Physical Security Katie Parker and Robert Tribbia
20 Slides701.00 KB
Physical Security Katie Parker and Robert Tribbia Computer Security Fall 2008
Physical Security Prevent attacks from accessing a facility, resource, or information stored on physical media
Two Main Things to Protect Against Human Attack Natural Disasters
Human Attacks Attacks from outside – Thieves/burglars – Hackers – Former employee Attacks from inside – Current angry or disgruntled employee – Agent for hire
Five Layers of Physical Security Environmental deterrents Mechanical deterrents Surveillance deterrents Human deterrents Proper employee training
Environmental Deterrents Primarily High Used for outside attacks walls, fences to deter less motivated attackers
Mechanical Deterrents Can range from simple ID card to high-tech biometrics Locked gates, key cards Access control
Surveillance Deterrents Used to help prevent future attacks and provide information on past attacks Cameras, microphones, detection systems CCTV/cameras can help deter “shoulder surfing”
Human Deterrents Can be used to prevent both outside and inside attacks Security guards and checkpoints – outside Reception desks and the employees (when trained)- inside One is not enough!
True Story 2 attackers obtained entry to data center Security guard wasn’t at post, one employee on duty Attackers beat employee and used employee to gain access to equipment
Employee Training Common problem is laziness Train employees to always: – – – – Lock all unattended workstations Turn monitors away from common areas Shred sensitive documents Lock laptops Stolen laptops are becoming a big security issue
Social Engineering Tricking people into giving confidential information or granting access Several different methods – Pretexting – Baiting – Quid pro quo
Pretexting Using a invented scenario to convince the victim to give up personal information or do some action Justin Long’s character in Live Free or Die Hard; car
Baiting Attacker puts harmful virus/malware on a device Leave device in public place with legitimate title Victim uses device and uploads the malware to system
Quid Pro Quo “Something for something” Attacker offers help with problem, but while helping, hurts too The Italian Job- Becky the cablewoman
Dumpster diving Searching through the trash for valuable information that is still intact Prevent by: – Thoroughly shredding all important data
Regular old theft Mission Impossible Katie’s work application
Natural Disasters Risk Assessment – See what problems are the most likely for your location and guard against them – Example: in Tallahassee, don’t really need to worry about earthquakes, so don’t spend money protecting against them
Natural disasters Fire Fire can destroy computer hardware Prevent with: – – – Smoke detectors Fire alarms Fire extinguishers
Other Natural Disasters Liquid damage – Keep sensitive equipment on 2nd floor or higher – Don’t run water pipes through or near rooms with susceptible equipment Earthquakes – Support with gel padding and springs Lightning – Faraday cages – Generators
