physical (environmental) securitynetseclab.mu.edu.tr/.../slides/03_physicalsecurity.pdf ·...
Post on 15-Apr-2020
4 Views
Preview:
TRANSCRIPT
2/24/15 Dr. Enis Karaarslan 1
Physical (Environmental)
SecurityMuğla UniversityComputer EngineeringDepartment
Netseclab.mu.edu.tr
3
-ITNS and CERIAS
CISSP Luncheon Series:
Physical (Environmental) Security
Scott L. Ksander
- Small changes by Dr. Enis Karaarslan
4
Physical Security
From (ISC)2 Candidate Information Bulletin:• The Physical (Environmental) Security
domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information. These resources include people, the facility in which they work, and the data, equipment, support systems, media, and supplies they utilize.
5
Physical Security
From (ISC)2 Candidate Information Bulletin:• The candidate will be expected to know the
elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.
6
Introduction
Threats to physical security include:• Interruption of services• Theft• Physical damage• Unauthorized disclosure• Loss of system integrity
7
Introduction
Threats fall into many categories:• Natural environmental threats (e.g., floods,
fire)• Supply system threats (e.g., power outages,
communication interruptions)• Manmade threats (e.g., explosions,
disgruntled employees, fraud)• Politically motivated threats (e.g., strikes,
riots, civil disobedience)
8
Introduction
Primary consideration in physical security is that nothing should impede (aksatmak) “life safety goals.”• Ex.: Don’t lock the only fire exit door from
the outside.
“Safety:” Deals with the protection of life and assets against fire, natural disasters, and devastating accidents.
“Security:” Addresses vandalism, theft, and attacks by individuals.
9
A Couple of Headlines
“California Telecom Knocked-Out By Low-Tech Saboteur”April 11th, 2009, http://tinyurl.com/datfv3Shortly before 1:30 a.m. on Thursday morning, four fiber-optic cables were severed in an underground vault along Monterey Highway in San Jose, Cal. About two hours later, another four were cut in San Carlos, followed by two more in San Jose shortly thereafter.
10
“Masked thieves storm into Chicago colocation (again!)”November 2nd, 2007, http://tinyurl.com/2pn32zThe recent armed robbery of a Chicago-based co-location facility has customers hopping mad after learning it was at least the fourth forced intrusion in two years. […] In the most recent incident, "at least two masked intruders entered the suite after cutting into the reinforced walls with a power saw," according to a letter C I Host officials sent customers. "During the robbery, C I Host's night manager was repeatedly tazered and struck with a blunt instrument. After violently attacking the manager, the intruders stole equipment belonging to C I Host and its customers." At least 20 data servers were stolen […]
11
BT Mayfair phone exchange raided by network hardware thieves leaving customers cut off”, September 12th, 2008, http://tinyurl.com/46mfsmf
Thieves have broken into a BT phone exchange in London's plush Mayfair and stolen an estimated £2m worth of communications equipment. The theft led to BT business customers and home users in the area being cut off from their phone and broadband internet services. […] They ripped out servers, routers and network cards, which can all fetch a high price on the black market.
12
‘Mysterious "Spy" Computer In [Iceland’s] Parliament Works Differently Than Being Reported, Tech Expert Says,’ January 20th, 2011, http://tinyurl.com/6ja62rq
An unmarked computer found in a spare room of [Iceland’s] parliament, and connected directly to parliament’s internet system, was most certainly planted there […] Any identifying serial numbers had been erased from the machine, nor were any fingerprints found, and its origins have not yet been traced. The police believed that the matter was the work of professionals.
13
Physical Security Planning
Physical security, like general information security, should be based on a layered defense model.
Layers are implemented at the perimeter(muhit) and moving toward an asset.
Layers include: Deterrence(caydırıcılık), Delaying, Detection, Assessment(değerlendirme), Response
14
Physical Security Planning
A physical security program must address:• Crime and disruption protection through deterrence
(fences, security guards, warning signs, etc.).• Reduction of damages through the use of delaying
mechanisms (e.g., locks, security personnel, etc.).• Crime or disruption detection (e.g., smoke
detectors, motion detectors, CCTV, etc.).• Incident assessment through response to incidents
and determination of damage levels.• Response procedures (fire suppression
mechanisms, emergency response processes, etc.).
15
Physical Security Planning
Crime Prevention Through Environmental Design (CPTED)• Is a discipline that outlines how the
proper design of a physical environment can reduce crime by directly affecting human behavior.
• Concepts developed in 1960’s.• Think: Social Engineering
16
Physical Security Planning
CPTED has three main strategies:• Natural Access Control• Natural Surveillance (gözetim)
• Territorial Reinforcement (bölgesel destek)
17
Physical Security Planning
Natural Access Control• The guidance of people entering and
leaving a space by the placement of doors, fences, lighting, and landscaping (peysaj)
• Be familiar with: bollards (bariyer), use of security zones, access barriers, use of natural access controls
18
Physical Security Planning
Natural Surveillance• Is the use and placement of physical
environmental features, personnel walkways, and activity areas in ways that maximize visibility.
• The goal is to make criminals feel uncomfortable and make all other people feel safe and comfortable, through the use of observation.
19
Physical Security Planning
Territorial Reinforcement• Creates physical designs that
highlight the company’s area of influence to give legitimate owners a sense of ownership.
• Accomplished through the use of walls, lighting, landscaping, etc.
20
Physical Security Planning
CPTED is not the same as “target hardening”
Target hardening focuses on denying access through physical and artificial barriers (can lead to restrictions on use, enjoyment, and aesthetics of the environment).
21
Physical Security Planning
Issues with selecting a facility site:• Visibility (terrain, neighbors, population of area,
building markings)• Surrounding area and external factors (crime
rate, riots, terrorism, first responder locations)• Accessibility (road access, traffic, proximity to
transportation services)• Natural Disasters (floods, tornados,
earthquakes)Ex. Telsim Communication Center in a valley that
can be affected in a flood ...
22
Physical Security Planning
Other facility considerations:• Physical construction materials and
structure composition» Be familiar with: load, light frame
construction material, heavy timber construction material, incombustible material, dire resistant material (know the fire ratings and construction properties).
23
Physical Security Planning
“Mantrap:” A small room with two doors. The first door is locked; a person is identified and authenticated. Once the person is authenticated and access is authorized, the first door opens and allows the person into the mantrap. The person has to be authenticated again in order to open the second door and access a critical area. The mantrap area could have a weight sensing floor as an additional control to prevent literal piggybacking.
24
25
26
Physical Security Planning
Automatic door lock configuration:
“Fail safe:” If a power disruption occurs, the door defaults to being unlocked.
“Fail secure:” If a power disruption occurs, the door defaults to being locked.
27
Physical Security Planning
Windows can also be used to promote physical security.
Know the different types of glass:• Standard• Tempered• Acrylic• Wired• Laminated• Solar Window Film• Security Film
28
Physical Security Planning
Consider use of internal partitions (bölüm-bölme) carefully:• True floor to true ceiling to counter
security issues• Should never be used in areas that
house sensitive systems and devices
29
Internal Support Systems
Power issues:• A continuous supply of electricity assures
the availability of company resources.• Data centers should be on a different power
supply from the rest of the building• Redundant power supplies: two or more
feeds coming from two or more electrical substations
30
Internal Support Systems
Power protection:• UPS Systems
» Online UPS systems» Standby UPS System
• Power line conditioners• Backup Sources
31
Internal Support Systems
Other power terms to know:• Ground• Noise• Transient Noise• Inrush Current• Clean Power• EMI• RFI
32
Internal Support Systems
Types of Voltage Fluctuations• Power Excess
» Spike» Surge
• Power Loss» Fault » Blackout
• Power Degradation» Sag/dip» Brownout» Inrush Current
33
Internal Support Systems
Environmental Issues• Positive Drains (boşaltma-kurutma)
• Static Electricity• Temperature
34
Internal Support Systems
Environmental Issues: Positive Drains• Contents flow out instead of in• Important for water, steam, gas lines
35
Internal Support Systems
Environmental Issues: Static Electricity• To prevent:
» Use antistatic flooring in data processing areas
» Ensure proper humidity» Proper grounding» No carpeting in data centers» Antistatic bands
36
Internal Support Systems
Environmental Issues: Temperature• Computing components can be
affected by temperature:» Magnetic Storage devices: 37.778ºC» Computer systems and peripherals:
79.444ºC» Paper products: 176.67ºC
37
Internal Support Systems
Ventilation• Airborne (havadan) materials and particle
concentration must be monitored for inappropriate levels.
• “Closed Loop”• “Positive Pressurization”
38
Internal Support Systems
Fire prevention, detection, suppression
“Fire Prevention:” Includes training employees on how to react, supplying the right equipment, enabling fire suppression supply, proper storage of combustible elements
“Fire Detection:” Includes alarms, manual detection pull boxes, automatic detection response systems with sensors, etc.
“Fire Suppression:” Is the use of a suppression(bastırma) agent to put out a fire.
39
Internal Support Systems
American Society for Testing and Materials (ASTM) is the organization that creates the standards that dictate how fire resistant ratings tests should be carried out and how to properly interpret results.
40
Internal Support Systems
Fire needs oxygen and fuel to continue to grow.
Ignition sources can include the failure of an electrical device, improper storage of materials, malfunctioning heating devices, arson, etc.
Special note on “plenum areas:” The space above drop down ceilings, wall cavities, and under raised floors. Plenum areas should have fire detectors and should only use plenum area rated cabling.
41
Internal Support Systems
Types of Fire:• A: Common Combustibles
» Elements: Wood products, paper, laminates» Suppression: Water, foam
• B: Liquid» Elements: Petroleum products and coolants» Suppression: Gas, CO2, foam, dry powders
• C: Electrical» Elements: Electrical equipment and wires» Suppression: Gas, CO2, dry powders
• D: Combustible Metals» Elements: magnesium, sodium, potassium» Suppression: Dry powder
• K: Commercial Kitchens» Elements: Cooking oil fires» Suppression: Wet chemicals such as potassium acetate.
42
Internal Support Systems
Types of Fire Detectors• Smoke Activated• Heat Activated
• Know the types and properties of each general category.
43
Internal Support Systems
Different types of suppression agents:• Water• Halon and halon substitutes• Foams• Dry Powders• CO2• Soda Acid
• Know suppression agent properties and the types of fires that each suppression agent combats
• Know the types of fire extinguishers (A,B,C, D) that combat different types of fires
44
Internal Support Systems
Types of Sprinklers• Wet Pipe Systems (aka Closed Head
System)• Dry Pipe Systems• Preaction Systems• Deluge(yağdırma) Systems
45
Perimeter Security
The first line of defense is perimeter control at the site location, to prevent unauthorized access to the facility.
Perimeter security has two modes:• Normal facility operation• Facility closed operation
46
Perimeter Security
Proximity protection components put in place to provide the following services:• Control of pedestrian and vehicle traffic• Various levels of protection for different
security zones• Buffers and delaying mechanisms to
protect against forced entry• Limit and control entry points
47
Perimeter Security
Protection services can be provided by:• Access Control Mechanisms• Physical Barriers• Intrusion Detection• Assessment• Response• Deterrents
48
Perimeter Security
Fences are “first line of de’fence’” mechanisms. (Small Joke!)
Varying heights, gauge(ölçek), and mesh provides security features (know them).
Barbed wire direction makes a difference.
49
Perimeter Security
Perimeter Intrusion Detection and Assessment System (PIDAS):
• A type of fencing that has sensors on the wire mesh and base of the fence.
• A passive cable vibration sensor sets off an alarm if an intrusion is detected.
50
Perimeter Security
Gates have 4 distinct types:• Class I: Residential usage• Class II: Commercial usage, where general
public access is expected (e.g., public parking lot, gated community, self storage facility)
• Class III: Industrial usage, where limited access is expected (e.g., warehouse property entrance not intended to serve public)
• Class IV: Restricted access (e.g., a prison entrance that is monitored either in person or via CCTV)
51
Perimeter Security
Locks are inexpensive access control mechanisms that are widely accepted and used.
Locks are considered delaying devices.
Know your locks!
52
Perimeter Security
Types of Locks• Mechanical Locks
» Warded & Tumbler• Combination Locks• Cipher Locks (aka programmable locks)
» Smart locks• Device Locks
» Cable locks, switch controls, slot locks, port controls, peripheral switch controls, cable traps
53
54
55
56
Perimeter Security
Lock Strengths:• Grade 1 (commercial and industrial use)• Grade 2 (heavy duty residential/light duty
commercial)• Grade 3 (residential and consumer expendable)
Cylinder Categories• Low Security (no pick or drill resistance)• Medium Security (some pick resistance)• High Security (pick resistance through many
different mechanisms—used only in Grade 1 & 2 locks)
57
Perimeter Security
Lighting• Know lighting terms and types of lighting to
use in different situations (inside v. outside, security posts, access doors, zones of illumination)
• It is important to have the correct lighting when using various types of surveillance equipment.
• Lighting controls and switches should be in protected, locked, and centralized areas.
58
Perimeter Security
“Continuous lighting:” An array of lights that provide an even amount of illumination across an area.
“Controlled lighting:” An organization should erect lights and use illumination in such a way that does not blind its neighbors or any passing cars, trains, or planes.
“Standby Lighting:” Lighting that can be configured to turn on and off at different times so that potential intruders think that different areas of the facility are populated.
“Redundant” or “backup lighting:” Should be available in case of power failures or emergencies.
“Response Area Illumination:” Takes place when an IDS detects suspicious activities and turns on the lights within the specified area.
59
Perimeter Security
Surveillance Devices• These devices usually work in
conjunction with guards or other monitoring mechanisms to extend their capacity.
• Know the factors in choosing CCTV, focal length, lens types (fixed v. zoom), iris, depth of field, illumination requirements
60
61
Perimeter Security
“Focal length:” The focal length of a lens defines its effectiveness in viewing objects from a horizontal and vertical view.
The sizes of images that will be shown on a monitor along with the area that can be covered by one camera are defined by focal length. • Short focal length = wider angle views• Long focal length = narrower views
62
Perimeter Security
“Depth of field:” Refers to the portion of the environment that is in focus
“Shallow depth of focus:” Provides a softer backdrop and leads viewers to the foreground object
“Greater depth of focus:” Not much distinction between objects in the foreground and background.
63
Perimeter Security
Intrusion Detection systems are used to detect unauthorized entries and to alert a responsible entity to respond.
Know the different types of IDS systems (electro-mechanical v. volumetric) and changes that can be detected by an IDS system.
64
Perimeter Security
Patrol Force and Guards• Use in areas where critical reasoning
skills are required
Auditing Physical Access• Need to log and review:
» Date & time of access attempt» Entry point» User ID» Unsuccessful access attempts
65
Physical Security
Final Concept to Guide in Assessing Physical Security Issues on Exam:• Deterrence• Delay• Detection• Assessment• Response
66
Physical Security
Resources• All in One Book (Shon Harris, 2005)• Official (ISC)² Guide to the CISSP CBK
((ISC)², 2006)
67
BONUS
Physical Security: Managing the Intruder
http://resources.infosecinstitute.com/physical-security-managing-intruder/
68
Tempest Standard
TEMPEST is a National Security Agency specification and NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations.
TEMPEST covers both methods to spy upon others and also how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC)
While much of TEMPEST is about leaking electromagnetic emanations, it also encompasses sounds or mechanical vibration.
http://en.wikipedia.org/wiki/Tempest_%28codename%29
69
70
71
The rest is summarized from:
“Physical Security of Advanced Network and Systems Infrastructure”
Joe St Sauver, Ph.D.
http://pages.uoregon.edu/joe/physical-security/
72
Fiber Cuts
Help minimize the risk of unintentional damage to buried fiber by taking appropriate steps, including insuring that:-- all buried facilities are well-documented as actually constructed-- easily visible “buried cable” posts or signs are installed where appropriate or required-- you (or your service agent) subscribe to your state’s call-before- you-dig one-call utility notification center, and you make timely response to all relevant locate-and-mark requests-- any non-conductive/otherwise hard to locate facilities are buried with a tracer wire or conductive marking tape (this may be a legal requirement in some states, e.g., ORS 952-001-0070)
73
The Downside of Transparency
At the same time we recognize and accept the need to be transparent about where fiber is located in an effort to avoid the problem of accidental fiber cuts, potential bad guys might also be interested in our fiber deployments. For example:
-- Are there critical choke points, such as bridges across major rivers or tunnels through large mountain ranges, where virtually all fiber follows a common path out of necessity?-- Are there unmonitored access points (manholes, hand holes, fiber pedestals, etc.) where an attacker might be able to gain access to your fiber without being detected?
Obviously you need to balance the need to provide enough information to avoid accidents, while simultaneously avoiding giving your enemies a “blueprint” for how to best attack you.
74
Architecting and Building for High Availability
● One way you can improve the physical security of your network is by adding redundancy, excess capacity, and resiliency to it.
● Your network should be architected and constructed so that there are no choke points or “single points of failure” -- loss of any single link or piece of gear should NOT result in an outage! Think, “We must always have redundant paths over diverse facilities!”
●
75
● Moreover, you must also have enough spare capacity on failover links so that if you do end up needing to actually use them, they won’t be congested (or you need a plan to selectively shed load).
● You also want to work to ensure that if an outage does occur, you can recover from it in a timely fashion. For example, are you continually monitoring your network and maintaining adequate local spares?
● Of course, the downside of all this is that high availability comes at a cost (“you can get whatever level of availability you can afford”).
76
Alternatives to Locks and Keys
● Many facilities have moved to key cards (swipe cards, prox cards, etc.) and/or biometrics as an alternative to traditional locks & keys
● Key cards offer distinct advantages over traditional keys:-- key cards can be integrated into user site IDs/badges -- key card use can be tracked, while use of a key leaves no audit trail or record-- key cards can be programmed to work only during particular days or particular periods of time, while keys work all the time-- many key card systems can be configured to require “two factors” (e.g., you must use your key card AND enter a PIN code)-- upon termination, a key card can be instantly canceled with no need to manually rekey the system, etc.
● Biometrics are another alternative for particularly high security facilities, however relatively high costs, false negatives, and user acceptance issues still limit their deployment.
77
Network Operational Continuity in a Disaster
● Would your network continue to operate if your primary network operations center was hit by a major disaster, such as an earthquake?
● We can tease apart two issues here:-- Will you have a functional NOC, post-disaster?-- And will your remote network equipment continue to operate?
● These days, realistically speaking, you will likely want full replication of your NOC at an out-of-region location if you want to be able to continue to operate your network after a major disaster.
● That replicated NOC will need both trained and ready-to-go network engineers and NOC staff, as well as replicated servers and live current copies of all NOC databases. We recognize that this is a potentially expensive proposition, but one that we think deserves serious consideration.
78
Miscellaneous Items: Personnel Controls
● Personnel vetting and related controls are often viewed as a key part of physical security because on-site personnel enjoy unique physical access to site facilities.
● Historically universities have rarely done background checks on their employees, however, that practice has been evolving over time, particularly for system and networking staff members having effectively unlimited access to the University’s infrastructure.
● As staffs are beefed up to support BTOP/US-UCAN activities, don’t neglect personnel background checks in your eagerness to fill some of those hard-to-fill positions!
● Be sure to discuss any planned background checks with your Human Resources Department, since specific notice and consent requirements or other limitations may apply.
79
Outputs: Dumpster Diving and Surplus Equipment
● Historically, many crackers got their start by fishing interesting computer and networking gear out of corporate dumpsters (a fine art normally known as “dumpster diving”). Even today, it is still important to pay attention to how you handle your trash.
● Today, there’s much more emphasis on recycling, and that’s laudable, but any storage media in surplus equipment needs to get wiped before that gear gets sold or otherwise disposed of, and sensitive documents need to be shredded or sequestered in a confidential document disposal container for approved disposal.
● Speaking of confidential document disposal containers, it is routine for those “wheelie” cans to live in mailrooms or corridor areas, locked to prevent browsing of discarded confidential documents, but often not living chained down. Presumably the unauthorized removal of a full confidential document disposal container would be a disconcerting event, so be careful!
80
81
Network Confidentiality and Fiber Taps
Proactively and continually monitor your network links for any brief outages (which might be associated with the introduction of splitters or other unauthorized network elements). At the most basic, this can be done by sending/continually monitoring an ongoing “heartbeat” signal.More sophisticated units (as used to protect federal classified networks such as SIPRNet and JWICS), are also available if appropriate (see http://www.networkintegritysystems.com/ )You may also want to periodically characterize your deployed fiber with an OTDR (optical time-domain reflectometer) to identify any “unexpected physical anomalies” which may have “developed.” (Macrobends may be enough for data interception)
82
Live Open Ethernet Jacks/Ports
- Live open ethernet jacks/ports to which random people can plug in systems. Sometimes this even includes unlocked wiring closets, or publicly touchable routers, switches, or other network equipment.Some options to consider:-- only heat up jacks on request, or at least disable jacks in hallways and empty offices by default-- require authentication for most physical ethernet connections the same way you do for wireless connections-- consider locking unused jacks and installed patch cables (e.g., see www.rjlockdown.com, but remember that Torx screwdriver bits are publicly available and recognize that jack plates can still be removed or patch cables cut and reterminated for access)
83
84
The end :)
top related