1 / 30

Information Systems Security

Information Systems Security. Physical Security Domain #4. Physical Security Areas. Threat Types Threat Sources Vulnerabilities Physical Organization Current Measures Physical Security Procedures Environmental Controls Physical Barriers. Threat Types. Environmental Malicious

jimbo
Télécharger la présentation

Information Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Systems Security Physical Security Domain #4

  2. Physical Security Areas • Threat Types • Threat Sources • Vulnerabilities • Physical Organization • Current Measures • Physical Security Procedures • Environmental Controls • Physical Barriers

  3. Threat Types • Environmental • Malicious • Accidental

  4. Layered Defense • Site Location • Physical and Procedural Methods • Physical Controls • Guard Post • Visitor Security • Delivery Security • Fire Control

  5. Fire Detection Systems • Ionization – Reacts to charged particles in smoke • Photoelectric – Reacts to changes in or blockage of light caused by smoke • Heat – Significant changes in ????

  6. Physical Controls • Fencing • Lighting • Locks • Mantraps • Dogs • Guards

  7. Location Consideration • Natural Disasters • Local Crime • Highway/airport access • Customer access • Joint tenants • Proximity to emergency services • Visibility????

  8. Construction Issues • Building Codes • Levels of fire resistance • Data Center Location • No basements or top floors • Controlled access • Do not use partitions

  9. Physical Controls • Locks • Conventional • Pick-resistant • Electronic key systems • Electronic combination lock

  10. Facility Access • Photo ID viewed by a guard • Biometric devices • Card badge reader • Proximity devices • User activated • System sensing • AVOID PIGGYBACKING • Use mantraps

  11. Fencing • 3-4 Feet – deters casual trespassers • 6-7 Feet – hard to climb easily • 8 Feet with 3 strands of barbed wire BEST • Powered Fences • PIDAS Fences • Perimeter Intrusion Detection and Assessment System

  12. Lighting • Required in critical areas • Ensure there are no dead zones • Two candle feet of power at eight feet high

  13. Guards • Best deterrent, but most expensive • Provides discriminating judgment • Watches for piggybacking and suspicious activity • Enforce regulations

  14. Types of Physical IDS • Electro-mechanical • Magnetic switches • Metallic foil in windows • Pressure mats • Volumetric • Vibration • Photoelectric • Ultrasonic and passive infrared

  15. Mobile Devices • Locking cable to anchor • Tracing software • Encryption • Biometric controls

  16. HVAC • Positive air pressure • Air goes out when doors are opened • Protect vent • Dedicated power lines • Emergency switch-off valves • Same rules for water supply

  17. Electrical Power • Dependable primary power source • Alternative power source • Generator • UPS (online and standby) • Additional feeder from substation • Power not always clean and constant • Voltage fluctuations

  18. Power Terms • Fault – momentary loss of power • Blackout – complete loss of power • Sag – momentary low voltage • Spike – momentary high voltage • Surge – prolonged high voltage • Noise – steady interfering disturbance • Transient – short noise disturbance

  19. Electrical Consideration • High Humidity • Can cause corrosion • Low Humidity • Can cause static electricity • Also use antistatic flooring in server areas • Wear antistatic bands when working on internal computer systems

  20. Recommendation • Computer room 60-75 Fahrenheit • Humidity 40% - 60% • 17,000 volts damages circuits

  21. Fire Prevention • Four legs of fire • Heat (Reduce Temperature) • Fuel (Remove fuel) • Oxygen (Remove oxygen) • Chemical Reaction (Disrupt chemical combustion)

  22. Fire Detection Systems • Configured to call fire station • Shuts down HVAC • On and above suspended ceilings • Below raised floors • In air ducts

  23. Fire Types

  24. Extinguishers • Halogenated • Used in place of water • FM-200 • Replacement for Halon • Carbon Dioxide • Does not damage sensitive devices • Dry Chemicals • Not effective against electrical fires

  25. Water Pipes • Wet Pipe • Always contains water • Can freeze in cold weather • Most commonly used • Dry Pipe • Water not in pipe • Released after delay • Allows system shut down before water release

  26. Water Pipes (contd) • Pre-action systems • Water released after a sprinkler head is melted • Deluge system • Sprinkler head is open • Releases a lot of water fast

  27. Extinguishers • Placed within 50 feet of electrical equipment • Inspected four times a year • Clearly marked • Easily reached • Filled with appropriate reagents

  28. Physical Intrusion Detection • Electrical Circuits • Light Beams • Passive IR • Ultrasonic

  29. Management Issues • Physical Security Audits • Drills • Internal Testing • Pen Testing • Maintenance Issues • Education and Training

More Related