What does a physical security domain provide?
protection techniques for the entire facility,
from the outside perimeter to the inside
office space, including all of the information
1)The physical measures & their associated procedures to safeguard & protect against:
2)Implementing controls that discourage attackers by convincing them that the cost of attacking is greater than the value received from the attack.
What is the primary goal of Physical Security?
Safety of people is the primary concern.
Goals of Physical Security
Threats to Physical Security
-Natural/Environmental (e.g., earthquakes, floods, storms, hurricanes, fires)
-Utility Systems (e.g., communication outages, power outages)
-Human-Made/Political Events (e.g., explosions, vandalism, theft, terrorist attacks, riots)
Crime Prevention Through Environmental Design
The physical environment of a building is changed or managed to produce behavioral effects that will assist in reducing the incidence and fear of crime.
Three Key Strategies of Crime Prevention Through Environmental Design
1)Territoriality - people protect territory that is their own
2)Surveillance - high degree of visual control
3)Access Control - limit access and control the flow of access
Security should include where the building is and how it should be built.
Walls, Windows, and Doors
Prevention at Doors
-Hollow-core versus solid-core
-Isolation of critical areas
-Lighting of doorways
-Contact Devices (switches)
-Mantraps (double door systems)
-Do not block exit doors
-Provide sufficient and appropriate lock mechanics
-Hinges securely fixed to the frames
-Frame securely fixed to the adjoining wall.
Prevention at Windows
-Standard plate glass
-Polycarbonate windows - glass and polycarbonite combinations combine the best quality of glass and acrylics
-Solar Window Films
-Window Security Films
-Glass Breakage Sensors
Infrastructure Support Systems
electrical power, water/plumbing, steam, gas lines, and heating, ventilation, air conditioning (HVAC), and refrigeration
Prevention from Fire
-Fire Containment System (floors, vents, HVAC)
-Fire Extinguishing System (permanent & mobile)
-Abiding by the Fire Codes
-Fire Prevention Training and Drills
How to deal with Fire (3 items)
-Fire Prevention - reduce causes of fire.
-Fire Detection - receive warnings of fire before it becomes a problem.
-Fire Suppression - how to extinguish and contain a fire to minimize damage.
-Use fire resistant materials for walls, doors, furnishings, etc.
-Reduce the amount of combustible papers around electrical equipment.
-Provide fire-prevention training to employees - remember, life safety is the most important issue.
-Conduct fire drills on all shifts so that personnel know how to safely exit a building.
-Ionization-type smoke detectors detect charged particles in smoke.
-Optical (Photoelectric) detectors react to light blockage caused by smoke.
-Fixed or rate-of-rise temperature sensors - heat detectors that react to the heat of a fire.
-Combinations are usually used for the best effectiveness in detecting a fire.
Fire Suppression Agents
-Carbon Dioxide (CO2) extinguishers provide a colorless, odorless chemical that displaces oxygen in the air.
-Halon gas - contains a white bromine powder produced in chlorofluorocarbon compounds (CFC)
factor in the depletion of the ozone layer.
-FM200 most effective alternative - requires 7% concentration (Halon requires 5%)
Water Sprinkler Systems
-Water could be a conductor of electricity - it may compound the problems in computer rooms.
-Water can cause damage to electrical equipment.
-"Pre-action" or "dry-pipe" system - water is held back by a valve and is released when the sensor activates.
-Identify Location and Test the main Shut-Off valve
-Secure the Natural Gas Line (using layered defenses)
-Communicate Natural Gas Line Design to Fire Department
-Clearly mark Shut-off Valves
1)Water Detection Sensors
-Emergency Shut-off Valves
-Server room above ground level
2)Water pipes not located above server rooms
1)Disruptions in electrical power can have a serious business impact.
2)Goal is to have "clean and steady power."
-Alternate power source
-Secure breaker and transformer rooms.
Electrical Power Countermeasures
-UPS and UPS Testing
-Electrical Facilities separated from Data Center
Electrical Power Considerations
Electric Power Controls - 'clean power'
-Have an Emergency Power Off (EPO) switch that allows someone to shut down the power.
-Install a power line monitor that detects and records fluctuations in frequency and voltage.
-Ensure there is enough backup power to conduct an orderly shutdown to avoid data loss or device damage.
Electrical Power Outages
-Prolonged loss of commercial power
-Momentary loss of power
Electrical Power Degradation
-Intentional reduction of voltage by the utility company for a prolonged period of time
-A short period of low voltage
-Sudden rise in voltage in the power supply
-Line noise that is superimposed on the supply circuit can cause a fluctuation in power.
-The initial surge of current required when there is an increase in power demand.
-A power surge generated by a person or device contacting another device and transferring a high voltage shock.
A natural occurrence that happens when unwanted signals are generated in circuits that are in close proximity. Typically, this disrupts the affected circuit
1)Electromagnetic Interference (EMI)
-Caused by motors, lightning, etc.
2)Radio Frequency Interference (RFI)
-Created by components of electrical system
-Caused by electric cables, fluorescent lighting, truck ignition
Heating, Ventilation and Air Conditioning Issues(HVAC)
1)HVAC computerized controls
2)Appropriate maintenance of
3)Independence of the data center air conditioning system from the rest of the building.
4)Documented maintenance procedures
What are the goals of physical controls?
The goals of physical controls are to prevent, delay, detect, assess, and appropriately respond to a physical intrusion.
What are examples of threats to physical security?
Natural or environmental, utility system, and human-made factors can all pose threats to physical security.
What are the three key strategies for crime prevention through environmental design?
The three key strategies for crime prevention through environmental design are territoriality, surveillance, and access control.
What is the most important factor to remember when implementing physical security controls?
The most important concept to remember when implementing physical security controls is to ensure the safety of people.
Layered Defense Model
-Approaching security through 'layers' of controls
-Starts with the perimeter, then building grounds, then building entry points, etc.
Perimeter and Building Grounds Boundary Protection
1)Perimeter security controls are the first line of defense.
2)Protective barriers can be either natural or structural.
-Natural protective barriers offer terrains that are difficult to cross, such as mountains, bodies of water, deserts, etc.
-Structural barriers are devices such as fences, gates, bollards, and facility walls.
-The portions of a wall or fence system that control entrance and/or egress by persons or vehicles and complete the perimeter of the defined area.
Perimeter and Building Grounds Boundary Protection - Landscaping
-Shrubs or trees can provide a barrier or an entry point.
-Spiny shrubs make it harder for an intruder to cross the barrier.
Perimeter and Building Grounds Boundary Protection - Fences
-Are used to enclose security areas and designate property boundaries.
-Should meet specific gauge and fabric specifications.
-High-security areas may need a "top guard" (barb wire at the top).
-Should meet certain height and location provisions.
-Fences must be checked and repaired on a regular basis.
-Fence fabric must be securely attached to poles.
-Be sure that vegetation or adjacent structures cannot provide a "bridge" over the fence.
Perimeter and Building Grounds Boundary Protection - Gates
-The portions of a wall or fence system that control entrance and/or egress by persons or vehicles and complete the perimeter of the defined area
Perimeter and Building Grounds Boundary Protection - Bollards
-A rising post designed for use in traffic control and protecting property premises.
-Provides security against vehicles ramming into, or stopping near buildings.
-Lighted bollards can be used for lighting controls along parks, paths, sidewalks, etc
Perimeter and Building Grounds Boundary Protection - Perimeter Intrusion Detection Systems
Perimeter Intrusion Detection Systems
-Passive infrared (PIR)
Perimeter and Building Grounds Boundary Protection - Closed Circuit Television (CCTV)
Closed Circuit Television (CCTV)
-A television transmission system that uses cameras to transmit pictures by a transmission medium to connected monitors.
-The transmission media can use wired or wireless technologies.
Perimeter and Building Grounds Boundary Protection - CCTV Levels
-Detection - the ability to detect the presence of an object.
-Recognition - the ability to determine the type of object.
-Identification - the ability to determine the object details.
Perimeter and Building Grounds Boundary Protection - CCTV - Key Success Items
CCTV - Key Success Items
-Understand the facilities total surveillance requirements.
-Determine the size of the area to be monitored - depth, height, and width - to know what size camera lens is needed.
-Lighting is important - different lamps and lighting provide various levels of effectiveness.
'Contrast' between the object and background
Perimeter and Building Grounds Boundary Protection - Lighting
is the illumination of a locale, typically by artificial means such as light fixtures or lamps
-Good lighting is one of the most successful crime preventive measures.
-When used properly, light discourages unlawful activity, improves natural observation, and decreases fear.
-Typically used with other controls, such as fences, patrols, alarm systems.
Building Entry Point Protection - Locks
-Most accepted and used physical security device
-Considered delay devices and not foolproof bars to entry - they are easily defeated
-All lock types are subject to force and special tools that can be used to gain entry
-Should be just one aspect of many physical security controls
Building Entry Point Protection - Guard Stations
-Security forces (guards) can provide a deterrence to unauthorized entry. In some cases, may also prevent unauthorized entry.
Building Entry Point Protection - Card Access Controls or Biometric Systems
Card Access Controls or Biometric Systems
-Smart cards, Magnetic Stripe cards, Proximity Cards, etc.
-Fingerprint, retina scans, signature dynamics, voice recognition, hand geometry, etc.
Inside the Building: Building Floors, Office Suites, Offices - Compartmentalized Areas
-Defines a location where sensitive equipment is stored and where sensitive information is processed.
-Must have a higher level of security controls.
-To be effective, they need an appropriate access control system.
Inside the Building: Building Floors, Office Suites, Offices -Intrusion Detection Systems
Intrusion Detection Systems
1)Can be installed on:
-Any other entry points such as ventilation openings or air conditioning openings.
2)Detect a change in:
-Capacitance due to penetration of an electrostatic field
Data Center or Server Room Security - Walls
-To the extent possible, walls should not form part of an external building.
-Walls should extend from the floor to the underside of the above floor slab (slab to slab)
Data Center or Server Room Security - Access Controls
1)Depending on the sensitivity of the information, and value of the equipment, electronic access controls may need to be installed
Computer Equipment Protections - Portable Device Security
Portable Device Security
-Involves protecting the
device, protecting the data on the device, and keeping the security controls easy for the user.
1)Portable device security includes items such as:
-Locking mechanisms for docking stations
-Audible motion alarm
-Constant control procedures
Objects are placed inside security containers such as safes, vaults, or locking file cabinets.
-Should be theft-resistant and fire-resistant.
-Steel containers with a locking device.
-Create good lock combinations, change them frequently, and monitor the distribution
What is closed circuit television?
Closed circuit television is a television transmission system that uses cameras to transmit pictures by a transmission medium to connected monitors.
What are examples of building entry point protection?
Doors, windows, locks, guard stations, card access controls, and biometric systems are examples of building entry point protection.
What are some of the key controls for data center or server room security?
Walls, doors, support systems, and access controls are some of the key controls for data center or server room security.