CISSP week 26

Physical Security

Domain 10 CISSP Official CBK 3rd EditionPages 1256-1362

Jem JensenTim JensenStaridLabs

Physical Security Program: Purpose

• Designed to prevent the interruption of operations and provide for the security of information, assets, and personnel.• Risks include:• Violence and crime• International Terrorism• Environmental Damage• Energy Disruptions• Pandemics

The Security Survey

• The first step is to determine the protection objectives:• Threat Definition• Target Identification• Facility Characteristics.

• Goal is to mitigate justified risks and not waste money on ineffective security.

Target Identification

• The first step is to identify what assets need to be protected.• Set a prioritization for assets.• Assets can be personnel, property, equipment, or information.• Identify the impact and consequences of an asset loss.

Facility Characteristics

• Several security professionals should be included in a facility walkthrough. The more eyes and the more experience the better.• Overnight security guards get bored and wander around all night, as

such they are usually the best source for identifying weaknesses.

American Institute of ArchitectsList of Key Security Concerns

• Facility security control during and after hours of operation

• Personnel and contract security policies and procedures

• Personnel screening• Site and building access control• Video surveillance, assessment, and archiving.• Natural surveillance opportunities.• Protocols for responding to internal and

external security incidents.• Degree of integration of security and other

building systems.• Shipping and receiving security

• Property Identification and tracking• Proprietary information security• Computer network security• Workplace violence prevention• Mail screening operations, procedures, and

recommendations• Parking lot and site security• Data center security• Communications security• Executive protection• Business continuity planning and

evacuation procedures

Vulnerability Assessment

• The assessment should be done within the context of the defined threats and the value of the organization’s assets.• Each risk (front entrance, receptionist, etc) should have it’s own

vulnerability level. (Very High, High, Medium High, Medium….)• The cost of your protective measures shouldn’t be more expensive

than the assets your protecting.*• Caveats*

• Laws/Regulations• Compliance• Single Loss vs Annul Rate of Occurrence (SLE/ARO)

Site Planning

• Again, the goal of this whole process is the protection of life, property, and operations.• Countermeasures should be appropriate and effective to reduce the risk.• Must balance employee convenience and a secure facility.• Security shouldn’t be sacrificed for convenience, but a lot can be done to make the

user’s life easier.• Security is always easier to setup from the beginning. Employees resist change and

push back every time things are changed. As such security should be done right from the beginning, and only updated when necessary, not on a whim.

• The movement of people and materials through a facility is determined by the design for access, delivery, and parking systems.

• Systems should be designed to maximize efficiency while minimizing conflicts between entry and exit of vehicles and pedestrians.

Roadway Design

• Normal street design is to minimize travel time and maximize safety. • For security, roadways can be designed to minimize vehicle velocity

and to use the roadway as a protective measure.• Straight line approaches should not be used. This allows a vehicle the

opportunity to gather the speed necessary to ram and penetrate the buildings.• Approaches should be parallel to the perimeter with a barrier between the

road and building: earthen berms, high curbs, trees, etc.• Existing streets can be retrofitted with barriers, bollards, swing gates, etc.• Measures should be applied to keep vehicles from departing the roadway and

bypassing the countermeasures.

Glasgow Airport

Car drives into Sears

Carbomb in Bagdad

Remember…build a better defense and the universe builds a better idiot…

Defenses

Less effective vehicle deterrents

Crime Prevention through Environmental Design (CPTED)• Provides direction to solve challenges of crime with organization

(people), mechanical (technology and hardware), and natural design (architecture and circulation flow).• Protection can be provided through aesthetically pleasing features

such as landforms, water, and vegetation.• Thick vegetation should not be directly adjacent to a building and

thick ground cover over 4 inches tall could be a disadvantage.• Facility should be designed with a single point of entrance for

guests/untrusted visitors. A receptionist should be available at this entrance.

Windows

• Windows are vulnerable and common entry points.• Home windows shatter and cause hazardous conditions. (Note on window

safety)• Buildings should be designed so that in the event of an explosion shattered

glass is mitigated. (Bushes, walls, special types of glass, secure door frame, secure anchoring of frame to structure)• Windows should ideally not be directly adjacent to doors. This prevents a

broken window allowing access to the door lock from the inside.• Laminated glass, grills, screens, mesh etc can protect windows.• Windows on ground level should not have the ability to be opened and

should have bars and alarm systems.

Types of Glass

• Annealed: Standard Glass• Tempered Glass: Impact Resistant• Wired glass: Wire mess imbedded in glass offering limited protection• Laminated glass: Very shatter resistant. Still breakable, but shards are

held in place.

(video removed)

(video removed)

(video removed)

Glass Break Sensors

• Sensors can be installed to detect glass breaking.• Types:• Acoustic (Listens for sound wave matching frequency of broken glass)

• Crap• Shock (Identifies shock wave when glass is broken)

• Also crap• Dual mode (Acoustic and Shock required for alarm)

• Less crap

Garages

• Primary risks: Crime and vehicles hitting pedestrians• Use signs to direct traffic and CCTV cameras to monitor for incidents.• Bright lights reduce both risks

• 10-12 foot candle over parked cars• 15-20 foot candles in walking and driving aisles.

• Exterior lights should be 12 feet above ground and should point downward.• Parking structure should be white to reflect light.• Elevators and walkways should empty into the lobby, not into the

secure areas.

Location ThreatsNatural Disasters

• Hurricane winds can exceed 155 MPH• Tornado winds can reach 300 MPH• Earthquakes shake things• Floods…flood things…

Man-made threats

• FIRE! FIRE!• Fires cause damage due to heat, smoke, and water from suppression

systems.• Fire systems should be protection water systems should be protected

from single points of failure.• Incoming water line should be encased, buried, or located 50 feet

from high risk areas.

Fire Extinguisher Classes

Utility Concerns:Electrical

• Electric panels, conduits, and switchgear should be distributed throughout the building to avoid single points of failure.• Emergency generators should be located away from loading docks,

entrances, and parking areas. Preferably on a roof, protected level, or protected interior area.• Generator fuel storage should be located away form loading docks,

entrances, and parking areas. Access should be restricted and protected including locking caps and seals.

Communications

• At least two phone lines on separate systems is good in case of emergency.• If using VOIP, run at least 1 telephone landline to the security guard desk as a

backup.

• Cell phones are relatively cheap and should be provided to critical personnel.• Maintain a phone list of critical employees.• Setup a base radio and add a portable radio to each floor for

emergency internal communications.

Utilities

• When possible protect utilities by placing them underground• Protect drinking water from contamination• Don’t provide signage saying “Critical power area” or “Single point of

failure for all of our power, water, and heat. Don’t hit with car!”• Locate fuel storage tanks and operations buildings down slope and at

least 100 feet from buildings.• Utility systems should be at least 50 feet from loading docks, front

entrances, and parking areas.

Primary Purpose of Security!To protect personnel(people),assets(buildings, items), and information(10010101011101) from death, destruction, or harm.

Workers comp costsInsurance rate per $100 of

payroll

Perimeter security

• Perimeter security is made up of several zones. The more zones, the more defense-in-depth and the better your security.• Each zone can have different

controls.• Security controls should be added

with care, using risk, vulnerability, and threat assessment to balance security and risk.

Physical Security elements(Dodge, dip, dive, duck, and

dodge)• Deter

• Visible security will make adversaries reconsider. If you’re the secure bank with a sniper on the roof and a turret mounted machine gun operated by an annoyed robot, and the bank 2 blocks over (out of sniper sight) has an electric alarm from Radioshack and you both have equal assets that can be stolen…guess who’s going to be chosen.

• Detect• Detection devices allow prompt notification that a break in has occurred. These can be cameras, motion sensors,

infrared sensors, glass sensors, etc.

• Delay• This is the key to physical security. Your protections and detection components are attempting to alert and delay

adversaries so long as is necessary for police or security to arrive. Glass windows only need to last 15 minutes of pounding if a guard walks by every 15 minutes. Even that’s overkill since the guard would be able to hear several minutes before and after while he’s in the vicinity. A safe only has to last long enough for a response, etc.

• Respond• A response force must be told that an unauthorized entry has been attempted. Police, security, mercenaries, the

sniper, etc.

Critical components to protect

• Emergency generator: includes fuel systems, water supply, sprinklers, etc.• Fuel storage• Telephone and switchgear• Fire pumps• Building Control Centers• UPS power supplies• HVAC systems• Elevator machinery• Elevator, stair, and utility shafts• Emergency power feeders.

Good fences make good neighbors

• If using a perimeter fence, here’s the recommendations:• Standard is 6 foot high fence with 2 inch mesh squares.• 9 gauge vinyl or galvanized metal• Posts should be every feet and anchored into cement• Barbed wire angled out from the top of the fence at a 45 degree angle away from

the protected area.• Fence + barbed wire = 7 foot tall.• Base of fence wire should have a post so fence can’t be pushed or crawled under. • For high security, add a double fence with rolls of barbed wire between the fences.• Fences are psychological deterrents and boundary markers and are easily

penetrated.

Gates

• Gates control access to vehicles and people entering/exiting the facility.• The higher security of the controlled area, the fewer gates should

exist.• One is the optimal number for security, but not very practical with

larger facilities.• Each gate requires authentication resources:• Automated system (cards, keycodes, etc)• Human guards

Walls

• Walls are more expensive than fences but offer a softer view.• Effective walls should be 7 feet high with 3 or 4 strands of barbed wire

on top.• The disadvantage of walls is view obstruction.

Perimeter Intrusion Detection

Infrared Sensors

• Passive Infrared sensors are designed for human body detection.• Measures changes in heat in an area.

• Active Infrared sensors send an IR signal to a receiver. If the signal is interrupted then an alarm triggers.• Laser tripwire basically.

Microwave Sensors

• Send a controlled microwave pattern into protected area. Baseline is established and any variance is reported as an alarm.• Passes through concrete and steel and should be not be pointed

adjacent to a roadway or adjacent buildings or false posivites will occur.• Bistatic

• Uses separate devices for sensor and receiver. Sends microwave emission between sensor and receiver and looks for variance.

• Monostatic• Has both sensor and receiver in the same unit. Generates a well controlled

beam that can be adjusted to monitor a specific region.

Left to right:Passive, bistatic, multistatic(Radar)

Off Topic Tim:Through Wall Imaging Systems

Coaxial Strain-Sensitive Cable

• Coaxial cable is woven through a fence. The cable transmits an electric field. If someone tries climbing or cutting the fence, the field fluctuates and is detected in the cable. When this occurs an alarm goes off.• Very tunable, susceptible to weather and climate.• Some are susceptible to EMI and RFI

Video Content Analysis and Motion Path Analysis• CCTV cameras can be piped to computers for software analysis. The

software can identify pixel changes and filter out known events to identify suspicious events and raise alarms.

Lighting

• Lighting deters intruders.• It also makes it easier to see.• Ideally lighting will allow security and employees to notice individuals

at night at a distance of 75 feet or more. They should be able to identify a human face at 33 feet.• Ideally place lighting higher to allow it to disperse naturally and

produce a better aesthetic.

Types of Lighting

• Fluorescent Lights• Highly efficient and cost effective.• Temperature sensitive. Not effective for outdoor lighting.

• Mercury Vapor Lights• Preferred security light. Disperses strong white-bluish light.• Extended lamp life.• Take time to come to full light.• Common at stadiums.

• Sodium Vapor Light• Soft yellow light.• More efficient than mercury Vapor.• Used in foggy conditions.

• Quartz Lamps• Very bright white light• Immediately on• High wattage – 1500-2000 watts.• Used on perimeters and troublesome areas for high visability and day light levels of light.

Infrared Lighting

• Most black and white CCTV cameras can see Infrared (IR)• Infrared illuminators can be setup in areas

to enhance camera visibility.

Access ControlBadge Systems

• Card Types:• Magnetic Stripe

• Old technology• Can be physically damaged by use• Data can be affected by magnetic fields• Easily duplicated

• Proximity Card (Prox Cards)• Use embedded antenna wires connected to a chip within the card.• Chip is encoded with unique card identification.• Read distance varies by manufacturer and installation.

• Smart Cards• Credential cards with a microchip embedded in them.• Can store access transactions, licenses held by individuals, qualifications, safety training, security access

levels, and biometric templates.• Card can double as an access card for doors and be used as an authenticator for a computer.

Additional Security measures

• Along with a magstripe, prox, or smart card you can add additional measures to an authentication transaction:• PIN in keypad• Biometric reader

Fun with access Control Systems (ACS)• When new users are enrolled, they are stored to a central

authentication repository.• This repository is mirrored to all readers on a consistent bases.• If the reader looses access to the central repository, it’s still able to

authenticate known users, just not new additions.

More fun with ACS systems…

• Many prox and smart cards have “slots”. These slots hold things such as PKI certificates or biometric data.• Biometric data such as your thumb print.• So in the event the proxy reader can’t communicate with the central

computer, it can still authenticate you based on the card prox number and the thumb print scan on the badge.

CCTV CamerasPurposes

• Surveillance• Viewer is able to view multiple locations from a centralized area.

• Assessment• Viewer is able to assess the situation from a safe distance before choosing an

appropriate action.

• Deterrence• May deter unsophisticated burglars, vandals, and intruders

• Evidentiary Archives• Archived images/video may be helpful for identification and prosecution of

trespassers, vandals, and intruders.

Camera specs

• Color cameras provide more details like color of clothes or color of car.• Black and white cameras are better in low light conditions.• Cameras must have auto-white balance to adjust to changing color

temperatures of daylight and artificial light.• Color cameras require more illumination levels.• High quality color cameras work down to 1.5 foot-candle (fc)

illumination. Black and white work to .5 fc

Outdoor cameras

• Outdoor cameras are more expensive than indoor.• Lighting changes depending on time of day and weather.• Shrubs, trees, and vegetation can obstruct views.• In cold weather, a heater blower should be added to the camera housing.• Auto-iris lenses should be used since they automatically adjust to light. Strong sunlight can

damage a camera without this feature.• Set the focus in low light with an auto-iris. The focus will stay with more light, but not if

reversed.• “Neutral density (ND)” filters can be added to reduce lighting without changing the color

of the image.• Try to avoid direct sunlight in an image.• Try to avoid sky view in the camera, this will impair the contrast.

Mounts

• Fixed position Camera• Cannot rotate or pan.• Good for motion detection.• Lower cost• Allows for “pre-alarm” where you can view images from before an alarm.• Unable to follow an dynamic event.

• Pan/Tilt/Zoom (PTZ) Cameras• Cameras allow rotation, panning, tilting, and zooming.• Due to extra electronics these usually cost 4 times more than a standard camera.• Not suited for pre-alarm assessment since the alarm area can change at all times.

• Dome Cameras• Cheaper than PTZ• Hardened plastic lower dome, usually smoke colored to conceal camera.• Better protected in harsh conditions

IP Cameras

• IP cameras capture digital video.• The camera is connected to a LAN network and video is sent over the

network.• Least secure system.• Cost more than CCTV cameras.• Not normally suitable for high-risk projects

Security Guards

• Deter unauthorized entry into a facility• Response force to alarm activations• Guards are required to conduct foot patrols of building interiors,

exteriors, and parking areas.• Some guards will be stationary at entrances or security offices.• Required to respond to fire, security, and medical emergencies. And

to renter assistance when needed.• Must be able to submit written and verbal reports regarding

significant events.

Security Guard Affiliations

• Proprietary (Company Employees)• Increased quality of personnel• Control of security program• Employee loyalty• Prestige for both employee and company• Disadvantage: cost, administration, staffing, impartiality, expertise• Largest disadvantage is time to create an effective security program.

• Contract• Easily adapts to staffing levels• Total cost is rolled into single hourly billable rate: salary, insurance, admin cost, uniforms, benefits.• Contract security is generally impartial.• Guards are easy to replace.• Contract guards usually cost less than proprietary since they’re just a head.

• Hybrid• It’s possible to use some proprietary and some contract security to provide better control over your security

program while making the program cost effective.

Alarm Monitoring

• For secure facilities, generally two guards are on at all times, 24/7.• Guard 1 is stationed in a security console center and monitors cameras, intrusion systems, and fire

systems.• Guard 2 does walkthroughs and assigned tasks.

• Many organizations use UL 1981 Standard for high security facilities to designate staffing levels.• Requires staffing to be such that all alarm signals can be acknowledged and appropriate dispatch and

verification action can be initiated not more than a defined period after the monitoring facility receiver acknowledges.

• The Security Control Center should be located on the main floor or the basement as long as the area is not below ground level (flood protection)• Entry must be controlled and only authorized personnel allowed in.

• A sign in sheet should be hung up to document any non-authorized personnel being escorted in (police, temporary staff, executives, etc)

• Must have primary and secondary power sources. Secondary power should last for at least 24 hours.

Visitor Access

• Visitors should be required to sign in and sign out, and document their purpose of visit.• A visitor badge should be given to identify them as a non-employee.• This badge should not be an access card• The badge should state if they require an escort or not. If an escort is

required, the badge should have the name of the escort to make that person personally responsible.

• Some visitor systems can read government issued ID’s by swiping them and identify if the ID is properly formatted or is falsified. The data is populated into a database as a record.

Doors (Again)

• Door assemblies include the door, its frame, and the anchorage to the building.• Exterior doors should be designed to fit snugly in the doorframe,

preventing gaps.• Perimeter doors should be hollow steel doors or steel clad doors with

steel frames.• Latch and frame anchor should match the strength of the door and frame.• Hinges should be on the interior of restricted areas.• Doors housing sensitive areas should have an automatic door closing

device.

Why Hinges should be inside….

http://www.firerescue1.com/fire-products/tools/articles/1284289-step-by-step-forcing-an-outward-opening-metal-door/

Electronic Locks

• Actuates the door bolt• Some retract the lock without user intervention• Some offer request-to-exit switches• Expensive• Often requires new door for retrofit• Requires special door hinge to accommodate wiring harness

• Can be configured in fail-safe or fail-secure modes.

Electric Strikes

• Strike is removed (vs bolt being removed)• Can be configured in fail-safe or fail-secure modes.• Unrestricted exit access is allowed.• Can easily be retrofitted to old doors.

Magnetic Locks

• Easy retrofit• Mounted on door and doorframe• Continuous electric current is provided to hold the door closed.• Locks are fail-safe (fail open) on power loss.• US Life safety Codes require magnetic lock doors have a manual

override device and an automated senor or Request To Exit device.• Locks are controlled by a card reader.

Mag Locks

Anti-Passback

• Requires user to badge in and out when entering and leaving.• Easy for accountability• Some systems only allow single entry. To enter again the user must

have left. This stops people from dropping badges out windows or cloning them to get multiple people inside.

Turnstiles

• Prevents piggybacking or tailgating• Assists guards in verifying that all

users badge in individually

Mantraps

Real Mantraps

• Room where you must enter, allow the door to close behind you, and then enter another door which will allow unlock only once you are locked in the room.• This allows employees to know if someone is piggybacking.• A footstep detecting floor can be added to identify the amount of

people in the room.

Safes

• Last line of defense.• You should have spent more on guards, doors, and sensors.• Different categories.• Tool Resist

• Rating of TL-15 means it’s tool resistant for 15 minutes.• To be TL-15 it must weight at least 750 pounds or have anchors.• Have a metal body that is solid or fabricated of at least 1 inch thick with tensile strength

of 50,000 PSI and is fastened to the floor with ¼ inch steel.• No hole on the safe can be larger than ¼ inch when closed.• Must have a relocking device if the lock is destroyed.

Vault

• Different Categories:• Class M – ¼ hour• Class 1 – ½ hour• Class 2 – 1 hour• Class 3 – 2 hour

Biometrics

• Measure biological characteristics• Fingerprints, hand geometry, voice print, iris pattern, etc

• Common failures• False acceptance (Type I error) – erroneously allows access by confusing one

user with another or falsely recognizing an imposter• False rejection (Type II error) – fails to recognize a legitimate user

• Most biometrics can be tuned to adjust the false acceptance rate (FAR) and false rejection rate (FRR)• The spot where FAR and FRR meet is called the Crossover Error Rate (CER)• CER can be used to compare accuracy between different devices

Biometrics

Biometrics

• Fingerprint• Compares pattern on fingers to a stored template• Some require multiple fingers for either:

• More accuracy – harder to forge multiple fingerprints• More flexibility – injury to one finger doesn’t bar access

• Modern scanners detect temperature and pulse

• Facial image• Compates facial features to stored image

• Eye width, mouth width, nose height – general proportions

Biometrics

• Hand geometry• Uses distance between knuckle joints, finger lengths• Generally faster than other biometrics• Reasonably accurate• Higher false acceptance rates

• Voice recognition• Less expensive• Require isolation from background noise• Often paired with another access check like a PIN

Biometrics

• Iris patterns• Iris is less susceptible to theft or injury than fingers• Slower – typically about 2 seconds per check• Some people don’t like having their eyes scanned

• Retina scanning• Scans blood vessels at the back of the eye• Very high security but lots of hurdles to implementing• Slow - Typically 10 seconds per check• Intrusive – have to take off glasses, hold very still• Some people think it will damage their eyes

Biometrics

• Signature dynamics• Compares stored signature style• Speed of writing, direction, as well as finished signature• Easy for signers – don’t need to learn anything new

• Vascular patterns• Maps veins in hands or fingers• Difficult to forge• Contact-less – hygiene benefits

Biometrics

• Keystroke dynamics• Analyses the way a person types• Keystroke rhythm template

• Dwell time – how long the key is pressed• Flight time – time between key presses

Communications and Server Rooms

• Lightning protection• Ground Potential Rise (GPR)

• Lightning strike to a grounding system• Causes surge that can damage equipment, personnel

• Equipment damage may not manifest itself immediately• Mean time before failure (MTBF) – average life expectancy of equipment• Latent damage – shortens MTBF

• Avoidance• Can use fiber instead to avoid the issue• Or isolate the circuits using optical isolators or isolation transformers

• Mounted in a non-conducting cabinet• Called a High voltage interface (HVI)


• Server room• No windows• Only one controlled entry• Physical access to a system = game over

• So don’t let it happen!• Metal conduits for cabling leading from/to (ideally everywhere)


• Rack security

… no.


• Rack security• Don’t stop at access control for the server room – lock server racks

• Doubtful that everyone with server room access needs access to every rack• Do electricians need to get into the racks? Probably not

• Manageable rack locks• Can be remotely configures for more advanced access control than classic keys• Only allow unlocking during certain times or day• Require manager approval

• Monitor temperature, power consumption

Work Area Security

• Server rooms, closets probably not the best place to put workspaces• High security personnel behind more secured areas• Outside of secured rooms• Security containers – locking cabinets• Clean desk approach – clean/lock everything up at the end of the day

• Maintain strong password protection on workstations• Point screens away from windows• Use privacy filters or screen protectors• Shredding policy to destroy paper copies of sensitive information

Restricted Work Areas

• Sensitive Compartmented Information Facility (SCIF)• Prevent & detect visual, acoustic, technical, physical access• 3 layers of 5/8 inch drywall, true floor to true ceiling• One door with X-09 combination lock• Door frame affixed to surrounding wall & strong enough to prevent distortion• Automatic door closer• Door alarms• Noisemaking device over doors, pointed at windows• HVAC requirements restricting size or requiring bars on ducts• Intrusion detection that response force can respond to within 15 minutes

Utilities and Power

• UPS – battery backup for short term power outages• Generator• Activate automatically in power outage• Typically diesel fueled

• HVAC• Heating, ventilation, air conditioning• Keeps system temperature in range to avoid damage or outages

Fire Detection

• Detectors – sound alarm to give people a chance to escape• Types

• Smoke• Categories

• Photoelectric• Physical process (ionization)

• Flame• UV

• Heat• Sudden temperature changes• High temps

Fire Suppression

• Water• Wet system – filled with water that sprays until water supply is shut off• Dry system – valve fills system with water when triggered• Pre-action system – water held back until detectors are activated• Deluge system – like pre-action but sprinkler heads are left open

• Gas• Halon – outdated, leaves residue, can injure personnel• Aero-K• FM-200

The End!

Education

CISSP week 26