1 / 19

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems. Physical Security . Physical Security. Physical Security Plan Elements of Physical Security Environmental Threats Physical Access Theft Backups Printouts Unattended Terminals. Physical Security Plan. List of physical assets to be protected

cree
Télécharger la présentation

CIT 380: Securing Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIT 380: Securing Computer Systems Physical Security CIT 380: Securing Computer Systems

  2. Physical Security • Physical Security Plan • Elements of Physical Security • Environmental Threats • Physical Access • Theft • Backups • Printouts • Unattended Terminals CIT 380: Securing Computer Systems

  3. Physical Security Plan • List of physical assets to be protected • Descriptions • Replacement cost (hardware + data) • Locations of physical assets • Description of security perimeter(s) • Holes in perimeter (doors, windows, etc.) • Multiple perimeter example: • Outermost: campus • Outer: building • Inner: server room • Threats that you’re protecting against • Security defenses CIT 380: Securing Computer Systems

  4. Elements of Physical Security • Determent • Convince people not to attack. • Detection • Alarms, guards, and other means of detecting attacks. • Delay • Elements that slow down an attacker, e.g. locks & safes. • Response • Guards or a call to the police. CIT 380: Securing Computer Systems

  5. Environmental Threats: Fire • Dangers: • Flames • Heat • Smoke • Water • Defenses • Gas-charged extinguishers • Dry-pipe water sprinkler systems CIT 380: Securing Computer Systems

  6. Environmental Threats: Temperature • Most computer systems need 50-90F • Dangers: • Cold: thermal shock on power-on, cracking ICs/boards. • Hot: unreliability, then system failures as heat increases. • Defenses • Air-conditioning system • Good air circulation • Temperature alarm system CIT 380: Securing Computer Systems

  7. Environmental Threats: Water • Humidity • Below 20% static discharge becomes a problem. • Must remain below dew point to avoid condensation on chilled surfaces. • Defenses: • Humidifier/de-humidifier • Humidity alarm • Water • Defenses: • Keep drinks away from computers. • Alarm at low level of flooding. • Automatic power shut-off at higher level. CIT 380: Securing Computer Systems

  8. Environmental Threats: Electrical • Electrical Noise • Motors, fans, even vacuum cleaners can generate electrical surges. • Defenses: • UPS with power line filter • Anti-static mats • Lightning • Defenses • Turn off computer systems during lightning storms. • Surge suppressors may help for distant strikes. CIT 380: Securing Computer Systems

  9. Environmental Threats • Dust • Collects on drive heads and degrades media by abrasion. • Dust is slightly conductive and can cause circuit boards to short and fail if much accumulates. • Defenses: • Air Filtering Systems • Vacuuming • Vibration • Can work circuit boards out of sockets and drive heads out of alignment over time. • Defenses: • Rubber or foam mat. CIT 380: Securing Computer Systems

  10. Physical Access • Raised floors/dropped ceilings • If internal walls do not extend above dropped ceilings and below raised floors, computer room door security can be easily bypassed. • Air ducts • Serve computer room with many small air ducts. • Weld screens over air vents or within air ducts. • Motion detectors. • Glass walls • Easy to break—avoid them. CIT 380: Securing Computer Systems

  11. Network Cabling • Threats • Wiretapping/monitoring • Cutting • Connecting to AC power • Defenses • Run through steel conduits, not open trays. • Double-walled conduits with pressurized gas between layers; alarm if pressure falls. CIT 380: Securing Computer Systems

  12. Alarms • Sensor types • Vibration detectors • Video cameras • Motion sensors • Infrared (body heat) detectors • False alarms • Causes • Weather (thunder, lightning, wind) • Created by attacker • Degrade response • guards/police will ignore alarms if too many false. CIT 380: Securing Computer Systems

  13. Theft • Reasons: • Resale • Access to stored information • Targets • Laptops • Components: RAM, CPUs, hard disks • PCs/servers CIT 380: Securing Computer Systems

  14. Theft Defenses • Limit physical access. • Keep critical systems in high security areas. • Case locks to prevent access to components. • Laptop locks to lock laptop to desk. • Visible equipment tags with serial numbers. • Phone-home software for tracing. • Encryption of information. CIT 380: Securing Computer Systems

  15. Backups • Protect availability of information. • Offer potential for confidentiality violation. CIT 380: Securing Computer Systems

  16. Backups • Defenses: • Secure in safe after creation. • Periodically move to secure offsite storage. • Verify that you can restore data from backups. • Verify old backups periodically too. • Encrypt data on backup tapes. • Bulk erase tapes to destroy data before disposal. CIT 380: Securing Computer Systems

  17. Printouts • Provide availability when computers down. • Potential for confidentiality violation. • Dumpster diving • Defenses • Separate wastebaskets for confidential/unclassified information. • Paper shredding • Expensive shredding recovery services exist. CIT 380: Securing Computer Systems

  18. Unattended Terminals • Offer anonymous attacker access • Defenses: • Auto-logout shells or daemons • Automatic screen locking • Boot only from hard disk • BIOS password to protect boot settings • Case lock to prevent battery removal or BIOS chip replacement CIT 380: Securing Computer Systems

  19. Key Points • Physical security is an essential component of computer security. • Many systems are more vulnerable to physical threats than system/network attacks. • Elements of Physical Security • Determent • Detection • Delay • Response • Backups are a defense against many threats, but must be defended themselves. CIT 380: Securing Computer Systems

More Related