Single paper

Jackie Channn

conklin_principlesofcomputersecurity_5e_Chap008_PPT.pptx

Home >Computer Science homework help >Single paper

Physical Security

Chapter 8

Principles of Computer Security, Fifth Edition

Objectives (1 of 2)

Describe how physical security directly affects computer and network security.

Discuss steps that can be taken to help mitigate risks.

Describe the physical security components that can protect your computers and network.

Identify environmental factors that can affect security

Principles of Computer Security, Fifth Edition

Objectives (2 of 2)

Identify the different types of fires and the various fire suppression systems designed to limit the damage caused by fires.

Explain electronic access controls and the principles of convergence.

Prevent disclosure through electronic emanations.

Principles of Computer Security, Fifth Edition

Key Terms (1 of 2)

Access tokens

Autoplay

Biometrics

BIOS passwords

Bootdisk

Closed circuit television (CCTV)

Contactless access cards

Convergence

Faraday cage

Layered access

Lighting

LiveCD

Mantrap

Principles of Computer Security, Fifth Edition

Access tokens – This is defined as “something you have.”

Autoplay – This is a feature designed as a convenience for users, so that when a CD/DVD or USB containing an application is inserted, the computer instantly prompts for input versus requiring the user to explore the device filesystem and find the executable file.

Biometrics – Used to verify an individual’s identity to the system or network using something unique about the individual, such as a fingerprint, for the verification process. Examples include fingerprints, retinal scans, hand and facial geometry, and voice analysis.

BIOS passwords – Password protection that allows you to boot the machine but requires a password to edit any BIOS settings.

Bootdisk – Any media used to boot a computer into an operating system that is not the native OS on its hard drive could be classified as a bootdisk.

Closed circuit television (CCTV) – Cameras used to monitor a workplace for security purposes. Traditional cameras are analog based and require a video multiplexer to combine all the signals and make multiple views appear on a monitor. IP-based cameras are changing that, as most of them are standalone units viewable through a web browser, such as the camera.

Contactless access cards – A plastic card containing a computer chip and enabling the holder to purchase goods and services, enter restricted areas, access medical, financial, or other records, or perform other operations requiring data stored on the chip.

Convergence - A trend to converge elements of physical and information security to improve identification of unauthorized activity on networks. This trend can significantly improve defenses against cloned credentials.

Faraday cage – a Faraday cage or Faraday shield is an enclosure of conductive material that is grounded.

Layered access – When related to physical security perimeters, this technique is used to help prevent an attacker from gaining access to important assets, by placing the assets inside multiple perimeters.

Lighting - Proper lighting is essential for physical security. Unlit or dimly lit areas allow intruders to lurk and conduct unauthorized activities without a significant risk of observation by guards or other personnel.

LiveCD – This contains a bootable version of an entire operating system, typically a variant of Linux, complete with drivers for most devices.

Mantrap – One way to combat tailgating, a mantrap comprises two doors closely spaced that require the user to card through one and then the other sequentially.

Key Terms (2 of 2)

Physical access control

Policies and procedures

Smart cards

TEMPEST

Turnstile

Unified Extensible Firmware Interface (UEFI)

USB devices

Principles of Computer Security, Fifth Edition

Physical access control – Means control of doors and entry points.

Policies and procedures – When implemented for physical security, these relate to two distinct areas: those that affect the computers themselves and those that affect users. A policy’s effectiveness depends on the culture of an organization, so all of the policies should be followed up by functional procedures that are designed to implement them.

Smart cards – These are cards that contain integrated circuits capable of generating and storing cryptographic keys. They enabled cryptographic types of authentication.

TEMPEST – a program in the military to control electronic emanations from electrical equipment and the actual process for controlling the emanations.

Turnstile - a physical gated barrier that allows only one person at a time to pass.

Unified Extensible Firmware Interface (UEFI) - A standard firmware interface for PCs, designed to replace BIOS. Supported by Mac OS X, Linux (later versions), and Windows 8 and beyond, UEFI offers some significant security advantages.

USB devices – From a security perspective, the most interesting are flash memory with a USB interface in a device that is typically about the size of your thumb providing a way to move files easily from computer to computer. When plugged into a USB port, these devices automount and behave like any other drive attached to the computer. Their small size and relatively large capacity, coupled with instant read-write ability, present security problems.

The Security Problem (1 of 12)

The problem that faces professionals charged with securing a company’s network can be stated rather simply:

Physical access negates all other security measures.

No matter how impenetrable the firewall and intrusion detection system (IDS), if an attacker can find a way to walk up to and touch a server, he can break into it.

Principles of Computer Security, Fifth Edition

The Security Problem (2 of 12)

Physically securing information assets does not mean just the servers.

It means protecting physical access to all the organization’s computers and its entire network infrastructure.

Principles of Computer Security, Fifth Edition

Consider that most network security measures are, from necessity, directed at protecting a company from Internet-based threats. Consequently, a lot of companies allow any kind of traffic on the local area network (LAN). So if an attacker attempts to gain access to a server over the Internet and fails, he may be able to gain physical access to the receptionist’s machine and, by quickly compromising it, use it as a remotely controlled zombie to attack what he is really after.

The Security Problem (3 of 12)

Figure 8.1 Using a lower-privilege machine to get at sensitive information

Principles of Computer Security, Fifth Edition

Again, physical access negates all other security measures.

The Security Problem (4 of 12)

Figure 8.2 A wireless bridge can allow remote access.

Principles of Computer Security, Fifth Edition

Prior to handheld devices, the attacker would have to work in a secluded area with dedicated access to the Ethernet for a time. The attacker would sit down with a laptop and run a variety of tools against the network, and working internally typically put the attacker inside the firewall and IDS. Today’s capable mobile devices can assist these efforts by allowing attackers to place the small device onto the network to act as a wireless bridge, as shown in this slide.

The Security Problem (5 of 12)

Any media used to boot a computer into an operating system that is not the native OS on its hard drive can be classified as a bootdisk.

In the form of a floppy disk, CD, DVD, or a USB flash drive

A boot source can contain a number of programs.

Typically, a NTFSDOS or a floppy-based Linux distribution that can be used to perform a number of tasks including mounting the hard drives and performing at least read operations, via script

Principles of Computer Security, Fifth Edition

Before bootable CDs or DVDs were available, a boot floppy was used to start the system and prepare the hard drives to load the operating system.

The Security Problem (6 of 12)

If write access to the drive is obtained, the attacker could alter the password file or place a remote-control program to be executed automatically upon the next boot, guaranteeing continued access to the machine.

The most obvious mitigation is to tell the BIOS not to boot from removable media, but this too has issues.

Principles of Computer Security, Fifth Edition

The bootable CD-ROMs and DVD-ROMs are actually more of a threat, because they are frequently used to carry a variety of software for updates and can utilize the much greater storage capacity of the CD or DVD media. This capacity can store an entire operating system and a complete tool set for a variety of tasks or malware, so when updating via CD/DVD, precautions must be taken to ensure the veracity of the media.

These types of devices have spawned a new kind of attack in which a CD, DVD, or flash drive is left in an opportunistic place where members of a target organization may pick up and use them. This CD/DVD or flash drive is typically loaded with malware and is referred to as a road apple.

The Security Problem (7 of 12)

A LiveCD contains a bootable version of an entire operating system, typically a variant of Linux, complete with drivers for most devices.

LiveCDs give an attacker a greater array of tools than could be loaded onto a floppy disk.

These tools include scanners, sniffers, vulnerability exploits, forensic tools, drive imagers, password crackers, and more.

Principles of Computer Security, Fifth Edition

LiveCDs give an attacker a greater array of tools than could be loaded onto a floppy disk, such as scanners, sniffers, vulnerability exploits, forensic tools, drive imagers, password crackers, and so on. These sets of tools are too numerous to list here and are changing every day.

The Security Problem (8 of 12)

With a LiveCD, an attacker would likely have access to the hard disk and also to an operational network interface that would allow him to send the drive data over the Internet if properly connected.

Bootable USB flash drives emulate the function of a CD-ROM and provide a device that is both physically smaller and logically larger.

Can contain entire specialized operating systems

Can also write to a LiveCD

Principles of Computer Security, Fifth Edition

These bootable operating systems could also be custom built to contain any tool that runs under Linux, allowing an attacker to build a standard bootable attack image or a standard bootable forensic image, or something customized for the tools he likes to use.

Bootable USB flash drives emulate the function of a CD-ROM and provide a device that is both physically smaller and logically larger. Made bootable, these devices can contain entire specialized operating systems, and unlike a bootable CD-ROM, these devices can also be written to, providing an offload point for collected data if an attacker chooses to leave the device and return later.

The Security Problem (9 of 12)

Figure 8.3 A collection of sample LiveCDs

Principles of Computer Security, Fifth Edition

This is only a sample collection of LiveCDs.

The best resource is to search the Internet for popular LiveCD distributions like Kali/Backtrack, knoppix, and PHLAK.

The Security Problem (10 of 12)

Drive imaging is the process of copying the entire contents of a hard drive to a single file on a different media.

Often used by people who perform forensic investigations of computers

Uses a bootable media to start the computer and load the drive imaging software

Makes a bit-by-bit copy of the hard drive on another media

Keeps the original copy exactly as it was for evidence

Principles of Computer Security, Fifth Edition

From an attacker’s perspective, drive imaging software is useful because it pulls all information from a computer’s hard drive while still leaving the machine in its original state.

The Security Problem (11 of 12)

The information contains every bit of data that is on the computer: any locally stored documents, locally stored e-mails, and every other piece of information that the hard drive contains.

This data could be very valuable if the machine holds sensitive information about the company.

Physical access is the most common way of imaging a drive.

Biggest benefit for the attacker is that drive imaging leaves absolutely no trace of the crime.

Principles of Computer Security, Fifth Edition

The Security Problem (12 of 12)

One can minimize the impact of drive imaging by an attacker.

Encrypting important files

Placing files on a centralized file server

A denial-of-service (DoS) attack can also be performed with physical access.

Stealing a computer, using a bootdisk to erase all data on the drives, or simply unplugging computers

Principles of Computer Security, Fifth Edition

Besides physically securing access to your computers, you can do very little to prevent drive imaging, but you can minimize its impact. The use of encryption even for a few important files provides protection. Full encryption of the drive protects all files stored on it. Alternatively, placing files on a centralized file server keeps them from being imaged from an individual machine, but if an attacker is able to image the file server, the data will be copied.

Depending on the company’s quality and frequency of backing up critical systems, a DoS attack using these methods can have lasting effects.

Physical access can negate almost all the security that the network attempts to provide. Considering this, you must determine the level of physical access that attackers might obtain. Of special consideration are persons with authorized access to the building but who are not authorized users of the systems. Janitorial personnel and others have authorized access to many areas, but they do not have authorized system access. An attacker could pose as one of these individuals or attempt to gain access to the facilities through them.

Walls and Guards (1 of 2)

The primary defense against a majority of physical attacks are the barriers between the assets and a potential attacker.

Walls, fences, gates, and doors

Some employ private security staff to attempt to protect their assets.

Principles of Computer Security, Fifth Edition

These barriers provide the foundation upon which all other security initiatives are based, but the security must be designed carefully, as an attacker has to find only a single gap to gain access.

Walls provide barriers to physical access to company assets. Bollards are small and round concrete pillars that are constructed and placed around a building to protect it from being damaged by someone driving a vehicle into the side of the building, or getting close and using a car bomb.

Walls and Guards (2 of 2)

To protect the physical servers, look in all directions:

Are doors and windows safeguarded and a minimum number of each in the server room?

Is a drop ceiling used in the server room?

Do the interior walls extend to the actual roof, raised floors, or crawlspaces?

Is there limited access to the server room, only to people who need access?

Have you made sure there are no obvious holes in the walls?

Principles of Computer Security, Fifth Edition

Lighting and Signs

Proper lighting is essential for physical security

External

Internal

Signs act as informational devices and can be used in a variety of ways to assist in physical security.

Restricted areas

Visitor access

Principles of Computer Security, Fifth Edition

Fences

Outside of the building’s walls, many organizations prefer to have a perimeter fence as a physical first layer of defense.

Chain-link-type fencing is most commonly used, and it can be enhanced with barbed wire.

Anti-scale fencing, which looks like very tall vertical poles placed close together to form a fence, is used for high-security implementations that require additional scale and tamper resistance.

Principles of Computer Security, Fifth Edition

To increase security against physical intrusion, higher fences can be employed. A fence that is three to four feet in height will deter casual or accidental trespassers. Six to seven feet will deter a general intruder. To deter more determined intruders, a minimum height of eight feet is recommended with the addition of barbed wire or razor wire on top for extreme levels of deterrence.

Guards and Alarms

Provide an excellent security measure, because guards are a visible presence with direct responsibility for security

Monitor entrances and exits and can maintain access logs of who has entered and departed the building

Alarms serve to alert operators to abnormal conditions

Sensors, alarms, motion detectors, video, etc.

Principles of Computer Security, Fifth Edition

Other employees expect security guards to behave a certain way with regard to securing the facility.

Security personnel are helpful in physically securing the machines on which information assets reside, but to get the most benefit from their presence, they must be trained to take a holistic approach to security. The value of data typically can be many times that of the machines on which the data is stored. Security guards typically are not computer security experts, so they need to be educated about the value of the data and be trained in network security as well as physical security involving users. They are the company’s eyes and ears for suspicious activity, so the network security department needs to train them to notice suspicious network activity as well. Multiple extensions ringing in sequence during the night, computers rebooting all at once, or strange people parked in the parking lot with laptop computers are all indicators of a network attack that might be missed without proper training.

Physical Access Controls and Monitoring

Physical access control refers to the control of doors and entry points.

Physical locks

Layered access systems

Electronic access

Control systems closed circuit television (CCTV) systems

Principles of Computer Security, Fifth Edition

This lesson will explore a few important points to help you safeguard the information infrastructure, especially where it meets with the physical access control system.

Layered Access (1 of 2)

To help prevent an attacker from gaining access to important assets, place them inside multiple perimeters.

Servers should be placed in a separate secure area, ideally with a separate authentication mechanism.

Access to the server room should be limited to staff with a legitimate need to work on the servers.

The area surrounding the server room should also be limited to people who need to work in that area.

Principles of Computer Security, Fifth Edition

Layered access is an important concept in security. It is often mentioned in conversations about network security perimeters, but in this chapter it relates to the concept of physical security perimeters.

Layered Access (2 of 2)

Figure 8.4 Contactless access cards act as modern keys to a building.

Principles of Computer Security, Fifth Edition

Locks (1 of 4)

Locks use a metal “token” to align pins in a mechanical device.

High security locks are typically found in commercial applications.

Designed to resist picking and drilling

Commonly includes key control, i.e., restrictions placed on making a copy of the key by using patented keyways

Employs mechanical means to resist bump key attacks

Principles of Computer Security, Fifth Edition

Although locks have been used for hundreds of years, their design has not changed much: a metal “token” is used to align pins in a mechanical device.

Key control refers to the restrictions placed on making a copy of the key. For most residential locks, a trip to the hardware store will allow you to make a copy of the key. Key control locks use patented keyways that can only be copied at a locksmith, who will keep records on authorized users of a particular key.

Locks (2 of 4)

Figure 8.5 Lockpicking tools

Principles of Computer Security, Fifth Edition

Locks (3 of 4)

Figure 8.6 A high-security lock and its key

Principles of Computer Security, Fifth Edition

Locks (4 of 4)

Other types of physical locks

Programmable or cipher locks

Locks with a keypad that require a combination of keys to open the lock

Locks with a reader that require an access card to open the lock

Device locks are used to lock a device to a physical restraint, preventing its removal.

Principles of Computer Security, Fifth Edition

These types of locks may have special options such as a hostage alarm (support a key combination to trigger an alarm). Master-keying (support key combinations to change the access code and configure the functions of the lock) and key-override functions (support key combinations to override the usual procedures) are also options on high-end programmable locks.

Another method of securing laptops and mobile devices is a cable trap, which allows a user to affix a cable lock to a secure structure.

Doors

Doors to secured areas should have characteristics to make them less obvious.

Should be self-closing; have no hold-open feature; should trigger alarms if they are forcibly opened or have been held open for a long period

There are two door design methodologies:

Fail-safe – the door is unlocked should power fail.

Fail-secure – the system will lock the door when power is lost; can also apply when door systems are manually bypassed.

Principles of Computer Security, Fifth Edition

Doors should have similar appearance to the other doors to avoid catching the attention of intruders.

Mantraps and Turnstiles

Mantrap is composed of two doors closely spaced that require the user to card through one and then the other sequentially.

A turnstile is a physical gated barrier that allows only one person at a time to pass

Principles of Computer Security, Fifth Edition

Cameras (1 of 3)

Closed circuit television (CCTV) cameras are similar to the door control systems.

Can be very effective, but implementation is an important consideration

Traditional cameras are analog-based and require a video multiplexer to combine all the signals and make multiple views appear on a monitor.

Principles of Computer Security, Fifth Edition

The use of CCTV cameras for surveillance purposes dates back to at least 1961, when cameras were installed in the London Transport train station. The development of smaller and more sophisticated camera components and decreasing prices for the cameras have caused a boon in the CCTV industry since then.

CCTV cameras are used to monitor a workplace for security purposes. These systems are commonplace in banks and jewelry stores, places with high-value merchandise that is attractive to thieves. As the expense of these systems dropped, they became practical for many more industry segments.

Cameras (2 of 3)

IP-based cameras are standalone units viewable through a web browser.

IP-based systems add useful functionality, such as the ability to check on the building from the Internet.

This network functionality, however, makes the cameras subject to normal IP-based network attacks.

Carefully consider camera placement and camera type used.

Different options make one camera superior over another in a specific location.

Principles of Computer Security, Fifth Edition

A DoS attack launched at the CCTV system just as a break-in is occurring is the last thing that anyone would want (other than the criminals). For this reason, IP-based CCTV cameras should be placed on their own separate network that can be accessed only by security personnel. The same physical separation applies to any IP-based camera infrastructure. Older time-lapse tape recorders are slowly being replaced with digital video recorders. While the advance in technology is significant, be careful if and when these devices become IP-enabled, since they will become a security issue, just like everything else that touches the network.

If you depend on the CCTV system to protect your organization’s assets, carefully consider camera placement and the type of cameras used.

Different iris types, focal lengths, and color or infrared capabilities are all options that make one camera superior to another in a specific location.

Cameras (3 of 3)

Figure 8.7 IP-based cameras leverage existing IP networks instead of needing a proprietary CCTV cable.

Principles of Computer Security, Fifth Edition

IP-based cameras are standalone units viewable through a web browser.

Additional Physical Access Controls and Monitoring (1 of 2)

IR Detection

Motion Detection

Safes

Secure Cabinets/Enclosures

Protected Distribution/Protected Cabling

Airgap

Faraday cage

Principles of Computer Security, Fifth Edition

Additional Physical Access Controls and Monitoring (2 of 2)

Cable locks

Screen filters

Key management

Logs

Principles of Computer Security, Fifth Edition

Electronic Access Control Systems (1 of 4)

Access tokens are defined as “something you have.”

They are physical objects that identify specific access rights.

Your house key, for example, is a basic physical access token that allows you access into your home.

The advent of smart cards (cards that contain integrated circuits capable of generating and storing cryptographic keys) has enabled cryptographic types of authentication.

Principles of Computer Security, Fifth Edition

Access tokens are frequently used for physical access solutions, just as your house key is a basic physical access token that allows you access into your home. Although keys have been used to unlock devices for centuries, they do have several limitations. Keys are paired exclusively with a lock or a set of locks, and they are not easily changed. It is easy to add an authorized user by giving the user a copy of the key, but it is far more difficult to give that user selective access unless that specified area is already set up as a separate key. It is also difficult to take access away from a single key or key holder, which usually requires a rekey of the whole system.

In many businesses, physical access authentication has moved to contactless radio frequency cards and proximity readers. When passed near a card reader, the card sends out a code using radio waves. The reader picks up this code and transmits it to the control panel. The control panel checks the code against the reader from which it is being read and the type of access the card has in its database. One of the advantages of this kind of token-based system is that any card can be deleted from the system without affecting any other card or the rest of the system. The RFID-based contactless entry card shown in Figure 8.11 is a common form of this token device employed for door controls and is frequently put behind an employee badge. In addition, all doors connected to the system can be segmented in any form or fashion to create multiple access areas, with different permissions for each one. The tokens themselves can also be grouped in multiple ways to provide different access levels to different groups of people. All of the access levels or segmentation of doors can be modified quickly and easily if building space is retasked. Newer technologies are adding capabilities to the standard token-based systems.

Electronic Access Control Systems (2 of 4)

Smart card technology is now part of a governmental standard for physical and logical authentication.

Personal Identity Verification, or PIV, cards adhere to the FIPS 201 standard.

Includes a cryptographic chip and connector, and a contactless proximity card circuit

Standards for a printed photo and name on front

Biometric data can be stored, providing an additional authentication factor, and if PIV standard is followed, several forms of identification are needed to get a card.

Principles of Computer Security, Fifth Edition

Electronic Access Control Systems (3 of 4)

Figure 8.8 Smart cards have an internal chip as well

as multiple external contacts for interfacing with a smart card reader.

Principles of Computer Security, Fifth Edition

Electronic Access Control Systems (4 of 4)

The primary drawback of token-based authentication is that only the token is being authenticated.

Therefore, the theft of the token could grant anyone who possessed the token access to what the system protects.

Principles of Computer Security, Fifth Edition

Biometrics (1 of 2)

Biometrics use the measurements of certain biological factors to identify one specific person from others.

These factors are based on parts of the human body that are unique.

The most well-known of these unique biological factors is the fingerprint.

Principles of Computer Security, Fifth Edition

However, many other biological factors can be used, such as the retina or iris of the eye, the geometry of the hand, and the geometry of the face. When these are used for authentication, there is a two-part process: enrollment and then authentication. During enrollment, a computer takes the image of the biological factor and reduces it to a numeric value. When the user attempts to authenticate, their feature is scanned by the reader, and the computer compares the numeric value being read to the one stored in the database. If they match, access is allowed. Since these physical factors are unique, theoretically only the actual authorized person would be allowed access.

In the real world, however, the theory behind biometrics breaks down. Tokens that have a digital code work very well because everything remains in the digital realm. A computer checks your code, such as 123, against the database; if the computer finds 123 and that number has access, the computer opens the door. Biometrics, however, take an analog signal, such as a fingerprint or a face, and attempt to digitize it, and it is then matched against the digits in the database. The problem with an analog signal is that it might not encode the exact same way twice. For example, if you came to work with a bandage on your chin, would the face-based biometrics grant you access or deny it?

Engineers who designed these systems understood that if a system was set to exact checking, an encoded biometric might never grant access since it might never scan the biometric exactly the same way twice. Therefore, most systems have tried to allow a certain amount of error in the scan, while not allowing too much.

For biometric authentication to work properly, and also be trusted, it must minimize the existence of both false positives and false negatives. To do that, a balance between exacting and error must be created so that the machines allow a little physical variance - but not too much.

Biometrics (2 of 2)

Figure 8.9 Newer laptop computers often include

a fingerprint reader

Principles of Computer Security, Fifth Edition

Convergence

There is a trend to converge elements of physical and information security to improve identification of unauthorized activity on networks.

If an access control system is asked to approve access to an insider using an outside address, yet the physical security system identifies them as being in the building, then an anomaly exists and should be investigated.

Convergence can significantly improve defenses against cloned credentials.

Principles of Computer Security, Fifth Edition

Policies and Procedures

Physical security policies and procedures relate to two distinct areas:

Those that affect the computers themselves

Those that affect users

To mitigate the risk to computers, physical security needs to be extended to the computers themselves.

Principles of Computer Security, Fifth Edition

A policy’s effectiveness depends on the culture of an organization, so all of the policies mentioned here should be followed up by functional procedures that are designed to implement them.

To combat the threat of bootdisks, begin by removing or disabling the ability of a system to automatically play connected devices, such as USB flash drives. other activities that typically require physical presence should be protected, such as access to a systems BIOS at bootup.

BIOS

A safeguard that can be employed is the removal of removable media devices from the boot sequence in the computer’s BIOS (basic input/output system).

A related step that must be taken is to set a BIOS password.

In some cases, BIOS manufacturers will have a default BIOS password that still works.

Principles of Computer Security, Fifth Edition

The specifics of this operation depend on the BIOS software of the individual machine.

Nearly all BIOS software will support password protection that allows you to boot the machine but requires a password to edit any BIOS settings. While disabling the optical drive and setting a BIOS password are both good measures, do not depend on this strategy exclusively because, in some cases, BIOS manufacturers will have a default BIOS password that still works.

To prevent an attacker from editing the boot order, you should set BIOS passwords.

UEFI

Unified Extensible Firmware Interface (UEFI) is a standard firmware interface for PCs, designed to replace BIOS.

UEFI has a functionality known as secure boot, which allows only digitally signed drivers and OS loaders to be used during the boot process, preventing bootkit attacks.

As UEFI is replacing BIOS, and has additional characteristics, it is important to keep policies and procedures current with the advancement of technology.

Principles of Computer Security, Fifth Edition

USB (1 of 2)

USB ports have greatly expanded users’ ability to connect devices to their computers spawning a legion of USB devices, from MP3 players to CD burners.

Automount feature of USB drive keys creates security problems.

Can conceal the removal of files or data from the building or bring malicious files into the building and onto the company network

Can accidentally introduce malicious code

Principles of Computer Security, Fifth Edition

From a security perspective, the most interesting are flash memory with a USB interface in a device that is typically about the size of your thumb providing a way to move files easily from computer to computer. When plugged into a USB port, these devices automount and behave like any other drive attached to the computer. Their small size and relatively large capacity, coupled with instant read-write ability, present security problems. Their small size and relatively large capacity, coupled with instant read-write ability, present security problems.

They can easily be used by an individual with malicious intent to conceal the removal of files or data from the building or to bring malicious files into the building and onto the company network. Well-intentioned users could accidentally introduce malicious code from USB devices by using them on an infected home machine and then bringing the infected device to the office, allowing the malware to bypass perimeter protections and possibly infect the organization.

USB (2 of 2)

If USB devices are allowed, aggressive virus scanning should be implemented throughout the organization.

There are two common ways to disable USB support in a Windows system.

On older systems, editing the Registry key

On newer systems, using Group Policy in a domain or through the Local Security Policy MMC on a stand-alone box

Principles of Computer Security, Fifth Edition

The devices can be disallowed via Active Directory policy settings or with a Windows Registry key entry.

USB can also be completely disabled, either through BIOS settings or by unloading and disabling the USB drivers from users’ machines, either of which will stop all USB devices from working - however, doing this can create more trouble if users have USB keyboards and mice.

There are two common ways to disable USB support in a Windows system. On older systems, editing the Registry key is probably the most effective solution for users who are not authorized to use these devices. On newer systems, the best way is through Group Policy in a domain or through the Local Security Policy MMC on a stand-alone box.

Autoplay (1 of 3)

Remove or disable bootable CD/DVD drive.

DVD drive can be used as a boot device or be exploited via the autoplay feature that some operating systems support.

Since the optical drive can be used as a boot device, a DVD loaded with its own operating system could be used to boot the computer with malicious system code.

Principles of Computer Security, Fifth Edition

Another boot device to consider when looking at physical security policies and procedures is the CD/DVD drive. This device can probably also be removed from or disabled on a number of machines.

Autoplay was designed as a convenience for users, so that when a CD/DVD or USB containing an application is inserted, the computer instantly prompts for input versus requiring the user to explore the device filesystem and find the executable file. Unfortunately, since the autoplay functionality runs an executable, it can be programmed to do anything an attacker wants. If an autoplay executable is malicious, it could allow an attacker to gain remote control of the machine.

Since the optical drive can be used as a boot device, a DVD loaded with its own operating system (called a LiveCD, introduced earlier in the chapter) could be used to boot the computer with malicious system code (see Figure 8.9). This separate operating system will bypass any passwords on the host machine and can access locally stored files.

Autoplay (2 of 3)

Figure 8.10 Autoplay on a Windows system

Principles of Computer Security, Fifth Edition

IP-based cameras are standalone units viewable through a web browser.

Autoplay (3 of 3)

Figure 8.11 A LiveCD boots its own OS and bypasses any built-in security of the native operating system

Principles of Computer Security, Fifth Edition

Device Theft (1 of 2)

The outright theft of a computer is a simple physical attack.

This attack can be mitigated in a number of ways.

Lock up equipment that contains important data.

Implement special access controls for server rooms.

Lock rack cabinets when maintenance is not being performed.

Store mission-critical or high-value information on a server only.

Principles of Computer Security, Fifth Edition

Insurance can cover the loss of the physical equipment, but this can do little to get a business up and running again quickly after a theft.

From a data standpoint, mission-critical or high-value information should be stored on a server only. This can mitigate the risk of a desktop or laptop being stolen for the data it contains. Loss of laptops has been a common cause of information breaches.

Device Theft (2 of 2)

Mitigating an attack (continued)

Users can perform one of the most simple, yet important, information security tasks: lock a workstation immediately before they step away from it.

Users should manually lock their workstations using screensavers immediately when stepping away.

Principles of Computer Security, Fifth Edition

Although use of a self-locking screensaver is a good policy, setting it to lock at any point less than 10 to 15 minutes after becoming idle is often considered a nuisance and counterproductive to active use of the computer on the job as the computer will often lock while the employee is still actively using the computer. Thus, computers typically sit idle for at least 15 minutes before automatically locking under this type of policy. Users should manually lock their workstations, as an attacker only needs to be lucky enough to catch a machine that has been left alone for 5 minutes.

Environmental Controls

Sophisticated environmental controls are needed for current data centers

Heating ventilating and air conditioning (HVAC) systems are critical; temperature should be maintained at 70–74°F.

Hot aisle/cold aisle layout can alleviate increased data center density.

Rising copper prices have made HVAC systems the targets for thieves, and general vandalism can result in costly downtime.

Proper security is needed to prevent a physical DoS attack.

Principles of Computer Security, Fifth Edition

While the confidentiality of information is important, so is its availability. Sophisticated environmental controls are needed for current data centers. Servers can generate large levels of heat, and managing the heat is the job of the environmental control.

Controlling a data center’s temperature and humidity is important to keeping servers running. Heating ventilating and air conditioning (HVAC) systems are critical for keeping data centers cool, because typical servers put out between 1000 and 2000 BTUs of heat. The temperature of a data center should be maintained between 70 and 74 degrees Fahrenheit (oF). If the temperature is too low, it may cause mechanisms to slow down. If the temperature is too high, it may cause equipment damage.

Multiple servers in a confined area can create conditions too hot for the machines to continue to operate. This problem is made worse with the advent of blade-style computing systems and with many other devices shrinking in size. While physically smaller, they tend to still expel the same amount of heat. This is known as increased data center density—more servers and devices per rack, putting a greater load on the cooling systems. This encourages the use of a hot aisle/cold aisle layout. A data center that is arranged into hot and cold aisles dictates that all the intake fans on all equipment face the cold aisle, and the exhaust fans all face the opposite aisle. The HVAC system is then designed to push cool air underneath the raised floor and up through perforated tiles on the cold aisle. Hot air from the hot aisle is captured by return air ducts for the HVAC system. The use of this layout is designed to control airflow, with the purpose being never to mix the hot and cold air. This requires the use of blocking plates and side plates to close open rack slots. The benefits of this arrangement are that cooling is more efficient and can handle higher density.

Fire Suppression

The ability to respond to a fire quickly and effectively is critical to the long-term success of any organization.

Addressing potential fire hazards and vulnerabilities has long been a concern of organizations in their risk analysis process.

The goal obviously should be never to have a fire, but in the event that one does occur, it is important that mechanisms are in place to limit the damage the fire can cause.

Principles of Computer Security, Fifth Edition

According to the Fire Suppression Systems Association (www.fssa.net), 43 percent of businesses that close as a result of a significant fire never reopen. An additional 29 percent fail within three years of the event.

Water-Based Fire Suppression Systems

These systems have long been and still are the primary tool to address and control structural fires.

Electrical equipment does not react well to large applications of water.

Know what to do with equipment if subjected to a water-based sprinkler system.

Principles of Computer Security, Fifth Edition

The National Fire Protection Association’s 2013 NFPA 75: Standard for the Protection of Information Technology Equipment outlines measures that can be taken to minimize the damage to electronic equipment exposed to water. This guidance includes these suggestions:

Open cabinet doors, remove side panels and covers, and pull out chassis drawers to allow water to run out of equipment.

Set up fans to move room-temperature air through the equipment for general drying. Move portable equipment to dry air-conditioned areas.

Use compressed air at no higher than 50 psi to blow out trapped water.

Use handheld dryers on lowest setting to dry connectors, backplane wirewraps, and printed circuit cards.

Use cotton-tipped swabs for hard-to-reach places. Lightly dab the surfaces to remove residual moisture.

Even if these guidelines are followed, damage to the systems may have already occurred. Since water is so destructive to electronic equipment, not only because of the immediate problems of electronic shorts to the system but also because of longer-term corrosive damage water can cause, alternative fire suppression methods have been sought.

Halon-Based Fire Suppression Systems

A fire needs fuel, oxygen, and high temperatures for the chemical combustion to occur.

If you remove any of these, the fire will not continue.

Halon interferes with the chemical combustion present in a fire.

Originally popular because halon will mix quickly with the air in a room and will not cause harm to computer systems

Dangerous to humans; banned in new systems

Principles of Computer Security, Fifth Edition

Even though halon production was banned in 1994, a number of these systems still exist today. They were originally popular because halon will mix quickly with the air in a room and will not cause harm to computer systems.

Halon is dangerous to humans, especially when subjected to extremely hot temperatures (such as might be found during a fire), when it can degrade into other toxic chemicals. As a result of these dangers, and also because halon has been linked with the issue of ozone depletion, halon is banned in new fire suppression systems.

It is important to note that under the Environmental Protection Agency (EPA) rules that mandated no further production of halon, existing systems were not required to be destroyed. Replacing the halon in a discharged system, however, will be a problem, since only existing stockpiles of halon may be used and the cost is becoming prohibitive. For this reason, many organizations are switching to alternative solutions.

Clean-Agent Fire Suppression Systems (1 of 3)

Clean-agent fire suppression systems not only provide fire suppression capabilities, but also protect the contents of the room, including people, documents, and electronic equipment.

Carbon dioxide

Argon

Inergen

FM-200 (heptafluoropropane)

Principles of Computer Security, Fifth Edition

Clean-Agent Fire Suppression Systems (2 of 3)

CO2 displaces oxygen so that the amount of oxygen remaining is insufficient to sustain the fire.

Also provides some cooling in the fire zone and reduces the concentration of “gasified” fuel

Argon extinguishes fire by lowering the oxygen concentration below the 15 percent level required for combustible items to burn.

Principles of Computer Security, Fifth Edition

Carbon dioxide (CO2) has been used as a fire suppression agent for a long time. The Bell Telephone Company used portable CO2 extinguishers in the early part of the 20th century. Carbon dioxide extinguishers attack all three necessary elements for a fire to occur. CO2 displaces oxygen so that the amount of oxygen remaining is insufficient to sustain the fire. It also provides some cooling in the fire zone and reduces the concentration of “gasified” fuel.

Argon extinguishes fire by lowering the oxygen concentration below the 15 percent level required for combustible items to burn. Argon systems are designed to reduce the oxygen content to about 12.5 percent, which is below the 15 percent needed for the fire but is still above the 10 percent required by the EPA for human safety.

Inergen, a product of Ansul Corporation, is composed of three gases: 52 percent nitrogen, 40 percent argon, and 8 percent carbon dioxide. In a manner similar to pure argon systems, Inergen systems reduce the level of oxygen to about 12.5 percent, which is sufficient for human safety but not sufficient to sustain a fire.

Clean-Agent Fire Suppression Systems (3 of 3)

Inergen, a product of Ansul Corporation, is composed of three gases: 52 percent nitrogen, 40 percent argon, and 8 percent carbon dioxide.

Inergen systems reduce the level of oxygen to about 12.5 percent, which is sufficient for human safety but not sufficient to sustain a fire

FM-200 (heptafluoropropane) is a chemical used as a propellant for asthma medication dispensers.

Principles of Computer Security, Fifth Edition

Another chemical used in the phase-out of halon is FE-13, or trifluoromethane. This chemical was originally developed as a chemical refrigerant and works to suppress fires by inhibiting the combustion chain reaction. FE-13 is gaseous, leaves behind no residue that would harm equipment, and is considered safe to use in occupied areas. Other halocarbons are also approved for use in replacing halon systems, including FM-200 (heptafluoropropane), a chemical used as a propellant for asthma medication dispensers.

Handheld Fire Extinguishers (1 of 2)

If a fire can be caught and contained before the automatic systems discharge, it can mean significant savings to the organization in terms of both time and equipment costs.

Including the recharging of the automatic system

There are four different types of fire.

Principles of Computer Security, Fifth Edition

Handheld extinguishers are common in offices, but the correct use of them must be understood or disaster can occur.

Handheld Fire Extinguishers (2 of 2)

Table 8.1	Types of Fire and Suppression Methods
Class of Fire	Type of Fire	Examples of Combustible Materials	Example Suppression Method
A	Common combustibles	Wood, paper, cloth, plastics	Water or dry chemical
B	Combustible liquids	Petroleum products, organic solvents	CO2 or dry chemical
C	Electrical	Electrical wiring and equipment, power tools	CO2 or dry chemical
D	Flammable metals	Magnesium, titanium	Copper metal or sodium chloride

Principles of Computer Security, Fifth Edition

Fire Detection Devices (1 of 4)

Fire detectors are an essential complement to fire suppression systems and devices.

Detectors may be able to detect a fire in its very early stages.

There are several types of fire detectors.

One type detects smoke.

Another type is activated by heat.

A third type is flame activated.

Principles of Computer Security, Fifth Edition

Fire Detection Devices (2 of 4)

Smoke detectors

A photoelectric detector monitors an internal beam of light.

An ionization detector uses an ionization chamber and a small radioactive source to detect fast-burning fires.

Principles of Computer Security, Fifth Edition

The two varieties of smoke detector are ionization and photoelectric.

A photoelectric detector is good for potentially providing advance warning of a smoldering fire. This type of device monitors an internal beam of light. If something degrades the light, for example by obstructing it, the detector assumes it is something like smoke and the alarm sounds. An ionization style of detector uses an ionization chamber and a small radioactive source to detect fast-burning fires.

An ionization style of detector uses an ionization chamber and a small radioactive source to detect fast-burning fires.

Both of these devices are often referred to generically as smoke detectors, and combinations of both varieties are possible.

Fire Detection Devices (3 of 4)

Figure 8.12 An ionization chamber for an ionization

type of smoke detector

Principles of Computer Security, Fifth Edition

Fire Detection Devices (4 of 4)

Heat-activated detectors

A fixed-temperature detector activates if the temperature exceeds a pre-defined level.

A rate-of-rise temperature detector activates upon sudden increases in temperature.

Flame-activated detector

Relies on flames from the fire to provide a change in the infrared energy that can be detected

Principles of Computer Security, Fifth Edition

Another type of fire detector is activated by heat. These devices also come in two varieties.

Fixed-temperature or fixed-point devices activate if the temperature in the area ever exceeds some predefined level.

Rate-of-rise or rate-of-increase temperature devices activate when there is a sudden increase in local temperature that may indicate the beginning stages of a fire. Rate-of-rise sensors can provide an earlier warning but are also responsible for more false warnings.

A third type of detector is flame activated. This type of device relies on the flames from the fire to provide a change in the infrared energy that can be detected. Flame-activated devices are generally more expensive than the other two types but can frequently detect a fire sooner.

Electromagnetic Environment

Electromagnetic interference, or EMI is the disturbance on an electrical circuit caused by that circuit’s reception of electromagnetic radiation.

EMI is grouped into two general types:

Narrowband EMI has a small frequency band.

Broadband EMI covers a wider array of frequencies.

The Federal Communications Commission regulates products that produce EMI.

TEMPEST, also known as Van Eck emissions, is technology that attempts to keep EMI radiation in the circuitry.

Principles of Computer Security, Fifth Edition

Electromagnetic interference, or EMI, can plague any type of electronics, but the density of circuitry in the typical data center can make it a haven for EMI.

Magnetic radiation enters the circuit by induction, where magnetic waves create a charge on the circuit. The amount of sensitivity to this magnetic field depends on a number of factors, including the length of the circuit, which can act like an antenna.

EMI is grouped into two general types:

Narrowband and broadband. Narrowband EMI is, by its nature, electromagnetic energy with a small frequency band and, therefore, typically sourced from a device that is purposefully transmitting in the specified band.

Broadband EMI covers a wider array of frequencies and is typically caused by some type of general electrical power use such as power lines or electric motors.

In the United States, the Federal Communications Commission has responsibility for regulating products that produce EMI and has developed a program for equipment manufacturers to adhere to standards for EMI immunity. Modern circuitry is designed to resist EMI. Cabling is a good example; the twist in unshielded twisted pair, or Category 6/6a, cable is there to reduce EMI. EMI is also controlled by metal computer cases that are grounded; by providing an easy path to ground, the case acts as an EMI shield. A bigger example would be a Faraday cage or Faraday shield, which is an enclosure of conductive material that is grounded. These can be room sized or built into a building’s construction; the critical element is that there is no significant gap in the enclosure material. These measures can help shield EMI, especially in high radio frequency environments.

While we have talked about the shielding necessary to keep EMI radiation out of your circuitry, there is also technology to try and help keep it in. Known by some as TEMPEST, it is also known as Van Eck emissions. A computer’s monitor or LCD display produces electromagnetic radiation that can be remotely observed with the correct equipment. TEMPEST was the code word for an NSA program to secure equipment from this type of eavesdropping. While some of the information about TEMPEST is still classified, there are guides on the Internet that describe protective measures, such as shielding and electromagnetic-resistant enclosures. A company has even developed a commercial paint that offers radio frequency shielding.

Power Protection

Computer systems require clean electrical power, and for critical systems, uninterrupted power can be important as well.

Several elements are used to manage the power to systems, including uninterruptible power supplies and backup power systems.

Principles of Computer Security, Fifth Edition

UPS

An uninterruptible power supply (UPS) is used to protect against short duration power failures.

There are two types of UPSs:

An online UPS is in continuous use because the primary power source goes through it to the equipment.

A standby UPS has sensors to detect power failures. If there is a power failure, the load will be switched to the UPS.

Principles of Computer Security, Fifth Edition

An online UPS is in continuous use because the primary power source goes through it to the equipment. It uses AC line voltage to charge a bank of batteries. When the primary power source fails, an inverter in the UPS will change DC of the batteries into AC.

A standby UPS has sensors to detect power failures. If there is a power failure, the load will be switched to the UPS. It stays inactive before a power failure, and takes more time than an online UPS to provide power when the primary source fails.

Backup Power and Cable Shielding (1 of 2)

Backup power sources protect against a long-duration power failure.

Voltage regulator and line conditioner protect against unstable power supplies and spikes.

Proper grounding is essential for all electrical devices.

Cable shielding can be employed to avoid interference.

An emergency power off (EPO) switch can be installed to allow for the quick shutdown of power.

Principles of Computer Security, Fifth Edition

Backup power sources, such as a motor generator, another electrical substation, and so on, are used to protect against a long-duration power failure.

A voltage regulator and line conditioner are used to protect against unstable power supply and spikes.

Proper grounding is essential for all electrical devices to protect against short circuits and static electricity.

In more sensitive areas:

Cable shielding can be employed to avoid interference.

Power line monitoring can be used to detect changes in frequency and voltage amplitude, warning of brownouts or spikes.

An emergency power off (EPO) switch can be installed to allow for the quick shutdown of power when required.

Backup Power and Cable Shielding (2 of 2)

Electrical cables should be placed away from powerful electrical motors and lighting.

Fluorescent lighting can cause radio frequency interference.

Principles of Computer Security, Fifth Edition

To prevent electromagnetic interference and voltage spikes, electrical cables should be placed away from powerful electrical motors and lighting.

Another source of power-induced interference can be fluorescent lighting, which can cause radio frequency interference.

Chapter Summary (1 of 2)

Describe how physical security directly affects computer and network security.

Discuss steps that can be taken to help mitigate risks.

Describe the physical security components that can protect your computers and network.

Identify environmental factors that can affect security.

Principles of Computer Security, Fifth Edition

Chapter Summary (2 of 2)

Identify the different types of fires and the various fire suppression systems designed to limit the damage caused by fires.

Explain electronic access controls and the principles of convergence.

Prevent disclosure through electronic emanations.

Principles of Computer Security, Fifth Edition