu rity breach. Most res i den tial se cu rity sys tems are of this type. Most cen tral sta tion sys tems are well-known or na tional se cu rity com pa nies, such as Brinks and ADT. A pro pri etary sys tem is sim i lar to a cen tral sta tion sys tem, but the host or ga ni za tion has its own on site se cu rity staff wait ing to re spond to se cu rity breaches.

Aux il iary Sta tion Aux il iary alarm sys tems can be added to ei ther lo cal or cen tral ized alarm sys tems. When the se cu rity perime ter is breached, emer gency ser vices are no ti fied to re spond to the in ci dent and ar rive at the lo ca tion. This could in clude fire, po lice, and med i cal ser vices.

Two or more of these types of in tru sion and alarm sys tems can be in cor po rated in a sin gle so lu tion.

Sec ondary Ver i fi ca tion Mech a nisms

When mo tion de tec tors, sen sors, and alarms are used, sec ondary ver i fi ca tion mech a nisms should be in place. As the sen si tiv ity of these de vices in creases, false trig gers oc cur more of ten. In nocu ous events such as the pres ence of an i mals, birds, bugs, or au tho rized per son nel can trig ger false alarms. De ploy ing two or more de tec tion and sen sor sys tems and re quir ing two or more trig gers in quick suc ces sion to oc cur be fore an alarm is is sued may sig nif i cantly re duce false alarms and in crease the like li hood that alarms in di cate ac tual in tru sions or at tacks.

CCTV is a se cu rity mech a nism re lated to mo tion de tec tors, sen sors, and alarms. How ever, CCTV is not an au to mated de tec tion-and-re sponse sys tem. CCTV re quires per son nel to watch the cap tured video to de tect sus pi cious and ma li cious ac tiv i ties and to trig ger alarms. Se cu rity cam eras can ex pand the ef fec tive vis i ble range of a se cu rity guard, there fore in creas ing the scope of the over sight. In many cases, CCTV is not used as a pri mary de tec tion tool be cause of the high cost of pay ing a per son to sit and watch the video screens. In stead, it is used as a sec ondary or fol low-up mech a nism that is re viewed af ter a trig ger from an au to mated sys tem oc curs. In fact, the same logic used for au dit ing and au dit trails is used for CCTV and recorded events. A CCTV is a pre ven tive mea sure, whereas re view ing recorded events is a de tec tive mea sure.

 Sec ondary Ver i fi ca tion

As il lus trated in the pre vi ous real-world sce nario, Gino was at con stant risk of se cu rity breaches be cause Elise is con stantly for get ting (and there fore writes down) ev ery pass word, whereas Fran cis is ha bit u ally for get ful about the lo ca tion of his key card. What hap pens when some one else comes into pos ses sion of ei ther of these items and has knowl edge of how or where to use them?

Gino’s big gest ad van tage will be any sec ondary ver i fi ca tion mech a nisms he has es tab lished in the work place. This may in clude a CCTV sys tem that iden ti fies the face of the per son who uses a key card for ac cess or in puts a com bi na tion in some area des ig nated un der sur veil lance. Even video tape logs of ingress and egress through check points can be help ful when it comes to chas ing down ac ci den tal or de lib er ate ac cess abuses.

With known “prob lem users” or “prob lem iden ti ties,” many se cu rity sys tems can is sue no ti fi ca tions or alerts when those iden ti ties are used. De pend ing on the sys tems that are avail able, and the risks that unau tho rized ac cess could pose, hu man fol low-up may or may not be war ranted. But any time Elise (or some body who uses that iden tity) logs onto a sys tem or any time Fran cis’s key card is used, a float ing or rov ing se cu rity guard could be dis patched to en sure that ev ery thing is on the up-and-up. Of course, it’s prob a bly also a good idea to have Elise’s and Fran cis’s man agers coun sel them on the ap pro pri ate use (and stor age) of pass words and key cards, just to make sure they un der stand the po ten tial risks in volved too.

En vi ron ment and Life Safety

An im por tant as pect of phys i cal ac cess con trol and main tain ing the se cu rity of a fa cil ity is pro tect ing the ba sic el e ments of the en vi ron ment and pro tect ing hu man life. In all cir cum stances and un der all con di tions, the most im por tant as pect of se cu rity is pro tect ing peo ple. Thus, pre vent ing harm to peo ple is the most im por tant goal for all se cu rity so lu tions.

Part of main tain ing safety for per son nel is main tain ing the ba sic en vi ron ment of a fa cil ity. For short pe ri ods of time, peo ple can sur vive with out wa ter, food, air con di tion ing, and power. But in some cases, the

305

loss of these el e ments can have dis as trous re sults, or they can be symp toms of more im me di ate and dan ger ous prob lems. Flood ing, fires, re lease of toxic ma te ri als, and nat u ral dis as ters all threaten hu man life as well as the sta bil ity of a fa cil ity. Phys i cal se cu rity pro ce dures should fo cus on pro tect ing hu man life and then on restor ing the safety of the en vi ron ment and restor ing the util i ties nec es sary for the IT in fra struc ture to func tion.

Peo ple should al ways be your top pri or ity. Only af ter per son nel are safe can you con sider ad dress ing busi ness con ti nu ity. Many or ga ni za tions adopt oc cu pant emer gency plans (OEPs) to guide and as sist with sus tain ing per son nel safety in the wake of a dis as ter. The OEP pro vides guid ance on how to min i mize threats to life, pre vent in jury, man age duress, han dle travel, pro vide for safety mon i tor ing, and pro tect prop erty from dam age due to a de struc tive phys i cal event. The OEP does not ad dress IT is sues or busi ness con ti nu ity, just per son nel and gen eral prop erty. The busi ness con ti nu ity plan (BCP) and dis as ter re cov ery plan (DRP) ad dress IT and busi ness con ti nu ity and re cov ery is sues.

Pri vacy Re spon si bil i ties and Le gal Re quire ments

The safety of per sonal in for ma tion also needs to be ad dressed in any or ga ni za tion’s se cu rity pol icy. In ad di tion, the se cu rity pol icy must con form to the reg u la tory re quire ments of the in dus try and ju ris dic tions in which it is ac tive.

Pri vacy means pro tect ing per sonal in for ma tion from dis clo sure to any unau tho rized in di vid ual or en tity. In to day’s on line world, the line be tween pub lic and pri vate in for ma tion is of ten blurry. For ex am ple, is in for ma tion about your web-surf ing habits pri vate or pub lic? Can that in for ma tion be gath ered legally with out your con sent? And can the gath er ing or ga ni za tion sell that in for ma tion for a profit that you don’t share in? In ad di tion, your per sonal in for ma tion in cludes more than in for ma tion about your on line habits; it also in cludes who you are (name, ad dress, phone, race, re li gion, age, and so on), your health and med i cal records, your fi nan cial records, and even your crim i nal or le gal records. In gen eral such in for ma tion falls un der the head ing of per son ally iden ti fi able in for ma tion (PII), as de scribed in the Na tional In sti tute of Stan dards and Tech nol ogy (NIST) pub li ca tion Guide to Pro tect ing the Con fi den tial ity of Per son ally Iden ti fi able In for ma tion (PII), avail able on line at https://csrc.nist.gov/pub li ca tions/de tail/sp/800-122/fi nal.

Deal ing with pri vacy is a re quire ment for any or ga ni za tion that has em ploy ees. Thus, pri vacy is a cen tral is sue for all or ga ni za tions. Pro tec tion of pri vacy should be a core mis sion or goal set forth in the se cu rity pol icy for any or ga ni za tion.

The Gen eral Data Pro tec tion Reg u la tion (GDPR) Reg u la tion (EU) 2016/679 is an EU reg u la tion fo cused on the pro tec tion of cit i zens and their rights and con trol over their per sonal data. While the United States does not have an equiv a lent set of laws pro tect ing U.S. cit i zens, many U.S. com pa nies adopt some of the GDPR el e ments in or der to at tract and main tain em ploy ees and cus tomers as well as gain the abil ity to op er ate in EU coun tries.

The GDPR and many other per son nel pri vacy is sues are dis cussed at greater length in Chap ter 4, “Laws, Reg u la tions, and Com pli ance.”

Reg u la tory Re quire ments

Ev ery or ga ni za tion op er ates within a cer tain in dus try and ju ris dic tion. Both of these en ti ties (and pos si bly ad di tional ones) im pose le gal re quire ments, re stric tions, and reg u la tions on the prac tices of or ga ni za tions that fall within their realm. These le gal re quire ments can ap ply to li censed use of soft ware, hir ing re stric tions, han dling of sen si tive ma te ri als, and com pli ance with safety reg u la tions.

Com ply ing with all ap pli ca ble le gal re quire ments is a key part of sus tain ing se cu rity. The le gal re quire ments for an in dus try and a coun try (and of ten also a state and city) must be con sid ered a base line or foun da tion on which the re main der of the se cu rity in fra struc ture is built.

Sum mary If you don’t have con trol over the phys i cal en vi ron ment, no amount of ad min is tra tive or tech ni cal/log i cal

ac cess con trols can pro vide ad e quate se cu rity. If a ma li cious per son gains phys i cal ac cess to your fa cil ity or equip ment, they own it.

Sev eral el e ments are in volved in im ple ment ing and main tain ing phys i cal se cu rity. One core el e ment is se lect ing or de sign ing the fa cil ity to house your IT in fra struc ture and the op er a tions of your or ga ni za tion. You must start with a plan that out lines the se cu rity needs for your or ga ni za tion and em pha sizes meth ods or mech a nisms to em ploy to pro vide such se cu rity. Such a plan is de vel oped through a process known as crit i cal path anal y sis.

The se cu rity con trols im ple mented to man age phys i cal se cu rity can be di vided into three groups: ad min is tra tive, tech ni cal, and phys i cal. Ad min is tra tive phys i cal se cu rity con trols in clude fa cil ity con struc tion and se lec tion, site man age ment, per son nel con trols, aware ness train ing, and emer gency re sponse and

306

pro ce dures. Tech ni cal phys i cal se cu rity con trols in clude ac cess con trols, in tru sion de tec tion, alarms, CCTV, mon i tor ing, HVAC, power sup plies, and fire de tec tion and sup pres sion. Ex am ples of phys i cal con trols for phys i cal se cu rity in clude fenc ing, light ing, locks, con struc tion ma te ri als, mantraps, dogs, and guards.

There are many types of phys i cal ac cess con trol mech a nisms that can be de ployed in an en vi ron ment to con trol, mon i tor, and man age ac cess to a fa cil ity. These range from de ter rents to de tec tion mech a nisms. They can be fences, gates, turn stiles, mantraps, light ing, se cu rity guards, se cu rity dogs, key locks, com bi na tion locks, badges, mo tion de tec tors, sen sors, and alarms.

The tech ni cal con trols most of ten em ployed as ac cess con trol mech a nisms to man age phys i cal ac cess in clude smart/dumb cards and bio met rics. In ad di tion to ac cess con trol, phys i cal se cu rity mech a nisms can take the form of au dit trails, ac cess logs, and in tru sion de tec tion sys tems.

Wiring clos ets and server rooms are im por tant in fra struc ture el e ments that re quire pro tec tion. They of ten house core net work ing de vices and other sen si tive equip ment. Pro tec tions in clude ad e quate locks, sur veil lance, ac cess con trol, and reg u lar phys i cal in spec tions.

Me dia stor age se cu rity should in clude a li brary check out sys tem, stor age in a locked cab i net or safe, and san i ti za tion of re us able me dia.

An im por tant as pect of phys i cal ac cess con trol and main tain ing the se cu rity of a fa cil ity is pro tect ing the ba sic el e ments of the en vi ron ment and pro tect ing hu man life. In all cir cum stances and un der all con di tions, the most im por tant goal of se cu rity is pro tect ing peo ple. Pre vent ing harm is the ut most goal of all se cu rity so lu tions. Pro vid ing clean power sources and man ag ing the en vi ron ment are also im por tant.

Fire de tec tion and sup pres sion must not be over looked. In ad di tion to pro tect ing peo ple, fire de tec tion and sup pres sion is de signed to keep dam age caused by fire, smoke, heat, and sup pres sion ma te ri als to a min i mum, es pe cially in re gard to the IT in fra struc ture.

Peo ple should al ways be your top pri or ity. Only af ter per son nel are safe can you con sider ad dress ing busi ness con ti nu ity.

Exam Es sen tials Un der stand why there is no se cu rity with out phys i cal se cu rity. With out con trol over the phys i cal

en vi ron ment, no amount of ad min is tra tive or tech ni cal/log i cal ac cess con trols can pro vide ad e quate se cu rity. If a ma li cious per son can gain phys i cal ac cess to your fa cil ity or equip ment, they can do just about any thing they want, from de struc tion to dis clo sure and al ter ation.

Be able to list ad min is tra tive phys i cal se cu rity con trols. Ex am ples of ad min is tra tive phys i cal se cu rity con trols are fa cil ity con struc tion and se lec tion, site man age ment, per son nel con trols, aware ness train ing, and emer gency re sponse and pro ce dures.

Be able to list the tech ni cal phys i cal se cu rity con trols. Tech ni cal phys i cal se cu rity con trols can be ac cess con trols, in tru sion de tec tion, alarms, CCTV, mon i tor ing, HVAC, power sup plies, and fire de tec tion and sup pres sion.

Be able to name the phys i cal con trols for phys i cal se cu rity. Phys i cal con trols for phys i cal se cu rity are fenc ing, light ing, locks, con struc tion ma te ri als, mantraps, dogs, and guards.

Know the func tional or der of con trols. These are de ter rence, then de nial, then de tec tion, and then de lay.

Know the key el e ments in mak ing a site se lec tion and de sign ing a fa cil ity for con struc tion. The key el e ments in mak ing a site se lec tion are vis i bil ity, com po si tion of the sur round ing area, area ac ces si bil ity, and the ef fects of nat u ral dis as ters. A key el e ment in de sign ing a fa cil ity for con struc tion is un der stand ing the level of se cu rity needed by your or ga ni za tion and plan ning for it be fore con struc tion be gins.

Know how to de sign and con fig ure se cure work ar eas. There should not be equal ac cess to all lo ca tions within a fa cil ity. Ar eas that con tain as sets of higher value or im por tance should have re stricted ac cess. Valu able and con fi den tial as sets should be lo cated in the heart or cen ter of pro tec tion pro vided by a fa cil ity. Also, cen tral ized server or com puter rooms need not be hu man com pat i ble.

Un der stand the se cu rity con cerns of a wiring closet. A wiring closet is where the net work ing ca bles for a whole build ing or just a floor are con nected to other es sen tial equip ment, such as patch pan els, switches, routers, LAN ex ten ders, and back bone chan nels. Most of the se cu rity for a wiring closet fo cuses on pre vent ing phys i cal unau tho rized ac cess. If an unau tho rized in truder gains ac cess to the area, they may be able to steal equip ment, pull or cut ca bles, or even plant a lis ten ing de vice.

Un der stand how to han dle vis i tors in a se cure fa cil ity. If a fa cil ity em ploys re stricted ar eas to con trol phys i cal se cu rity, then a mech a nism to han dle vis i tors is re quired. Of ten an es cort is as signed to

307

vis i tors, and their ac cess and ac tiv i ties are mon i tored closely. Fail ing to track the ac tions of out siders when they are granted ac cess to a pro tected area can re sult in ma li cious ac tiv ity against the most pro tected as sets.

Know the three cat e gories of se cu rity con trols im ple mented to man age phys i cal se cu rity and be able to name ex am ples of each. The se cu rity con trols im ple mented to man age phys i cal se cu rity can be di vided into three groups: ad min is tra tive, tech ni cal, and phys i cal. Un der stand when and how to use each, and be able to list ex am ples of each kind.

Un der stand se cu rity needs for me dia stor age. Me dia stor age fa cil i ties should be de signed to se curely store blank me dia, re us able me dia, and in stal la tion me dia. The con cerns in clude theft, cor rup tion, and data rem nant re cov ery. Me dia stor age fa cil ity pro tec tions in clude locked cab i nets or safes, us ing a li brar ian/cus to dian, im ple ment ing a check-in/check-out process, and us ing me dia san i ti za tion.

Un der stand the con cerns of ev i dence stor age. Ev i dence stor age is used to re tain logs, drive im ages, vir tual ma chine snap shots, and other datasets for re cov ery, in ter nal in ves ti ga tions, and foren sic in ves ti ga tions. Pro tec tions in clude ded i cated/iso lated stor age fa cil i ties, off line stor age, ac tiv ity track ing, hash man age ment, ac cess re stric tions, and en cryp tion.

Know the com mon threats to phys i cal ac cess con trols. No mat ter what form of phys i cal ac cess con trol is used, a se cu rity guard or other mon i tor ing sys tem must be de ployed to pre vent abuse, mas querad ing, and pig gy back ing. Abuses of phys i cal ac cess con trol in clude prop ping open se cured doors and by pass ing locks or ac cess con trols. Mas querad ing is us ing some one else’s se cu rity ID to gain en try to a fa cil ity. Pig gy back ing is fol low ing some one through a se cured gate or door way with out be ing iden ti fied or au tho rized per son ally.

Un der stand the need for au dit trails and ac cess logs. Au dit trails and ac cess logs are use ful tools even for phys i cal ac cess con trol. They may need to be cre ated man u ally by se cu rity guards. Or they can be gen er ated au to mat i cally if suf fi ciently au to mated ac cess con trol mech a nisms are in place (in other words, smart cards and cer tain prox im ity read ers). You should also con sider mon i tor ing en try points with CCTV. Through CCTV, you can com pare the au dit trails and ac cess logs with a vis ually recorded his tory of the events. Such in for ma tion is crit i cal to re con struct ing the events of an in tru sion, breach, or at tack.

Un der stand the need for clean power. Power sup plied by elec tric com pa nies is not al ways con sis tent and clean. Most elec tronic equip ment de mands clean power in or der to func tion prop erly. Equip ment dam age be cause of power fluc tu a tions is a com mon oc cur rence. Many or ga ni za tions opt to man age their own power through sev eral means. A UPS is a type of self-charg ing bat tery that can be used to sup ply con sis tent clean power to sen si tive equip ment. UPSs also pro vide con tin u ous power even af ter the pri mary power source fails. A UPS can con tinue to sup ply power for min utes or hours de pend ing on its ca pac ity and the draw by equip ment.

Know the terms com monly as so ci ated with power is sues. Know the def i ni tions of the fol low ing: fault, black out, sag, brownout, spike, surge, in rush, noise, tran sient, clean, and ground.

Un der stand how to con trol the en vi ron ment. In ad di tion to power con sid er a tions, main tain ing the en vi ron ment in volves con trol over the HVAC mech a nisms. Rooms con tain ing pri mar ily com put ers should be kept at 60 to 75 de grees Fahren heit (15 to 23 de grees Cel sius). Hu mid ity in a com puter room should be main tained be tween 40 and 60 per cent. Too much hu mid ity can cause cor ro sion. Too lit tle hu mid ity causes static elec tric ity.

Know about static elec tric ity. Even on non static car pet ing, if the en vi ron ment has low hu mid ity it is still pos si ble to gen er ate 20,000-volt static dis charges. Even min i mal lev els of static dis charge can de stroy elec tronic equip ment.

Un der stand the need to man age wa ter leak age and flood ing. Wa ter leak age and flood ing should be ad dressed in your en vi ron men tal safety pol icy and pro ce dures. Plumb ing leaks are not an ev ery day oc cur rence, but when they oc cur, they of ten cause sig nif i cant dam age. Wa ter and elec tric ity don’t mix. If your com puter sys tems come in con tact with wa ter, es pe cially while they are op er at ing, dam age is sure to oc cur. When ever pos si ble, lo cate server rooms and crit i cal com puter equip ment away from any wa ter source or trans port pipes.

Un der stand the im por tance of fire de tec tion and sup pres sion. Fire de tec tion and sup pres sion must not be over looked. Pro tect ing per son nel from harm should al ways be the most im por tant goal of any se cu rity or pro tec tion sys tem. In ad di tion to pro tect ing peo ple, fire de tec tion and sup pres sion is de signed to keep dam age caused by fire, smoke, heat, and sup pres sion ma te ri als to a min i mum, es pe cially in re gard to the IT in fra struc ture.

Un der stand the pos si ble con tam i na tion and dam age caused by a fire and sup pres sion. The de struc tive el e ments of a fire in clude smoke and heat but also the sup pres sion medium, such as wa ter or soda acid. Smoke is dam ag ing to most stor age de vices. Heat can dam age any elec tronic or com puter com po nent. Sup pres sion medi ums can cause short cir cuits, ini ti ate cor ro sion, or oth er wise ren der equip ment use less. All of these is sues must be ad dressed when de sign ing a fire re sponse sys tem.