dr. bhavani thuraisingham the university of texas at dallas (utd) june 2011 physical (environmental)...
TRANSCRIPT
Dr. Bhavani ThuraisinghamThe University of Texas at Dallas (UTD)
June 2011
Physical (Environmental) Security
Domain Agenda• Site and Facility Design Criteria• Perimeter Security • Building and Inside Security• Secure Operational Area
Site Location Considerations• Emergency services• Hazards/ threats• Adjacency
Threats to Physical Security• National / environmental• Utility systems• Human-made/ political events
Threat Sources and ControlsThreat
• Theft• Espionage• Dumpster diving• Social engineering• Shoulder surfing• HVAC access
Controls• Locks• Background checks• Disposal procedures• Awareness• Screen filters• Motion sensors in
ventilation ducts
Domain Agenda• Site and Facility Design Criteria• Perimeter Security • Building and Inside Security• Secure Operational Area
Perimeter and BuildingBoundary Protections
• First line of defense• Protective barriers
– Natural– Structural
Fences• Federal, state or local codes may apply• Parking should not be allowed near fences
Controlled Access Points• Gates are the minimum necessary layer• Bollards
Perimeter Intrusion Detection Systems• Detect unauthorized access into an area
– Electronic ‘eyes’
• Note that some perimeters IDSs can function inside the perimeter as well.
Types of Lighting• Continuous lighting• Trip lighting• Standby lighting• Emergency exit lighting• Emergency egress lighting
Access and Visitor Logs and More Rigorous forms of Logging
ABC CompanyEntrance:___________________ Date:________________
Name Institution Name of Person VisitingTime In Time
Out
Closed Circuit Television (CCTV)• CCTV Capability Requirements
– Detection– Recognition– Identification
• Mixing Capabilities• Virtual CCTV Systems
Guards and Guard Stations• Guards
– Deterrent– Possible liability
• Guard stations
Domain Agenda• Site and Facility Design Criteria• Perimeter Security • Building and Inside Security• Secure Operational Area
Doors• Isolation of critical areas• Lighting of doorways• Contact devices• Guidelines
Building Entry Point Protection• Locks• Lock components
– Body– Strike– Strike plates– Key– Cylinder
Types of Locks• Something you have – Keyed• Something you know – Combinations• Something you are - Biometric
Lock Attacks• Lock picking• Lock bumping
Lock Controls• Lock and key control system• Key control procedures• Change combinations• Fail
– Soft– Secure– Safe
Other Electronic Physical Controls• Card access• Biometric access methods
Windows and Entry Points• Standard plate glass• Tempered glass• Acrylic materials• Polycarbonate windows• Entry points
Intrusion Detection Systems (IDS)• Closed circuit television• Sensors and monitors
Escorts and Visitor Control• Visitor access control best practices
– Picture identity– Photographs– Enclosed area– Authorized escort
Access Logs• Computerized log• Closed circuit TV
Domain Agenda• Site and Facility Design Criteria• Perimeter Security • Building and Inside Security• Secure Operational Area
Equipment Room• Perimeter enclosure• Controls• Policy
Data Processing Facility• Small devices threat• Server room• Mainframes• Storage
Communications and Power• Wireless access points• Network access control• Utility and power rooms
Work Area• Operators• System administrators• Restricted work areas
Equipment Protection• Inventory• Locks and tracing equipment• Data encryption• Disabling I/O ports
Environmental Controls
System• Electric power• HBAC• Water / plumbing• Gas• Refrigeration
Threat• Loss of power• Overheating• Flood / dripping• Explosion• Leakage
Fire Protection• Prevention – reduce causes• Detection – alert occupants• Suppression – contain or extinguish
Materials and Suppression Agents
Type Suppression Agents
Common combustibles Water, foam, dry chemicals
Combustible liquids Inter gas, CO2, foam, dry chemicals
Electrical Inert gas, CO2, dry chemicals
Combustible metals Dry powders
Cooking media (fats) Wet chemicals
Flooding Area Coverage• Water – sprinkler systems• Gas – Halon/CO2/Argon systems• Best practices for systems• Portable extinguishers
Types of Electrical Power Faults• Complete loss of power• Power degradation• Interference (noise)• Grounding
Loss of Electrical Power• UPS• Generators• Goals of power• Power controls
Heating Ventilation Air Condition (HVAC)
• Location• Positive pressure• Maintenance
Other Infrastructure Threats• Gas leakage• Water threats
Key Performance Indicators• # of physical security incidents detected• # of false positives for biometrics