Scribd
Upload
69 views

Donald Hester 661899: For Audio Call Toll Free and Use PIN/code

This document provides instructions for accessing an audio conference call and outlines topics to be covered regarding physical security and environmental protection of information systems. It discusses establishing policies and designating sensitive areas, controlling access to facilities and assets, monitoring access with CCTV, logging visitors, protecting power sources, and ensuring proper fire safety, environmental controls, and equipment security. The presentation aims to help organizations protect physical infrastructure and sensitive information from threats.

Uploaded by

perezismael
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
69 views

Donald Hester 661899: For Audio Call Toll Free and Use PIN/code

This document provides instructions for accessing an audio conference call and outlines topics to be covered regarding physical security and environmental protection of information systems. It discusses establishing policies and designating sensitive areas, controlling access to facilities and assets, monitoring access with CCTV, logging visitors, protecting power sources, and ensuring proper fire safety, environmental controls, and equipment security. The presentation aims to help organizations protect physical infrastructure and sensitive information from threats.

Uploaded by

perezismael
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 53

Donald Hester

March 29, 2011

For audio call Toll Free 1-888-886-3951

and use PIN/code 661899

Housekeeping
Maximize your CCC Confer window.
Phone audio will be in presenter-only mode.
Ask questions and make comments using the chat window.

Adjusting Audio

1) If youre listening on your computer, adjust your volume using


the speaker slider.
2) If youre listening over the phone, click on phone headset.

Do not listen on both computer and phone.

Saving Files & Open/close Captions

1. Save chat window with floppy disc icon


2. Open/close captioning window with CC icon

Emoticons and Polling

1) Raise hand and Emoticons


2) Polling options

Donald Hester

Introduction
Topics Covered

Physical security of information systems


Environmental protection of information

system (Not the green type)


Some life safety issues

Heat (internal and external)


Water (leak, flood, weather)
Theft
Power (loss or spike)
Fire (smoke)
Natural disaster (earthquake, tornado etc..)
Man made disaster (chemical spill)
Loss of life

Start at the top:

The organization understand the importance


and will to commit need resources

Policy should:

Addresses purpose, scope, roles,

responsibilities, management commitment,


coordination among organizational entities,
and compliance

Designate sensitive verses publicly


accessible areas
List of authorized personnel

To access sensitive areas


Review the list regularly
To make sure you remove anyone who no
longer needs access

10

Selecting Internal
areas that need more
control
Determine what
assets require extra
security
Control access of
customers (students)
Restrict computer
access or LAN
access from lobbies

Enforce access authorizations


Verify access authorization before
granting access
Control entry
Control publicly accessible areas in
accordance with risk
Secure keys, combinations, passwords,
PINs, and other physical devices
12

Secure keys, combinations, passwords,


PINs, and other physical devices

Key log (who has the keys)


Rekey (when a key is lost)
Recovery (get keys back)
Change combination (like password)
Important events
Someone is terminated or leaves
Lost or compromised
14

Doors

15

No more than two doors


Locks, or electronic door locks
Strike-plates on doors
Tamper-resistant hinges on doors
Resistant to forcible entry
Fire rated doors and walls
Internal windows should be small and
shatter or bullet proof

Control access to the cables used for


communication

16

Ethernet
Telecom
Wiring closets
Spare jacks
Conduit or cable trays

What output devices need control?

Printers
Monitors
Audio devices

For example HR prints to a printer no one


can simple walk by and pick up the print out
(restricted area)
Same with finance and transcripts

Protect from theft


17

Monitor physical access

CCTV especially in cash collection sites


Log access
Access control devices can log who gained
access
Netbotz (example not an endorsement)

Detect and respond to incidents

18

Closed-circuit TV

Wired or wireless
Simplest camera connected to TV
monitor
More complex can detect, recognize, or
identify
Smart CCTV facial recognition technology
Purpose to detect & deter also used in
investigations

Security Applications
Safety Applications
Management Tool
Investigation Tool

Contractors and employees access to


restricted areas
Monitor visitor activity
Sign in
Check ID
Did you know they were coming?

Appointment only

21

Keep records
Review records
Records should include:
Name/organization of the person visiting
Signature of the visitor
Form(s) of identification
Date of access, time of entry and departure
Purpose of visit
name/organization of person visited
22

Concern is loss of power resulting


in down time
Protect power equipment

Access control to sub panels


Fire code issues
Protect power cables
Redundant or parallel power cables

23

Power switch to turn off all system


Life safety issue
Server rooms can be equipped with a
switch that will turn off all equipment
included those on battery backup
Place switch in a accessible location
Protect switch from accidental
activation

24

Provide a short-term uninterruptible


power supply to facilitate an orderly
shutdown of the information system in
the event of a primary power source loss

25

UPS for short time periods


What is your current UPS rated for?
Is that enough time for a orderly shutdown?
Have you check the battery life lately?

Provide a long-term alternate power


supply for the information system that is
capable of maintaining minimally
required operational capability in the
event of an extended loss of the primary
power source

Power generator
How important is uptime?
How reliable is the power grid?
26

Employ and maintains automatic


emergency lighting

Life safety issue again


Typically lights are in common areas and

27

not always in a server room


Typically handled by facilities personnel

Fire suppression and detection


devices/systems

28

Fire Prevention
Fire Detection
Fire Alarm
Fire Suppression
Fire Drills

Fire suppression devices/systems

29

Should have an independent power source


Properly rated fire extinguisher
Sprinklers, dry pipe best
Should have automatic shut down of servers
Halon FM-200 (or FE-227), FE-13, FE-25,
Novec-1230, inert gas systems like Argonite,
Inergen or CO2
Toxic fumes from burning plastic

30

Maintains temperature and humidity


levels
Monitors temperature and humidity
levels
Maintain a constant temperature be
between 70-74F (21-23C)
Maintain a constant humidity between
45-60%

31

High humidity causes corrosion and


low humidity causes static electricity.

Positive air pressure


Air flow out of the room
Limits dust getting in
Protected air vents
Possible entry point
Filtered air
Dust reduces heat transfer and can cause
heat damage to circuits

Redundant HVAC systems


32

Protects the information system from


damage resulting from water leakage
Master shutoff valves
Accessible
Working
Known by key personnel
Not just for the server room, wire closets
Positive flow water drains
Protect from the risk of flooding
33

Authorizes, monitors, and controls


computer equipment entering or exiting
the facility
Record of those items
Theft is the big issues here

34

Part of Business Continuity Planning


Consider physical and environment
controls in alternate work site

35

Position information system components


within the facility to minimize potential
damage from physical and environmental
hazards and to minimize the opportunity
for unauthorized access
Where is the best place in your facility for a
server room?
External issues?

36

Proximity of emergency services


Offsite hazards

Avoid the basement


Avoid the top floor
Avoid the first floor
Avoid be located near stairs, bathrooms,
water pipes, elevators or EMI emissions
Avoid locating it on an external wall
Avoid external windows and doors

37

Plenum space
Requires plenum cabling
Raised false floors
Access to & protect cabling
Drop ceilings can give access to
server rooms
Walls should extend beyond any
false or drop ceilings

Security Mesh to help stop


break-ins through gypsum walls
38

Site Location (Site Survey)


Proximity to emergency services
Flood zones, types of natural

events, e.g. earthquake, hurricane,


tornado
Proximity to hazardous materials,
e.g. next to a oil refinery, train
tracks
Redundant roads or ways in to the
area
Crime rates for the area

Crime Prevention Through Environmental


Design (CPTED)
The building and facilities (campus) are

42

designed in such a way as to limit or deter


crime.
Parking lots & lighting
Perimeter lighting
Perimeter security
Landscaping
Barriers (bollards)

Tempest
Protect the information
system from information
leakage due to
electromagnetic signals
emanations

43

Shielding from:

Electromagnetic interference (EMI)


Radio frequency interference (RFI)
Shielded cabling, room
Electrostatic discharge (ESD)
Anti-static flooring
Anti-static wrist strap

44

For life safety

Clearly mark exits for life safety


Clearly mark locations of fire extinguishers
Clearly mark shutoff switches and valves
For theft
Signs create a psychological barrier
Asset tag equipment for possible recovery

45

A Communication systems
design to alert, warn or notify a
receiver of an event or danger.
Made up of 3 parts, sensor
(detector) that detects the
condition, and alarm system
circuit to transmit the information
to an annunciator (signal, alarm)
Standards UL, ISO and IEEE

Consider security
before returning a
failed hard drive
Data remanence
Software Data
removers
Degauss
Shredding
Incinerators

Not illegal
Industrial espionage
Some consider it a
hobby
Can find private,
confidential
information on paper
or media or
computers

49

http://www.youtube.com/watch?v=iC38D5am7go

Netbotz

(now owned by APC)


IT WatchDogs
www.itwatchdogs.com
APC
www.apc.com
SynapSense
www.synapsense.com
50

Q&A
Donald E. Hester
CISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+, CTT+
Director, Maze & Associates
University of San Francisco / San Diego City College / Los Positas College
www.LearnSecurity.org | www.linkedin.com/in/donaldehester | www.facebook.com/LearnSec | www.twitter.com/sobca
[email protected]

Evaluation Survey Link


Help us improve our seminars by filing
out a short online evaluation survey at:
http://www.surveymonkey.com/s/PhysSecurity

Thanks for attending


For upcoming events and links to recently archived
seminars, check the @ONE Web site at:

http://onefortraining.org/

You might also like