Class 9 ‐ Physical Security - Justin-Boyd/CIT-Class GitHub Wiki

Introduction to Physical Security

Why Physical Security?

  • Physical barriers are essential in any organization.
  • Cybersecurity is irrelevant if anyone can walk into the server room and steal or damage the server.
  • Physical security must be layered for maximum protection.

Physical Security Goals

  • Provide a safe environment for all assets.
  • Both intruders and natural disasters must be taken into account.
  • The most important asset will always be human life.
  • Assets are people, intellectual property, information, equipment, IT infrastructure, facilities, etc.

Defense in Layers

Defense in Layers

  • A crucial aspect of physical security.
  • An invader can maneuverer around a single layer of controls.
  • There must be a next layer of controls that can help stop the invader from advancing further.

Access Control

Identification

  • User-Activated Reader

    • The user is active in identification and authorization.
    • Actions can include swiping a card, entering a PIN, and biometric identification.

  • System Sensor Access Control Reader

    • The reader senses an approaching object and scans for a card or token. This type of reader is known as a transponder.

  • Passive RFID (Radio Frequency Identification) only requires proximity to a reader and does not require a battery.

The First Line of Defense

  • Provides a psychological deterrent
  • Different gauges and mesh sizes are used for different levels of security.
  • The Perimeter Intrusion Detection and Assessment System (PIDAS) fencing method is also known as a smart fence.

Bollards

  • Prevent vehicles from accessing restricted areas
  • Placed between a facility and a parking lot or roads that run close to exterior walls

Lighting

  • Lights should be installed with overlapping zones.
  • More light should be used at entrances, less light at guard locations.
  • Lighting redundancy should be implemented in case of a power outage.
  • Poorly lit or unlit areas invite trespassers.

Motion Detection

  • Electrical device that detects object motion
  • Alerts staff by triggering alarms (silent or audible)

Facility Access Control

  • Facilities

    • Should be grouped in segments with each segment or area having its own purpose and access controls.

  • Locks

    • Serve as delaying mechanisms for intruders. They vary in strength, quality, and functionality.

  • Access control mechanisms should maintain an audit trail of authorized and unauthorized entry attempts.

Administrative Responsibilities

  • The right type of lock should match its purpose.
  • Locks and keys require scheduled maintenance to prevent deterioration.
  • Written procedures should be followed for key distribution and management.

Circumventing Locks

  • Locks can be picked in many ways: raking, rocking, bumping, zipping, and more.

  • Determined intruders may use power tools or even attempt to dismantle the door.

  • How Lockpicking Works

Surveillance

What Is Surveillance?

  • Continuous monitoring, and sometimes physical action, in surveyed areas.
  • Facilities should remain under surveillance to ensure swift reaction to intrusions.

CCTV

  • Detects, follows, and exposes intruders
  • Can operate in internal and external facility areas
  • Must be integrated with other security controls

CCTV Components

  • Camera
  • Transmitter
  • Receiver
  • Recording System (DVR)
  • Monitor

Intrusion Detection System

What Is a Physical IDS?

  • A perimeter-scanning device
  • Sensitive to changes in the environment
  • Can detect a wide variety of changes

IDS Types

  • Electromechanical Systems

    • Detect changes or breaks in a circuit. Can be a magnetic contact switch, pressure plate, etc.

  • Photoelectric/Photometric Systems

    • Emit beams of light and generate alarms when the beam is interrupted.

  • Passive Infrared Systems

    • Monitor room temperature and report when the temperature rises.

  • Acoustic Detection Systems

    • Highly sensitive microphones that detect possible forced entry sounds.

  • Wave-Pattern Motion Detectors

    • Generate wave patterns, transmit them to receivers, and if the returned pattern is different, an intruder is likely present.

  • Proximity/Capacitance Detectors

    • Emit magnetic fields and generate alarms if the field is disrupted.

Sensor Impossible

Patrol Forces

Security Guards

  • Pros

    • Can help prevent tailgating (piggy-backing)
    • Used as a deterrent
    • Training and exercises
    • Procedures required

  • Cons

    • Most expensive form of control
    • Armed or not?
    • Fixed patrol location
    • Vulnerable to social engineering attacks

Guard Dogs

  • Trainable, extremely loyal
  • Have extraordinary sense of smell and hearing
  • Considered a supplementary security measure

Auditing Physical Access

Access Logs

  • Examined to reveal attempts to breach entry points in the facility
  • Should be reviewed periodically by the facility manager
  • Although not a preventive measure, logs are often used in cybersecurity forensics investigations.

Logged Information

  • Dates and times of attempts to access the facility
  • Facility entry point events
  • IDs of individuals who attempt to breach the facility
  • Both successful and unsuccessful attempts are recorded.

Auditing Permissions

  • Roles of personnel change
  • Zero trust policy
  • Mandatory vacation
  • The threats are both outside and inside

Securing the Physical Structure

Natural Access Control

  • Guiding people to the desired entrance of a facility via indirect means
  • Landscaping, light placement, fences, and doors indicate where people can and cannot go.

Physical Security Plan

  • Construction Materials
  • Power Distribution Systems
  • Communication Types
  • External Factors
  • When planning physical security, the elements above must be considered.

Facility Considerations

  • Proximity to emergency services
  • Urban and natural camouflage
  • Electronic eavesdropping

Window Types

  • Standard windows: Very low level of protection
  • Non-glass windows (acrylic): Better protection
  • Laminated or wire layer: Best protection

Physical Security Threats & Solutions

Shoulder Surfing

  • Drones

    • Drones can be used for shoulder surfing or facility reconnaissance.
    • Mitigation: Use tinted windows.

  • Open Space

    • Placing employees in an open space makes them vulnerable to shoulder surfing.
    • Mitigation: Use anti-glare screens.

Access Control

  • Access Card Duplication

    • Employee cards can be duplicated.
    • Mitigation: Special wallets that block RFID

  • Tailgating/Piggy-backing

    • Following behind an authorized user into a facility
    • Mitigation: Posting a guard can deter this behavior.

  • 2FA can also be implemented via physical security.

Physical Approach

  • Connecting a USB device to a computer to run malware
  • Connecting a laptop to a switch to gain network access
  • Data theft of documents or other valuable assets
  • Facility segregation should be designed to reduce the risk of an attacker freely entering an area.

Natural Disasters

  • Earthquakes
  • Tsunamis
  • Hurricanes, Typhoons, Cyclones
  • Volcanic Eruptions
  • Wildfires

Fukushima Daiichi Nuclear Disaster

  • A 7.0 magnitude earthquake followed by a 128-foot tsunami.
  • The tsunami disabled the power supply and cooling systems of three reactors.
  • All three cores melted during the first three days.