Upgrade to remove ads
Only $2.99/month

CISSP Domain 3

Terms in this set (144)

Key clustering
different encryption keys generate the same ciphertext from the same plaintext message
Synchronous
encryption or decryption request is performed immediately
Asynchronous
Encrypt/Decrypt requests are processed in queues
Hash function
a one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value. Variable data input (of any size) + hashing algorithm = fixed bit stream output (hash value) MD5 = 128 bits and SHA1 = 160 bits
Digital signatures
provide authentication of a sender and integrity of a sender's message. A message is input into a hash function. Then the hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature
Symmetric Encrption
A single key used to encrypt and to decrypt. Fastest encryption technique. downside is key distribution. has to be able to store and transmit the key. upside is it's very fast. good for large volume of data for encryption.
Ex DES, 3DES, AES, Blowfish, TwoFish, RC4-6
Asymmetric Encryption
two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. Freely give away the public key but carefully guard the private key
Ex. RSA, Diffie-Hellman(provides secure key exchange), Elliiptic curve crptography- ECC(used in wireless and mobile devices), DHE, ECDHE
Digital certificate
used to identify the certificate holder when conducting electronic transactions - Type of certificates currently used = X.509 v3
Certificate authority (CA)
an entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates
Root CA
only issues certificates to Subordinate CA's
Subordinate CA
issues certificates to users + computers on behalf of the Root CA
Registration authority (RA)
responsible for the accuracy of the information contained in a certificate request. The RA is also expected to perform user validation before issuing a certificate request
Cryptosystem
This represents the entire cryptographic operation. This includes the algorithm, key, and key management functions. Most effectively implemented in software.
Key or Cryptovariable
The input that controls the operation of the cryptographic algorithm. The longer the key, the more secure the encryption. The longer they key, the more computationally expensive the encrption
Cryptanalysis
study of techniques for attempting to defeat cryptographic techniques and information security services
Cryptology
the science that deals with hidden, disguised, or encrypted communications
Collision
occurs when a hash function generates the same output for different inputs
Key space
represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password
Work factor
the time and effort required to break a protective measure
Initialization vector (IV)
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance
Encoding
The action of changing a message into another format through the use of a code
Decoding
The reverse process from encoding - converting the encoded message back into its plaintext format
SP-network
substitution and permutation (transposition), most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process
Confusion
provided by mixing (changing) the key values used during the repeated rounds of encryption
Diffusion
provided by mixing up the location of the plaintext throughout the ciphertext
Avalanche effect
where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext
5 Phases of Security Engineering Lifecycle (NIST SP 800-14)
1. Iniitation - Determine you need a system and document the process
2. Development/Acquisition - Design and produce the system
3. Implementation - Test and install the system
4. Operations/Maintenance - Administer and manage security of the system. System is doing it's work
5. Disposal - Remove, archive or discard system
Most Common Security Framework
NIST SP 800-14 and NIST SP 800-27 Rev A
Both gives guidance on building secure system design
NIST SP 800-14 is for new systems, policies and practices
NIST SP 800-27 Rev A - Engineering principles for system security. A structured approach to desiging, developing and implementing IT security
Trusted Computing Base (TCB)
Implemented in the hardware through processor rings or priviledges in the firmware through driver and resource protection and in software through using operating system's isolation of resources from applications
Components are Hardware, Firmware and Trusted OS
Supevisor or Kernal mode
can execute any instructions that are avaialble
User or application state
CPU can excute only non priviledge instructions. This protects the system from unauthorized activities by user programs
Multitasking
Allowing more than one program to run at a time
Threading
enables a program to split itself into tow or more concurrently running tasks. It's the smallest unit of executable code that runs on the CPU
Multithreading
parrallel execution of multiple threads on a computer system
Multistate
ability to run in different execution modes
Biggest threat to Multitasking and Multithreading
the operating system will not be able to keep the various tasks or threads separate from each other
Multiprocessing
permits programs to be divided among multiple physical CPUs
Multiprocesing Security Concerns
Threads running on one CPU could access the memory of another CPU. The different processors communicate with each other to stay coordinated. They are susceptible to replay attacks on the data cache of the CPu
RAM - Random Access Memory
Temporary memory. It is only stored as long as power is applied to the chip. If the power is shut off, data in the RAM is lost.
ROM - Read Only Memory
Data sored is not volitale. If power is shut off, the data remains. A special category of RAM is cache memory. It's used to expediate access to nstructions that are repeatedly used by the CPU
Memory Leak
A poorly designed application that continues to consume memory without releasing it back to the system causing OS to run slow almost to a halt
Virtual memory
hard disk space masquearding as RAM. Used when there is not enough real RAM to perfrom all of the task running on the system. Issues here is more performance related than security related.
Secondary storage
any hardwre or media that can store daa without power. 2 types of secondary storage. Fixed (hard drive) and removeable.(CDm DVD, floppy disk, etc)
From a Security prospective Removable storage
Most common way to spread a virus
Computer bus
set of physical connections between devices that are attached to the computer's motherboard or primary circuit board.
Parallel buses
3 Different Physical gateways to transfer information between CPU and I/O device. Data path, instruction path and addressing path.
Drivers
a small set of software instructions that allows an operating system to talk to and control a specific hardware component
Security Concerns of Drivers
has to be well written in order to not crash, compromise or otherwise negatively impact the computer it is installed on
Firmware
a chip designed to hold a small set of instructions to assist devices
Steps to Harden an OS
- Disable all unnecessary services
- Disable all unused accounts, including default accounts
- Remove all unnecessary executables and registry/config entries
- Apply appropriately restrictive permissions to files, shares, services, end points and registry enties.
- Provide users and services with the least privledge level necessary to perform thier task
- Change all default passwords
- Only permit remote administration access through an encrypted connection or disallow all together
- Change default ports when possible
- Apply the latest security patches
- Run vulnerability assessment software and procedures against the system on a regular basis.
Security Models
Concerned with how to implement access control and CIA on a specific system
Lattice Model
model where data (objects) is classified or labeled and users (subjects) are cleared for access. Provides strict rules on what is allowed or not allowed between subjects and objects. Access control models used here.
Information Flow Model
Controls the direction of data flow amoung the various security levels when allowed. Based on a object's classification and subject's need to know. Useful in detecting unauthorized data flows, or communication paths called covert channels. BIBA and BLP are both information flow models
Non-Interference Model
limits the interference between elements at different security levels. Creates barriers between levels so that information cannot inadvertently leak between them. unregulated or unknow communicaton pathway.
State Machine
Monitors the system as it moves from one state to another. Looks at what operatos are allowed or not allowed as system moves from one state to the next. BLP (Bell Lapadgula) is an example of state machine
BLP (Bell-LaPadula) Model
state machine that uses the lattice concept to maintain confidentiality. Uses mandatory access control to limit the access to classified objects to those subjects with equal or higher clearance.

Focuses on Confidentiality. BLP says no reading up. only can see data at your level or below. No writing down. can't copy down to level below
BLP - no read up and can't write down
Biba Model
uses a lattice to describe integrity at information trust levels. Enforces the lattice through mandatory access control. Information with high trust needs to be protected from the insertion of information with a low trust level. Biba is opposite of BLP. Biba says no read down and no write up. Biba focuses on integrity
Clark-Wilson Model
extends BIBA focuses on all 3 tenets of integrity.
No changes are made by an unauthroized subject
No unauthorized changes are made by an authorized subject
No mistakes are made in making any changes
Graham-Denning Model
Creating and deleting objects and subjects as well as the reading, granting, deleting and transferring of access rights
Harisson-Ruzzo-Ulhman Model
variation of the Graham-Dening model and deals with changing access rights and creating and deleting subjects or objects.
Brewer-Nash Model
security model that relates to the control of the conflict of interests. Sometimes called the Chinese Wall method
Discretionary Access Control (DAC)
Each user (creator/owner) has control over his or her own data. This is the most commonly used form of access control in a desktop OS
Mandatory Access Control (MAC)
This is the strictest form of access control. Access levels are enforced by the system and can't be changed by a user or system admin. Objects (computer resources) are assigned security labels. These lables indicate the classification (top secret, confidential, unclassified, etc) of the resource as well as it's category (department, project or management level) Subjects (users) are given security clearance levels. A subject can only access an object if the subject's security level matches the object's classification and category level.
Role-Based Access Control (RBAC)
This is a type of DAC in which users are assigned to roles based on need or jub function, and the access level of the role is determined by the system admin They roles are typically implemented as groups
Rule-Based Access Control
access is granted based on rules set by and administrator. This type of access control is commonly used on firewalls and routers.
What are the 4 main access control categories
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control
Trusted Computer System Evaluation Criteria (TCSEC)
is a standard security evaluation framework usd to acess the security level of a computer system. Orange Book introduced TCSEC and concept of Trusted Computing Base (TCB). (Red book was about secure networks)
TCSEC Division Levels
A: Verified Protection
A1 - Highest. Equivalent to B3 but also includes formal accredition and acceptance. Used in miltary computers

B: Mandatory Protection
B3: Security Domains - Sastisfies reference monitor requirements. Excludes code not essential to security policy enforcement.

B2: Structured Protection - DAC and MAC on all subjects and objects. Security policy model clearly defined and documented. Covert channels identified and analyzed

B1: Labeled Security Protection - Introduces labels and mandatory access controls. DAC and MAC over some subjects and objects

C: Discretionary Protection
C2: Controlled Access Protection - Individual login and password, auditing, accounting and resource isolation. Suitable for everyday non classified government use.

C1: Discretionary Security Protection - has basic discretionary access control

D: Minimal Protection
D1: Evaluated, but did not meet security requirements. Hardly any protection
Rainbow Series
Orange Book Focused on Trusted computer system evaluaton criteria and TCB
Red Book focused on secure networks
Green Book focused on password management
Information Technology Security Evaluation Criteria (ITSEC)
European community framework which is not as strict as TCSEC. It allows the vendor or consumer to choose from a list to specify their requirements. ITSEC divided its labeling into two sets, functional (F) and security effectiveness (E). It addressed a wider range of security needs than TCSEC, adding integrity and availability to the confidentiality requirement. It also uses the concept of assurance levels or E levels. The vendor not only provides a certain level of assurance with the current product, but will also continue to provide that same level of assurance in the future.
Comparsion of TCSEC to ITSEC levels
TCSEC ITSEC
A1 E6
B3 E5
B2 E4
B1 E3
C2 E2
C1 E1
D E0
Common Criteria
released by ISO in 1997 via ISO 15408. It has largley superseded TCSEC, ITSEC and CTCPEC
Common Criteria requirements
Enterprise Security Architecture (ESA)
focuses on implementing information security across an entire organization rather than a system or application. Emphasizes consistent application of a strategic design that can be used by multiple applications, systems and business processes.
Goals of Enterprise Security Architecture (ESA)
provide a single unified vision and high-level, long term view of all of your security controls
- Provide a long term, simple view of your controls
- Provide a unified vision for common security controls across the organization.
- Maximize existing technology investments
- Be flexible in addressing current and future threats
- Always support the core needs of the organization
ESA Benefits and building blocks
ESA Basic Security Services
Boundary Control Services - focuses on how and when information is allowed to move from one system to another or from one state to another. Boundaries can be defined at physical, network or process level.

Access Control Services - refers to any mechanism (physical or electronic)for limiting access to data or a system to only authorized users, systems and processes. Access control includes identification, authentication and authorization.

Integrity Services - maintain the authenticity of the data or systems.
Important Security Frameworks
Zachman - framework commonly associated with who, what, when, how, where and why of Information Security. Roles matched with the roles of planner, owner, designer, builder, programmer and user. Maps technology projects to business objectives

ISO/IEC 27001 - Concerned with the standardization of a computer's ISMS

COBIT - framework for security governance best practices

PCI-DSS - provides a framework for the secure processing, storage and transmission of card holder data.

ITIL - collection of best practices for IT Governance. Focuses on Service Strategic, Service Design, Service Transition, Service Operations and Continual Service Improvements

TOGAF- open framework seeking to provide common terms and methods that can be used to secure an organization. Provides design, planning, implementation, and governance modeled at four levels or domains. The levels are Business, Application, Data and Technology. The inclusion of an Architecture Development method (ADM) is important as it gives guidance on how to develop an enterprise architecture that meets the business and IT needs of a company.
Most IS has following security capabilities
Memory and process protection
Virtualization
Trusted platform module
Interface protection
Fault tolerance
Techniques that can be used to help keep subjects isolated from objects
Different processor states
Layering
Process isolation
Data hiding
Abstraction
Address Space Layout Randomization (ASLR)
Virtualization (VM)
OS running as an applcation within another operating system
Trusted Platform Module (TPM)
dedicated chip on the motherboard designed to secure hardware using cryptography
Provides Platform Integrity, Disk Encryption and Password Protection, Digital rights management (DRM), protection and enforcement of software licenses, prevention of cheating in online gaming. Guarantees the integrity of a system
Fault Tolerance
uses redundant hardware, software, communication links, or entire systems to allow the service to quickly recover.
Server Fault Tolerance Techniques
Clustering - two or more servers run the same service while sharing a common data storage

Network Load balancing - all nodes are actively servicing client requests, dividing the load amongst themselves.

Virtualization

Redundancy and Replication
Emanation
attack where protected information is leaked through the natural process of electrons passing through a wire or over the radio. Keyboards, cathole ray tube, CRT monitors, cabling and computers are subject to this
Emanation Mitigation
Faraday cage is a large wire mesh cage that completely encases an entire room
Covert Channel
software design vulnerability that provides access to information in an unintentional way. Covert storage (file saved by one process maybe learned by second process just by seeing that file exists) and covert timing (the watching process observes the order or timing in which processes access a shared resource)
Covert Channel Mitigation
making covert channels less effective by limiting it's capacity. Accomplished by adding randomness to obscure any regularity of process access to shared resources. ASLR helps mitigate this
5 Database Security Concerns
Inference - Ability to deduce infer hidden informatin by observing available information and making a deduction based on this info. Common attack on DBs.
Aggregation - combination of non sensitive data from seperate sources to create sensitive data
Data Mining - uses queries run against databases in a data warehouse to discover information. Reveals hidden patterns, relationships, and trends that can't be found in a single database
Data Analytics - uses data mined from different sources to predict an outcome
Data Warehousing - repository for data collected from various sources.
Grid Computing
Type of distributed system that coordinates and shares computing resources across a dynamic and geographically dispersed organization. SETI@Home project is an example
Peer to Peer Systems
single computer can download a file from a group of other computers. Each computer is the group has a complete copy of the file but is only required to provide a portion of the file to the receiving peer. Bit Torrent most popular peer to peer system in use today
Parallel system
computations are carried out across multiple systems simultaneously.
Big Data
general term that reflects data sets that are so large and complex that they can't be processed through traditional means. Run on large scale parallel systems
Industrial Control Systems
command and control center of systems on a network designed to support and manage an industrial process
Remote computing risks and issues
Mobile vulnerability mitigation
Single biggest security risk to a mobile device
when a user roots or jailbreaks the devices
Embedded device
small computer system that performs a dedicated function in a physical device. Ex. Embedded Java, Embedded Gaia, Symbian, etc.

Code injection is currently the largest issue with embedded systems.
XML - Extensible Markup Language
the defacto world wide web consortium (W3W) standard for expressing data in a neutral format that is indepandat of the application or its database.

Risk at having it's content manipulated and misinterpreted by the XML parser. also at risk of injection attacks.
SAML - Security Assertion Market Language
standard based on XML for exchanging authentication and authorization information.

Risk lies in improper implementation
Cryptography
the analysis and practice of information concealment for the purpose of secuirng senstive data transmissions.
Encryption
security technique that converts dat from intelligable state known as plaintext into coded or ciphertext form.
Non-repudiation
ensure that the party that sent or created data remains associated with the data and can't deny sending or creating. Proves the private key was used
RSA (Rivest, Shamir and Adleman)
uses prime numbers, used in e-commerce ans is based on the idea that while it is easy to take two factors and multiply them to produce a result, it is extremely difficult to take a very large number and figure ot the two prime factors that were used to create it.

First successful algorithm for public key encryption
Variable key length and block size
Stream Cipher
symmectric encyption that encrypts data one bit at a time. Stream ciphers generate a keystream that is exclusive ORed (XORed) with each bit to output the ciphered text

RC4 is the most common example of a stream cipher. Can use 8 - 2048 bits with a key size of 40-256 bits. Used in SSL
Block Cipher
encrypts data a block at a time. Often in 64 bit or 128 bit blocks. More secure but slower than stream ciphers. Best used for large amoutns of data kept in storage

IDEA - 64 bit block and a 128 bit key
DES - considered a 64 bit symmectric alogorithm but operates at 56 bit. 8 bit for parity.
RC5 - Variable 64 to 256 bit key
3DES - applies DES 3 times so using would use 56x3 = 168 bits (remember 8 bits for parity)
AES - Based on Rijndael. Symmetric block cipher. Fixed block size of 128 bits and key size of 128, 19 or 256. Choses by NIST to replace DES. If both key and block are 128 bit , then thre are 10 rounds, 192 then 12 rounds and 256 14 rounds
Blowfish - open standard, uses 64 bit block and variable key length of 32 to 448 bits. Good encryption in software.
Twofish - Uses 128 bit blick and key size up to 256 bit.
Common Block Cipher modes
Electronic Code Book (ECB) - breaks the plaintext down into 64 bit blocks and then encrypts each block separately BUT identical plaintext blocks are encrypted into identical ciphertext blocks

Cipher Block Chaining (CBC) - Each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block. Fixes the issue of pattern recognition found in ECB. Errors can ripple through encryption of other blocks

Propagating Cipher Block Chaining (PCBC) - Each block of plaintext is XORed with the XOR of the previous plaintext block and the previous ciphertext block before being encrypted. As with CBC mode, an initialization vector is used in the first block.

Cipher Feedback (CFB): Allows encryption of partial blocks rather than requiring full blocks for encryption. This eliminates the need to pad a block like in CBC.
Cipher block chaining without full blocks. no need for padding. Combines block and stream cipher together. IV plus algorithm used to create a key stream to encyrpt the data.

The Output Feedback (OFB) mode makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. Block cipher working as a stream cipher

Like OFB, Counter mode turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter"
Steganography
alternative cipher porcess that hides information by enclosing it in antoher file such as a graphic, movie or sound file
Birthday Attack
Takes advantage of the probability of different password inputs producing the same encrypted output given a large enough set of inputs

(n(n-1)/2) - n is the number of keys and formula behind birthday attacks. Any 2 people in a group of 23 share the same birthday.
Rainbox Attack
automates password guessing by comparing encrypted passwords against a predetermined list of possbile password values
Side Channel Attack
targets the cyrptosystem by gathering information about the phyiscal characteristiccs of the encryption and then exploiting them.
Encryption Based Attacks
Birthday
Rainbow
Replay
Side Channel
Factoring
Replay Attack
can be used to bypass the encryption protecting passwords while in transit
Factoring Attack
attempts to determine the prime numbers used both asymmetric and symmetric encryption as a means to break. Specific to RSA
Cryptographic attacks can employ several variations of
man in the middle attacks. All of these require figuring out the key to get to the data.
Ciphertext-only -
Known plaintext
chosen plaintext
chosen ciphertext
Frequency analysis
a method for breaking encryption when simple substiution algorithms are used.. In English the most often used letter is E
Digital Rights Management (DRM)
set of services used to protect intellectual property. Watermark on an document is an example
Hashing
one-way encryption that transforms cleartext into ciphertext. Resulting ciphertext is never decrypted and is called a hash, hash value or message digest. Since hashing algorithms are publicly known the protective nature of the has is it's one-way function.
Hashing Alogrithms
MD5 - 128 bit message digest No longer considered a strong hash function
SHA - Stronger than MD5. common version is SHA-160 bit. Performance wise, SHA is at a disadvantage to MD5
NT Lan Manager - crated by Microsoft
RIPEMD 128, 160, 256 and 320 bits
Hash-based Message Authentication Code (HMAC) - method used to verity both integrity and authenticity by combinding cyrpto hash functions with a secret key.. Ex. HMCAC-SHA1
Salting the Hash
a salt is a random number added to the input of a hashing function to add randomness. By adding random data with the original plaintext, the system will generate unique hash values every time.
IV - Initialization vector
is a specific way in which encryption algorithms are salted. It is a string of bits that may be used with either a block or stream symmetric cipher and key to produce a unique result when the same key is used to encrpt the same clear text. IV is used to reduce the likelihood that identical ciphertext will be created when the identifcal cleartext is encrypted.
Hybrid Cyptography
combines the convenience and security of asymmetric public key encryption with the speed and efficiency of symmetric key encryption SSlL/TLS website connection is an example. Symmetric key is first used to encrypt the data and symmectric public and private key is used for key exchange.
Public Key Infrastructure - PKI
a cyptographic system that is composed of Certification Authority (CA), certificates, software, services and other components for the purpose of enabling the authenticity and validation of data and or entities. CA issues the certificate.

Root CA issues certificates to sub CAs, which in turn issue certificates to end users and devices. End users use the certificates to authenticate or encrypt files and transmission
PKI Components
Digital Certificates
One or more CAs
A registration authority (RA)
A certificate repository database to store the digital certificates
A certificate management system to provide software to perform day to day operations of the PKI

X.509 version 3 certificate is the standard for certificates
Certificates contain the following:
Version
Serial Number
Algorithm ID
Issuer
Validity
Not Before
Not After
Subject
Subject Public Key Info
Issuer Unique Identifier
Subject Unique Identifier
Extentions
Certificate Signature Algorithm
Certificate Signature to determine certificate validity
Certificate Revocation List (CRL)
list of certificates that have been revoked and are no longer valid
Online Ceritificate Status Protocol (OSCP)
newer method for obtaining the revocation status of a digital certificate from a server using HTTP request.
Digital Signature
message digest that has been encrypted again with a user's private key.

The use of a digital signature is often legally binding
Digital Certificate
is an electronic document that associates credentials with a public key.. The certificate validates the certificate holders identity and is also a way to distribure the holder's public key.

Digital certificate is only the public key's half of an asymmetric key pair. When the certificate is issues, it is accompanied by the private key, which is in the form of an encrypted file
Perfect Forward Secrecy (PFS)
session encryption that ensure that if a key used during a certain session is compromised, it should not affect previously encrypted data.

concept of single session keys. if the session is broken, then a new key has to be used. example is eCommerce payment process.
Physical Security
implementation and practice of various control mechanisms that are intended to restrict physical access to facilities
Crime Prevention Through Environmental Design (CPTED)
technique that uses landscape design and physical layout to reduce crime. Elements such as water features, vegatation, and landforms to make the space attractive and welcoming bu also for ehhancing security,
Site Survey
examine architectural drawings and do physical walk-through of the facility to identify possible areas of concerns.
Site Survey requirements
A comprehensive overview of the entire facility including physical security controls, policy, procedures and personal safety. The expected location of where you will place assets that need protections. A list of discernible threats their, nature and their approach vectors.
Environmental Threats
Heat - preferred temp for a server room is between 65 and 70 degrees F.
Dust, Water, Static Electricity, Caustic chemicals,
Power Disruptions Tyoes
Sag - Voltage briefly drops below acceptable operating range. Sags are also know as dips
Spike - Voltage briefly rises above acceptable operating range. Spikes are known as transients.
Brownout - A prolonged Sag
Blackout - Power is completely off
Lightening Strike
Critical Areas
Wiring Closets, Server Rooms, Media Storage Facilities, Evidence Storage
HVAC Systems
controls the environment inside a building. Computer facilities should range between 65 - 70 degree F. Relatively humidity should be between 40 and 60 percent. Low humidity causes static electricity. High humidity causes corrison.
Windows
use steel frames that are securely fastened or cemented into the surrounding structure. A window should NOT be placed adjacent to a door.
Glass Type
Tempered glass - can resist breakage and if smashed will disintegrate into small cubes with no sharp edges. Use for entrance doors and adjacent panels.

Wired Glass - has a wire mesh embedded into it to make it resistant to impact from blunt objects. Good for small utility windows on the ground floor where ventilation is needed but aesthetics are less important.

Laminated glass - two ordinary sheets of glass that are bonded together with a middle layer of resilient plastic. If struck, glass can be cracked into many small pieces, but the pieces will stick to the plastic of the inner material, leaving the sheet of glass largely intact.

Bullet resistant glass
PVC Cables
cheaper but gives off toxic fumes when they are burned. Plenum-grade cables are more expensive but will not give off toxic fumes
Fire Extinghishing Gases
Halon was used in most large scale computer fires in the past. It's full of chlorofluorocarbons which are ozone depleting substances. The Montreal Protocol of 1989 banned production and installation of Halon systems effective Jan 1, 1994. Systems already in place can use Halon bu any replenishment or new systems can use FM-200, Inergen, argon and FE-13
Class of Extinginshers
Water Based Extinguishers
Wet Pipe - Water is stored in pipes at all times. When a given temp is reached, a heat sensitive vial in the sprinkler head will break, releasing the water. Consideration: Pipes may leak due to corrision or freezing.

Dry Pipe - Pipes are filled with compressed air. Loss of air pressure, the valve will open, filling the pipe with water. Since Pipes are not filled with water until fire is detected, there are fewer concerns with freezing or accidental leaks. Sprinkler heads are individually activated like the wet pipes Consideration: No Leakage and no unexpected discharge unless the fire system malfunctions.

Preaction .- Requires two separate actions to happen before discharging First a fire is detected. Second, an alarm is activated. There may be a short delay between the alarm and the release of the water to allow time for people to leave the area. Consideration:. Same as dry pipes. Incurs higher costs to purchase and install.

Deluge - high output sprinklers in wet and dry pipe systems that saturate the affected area. Sprinklers are always open and when the system is activated, it delivers water to all sprinkler heads. Consideration. Not used in computer facilities due to high water output. Maybe be appropriate in areas where extensive fire damage is expected.
THIS SET IS OFTEN IN FOLDERS WITH...