1 / 48

Chapter 6 Physical Security

Chapter 6 Physical Security. "Life's like a boom-a-rang. The more good you throw out, the more you receive in return." -- Josh S. Hinds   Prepared by: SITI ZAINAH ADNAN If you do have any feedback or comment, please feel free to email me at sitizai@hotmail.com

calum
Télécharger la présentation

Chapter 6 Physical Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6Physical Security "Life's like a boom-a-rang. The more good you throw out, the more you receive in return." -- Josh S. Hinds   Prepared by: SITI ZAINAH ADNAN If you do have any feedback or comment, please feel free to email me at sitizai@hotmail.com Your cooperation is very much appreciated !

  2. Chapter 6Physical Security TOPICS • Introduction • Perils • Natural • Human Vandals • Interception • Unauthorised Access and Use • Natural Disasters • Resumption after Crisis • Intruders • Disposal of Sensitive Media • Control of Access to Computers • Biometrics

  3. References • Book (available at the Informatics library) • Notes (available at IVC)

  4. Introduction • Used to describe protection provided outside the computer system from: • Direct attack (guards, locks, fences) • Less direct disaster • Many good physical security measures result from just good common sense.

  5. Perils • Natural • Can be flooded, burned and destroyed by earthquakes,storms and tornadoes • As computers are sensitive to operating environment, excessive heat or inadequate power is also a threat. • Since these perils cannot be prevented or predicted, controls should focus on limiting damages andrecovering from disaster.

  6. Perils • Natural • Issues to be considered in physical security regarding disaster recovery include: • The costof replacing equipment • Thespeedwith which equipment can be replaced. • The need for available computing power and • The costof difficulties in replacing data and programs.

  7. Perils • Human Vandals • Computers and media are more sensitive and easy for destruction • Attacker can be people off the street, disgruntled employees, bored operators (do for excitement) or saboteurs. • These attack implementation would not attract attention until the attack has been completed. • Attack can be: • Crude (use axes by unskilled vandal, often being seen and stopped • Subtle (short circuit PC )

  8. Perils • Interception • One of the serious problem with computer system. • This attack requires no direct connection - read data from computer away from the organisation • Person needs only a moderate knowledge of electronics for this attack.

  9. Unauthorised Access and Use • Distributed computing system becomes more prevalent, protecting them is difficult and more important. • Interception is one form of unauthorised access (is a passive attack). • Protection is needed both to prevent unauthorised access and to verify users identity.

  10. Natural Disasters • It is impossible to prevent natural disasters. • But possible toreduce the damage they inflict. • Examples; flood, fire, lighting, earthquakes, power loss and heat. • The following sections provides a brief and basic suggestions to minimise the loss or damage from natural disaster:

  11. Natural Disasters • Fire and Smoke: • Install smoke detectors near equipment and check them periodically. • Keep fire extinguishers in and near computer rooms, and be sure every one knows they are there. • Enforce no-smoking policies; these are also important to controlling smoke, another hazard to computers.

  12. Natural Disasters • Climate: • Keep temperatures approximately at 10-26 degrees Celsius. • Keep the humidity level at 20-80 percent. • Equip heating and cooling systems with air filters to protect against dust.

  13. Natural Disasters • Earthquakes and Vibration: • Keep computers away from glass windows and high surfaces. • Be sure that if strong vibration occurs, other objects won’t fall on computers. • Water (Flood): • Install a water sensor on the floor near computer. • If computer does get wet, let it dry thoroughly before attempting to turn it on again.

  14. Natural Disasters • Electricity: • Computer will suffer if it gets too much or too little electricity. • For best results, install an uninterruptable power supply (UPS). • Install a line filter on computer’s power supply.

  15. Natural Disasters • Lightning: • If a lightning storm hits, try to turn off the computer andunplugit. Lightning generates an enormous power surge. • Protect the backup from the magnetic field created by the lightning.

  16. Resumption After Crisis • The key to successful recovery is adequate preparation. • Computing systems are easily replaced by the off-the-shelf systems. • Dataand locally developed programs aremore vulnerable. • Need to use recovery methods - backup, off-site backup, cold site and hot site.

  17. Intruders • Authorised access prevents knowledgeable users. • Another class of unauthorised access is the physical presence of people who are not even users (unauthorised visitors) • Unauthorised visitors can cause three problems: 1. Theft of machinery or data 2. Destruction of machinery and 3. Viewing of sensitive data

  18. Intruders • Hints for keeping Intruders Out: • Dropped ceilings: Be sure the walls extend above the dropped ceiling so intruders can’t climb over the walls. • Raised floors: Be sure the walls extend down beyond the raised floor so intruders can’t crawl under the raised floor. • Air ducts: Be sure the air ducts are small enough to intruders can’t crawl through them. • Glass walls: They are too easy to break and easily get access to sensitive information. So, don’t use glass wall • Network connections: Intruders can cause damage by unplugging or cutting cables, also opens up the possibility of wiretapping. So, hide the n/w connection

  19. Disposal of Sensitive Media • A draft copy of a confidential report and magnetic media and even printer ribbon may disclose sensitive data. • Several ways to destroy data on all form of media are (from unauthorised visitor): • Draft copy - shredders (machine which tears paper into very small pieces) • Magnetic media - overwriting magnetic media, degaussor (device used to erase magnetic media). • Printer ribbon - dispose it and do not leave it unattended

  20. Control of Accessto Computers • There is no secure access control systems for stored program or data. • Need to use add-on access control packages developed for low degree of protection. • Network access control makes sure network hosts continually assure the authenticity of other hosts on network. • Examples • Mainframe data access control software, • Microcomputer access control hardware/software, • Store file encryptors and network penetration detectors.

  21. Environmental Issues • Computers require proper environment conditions to function correctly at peak efficiency • However, always over-looked • Frequently elusive challenges are: 1) Power problems - power overage, power underage, power quality 2) Electrostatic Discharge (ESD) problems 3) Electromagnetic Interference (EMI) problems 4) Radio Frequency (RFI) problems 5) Climate problems

  22. Environmental Issues 1) Power problems • Line Voltage: • Alternating current (AC) is the main power to computer devices • Has 110 volts and change polarity 60 times a second (60 Hertz) • Deviation from the values creates computer devices problems

  23. Voltage Time Environmental Issues • Power Overage • Too much power is coming into the computer in two forms: • Power Spike - power level rises above normal levels and drops back to normal in less than one second

  24. Voltage Time Environmental Issues • Power Surge - power level rises above normal levels and stays there for more than one or two seconds. More damaging than spikes

  25. Environmental Issues • Surge Protectors • Special electronic circuit monitors the incoming voltage level • Trips a circuit breaker when the voltage is over voltage threshold • Problems: • The threshold set is too high to be safe • By the time circuit breaker trips, some over voltage has gotten to the power supply of computer and damaging it • Surge protectors doesn’t protect against power surges and spikes lower then the threshold

  26. Environmental Issues • Line Conditioners • Uses several electronic circuit to “clean” all power coming into it • Uninterruptible Power Supply (UPS) uses a battery and power inverter to run the computer equipment

  27. Environmental Issues • Power Underage • Power level drop below the standard voltage • Types of problem: • Sag • Brownout • Blackout

  28. Voltage Time Environmental Issues • Sag • An inverted spike • Occur when power levels drop below normal and rise back to normal within a brief of time (usually less than a second) • e.g. a light flicker off and then on although the computer might reboot

  29. Voltage Time Environmental Issues • Brownout • Occurs when power drops below normal levels for several seconds or longer • An inverted surge • e.g. the light in room will dim for a short while and then come back to full brightness

  30. Voltage Time Environmental Issues • Blackout • A total loss of power for several seconds/minutes/hours

  31. Environmental Issues • Power Quality • Indicates that stray frequencies have entered the power supply through the power cord • Can cause strange problems (e.g. intermittent reboots or hangs) and damage power supply • Detected using oscilloscope • UPS and Line Conditioner used to avoid it

  32. Environmental Issues 2) Electrostatic Discharge (ESD) problem • Occurs when two items with dissimilar static electrical charges are brought together • Static electrical charges will “jump” from the item with more electrons and it is seen as an electrical spark • It can damage electronic components bcoz the several thousand electrons moving thru delicate circuit junctions of silicon chips render the chip useless • E.g. Walking across a nylon carpet in cotton socks created an immense static charge. If we are using the computer, the static charge may jump from our finger to the keyboard and may damage the device

  33. Environmental Issues 3) Electromagnetic Interference (EMI) problem • Occurs when magnetic fields intersect network or computer cables, causing interfering in that cable • e.g. motors, transformer - source of EMI • It’s a mistake to run network cable thru an elevator shaft or thru a ceiling that hides a bank of transformers in fluorescent light • Protected by: • Using shielded cable or fibre optic • Moving cable far away from EMI source

  34. Environmental Issues 4) Radio Frequency Interference (RFI) problem • Occurs when radio signals interfere with the normal operation of electronic circuits • e.g. television and radio transmitters, radios and cellular phones • To protect, we can use: • Shielded network cables - shielded twisted-pair (STP), coaxial cable - to reduce the effect • Fibre-optic - immune to EMI and RFI but more expensive

  35. Environmental Issues 5) Climate Problems • Computer devices are very sensitive to temperature extremes and can fail prematurely • Environment should be roughly the same as human beings • Keeptemperature at 70 F (10-26 degrees Celsius) consistently and humidity between 40 and 60 percent • Excessive heat can damage electronic components • But it’s challenging as computer devices constantly generate heat

  36. Environmental Issues • To maintain the condition: • Provide special climate controlled network room • Never put servers in a network closet without ventilation • Never put an electronic device in front of a heart source

  37. Biometrics • Is the use of unique characteristics to provide positive personal identification: • Physiological - physical traits that are direct part of our body, study of how bodies of living things and their various parts work (e.g. fingerprint, retina) • Behavioural - based upon of what we do, structure / formation objects (language, animal) - voice pattern, signature • Morphological- based upon of movement of our activities, e.g. keystroke pattern)

  38. Biometrics • Systems available today (current) examine: • Fingerprints • Handprints • Retina patterns • Voice patterns • Signature • Keystroke patterns.

  39. Biometrics • Devices proposed (future): • Footprints • Lip prints • Wrist vein patterns • Brainwaves • Skin oil characteristics • Facial geometry • Weight / gait patterns

  40. Biometrics • Surveys indicate that in order of effectiveness, biometrics devices rank as follows (most secure to least secure). • Retina pattern devices • Finger print devices • Hand print devices • Voice pattern devices • Keystroke pattern devices • Signature devices • In order of personal acceptance, the order is just the opposite.

  41. Biometrics • Retina Patterns: • Everybody has a unique retinal vascular pattern. • Examine the unique characteristics of an individual’s retina and use that information to determine the access. • System uses an infrared beam to scan retina and produces digital profile of blood vessel patterns in the retina. • Newer systems also perform iris and pupil measurements. • Of all the biometrics system, retina system are the most threatening one.

  42. Biometrics • Fingerprints: • Everybody has a unique set of fingerprints. • Examine the unique characteristics of an individual’s fingerprints and use that information to determine the access. • System will scan the fingerprint information to the computer for analysis. • Sophisticated systems performs a three dimensional analysis of fingerprint including pulse. • Slower than other types of biometrics systems. • Burns and other physical problems can affect the system’s ability to match fingerprints.

  43. Biometrics • Handprints: • Everybody has a unique handprints. • Examines the unique measurements of hand and use that information to determine the access. • Handprint information is is digitised and compared against a stored handprint template. • Handprint systems are said to be less reliable than fingerprint systems.

  44. Biometrics • Voice Patterns: • Everybody has a unique vocal and acoustic pattern. • Examine phonetic and linguistic patterns and use that information to determine the access. • System converts the acoustic strength of a speaker’s voice into component frequencies and analyse how they are distributed. • Their ability to work properly depends to some extent on the physical condition of the larynx. • Respiratory diseases, injuries stress and background noises may affect the system’s ability to match a voiceprint.

  45. Biometrics • Keystrokes Patterns: • Everybody has a unique pattern or rhythm of typing. • Examine the speed and timing of typing during the login process, and compare it to the keystroke template stored. • It may win wide acceptance, because keystroke verification may be built in ordinary login process.

  46. Biometrics • Signature and Writing Patterns: • Everybody has a unique signature and signature-writing pattern. • System converts signature into a set of electrical signals that store the dynamics of the signing process. • Also analyse various timing characteristics, such as pen-in-air movements that are unique. • Very well accepted and also much cheaper than any other biometrics systems.

More Related