Physical Security Lecture

Information about Physical Security Lecture

Published on January 5, 2008

Author: Alien

Source: authorstream.com

Content

PHYSICAL SECURITY (NSTISSI 4011):  PHYSICAL SECURITY (NSTISSI 4011) BY Josef Onuoha CS 996 Outline:  Outline Goals of Physical Security Perimeter and Building protection Access Controls Distributed Processing Stand-alone Systems and Peripherals Environment and Life Safety Controls Tamper Resistance Goals of Physical Security:  Goals of Physical Security Prevent unauthorized access to equipment, installations, material, and documents Safeguard against espionage, sabotage, damage, and theft Safeguard personnel Perimeter Protection:  Perimeter Protection Standoff distance The maintained distance between where a vehicle bomb is allowed and the target Exclusive Standoff Zone Vehicles are not allowed within perimeter unless they have been searched and cleared Nonexclusive Standoff Zone Established when a facility or location permits a mixture of trucks and cars. Includes inner and outer perimeters Perimeter Protection:  Perimeter Protection Perimeter Protection:  Perimeter Protection Speed Control Controls the speed of vehicles used for bombs Perimeter Protection:  Perimeter Protection Vehicle barriers Perimeter Protection:  Perimeter Protection Perimeters should also protect against Standoff weapons such as riffles, shot guns, pistols Primary defense is to obstruct Line Of Sight (LOS) from vantage point outside the site Use a Predetonation Screen Perimeter Protection:  Perimeter Protection Perimeter Protection:  Perimeter Protection Surveillance aggressors remain outside of controlled areas and try to gather information from within those areas Designers must eliminate or control vantage points from which aggressors can surveil or eavesdrop on assets or operations. Trees, bushes, fences, other buildings etc Perimeter Protection:  Perimeter Protection Perimeter Protection:  Perimeter Protection Lighting Discourage or deter attempts at entry by intruders. Prevent glare that may temporarily blind the guards. Different types Continuous, standby, movable Different applications Entrances, Parking areas, Critical areas Staffing Security Guards Patrols Dogs Building Protection:  Building Protection A Sensitive Compartmented Information Facility (SCIF) is an accredited area, room, group of rooms, buildings, or installation where Sensitive Compartmented Information (SCI) may be stored, used, discussed, and/or processed We now focus on construction requirements of a SCIF Building Protection:  Building Protection Vault Specifications Building Protection:  Building Protection Vault Specification (cont) minimum compressive strength of 3000 psi after 28 days of aging for class A 5/8-inch diameter steel rein- forcing bars laid 6 inches on centers In seismic areas, 6-inch or thicker RC will be used. Building Protection:  Building Protection Walls The walls will be of either reinforced concrete in excess of four inches thick or solid masonry (stone or brick) in excess of eight inches thick Floors The floor and ceiling selected for a Secure Area will be at least a four inch thickness of concrete Building Protection:  Building Protection Entrances A Secure Area will be equipped with a GSA Class 6 vault door Windows It is preferable that Secure Area be windowless . Accessible windows, where required, will be secured with bars, installed as specified in the requirements Building Protection:  Building Protection Barred Window Specifications for SCIF Type of Installation Type A: Requires a steel frame with steel bars welded on it to be bolted to the inside of the facility window frame Type B: Requires imbedding the ends of steel bars in the masonry window frame of the facility Type C: Requires a grillwork of steel bars to be imbedded in the masonry walls immediately adjacent to the facility window frame Building Protection:  Building Protection Sound Attenuation for SCIF The SCIF walls, windows, floor and ceiling, including all openings, should provide sufficient sound attenuation to preclude inadvertent disclosure of conversation Must meet the following SCT: Executive Suite       45+ Briefing Rooms 45+ Auditoriums 50+ Building Protection:  Building Protection Telephone Security for SCIF Telephone cables and wires which penetrate a facility's perimeter will enter the facility through one opening and be placed under control at the interior face of the perimeter The number of telephone instruments servicing a SCIF will be limited to those operationally necessary Interior Intrusion Detection Systems:  Interior Intrusion Detection Systems Structural vibration sensors Detects energy due to hammering, drilling, etc Point sensors Detects close proximity to an object. Passive ultrasonic sensors detect acoustical energy Volumetric Motion sensors Detects intruder motion within the interior of a protected volume Exterior Intrusion Detection Systems:  Exterior Intrusion Detection Systems Fence sensors Detects penetration generated by mechanical vibrations and stresses in fence fabric and posts LOS sensors generate a beam of energy and detect changes in the received energy that an intruder causes by penetrating the beam. Alarms:  Alarms Requirements perimeter doors will be equipped with high security balanced magnetic door switches. Vault doors will be equipped with heat detectors and balanced magnetic switches. The interior spaces not continually occupied by authorized personnel will be protected by motion detection alarms. vents and ducts over six inches will be alarmed. Windows less than 18 feet from ground level will be alarmed Alarms:  Alarms Types Motion alarm detectors Overt body motion walking through the protected areas at the rate of one step per second for four seconds, in areas protected by ultrasonic, microwave, and other motion detection devices Door Switches Actual opening of doors (or windows or other openings using door switches) which are protected by balanced magnetic door switches. Alarms:  Alarms Types (cont) Capacitance Alarms Attempts to push hands, arm, or legs through the protected area (air ducts or vents); to touch an item being protected (door, window, wall, etc.); or to move protected objects (security containers). Tamper Switches Removal of the covers for sensors, alarm control units, day/night switches, and end of the line supervision control units should cause an alarm regardless of the status of the overall system Physical Access Control:  Physical Access Control Designate restricted area: Facilitates enforcement Physical Access Control:  Physical Access Control Locks Preset Locks and Keys Typical door looks Programmable Locks Mechanical (Cipher Locks) Electronic (Keypad Systems): Digital Keyboard Number of Combinations Number of Digits in Code Frequency of Code Change Physical Access Control:  Physical Access Control Cards Photo-ID cards Wireless Proximity readers Magnetic Strip cards Smart Cards Often Require Use of PIN Number with Card Readers: Card Insertion, Card Swipe & Proximity Physical Access Control:  Physical Access Control DOD Smart Cards (Common Access Cards) Physical Access Control:  Physical Access Control Biometric Devices Fingerprint/Thumbprint Scan Retina Scan Hand Geometry Facial Recognition Voice Verification Problems Cost Speed Accuracy Physical Access Control:  Physical Access Control Typical verification times for entry-control devices Physical Access Control:  Physical Access Control Visitor identification and control Visitors, Cleaning teams, Civilians in work areas after normal work hours, Government contractors Personnel Position Sensitivity Designation Management Review of Access Lists Background Screening/Re-Screening Termination/Transfer Controls Disgruntled Employees Physical Access Control:  Physical Access Control Movement Control Escorts Two-person rule Distributed Computing:  Distributed Computing Threats To Confidentiality Sharing Computers Sharing Diskettes To Availability User Errors To Data Integrity Malicious Code Version Control Physical security of Distributed Computing:  Physical security of Distributed Computing Office Area Controls Entry Controls Office Lay-Out Property controls Electronic Media Controls Clean-Desk Policy Space protection devices Heat/Humidity considerations Stand-alone Systems and Peripherals:  Stand-alone Systems and Peripherals PC Physical Control Cable locks Vinyl-covered steel cable anchoring the PC or peripheral to desk Port controls Devices that secure data ports (such as USB ports) and prevent their use Stand-alone Systems and Peripherals:  Stand-alone Systems and Peripherals PC Physical Control (cont) Switch Controls A cover for the on/off switch, which prevents a user from switching off the file server’s power Peripheral switch controls Lockable switches that prevent a keyboard from being used Electronic Security Boards Boards inserted into an expansion slot in the PC and force a user to enter a password when the unit is booted Environment and Life safety Controls:  Environment and Life safety Controls Environment considerations to physical security include the following Electric Power RFI, EMI Implement TEMPEST Humidity Humidity of < 40% increases static elec. Damage potential Emergency power off controls Voltage monitoring/recording Surge protection Environment and Life safety Controls:  Environment and Life safety Controls Electric Power (cont) Backup power Backup feeders, UPS Emergency power generators Environment and Life safety Controls:  Environment and Life safety Controls Temperature Temperatures When Damage Occurs Paper Products: 350o Computer Equipment: 175o Disks: 150o Magnetic Media: 100o Fire detection Heat-sensing Flame-actuated Smoke-actuated Automatic dial-up fire alarm Environment and Life safety Controls:  Environment and Life safety Controls Fire Extinguishing Systems Wet pipe Dry pipe Deluge Suppression mediums Halon Excellent for vaults, equipment cabinets, etc Carbon IV Oxide Great for unattended facilities. Potentially dangerous Information System Centers:  Information System Centers Site selection Low visibility Low natural disaster threat Easy access to external services such as police, fire, hospitals, etc Information System Centers:  Information System Centers Infrastructure Servers, switches, routers, should be placed in looked racks and looked rooms Wiring and cables should be routed through walls, floors, etc to avoid tampering Uninterrupted power supply should exist for computing facility Tamper Resistance:  Tamper Resistance A device is said to be tamper-resistant if it is difficult to modify or subvert, even for an assailant who has physical access to the system. Specialized materials used to make tampering difficult One-way screws, epoxy encapsulation, trox Closely tied to tamper detection and response Tamper Detection:  Tamper Detection The ability of a device to sense that it is under physical attack and includes Switches to detect opening of device covers Sensors to detect changes in light or pressure within the device Barrier to detect drilling or penetration of physical boundary Paint Tamper Response:  Tamper Response Tamper Response is the counter measure taken upon the detection of tampering Ex.: Erase memory, shutdown/disable device, enable logging This is especially very important in the case of cryptographic keys stolen or lost This is especially very important in the case of cryptographic keys stolen or lost Computational errors introduced into a smart card can deduce the values of cryptographic keys hidden in the smart card layers of a chip can be uncovered by etching, discerning chip behavior by advanced infrared probing, and reverse-engineering chip logic OPSEC:  OPSEC Operations security (OPSEC) is an analytic process used to deny an adversary information - generally unclassified Trains people on the handling of information We can apply OPSEC in our daily lives “What could an adversary glean from the knowledge of this activity?” Resources:  Resources Physical Security Requirements For NSA/CSS Sensitive Compartmented Information Facilities FM 3-19.30 Physical Security, Department of the Army AR 380-5 Appendix H Classified document and Material Storage Smart Card/Common Access Card Program http://www.don-ebusiness.navsup.navy.mil/portal/page?_pageid=36,74750,48_72991&_dad=pebiz&_schema=PEBIZ

Related presentations


Other presentations created by Alien

GREEK THEATRE
15. 10. 2007
0 views

GREEK THEATRE

Singapore National Symbols
14. 09. 2007
0 views

Singapore National Symbols

Origins of the Cold War
23. 12. 2007
0 views

Origins of the Cold War

CG43SlideSet
30. 04. 2008
0 views

CG43SlideSet

kaiser pres
28. 04. 2008
0 views

kaiser pres

GoldDifferences
22. 04. 2008
0 views

GoldDifferences

visn8
17. 04. 2008
0 views

visn8

Nov24 Regulatory approaches
16. 04. 2008
0 views

Nov24 Regulatory approaches

dr rom
14. 04. 2008
0 views

dr rom

file 6943
13. 04. 2008
0 views

file 6943

The Peak Oil Context Tom Petrie
10. 04. 2008
0 views

The Peak Oil Context Tom Petrie

H106g
09. 04. 2008
0 views

H106g

JapaneseGeography
07. 04. 2008
0 views

JapaneseGeography

Hamburg 2007
14. 09. 2007
0 views

Hamburg 2007

lfg
14. 09. 2007
0 views

lfg

Eddie Final Presentation
14. 09. 2007
0 views

Eddie Final Presentation

chalmers
14. 09. 2007
0 views

chalmers

The Rain Forest Final
14. 09. 2007
0 views

The Rain Forest Final

ECAKnowledgeFair
12. 10. 2007
0 views

ECAKnowledgeFair

Ch18part1
15. 10. 2007
0 views

Ch18part1

WNV AVB 02212006
21. 10. 2007
0 views

WNV AVB 02212006

giraffe pp
14. 09. 2007
0 views

giraffe pp

giraffe powerpoint
14. 09. 2007
0 views

giraffe powerpoint

giraffe
14. 09. 2007
0 views

giraffe

COOL STUFF ABOUT GIRAFFES
14. 09. 2007
0 views

COOL STUFF ABOUT GIRAFFES

ub041104
23. 10. 2007
0 views

ub041104

STORY OF THEME AND PLOT
23. 10. 2007
0 views

STORY OF THEME AND PLOT

PhiladelphiaZooPPP
14. 09. 2007
0 views

PhiladelphiaZooPPP

qu10 11
01. 12. 2007
0 views

qu10 11

Angelos CME Energetics
02. 11. 2007
0 views

Angelos CME Energetics

pptPanama s
22. 10. 2007
0 views

pptPanama s

hirotani
13. 11. 2007
0 views

hirotani

bon2003 mpls
29. 10. 2007
0 views

bon2003 mpls

PROF AZZA
23. 10. 2007
0 views

PROF AZZA

Fenton
29. 10. 2007
0 views

Fenton

Countering Offshore
29. 12. 2007
0 views

Countering Offshore

walters082902
23. 11. 2007
0 views

walters082902

razbash
26. 11. 2007
0 views

razbash

DVMRPandMOSPF
01. 01. 2008
0 views

DVMRPandMOSPF

One 783Ngupta
04. 01. 2008
0 views

One 783Ngupta

Chapter 18 PPT
22. 10. 2007
0 views

Chapter 18 PPT

History of NAIS John Wiemers
20. 08. 2007
0 views

History of NAIS John Wiemers

BSP2D
14. 09. 2007
0 views

BSP2D

costarica1 ftparraud
22. 10. 2007
0 views

costarica1 ftparraud

mcmc2000a
06. 11. 2007
0 views

mcmc2000a

050317lc
16. 11. 2007
0 views

050317lc

ALA2003 OAI
04. 10. 2007
0 views

ALA2003 OAI

fwing
22. 10. 2007
0 views

fwing

acute 060727 transfusionmed
23. 10. 2007
0 views

acute 060727 transfusionmed

bckexpk3b
09. 07. 2007
0 views

bckexpk3b

anorexia
09. 07. 2007
0 views

anorexia

070207 Adjektiv
09. 07. 2007
0 views

070207 Adjektiv

A Brachmann
09. 10. 2007
0 views

A Brachmann

mueller jun07
19. 10. 2007
0 views

mueller jun07

Late Classic Maya Collapse
16. 02. 2008
0 views

Late Classic Maya Collapse

ISLAS GALAPAGOS
14. 09. 2007
0 views

ISLAS GALAPAGOS

Heatingoilwebsection ppp
24. 02. 2008
0 views

Heatingoilwebsection ppp

PIndustrialTrucks
26. 02. 2008
0 views

PIndustrialTrucks

ethanap
14. 09. 2007
0 views

ethanap

Propulsion CEV
07. 11. 2007
0 views

Propulsion CEV

MichelleWatt
20. 02. 2008
0 views

MichelleWatt

newsletterfall04
11. 03. 2008
0 views

newsletterfall04

EC T9 2008 Conference Proposal
12. 03. 2008
0 views

EC T9 2008 Conference Proposal

drugstatistics
17. 12. 2007
0 views

drugstatistics

icfa chep06
23. 10. 2007
0 views

icfa chep06

Hubert CW8
14. 09. 2007
0 views

Hubert CW8

A mi Papi 2089
19. 06. 2007
0 views

A mi Papi 2089

An ode to Mothers
19. 06. 2007
0 views

An ode to Mothers

LoffPresentation
17. 10. 2007
0 views

LoffPresentation

Maschera
19. 06. 2007
0 views

Maschera

manual
19. 06. 2007
0 views

manual

Luces De Navidad 1848
19. 06. 2007
0 views

Luces De Navidad 1848

leer
19. 06. 2007
0 views

leer

Lean Six SigmaATL011706
19. 06. 2007
0 views

Lean Six SigmaATL011706

lexisnexis
05. 10. 2007
0 views

lexisnexis

OAT Presentation v5
19. 06. 2007
0 views

OAT Presentation v5

moscatelli
19. 06. 2007
0 views

moscatelli

moon split
19. 06. 2007
0 views

moon split

money plus
19. 06. 2007
0 views

money plus

MKCL
19. 06. 2007
0 views

MKCL

Journey of the Spirit Lesson 6
01. 10. 2007
0 views

Journey of the Spirit Lesson 6

2 Jornada BISHOP
10. 10. 2007
0 views

2 Jornada BISHOP

No esperes
19. 06. 2007
0 views

No esperes

Amores locos 1992
19. 06. 2007
0 views

Amores locos 1992

College English book 2 Unit 7
24. 02. 2008
0 views

College English book 2 Unit 7

A vista de pajaro II 2109
19. 06. 2007
0 views

A vista de pajaro II 2109

Ammosov Vladimir ammosov pra
12. 10. 2007
0 views

Ammosov Vladimir ammosov pra

Amber la mejor de todas
19. 06. 2007
0 views

Amber la mejor de todas

CP317 lecture 6 Huck II 05
11. 12. 2007
0 views

CP317 lecture 6 Huck II 05

AHQA031204Mck
09. 07. 2007
0 views

AHQA031204Mck

Evergreen
03. 01. 2008
0 views

Evergreen

04 NJIT3
02. 01. 2008
0 views

04 NJIT3

Poster A4 Glasgow nov04
04. 10. 2007
0 views

Poster A4 Glasgow nov04

Ally McBeal
09. 07. 2007
0 views

Ally McBeal

sara paige
14. 09. 2007
0 views

sara paige

36181003
24. 10. 2007
0 views

36181003

MusicApprecBaroque 2
22. 11. 2007
0 views

MusicApprecBaroque 2

ELE386 Malware
20. 08. 2007
0 views

ELE386 Malware

RohanShah
12. 10. 2007
0 views

RohanShah

1022MAS net big picture
03. 01. 2008
0 views

1022MAS net big picture

Lo Suficiente 1744
19. 06. 2007
0 views

Lo Suficiente 1744

gm3 jp item14 Mangrove ITTO
22. 10. 2007
0 views

gm3 jp item14 Mangrove ITTO

2005AuditResults
09. 07. 2007
0 views

2005AuditResults

HABIC1 summary
17. 11. 2007
0 views

HABIC1 summary

aro ald informalsession
24. 10. 2007
0 views

aro ald informalsession

etu ambassadeurs juin 07 en
13. 03. 2008
0 views

etu ambassadeurs juin 07 en

Gobert poster
03. 10. 2007
0 views

Gobert poster

Kistenev
15. 11. 2007
0 views

Kistenev

6 History of Chemistry I
12. 10. 2007
0 views

6 History of Chemistry I

Jan2000report
04. 01. 2008
0 views

Jan2000report

course 4
03. 01. 2008
0 views

course 4