module 04 - physical security
TRANSCRIPT
-
7/30/2019 Module 04 - Physical Security
1/37
Network Security
Administrator
Module IV:
Physical Security
-
7/30/2019 Module 04 - Physical Security
2/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objectives
~Physical Security
~Types Of Attacks~Physical Security Threats
~Access Controls
~Mantrap
~Fire Safety
~ Laptop security
~ Biometric Device~Desktop Security
~ PC Security
~Dumpster Diving
~ Physical SecurityChecklist
-
7/30/2019 Module 04 - Physical Security
3/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
Physical Security
Fire Safety
Laptop security
PC SecurityDumpster Diving
Biometric Device Desktop Security
Mantrap Access Controls
Types Of Attacks Physical Security
Threats
Physical Security
Checklist
-
7/30/2019 Module 04 - Physical Security
4/37EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Physical Security
~ Attacker gaining access to physicalsecurity can obtain critical informationrelated to an organization
~ Few checks that should be ensured are:
Servers and work stations should besecured
Routers, switches and other networkequipment should be used as an accesspoint to the network
Wireless access point of the networkshould be protected
Laptops should be secured whenconnected externally on the network
IT assets should be managed and theftprevented
-
7/30/2019 Module 04 - Physical Security
5/37EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Internet Security
~ Trusted Networks
Networks inside the network securityperimeter
~ Untrusted Networks
Networks outside the security perimeter
lacking privileges over administrator andsecurity policies
~ Unknown Networks
Networks neither trusted nor untrusted
Resides outsides the security perimeter
-
7/30/2019 Module 04 - Physical Security
6/37EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Statistics
~ According to CSI/FBI Computer CrimeSecurity Survey 2005, nearly 40% ofvictims ignore reporting computer
intrusions
~ According to Nationwide MutualInsurance, 16% of the debit card victimsbear the cost of fraudulent purchases
~ A survey conducted by Nationwide onconsumers revealed that 21% of theinformation are accessed by hackers fromtheir home, car, mailbox, trash, wallet, etc
~ The Global State of Information Security2005, survey revealed that 37% hadinformation security strategy and 24% ofthe respondents are still in the
development process
-
7/30/2019 Module 04 - Physical Security
7/37EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Types of Attackers
~ The explorer
Intruder who browses through all the site to know howthings process
~ The discontented workers
Ex-employees and current employees who aredispleased with the organization
~ The spy
Intelligent agencies that deploy spies to gainconfidential information
~ The terrorist
Exploit computer systems to carry out terrorist attacks
~ The thief
Attacks information security by stealing credit cardnumbers from e-commerce site and breach bankaccounts
-
7/30/2019 Module 04 - Physical Security
8/37EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Types of Attackers (cont)
~ The hacktivist
Related to cyber form of activism
~
The script kiddies Utilize scripts and other automated attack tools,
ignorant of what to do when unauthorizedaccess is gained
~
Hacker for hire Sneaker for performing ethical hacking
Mercenary hacker for performing socialengineering attacks
~ The competition Some companys competing with each other
tend to attain others confidential information
~ Enemy countries
Rival countries attacking information securityof other countries
-
7/30/2019 Module 04 - Physical Security
9/37EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Physical Security Threats
~ Basic need for computers security is to avoidphysical access by unauthorized persons
~ Ensure security in following areas:
Access control
Constantly keep watch over unauthorized access ofdevices
Electricity
Guard against voltage fluctuations Climatic conditions
Regulate the temperature of place wherein devices arelocated
Fire
Prevent fire and install fire alerting mechanism
Water
Secure machinery from floods and moisture
Backups
Refrain back ups away from magnetic fields
-
7/30/2019 Module 04 - Physical Security
10/37EC-Council
Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited
Physical Access Controls
~ Facilitates monitoring of thephysical activities of the people
within and outside the organization~ Facilities Management
Group of people who manage access
controls for a particular buildingstructure
~ Secure Facility
Physical location equipped with accesscontrols that intended to reduce therisks from physical threats
-
7/30/2019 Module 04 - Physical Security
11/37EC-Council
Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited
Physical Security Controls
~ Walls, Fencing and Gates
Prevents unauthorized access to the secure
facility
~ Guards
Estimate each situation as it arise by
applying human reasoning~ Dogs
Protects most valuable resource by strong
sense of smell and hearing power~ ID Cards and Badges
Permits authorized individual accesswithin the secure facility
-
7/30/2019 Module 04 - Physical Security
12/37EC-Council
Copyright byEC-CouncilAll Rights reserved. Reproduction is strictly prohibited
Physical Security Controls
~ Electronic Monitoring
Records the events in areas that otherphysical security controls may miss,using VCRs and CCTs
~ Alarms and Alarm Systems
Provide notification for the occurrence
of predefined events using sensors andalarms
~ Computer Rooms and Wiring Closets
Guarantees the confidentiality, integrity
and availability of critical data by wiringsecretly
~ Interior Walls and Doors
Allows entry to only authorized people
-
7/30/2019 Module 04 - Physical Security
13/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Locks and Keys
~ Types of Lock
Mechanical
Having key of carefully shaped pieces of metal Electromechanical
Accepts keys like ID cards, radio signals, PINs
~ Categories of Lock Manual
Fixed into doors and cannot be changed
Programmable
Allows key changes and can be changed Electronic
Combination of sensor and mechanical lock and fixed into alarm system
Biometric
Uses physical characteristics of a person as a key
-
7/30/2019 Module 04 - Physical Security
14/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
TEMPEST
~ Refers to investigating and understanding compromisedemanations (CE)
~ Compromising emanations are defined as unintentiorial
intelligence-bearing signals~ Sources of TEMPEST signals:
Functional sources:
Use switching transistors, oscillators. signal generators,synchronizers, line drivers, and line relays for generating
electromagnetic energy
Incidental sources:
Use electromechanical switches and brush-type motor forgenerating electromagnetic energy
~
TEMPEST signals: RED Baseband Signals (U)
Modulated Spurious Carriers (U)
(U) Impulsive Emanations
Propagation of TEMPEST Signals (U)
-
7/30/2019 Module 04 - Physical Security
15/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Mantrap
~ Provides alternate access for resources
~ Consists of two separate doors with an
a i r l o c k in between~ Restricts access to secure areas
~ Permits users to enter the first door andrequires authentication access to exit from the
second door~ Security is provided in three ways:
Pose difficulty in intruding into a single door
Evaluates a person before discharging
Permits only one user at a time
-
7/30/2019 Module 04 - Physical Security
16/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Mantrap: Diagrammatical Representation
Door 1
Inputs
Door 1
Outputs
Door 2
Inputs
Door 2
Outputs
Request for access (NormallyOpen)
Request for access (NormallyClosed)
Door Closed Switch(Closed = Secure)
Request for access(Normally Open)
Request for access(Normally Closed)
Door Closed Switch(Closed = Secure)
Magnetic Lock
Electric Strike
Green Light
Door 1 Inputs
Magnetic Lock
Electric Strike
Green Light00
Door 2 Inputs
Src:http://www.securitymagazine.com/Security/FILES/IMAGES/134664.gif
i f i i
-
7/30/2019 Module 04 - Physical Security
17/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Fire Safety: Fire Suppression, GaseousEmission Systems
~ Fire Suppression Portable System:
Class A (interrupts ability of the fuel to be ignited) Class B (removes oxygen from the fire)
Class C (uses nonconducting agents)
Class D (uses special agents for combustible metal fire)Wet-pipe system
Gaseous System: Dry-pipe system
Pre-action system
~ Gaseous Emission Systems Self-pressurizing or pressurized with additional agent
-
7/30/2019 Module 04 - Physical Security
18/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Fire Safety: Fire Detection
~ Major Categories
Manual:
Includes human responses, manually
activated alarms, etc
Automatic:
Includes automatic fire alarm consistingsensors
~ Basic Types Thermal Detection:
Senses the heat in area by fixed temperatureand rate of rise methods
Smoke Detection: Senses the smoke by photoelectric sensors,
ionization sensor and air-aspirating detectors
Flame Detection:
Senses the infrared or ultraviolet lightproduced by open flame
-
7/30/2019 Module 04 - Physical Security
19/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Failure of Supporting Utilities: Heating, Ventilation,Air Conditioning
~ Temperature
Extreme high or less temperature causes damage tosensitive hardware
~ Humidity
High Humidity:
Results in short-circuiting of electrical parts
Low Humidity: Increases the static electricity in the
environment
~ Static Electricity
Increases electrostatic discharge that causes damageto sensitive circuits or shuts down the system
~ Ventilation Shafts
Provides the way for intruders to break into the
system
F il f S i U ili i P M
-
7/30/2019 Module 04 - Physical Security
20/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Failures of Supporting Utilities: Power Management
and Conditioning
~ Grounding
Guarantees proper discharge of returning flow of
current to the ground~ Emergency Shutoff
Stops power immediately if risk due to currentarises
~ Water Problems
Less or excess of water both causes a real,dangerous threats
~
Structural Collapse Natural calamities causes failures of building
structures
-
7/30/2019 Module 04 - Physical Security
21/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Uninterruptible Power Supplies
~ Backup power source that detects interruption ofpower to the power equipment
Standby or Offline UPS:
Offline battery backup that senses the interruption of
power
Ferroresonant Standby UPS:
Enhancement of standby UPS having ferroresonant
transformer that provides power conditioning and linefiltering to primary power source
Line-Interactive UPS:
Having pair of inverters and converters that charges thebattery and gives power when needed
True Online UPS:
Primary power source acts as a battery that providescontinuous supply of power to the system
-
7/30/2019 Module 04 - Physical Security
22/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Skimming
~ Process where the accountinformation stored on the magneticstripe of a credit/debit card is copied
for using an ATM
~ Retrieves the PIN information
~ A skimming device is a small
electronic device that has the size of apager
~ Skimming devices are of two types:
Device that cause ATM tomalfunction
Device that do not cause ATM tomalfunction
-
7/30/2019 Module 04 - Physical Security
23/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Laptop Security: Physical Security Countermeasures
~ Deploy secure cable and locks to safeguardlaptops
~
Use safes made up of polycarbonate material~ Activate motion sensors and alarms for
tracking stolen laptops
~ Fix warning labels containing trackinginformation on the laptops to deter thieves
~ O t her so l u t i o n s app l i ed a r e:
Installing encryption software
Using personal firewall Disabling infrared ports, wireless cards
and plug out PCMCIA cards when not inuse
L t S it I f ti S it
-
7/30/2019 Module 04 - Physical Security
24/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Laptop Security: Information SecurityCountermeasures
~ Create passwords that are difficult to guess
~ Use device locking software to password protect USB ports and infrared ports
~ Perform regular updates on operating system software to identify loopholes and
vulnerabilities
~ Install antivirus and Spyware detection software
~ Other measures include:
Disabling unnecessary user accounts and sessions of last user login
Maintaining backup for all significant data stored
-
7/30/2019 Module 04 - Physical Security
25/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Biometric Device
~ Provides biological identification of personinvolving eyes, voice, fingerprints, etc
~ Performs either identification orauthentication
~ Scan technologies:
Finger scan:
Identifies the configuration of peaks andvalleys, or ridges, which distinguish onefingerprint from another
Facial scan:
Finding faces, matching faces against a
database, and manually resolving 'matches'returned by the facial-scan system
Retinal scan:
Automatically image who place their eyes in thecorrect position and authenticate users based
on the distinction of iris and the retina
-
7/30/2019 Module 04 - Physical Security
26/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Printer Security
~ Restrict the use of printers for sensitive research data
~ Be acquaint of the physical location of the printer as well as its functions andfeatures
~ Secure printer against physical threats like fire, flood and earthquakes
~ Hold knowledge on the printer services, replaced components and thediscarded non-repairable units
~
Modify and replace the chip on the printers circuit board to secure dataagainst third-party interception
~ Configure printer with printer server that allows multitasking and employsmechanisms to control access
-
7/30/2019 Module 04 - Physical Security
27/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Desktop Security
~ People:
Education and awareness:
Educating people about the vulnerabilities and awareness topromote security consciousness among the users
Enforcement:
Ensures the security policy designed is effective andimplemented
~ Process:
Level of governance required for each organization Policies, baselines and procedures for building
management support, system configuration andoperational steps respectively
User classification for desktop access and effective access
control
Review and audit to check and verify the complianceagainst baseline
Penetration testing for managing desktop security
-
7/30/2019 Module 04 - Physical Security
28/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Desktop Security (cont)
~ Technology:
Centralized management:
Authorizes client applications to desktop
Enables users to login from anywhere in the organization network and access
the authorized information Password protection:
Ensures authorized users is granted access to each application
Single Sign-On (SSO):
~ Passwords for multiple applications are captured and stored
permanently and auto verified against every subsequent access Desktop lock:
Protects unattended desktop from unauthorized access
Virus detection:
Detects the presence of virus on file stored via anti-virus software installed
File encryption:
Preserves the confidentiality and integrity of the information
Personal firewall:
~ Protects against external threats
-
7/30/2019 Module 04 - Physical Security
29/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
PC Security: Boot Access
~ Dual booting:
Uses boot loader that enables the user to choosethe operating system to boot
Advantages: Installing multiple operating systems on a
single system minimizes the number ofrequired systems
Guides the user in installing operatingsystems like Linux on Windows platform
~ Boot devices:
Rescue disks used to recover corrupted systems
User can boot from the CD or the floppy
Examples:
Trinux
TOMSRTBT
i i
-
7/30/2019 Module 04 - Physical Security
30/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
PC Security: BIOS Security
~ BIOS:
BIOS settings secures the system
Many tools exists that breach BIOS settings
Configuring BIOS and LILO settings prevents suchbreaches
Flashing the BIOS is another technique to devoid theBIOS C-MOS memory which involves three ways:
Identification and utilization of special jumper
Disable the small lithium battery on the motherboard
Electrically short out two or more pins form the C-MOS memory
OS S i O Ab
-
7/30/2019 Module 04 - Physical Security
31/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
BIOS Security: LILO Abuse
~ Widely used boot loader for Linux known as Linux Loader
~ Configuring LILO writes prompt to the console and waits
for user input~ By default, boots Linux or Windows against no user input
~ /etc/lilo.conf, configuration file holds all the possible boot
options required by LILO~ Booting Linux to single user mode requires specifying:
LILO Boot : linux 1 (or)LILO Boot : linux t
P i S i
-
7/30/2019 Module 04 - Physical Security
32/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Premise Security
~ Premises is the physical area whereinthe hardware is located
~ Security should be thrust in thefollowing areas by identifying:
Malicious damage that threatens thebusiness requirements
Non-availability of essential services
Accidental damage
Equipment theft
Unauthorized access to confidentialinformation
Physical threats like fire, flood, etc
R ti A
-
7/30/2019 Module 04 - Physical Security
33/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Reception Area
~ Benchmark normal arrival routines of persons andcompare new arrival behavior
~ Offer proper space, correct eye contact and non
confrontational facial expressions or posture whileencountering people
~ Heed to intuition and sixth sense to prevent periloussituations to the organization
~ Council people based on the requirements by guidingthem to the respective staff who offer the genuineassistance
~ Distinct suspicious persons:
Thieves, who comprise ofopportunists andprobers
Solicitors and pedlars
Charity organizations
Ex-employees of the organization
People involved in moving office properties
Offi S it
-
7/30/2019 Module 04 - Physical Security
34/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Office Security
~ Weak elements of office involve work areas,garbage bins, consoles and laptops
~ Examples of locations that are prone to attacks:
Post fix attached to the monitor containingpasswords
Open desk draw containing sensitive information
Note book containing user names, system names andpasswords
Printouts, floppy disks, CD-ROMs, archive tapes andfax machines that hold information such as sourcecode, email, database records
Telephone list can be used to perform war dialingattack
Manuals, memos, charts, calendars and letterheadsthat contain confidential information, agendas,
network configuration, services, etc
D t Di i
-
7/30/2019 Module 04 - Physical Security
35/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Dumpster Diving
~ Searching the garbage of the targeted company toacquire information
~ Obtained information may include credit cardreceipts, phone books, calendars, manuals, tapes,CDs, floppies, etc
~ Sensitive information, though removed still
resides in the systems recycle bin and can berestored back to the normal location
~ Countermeasures:
Delete all contents from the storage device toprevent
Shredding of hard copies of data
Ph i l S it Ch kli t
-
7/30/2019 Module 04 - Physical Security
36/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Physical Security Checklist
~ Physical security protects:
Stored information resources
Operating location Functions of the information systems
~ Checklist for ensuring security are:
Fix strong windows and locks
Place servers in dedicated rooms behind lockeddoors and windows
Install air-conditioning and fire detection systems
Maintain an inventory of all systems, memory,processors, etc
Maintain backups of critical information
Insure business against unforeseen hazards
Summary
-
7/30/2019 Module 04 - Physical Security
37/37
EC-CouncilCopyright byEC-Council
All Rights reserved. Reproduction is strictly prohibited
Summary
~ Attacker gaining access to physical security can obtain criticalinformation related to an organization
~ According to CSI/FBI Computer Crime Security Survey 2005, nearly
40% of victims ignore reporting computer intrusions~ Tempest refers to investigating and understanding compromised
emanations (CE)
~ Mantrap provides alternate access for resources
~ Skimming is a process where the account information stored on themagnetic stripe of a credit/debit card is copied for using an ATM
~ Biometric performs either identification or authentication
~ Printer Security restricts the use of printers for sensitive researchdata
~ Premises is the physical area wherein the hardware is located
~ Dumpster diving is searching the garbage of the targeted company toacquire information