Physical Security
Physical Security Controls
Functional Order of Security Controls
|
Control Type
|
Examples
|
|---|---|
|
Administrative:
Focused on policies and procedures.
|
Facility construction and selection; Site management; Personnel controls; Awareness training; Emergency response and procedure
|
|
Logical (Technical):
Deals with technological methods to enforce security.
|
Access controls; Intrusion detection systems; Alarms
|
|
Physical:
Tangible methods to prevent unauthorized access.
|
Fencing; Lighting; Locks; Construction materials; Mantraps; Guard dogs; Bollards; Security guards
|
Fencing Specifications
|
Objective
|
Imperial
|
Metric
|
|---|---|---|
|
Deter casual trespasser
|
3-4 feet
|
0.9-1.2 m
|
|
Challenging to climb
|
6-7 feet
|
1.8-2.1 m
|
|
Deter dedicated intruders
|
8 feet + barbed wire
|
2.4 m + barbed wire
|
Temperature & Humidity
|
Specification
|
Value
|
|---|---|
|
Ideal Temperature
|
60-75°F (15-23°C)
|
|
Damage Threshold
|
175°F (general devices) / 100°F (storage devices)
|
|
Ideal Humidity
|
40-60%
|
Extremely low humidity, even on non-static carpets, can generate a massive 20,000-volt static discharge.
Electrical Impacts
|
Term
|
Description
|
Example
|
|---|---|---|
|
Blackout
|
Extended loss of power
|
Power outage during a storm
|
|
Brownout
|
Sustained low voltage
|
Voltage drops due to grid overload
|
|
Fault
|
Brief loss of power
|
Disruption due to tripped breaker
|
|
Surge
|
Extended high voltage
|
Malfunctioning transformer
|
|
Spike
|
Brief high voltage
|
Lightning strike
|
|
Sag
|
Short-duration low voltage
|
Heavy equipment startup
|
Power may not always be clean or consistent. Electronic devices require consistent, clean power to function & avoid damage. A UPS (Uninterruptible Power Supply) can ensure clean power, and provide backup during power outages.
Lighting Specifications
|
Specification
|
Value
|
|---|---|
|
Height
|
8 feet
|
|
Illumination
|
2 foot-candles
|
Fire Classification and Suppression Agents
|
Fire Class
|
Type
|
Description
|
Suppression Material
|
Additional Notes
|
|---|---|---|---|---|
|
A
|
ASH
|
Fires involving common combustibles such as wood, paper, etc.
|
Water or soda acid
|
Most common type of fire. Soda acid: a mixture of sodium bicarbonate and sulfuric acid.
|
|
B
|
BOIL
|
Fires involving alcohol, oil, and other petroleum products.
|
Gas or soda acid
|
Never use water; it can spread the flammable liquid and worsen the fire.
|
|
C
|
CONDUCTIVE
|
Electrical fires fed by electricity, possibly occurring in equipment or wiring.
|
Non-conductive gases
|
Fire can transition to another class if electricity source is shut off.
|
|
D
|
DILITHIUM
|
Fires involving burning metals.
|
Dry powder
|
Less commonly known and can be hazardous if not properly addressed.
|
|
K
|
KITCHEN
|
Fires in kitchens, often involving burning oil or grease.
|
Wet chemicals
|
|
Fire extinguishers are categorized based on the types of fires they are designed to extinguish. Using the wrong type of extinguisher can be ineffective or even dangerous!
Fire Detection Systems
|
Detection Type
|
Description
|
|---|---|
|
Smoke Sensing
|
Detects the presence of smoke.
|
|
Flame Sensing
|
Recognizes the characteristics of flames.
|
|
Heat Sensing
|
Detects unusual increases in temperature.
|
Electromagnetic Interference (EMI):
-
Common Mode Noise:
-
Generated by the difference in power between the hot and ground wires of a power source operating electrical equipment.
-
Also generated by the difference between the hot and neutral wires of a power source operating electrical equipment.
-
Radio Frequency Interference (RFI):
-
This interference is generated by electrical appliances, light sources, electrical cables, circuits, and so on.
Static Voltage and Possible Damages:
|
Static Voltage (V)
|
Possible Damage
|
|---|---|
|
40
|
Destruction of sensitive circuits and other components
|
|
1000
|
Scrambling of monitor displays
|
|
1500
|
Destruction of hard drive data
|
|
2000
|
Abrupt system shutdown
|
|
4000
|
Printer jam or component damage
|
|
17000
|
Permanent circuit damage
|
Damage from Fire and Fire Suppression:
-
Descriptive Elements of a Fire: Components of a fire are not just limited to the visually evident smoke and heat. The medium used for suppressing the fire, like water or soda acid, also plays a role in post-fire assessments and damage control.
-
Smoke: Particularly detrimental to storage devices. The residue can interfere with device operations and contaminate sensitive components.
-
Heat: Has the potential to damage any electronic or computer component, causing them to malfunction or fail altogether.
-
Suppression Mediums: While essential for dousing flames, these can have unintended consequences. Water can cause short circuits, while other mediums might instigate corrosion or render equipment inoperative.
We should address all the potential damage, but remember that the number one concern should always be human safety.
Water Suppression Systems
|
System Type
|
Key Features
|
Description
|
Ideal For
|
|---|---|---|---|
|
Preaction
|
- Closed sprinkler heads - Pipes with compressed air
- Electrically operated valve
|
The system awaits two triggers: one for the detection system and another to activate the sprinkler.
|
Areas with both humans and computers
|
|
Wet Pipe
|
- Pipes filled with water
- Activates at a predefined temperature
|
A traditional system where water is always ready to discharge.
|
Standard indoor environments
|
|
Dry Pipe
|
- Closed sprinkler heads - Pipes with compressed air
- Valve controlled by air pressure
|
Water is released when the compressed air pressure drops.
|
Areas where water might freeze, e.g., parking garages
|
|
Deluge
|
- Open and large sprinkler heads
- Empty pipes at normal air pressure
- Controlled by a deluge valve
|
Designed to deliver a large quantity of water over a large area quickly.
|
High-hazard areas with rapid fire spread concerns
|
Water and electricity are a dangerous combination. Ensure power is cut off in the event of using water-based suppression systems near electrical equipment.
Gas Discharge Systems:
Effectiveness: Generally, gas discharge systems are more effective than water discharge systems for extinguishing fires.
Safety Concern: These systems function by removing oxygen from the environment. Hence, they should not be used in areas where people are present due to asphyxiation risks.
Halon:
-
Pros: Highly effective in suppressing fires.
-
Cons: Detrimental to the environment as it's ozone-depleting. Also, it becomes a toxic gas when heated to 900°F.
Given the environmental and health concerns of Halon, several replacements have been introduced:
|
FM-200 (HFC-227ea)
|
CEA-410 or CEA-308
|
NAF-S-III (HCFC Blend A)
|
|
FE-13 (HCFC-23)
|
Argon (IG55)
|
Argonite (IG01)
|
|
Inergen (IG421)
|
Aero-K
|
|
Lock Types
Remember what locks can be picked and which need to be bumped for the exam
| Lock Type | Authentication Type | Details | Picking Vulnerability | Bumping Vulnerability | Photo |
|---|---|---|---|---|---|
| Electronic Combination Locks (Cipher Locks) | Something you know | Requires a known combination | Not applicable | Not applicable | [Insert Photo] |
| Key Card Systems | Something you have | Requires a physical card | Not applicable | Not applicable | [Insert Photo] |
| Biometric Systems | Something you are | Uses unique human characteristics | Not applicable | Not applicable | [Insert Photo] |
| Conventional Locks (Pin Tumbler) | Traditional lock and key | Easily picked/bumped | Vulnerable | Vulnerable | [Insert Photo] |
| Pick and Bump Resistant Locks | Enhanced traditional lock | Harder to pick | More resistant | Some are bump-resistant | [Insert Photo] |
| Tubular Locks | Traditional lock and key | Requires specialized pick | Vulnerable | Less common | [Insert Photo] |
| Wafer Locks | Traditional lock and key | Similar to pin tumblers | Vulnerable | Less common but possible | [Insert Photo] |
| Disc-detainer Locks | Traditional lock and key | Requires specialized disc-picking tools | Vulnerable | Not typically susceptible | [Insert Photo] |
| Sidebar & High-Security (e.g., Medeco) | Enhanced traditional lock | Complex designs | More resistant | Some are bump-resistant | [Insert Photo] |
| Electronic and Smart Locks | Electronic authentication | Might be vulnerable to electronic hacking | Not applicable | Not applicable | [Insert Photo] |
"Picking" and "bumping" are both methods to compromise locks. Picking involves using tools to manipulate the pins inside a lock, while bumping involves inserting a specially-cut key into the lock and tapping it to force the pins to jump, allowing the lock to turn. Not all locks are vulnerable to both methods.
For the exam:
Know the different physical controls related to entry
Mantrap, Bollard, list others as a table that will come up on CISSP as a table if necessary
Site Selection and Facility Design
-
Site Selection:
- Visibility matters: assess the surrounding area, accessibility, and natural disaster risks.
- Be cautious about potential hazards: e.g., flooding or bad neighborhood locations.
-
Facility Design:
- Determine security needs before construction.
- Possible considerations: using bollards if ram raiding is a concern.
- Design secure workspaces.
- Unequal access: High-value areas should have restricted access.
- Place valuable and confidential assets at the heart or center of protection.
- Central servers/computers should prioritize security. Although human-compatible, prioritize safety measures, especially for fire suppression.
Physical Access Control Threats
- Access controls should be complemented with security guards or monitoring systems.
- Beware of abuses such as:
- Propping open secured doors.
- Bypassing locks or controls.
- Masquerading: using someone else's ID for access (e.g., contractors).
- Piggybacking: following someone through secured access without proper authorization.
Wiring Closet Security
- Central connection point for networking cables to equipment like patch panels, switches, and routers.
- Main focus: Prevent unauthorized physical access.
- Risks include theft, damage, or introducing eavesdropping devices. Software protections won't deter physical threats.
Visitor Protocols
- For restricted areas, establish clear visitor protocols.
- Typically assign an escort and monitor visitors closely.
- Track visitor actions to prevent malicious activity.
Media Storage
- Purpose: securely store blank, reusable, and installation media.
- Concerns: theft, data corruption, unintended data recovery.
- Protections:
- Locked cabinets/safes.
- Designated librarian or custodian.
- Check-in/out processes.
- Media sanitization.
Evidence Storage
- Use for retaining logs, drive images, snapshots for recovery, and investigations.
- Concerns: theft, unauthorized access.
- Protections:
- Locked storage.
- Isolated storage facilities.
- Offline storage.
- Access restrictions & activity tracking.
- Data hashing & encryption.
Audit Trails & Access Logs
- Tools for overseeing physical access control.
- Can be created manually (security guards) or automatically (smartcards/readers).
- CCTV can verify access logs; e.g., matching sign-in logs with visual records.
- Critical for post-incident reconstruction to understand the event sequence.