PHYSICAL SECURITY
raj9999Chapter 10 Physical Security Requirements
Apply Secure Principles to Site and Facility Design
Secure Facility Plan
Site Selection
Visibility
Natural Disasters
Facility Design
overview
Secure Facility Plan
Critical path analysis
Security for basic requirements
Technology convergence
Include security staff in design considerations
Site Selection
Cost
Location
Size
Security requirements
Pre-existing structure or custom construction
Proximity to others
Weather conditions
Visibility
Surrounding terrain
Vehicle and foot traffic
Residential, business, or industrial area
Line of sight
Crime rate
Emergency services
Unique local hazards
Natural Disasters
Common local natural disasters
Severe weather patterns
Protection for workers and assets
Facility Design
Based on level of security needs
Combustibility, fire rating
Construction materials
Load rating
Intrusion, emergency access, resistance to entry
Security architecture
Crime Prevention through Environmental Design (CPTED)
Implement Site and Facility Security Controls
Design concepts
Equipment failure
Wiring closets
Cable plant management policy
Server rooms/data centers
Media storage facilities
Evidence storage
Restricted and work area security
Utilities and HVAC considerations
Water issues
Fire prevention, detection, and suppression
overview
Design Concepts
Administrative physical security controls
Technical physical security controls
Physical controls for physical security
Corporate vs. personal property
Deterrence
Denial
Detection
Delay
Equipment Failure
Failure is inevitible
Purchase replacement parts as needed
Onsite replacement warehousing
SLA with vendors
MTTF
MTTR
MTBF
Wiring Closets
Premises wire distribution room
Intermediate distribution facilities (IDF)
Prevent physical unauthorized access
Do not use as general storage
Do not store flammable materials
Use video surveillance
Perform regular physical inspections
Cable Plant Management Policy
Entrance facility
Equipment room
Backbone distribution system
Telecommunications room
Horizontal distribution system
Server Rooms/Data Centers
Need not be human compatible
Locate in core of building
One hour minimum fire rating for walls
Physical access control:
Smartcards, proximity readers, IDS
Access abuses:
Masquerade, piggyback
Emanation security
Faraday cages, white noise, and control zones
Media Storage Facilities
Store blank, reusable, and installation media
Data remnants
Use a locked cabinet
Have a librarian or custodian
Check-in/check-out process
Sanitization, zeroization
Evidence Storage
Becoming important business task
Drive images and virtual machine snapshots
Distinct from production
Block Internet access
Track all activities
Calculate hashes of all files
Limit access
Encrypt stored data
Restricted and Work Area Security
Operations centers
Distinct and controlled area access
Walls or partitions
Shoulder surfing
Assign classifications
Track assets with RFID
Sensitive Compartmented Information Facility (SCIF)
Utilities and HVAC Considerations
UPSes
Double conversion UPS
Line-interactive UPS
Surge protectors
Generators
Fault, blackout, sag, brownout, spike, surge, inrush, noise, transient, clean, ground
EMI vs. RFI
Temperature, humidity, static
Water Issues
Leakage
Flooding
Electrocution
Water detection circuits
Shutoff values
Drainage locations
Fire Prevention, Detection, and Suppression 1/3
Fire triangle: fire, heat, oxygen, combustion
Stages: Incipient, smoke, flame, heat
Fire Prevention, Detection, and Suppression 2/3
Fire extinguisher classes:
Class | Type | Suppression Material |
A | Common combustibles | Water, soda acid |
B | Liquids | CO2, halon*, soda acid |
C | Electrical | CO2, halon* |
D | Metal | Dry powder |
Fire Prevention, Detection, and Suppression 3/3
Fire detection systems:
Fixed temperature, rate-of-rise, flame-actuated, smoke-actuated
Water suppression
Wet pipe, dry pipe, pre-action, deluge
Gas suppression
CO2, Halon, FM-200, alternatives
Damage
Smoke, heat, suppression media
Implement and Manage Physical Security
Perimeter Security Controls
Internal Security Controls
overview
Perimeter Security Controls
Fences
Gates
Turnstiles
Mantraps
Lighting
Security guards and dogs
Internal Security Controls 1/2
Keys and combination locks
Electronic access control (EAC) locks
Badges
Motion detectors
Infrared, heat, wave pattern, capacitance, photoelectric, passive audio
Intrusion alarms
Deterrent alarms, repellant alarms, notification alarms
Local alarm, central station, auxiliary station
Internal Security Controls 2/2
Secondary verification mechanisms
Environment and life safety
Privacy responsibilities and legal requirements
Regulatory requirements
Conclusion
Read the Exam Essentials
Review the Chapter
Perform the Written Labs
Answer the Review Questions