Computer Security: Principles and Practice, 1/e

Computer Security: Principles and Practice, 1/e

Computer Security: Principles and Practice Fourth Edition By: William Stallings and Lawrie Brown Chapter 16 Physical and Infrastructure Security Physical and Infrastructure Security Logical security Protects computer-based data from software-based and communicationbased threats Physical security Also called infrastructure security Protects the information systems that contain data and the people who use, operate, and maintain the systems Must prevent any type of physical access or intrusion that can compromise logical security Premises security Also known as corporate or facilities security Protects the people and property within an entire area, facility, or building(s), and is usually required by laws, regulations, and fiduciary obligations Provides perimeter security, access control, smoke and fire detection, fire suppression, some environmental protection, and usually surveillance

systems, alarms, and guards Physical Security Overview Protect physical assets that support the storage and processing of information Involves two complementary requirements: Prevent damage to physical infrastructure Concerns include information system hardware, physical facility, support facilities, and personnel Prevent physical infrastructure misuse that leads to the misuse or damage of protected information

Includes vandalism, theft of equipment, theft by copying, theft of services, and unauthorized entry Physical Security Threats Physical situations and occurrences that threaten information systems: Environmental threats Technical threats Human-caused threats Table 16.1 Characteristics of Natural Disasters Source: ComputerSite Engineering, Inc. Table 16.2 Fujita Tornado Intensity Scale Table is on page 510 in the textbook)

Table 16.3 Saffir/Simpson Hurricane Scale (Table is on page 511 in the textbook) Table 16.4 Temperature Thresholds for Damage to Computing Resources Component or Medium Flexible disks, magnetic tapes, etc. Optical media Hard disk media Computer equipment Thermoplastic insulation on wires carrying hazardous voltage Paper products Sustained Ambient Temperature at which Damage May Begin 38 C (100 F) 49 C (120 F) 66 C (150 F) 79 C (175 F)

125 C (257 F) 177 C (350 F) Source: Data taken from National Fire Protection 1300 2300 2200 1200 2100 2000 1900 1000 1800 1700 900 1600 1500 800 1400

1300 700 FireTemperature, F FireTemperature, C 1100 1200 600 1100 1000 500 400 900 800 1 2 3 4

5 6 7 8 Duration, hours Figure16.1 Standard FireTemperature-TimeRelations Used for Testingof BuildingElements Temperature 260 C/ 500 F 326 C/ 618 F 415 C/ 770 F 480 C/ 896 F Effe ct Wood ignites Lead melts Zinc melts An uninsulated steel file tends to buckle and expose its contents Table 16.5

Temperatur Temperature 625 C/ 1157 F Effe ct Aluminum melts 1220 C/ 2228 F 1410 C/ 2570 F Cast iron melts Hard steel melts e Effects Water Damage Primary danger is an electrical short A pipe may burst from a fault in the line or from freezing Floodwater leaving a muddy residue and

suspended material in the water Sprinkler systems set off accidentally Due diligence should be performed to ensure that water from as far as two floors above will not create a hazard Chemical, Radiological, and Biological Hazards Pose a threat from intentional attack and from accidental discharge Discharges can be introduced through the ventilation system or open windows, and in the case of radiation, through perimeter walls

Flooding can also introduce biological or chemical contaminants Dust and Infestation Infestation Dust Often overlooked Rotating storage media and computer fans are the most vulnerable to damage Can also block ventilation Influxes can result from a number of things: Controlled explosion of a nearby building Windstorm carrying debris

Construction or maintenance work in the building Covers a broad range of living organisms: High-humidity conditions can cause mold and mildew Insects, particularly those that attack wood and paper Technical Threats Electrical power is essential to run equipment Power utility problems: Under-voltage - dips/brownouts/outages, interrupts service Over-voltage - surges/faults/lightening, can destroy chips

Noise - on power lines, may interfere with device operation Electromagnetic interference (EMI) Noise along a power supply line, motors, fans, heavy equipment, other computers, cell phones, microwave relay antennas, nearby radio stations Noise can be transmitted through space as well as through power lines Can cause intermittent problems with computers Human-Caused Threats Less predictable, designed to overcome prevention measures, harder to deal with Include: Unauthorized physical access Information assets are generally located in restricted areas Can lead to other threats such as theft, vandalism or misuse

Theft of equipment/data Eavesdropping and wiretapping fall into this category Insider or an outsider who has gained unauthorized access Vandalism of equipment/data Misuse of resources Physical Security Prevention and Mitigation Measures One prevention measure is the use of cloud computing Inappropriate temperature and humidity Environmental control equipment, power supply Fire and smoke

Alarms, preventative measures, fire mitigation Smoke detectors, no smoking Water Manage lines, equipment location, cutoff sensors Other threats Appropriate technical counter-measures, limit dust entry, pest control Uninterruptibl e power supply (UPS) for each piece of critical equipment Critical equipment should be

connected to an emergency power source (like a generator) To deal with electromagnetic interference (EMI) a combination of filters and shielding can be used Mitigation Measures Technical Threats Mitigation Measures Human-Caused Physical Threats Physical access control

Restrict building access Controlled areas patrolled or guarded Locks or screening measures at entry points Equip movable resources with a tracking device Power switch controlled by a security device Intruder sensors and alarms Surveillance systems that provide recording and real-time remote viewing Recovery from Physical Security Breaches Physical equipment damage recovery Most essential element of recovery is redundancy Provides for recovery from loss of data Ideally all important data should be available off-site and updated as often as feasible Can use batch encrypted remote backup For critical situations a remote hot-site that is ready to take over operation instantly can be created

Depends on nature of damage and cleanup May need disaster recovery specialists Physical and Logical Security Integration Numerous detection and prevention devices More effective if there is a central control Integrate automated physical and logical security functions Use a single ID card Single-step card enrollment and termination Central ID-management system Unified event monitoring and correlation Need standards in this area

FIPS 201-1 Personal Identity Verification (PIV) of Federal Employees and Contractors PIV Card Issuance and Management Access Control PKI directory & certificatestatus responder Authorization data Physical Access Control Key management Card issuance & maintenance Identity profiling & registration I&A Physical

resource Authorization Logical Access Control I&A Logical resource Authorization Authorization data Card reader /writer I&A =Identification and Authentication LEGEND Shapes Direction of information flow PIV card Processes PIN input

device Components Biometric reader PIV Front end Figure16.2 FIPS 201 PIV SystemModel Shading PIV system subsystem Related subsystem Contactless smartcard reader Smartcard reader Physical access control system (PACS) server Optional biometric reader Vending, e-purseand

other applications Certificate authority PIV system card enrollment station Smartcard and biometric middleware Access control system Camera Optional biometric reader Smartcard reader Card printer

Smartcard programmer Optional biometric reader Activedirectory Other user directories Figure16.3 ConvergenceExample Human resources database Table 16.6 Degrees of Security and Control for Protected Areas (FM 3-19.30) Unrestricted Controlled Limited Exclusion CAK+BI O A PKI C BI O B

CHUI D+VI S CAK A (a) Access Control Model CONTROLLED AREA Fenced-in area containing a number of buildings LI MI TED AREA EXCLUSI ON AREA C B Building housing lab space and other

sensitive areas Room housing trade secrets Facility services HQ Admin Buildings A Visitor Registration (b) Example Use Figure 16.4 Use of Authentication Mechanisms for Physical Access Control Summary Overview Physical security threats

Natural disasters Environmental threats Technical threats Human-caused physical threats Recovery from physical security breaches Physical security prevention and mitigation measures Environmental threats Technical threats Human-caused physical

threats Integration of physical and logical security Personal identity verification Use of PIV credentials in

Recently Viewed Presentations

  • 2016-17 ALA CD #13.3 2017 Annual Conference Treasurers

    2016-17 ALA CD #13.3 2017 Annual Conference Treasurers

    Information Policy ... Budgetary Ceiling represents the total funding available for the Association to pursue its key initiatives and support ongoing operations. Total ALA FY 2018 Budgetary Ceilings. General Fund. Divisions.
  • IX: DNA Function: Protein Synthesis A. Overview: B.

    IX: DNA Function: Protein Synthesis A. Overview: B.

    IX: DNA Function: Protein Synthesis A. Overview: B. Transcription: C. RNA Processing: D. Deciphering the Genetic Code
  • C2 revision - keviscience.weebly.com

    C2 revision - keviscience.weebly.com

    C2 revision. Revision PowerPoint for EDEXCEL Chemistry Unit 2. Periodic Table. Mendeleev created the periodic table as we know it in 1871. He arranged elements in order of their properties leaving gaps where he thought there should be other elements.
  • Emerging Contractor Workshop

    Emerging Contractor Workshop

    Piet My Vrou Tom. Unknown. Suirkerbekkie Term. Brickfileds. Simodium Cemetery (Begrafplaas) OR - Swartberg. OR - Mpumelelo. Nood Kamp. Dalvey. Silvertown 2 (Diniso Street) Silvertown 3 (Lobola Street) Dromedaris. Unathi (Lingabuya) Stellenbosch. Mandela City. Yes, but limited. La Rochelle. Scoopies...
  • Summing the Instantons in the Heterotic String

    Summing the Instantons in the Heterotic String

    Summing the Instantons in the Heterotic String Jock McOrist University of Chicago 0712.3272, 0810.0012 with Ilarion Melnikov October 28th, Rutgers University
  • Special Parts of Business Letters

    Special Parts of Business Letters

    Copy Notation. A copy notation indicates that a copy of a letter is being sent to someone other than the addressee. Use "c" followed by the name of the person(s) to receive a copy. Place a copy notation a DS...
  • Application Development Tools

    Application Development Tools

    Getting Started with HPC On Iceberg Michael Griffiths and Deniz Savas Corporate Information and Computing Services The University of Sheffield www.sheffield.ac.uk/wrgrid
  • EE261 Lecture Notes (electronic) - Montana State University

    EE261 Lecture Notes (electronic) - Montana State University

    Crosstalk. SPICE Matrixes - There can be multiple signal lines in a system- To keep track of their LC values, we use a matrix- Each signal is given an index, where ground is "0"- We define C. 11 as the...