Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security...
-
Upload
richard-caldwell -
Category
Documents
-
view
215 -
download
0
Transcript of Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security...
![Page 1: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/1.jpg)
Physical SecurityPhysical Security
Katie Parker and Katie Parker and Robert TribbiaRobert Tribbia
Computer SecurityComputer Security
Fall 2008Fall 2008
![Page 2: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/2.jpg)
Physical SecurityPhysical Security
Prevent attacks from accessing a Prevent attacks from accessing a facility, resource, or information facility, resource, or information stored on physical mediastored on physical media
![Page 3: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/3.jpg)
Two Main Things to Protect Two Main Things to Protect AgainstAgainst
Human AttackHuman Attack Natural DisastersNatural Disasters
![Page 4: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/4.jpg)
Human AttacksHuman Attacks
Attacks from Attacks from outsideoutside– Thieves/burglarsThieves/burglars
– HackersHackers
– Former employeeFormer employee
Attacks from insideAttacks from inside– Current angry or Current angry or
disgruntled disgruntled employee employee
– Agent for hireAgent for hire
![Page 5: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/5.jpg)
Five Layers of Physical Five Layers of Physical SecuritySecurity
Environmental deterrentsEnvironmental deterrents Mechanical deterrentsMechanical deterrents Surveillance deterrentsSurveillance deterrents Human deterrentsHuman deterrents Proper employee trainingProper employee training
![Page 6: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/6.jpg)
Environmental DeterrentsEnvironmental Deterrents
Primarily for outside attacksPrimarily for outside attacks
High walls, fencesHigh walls, fences
Used to deter less motivated Used to deter less motivated attackersattackers
![Page 7: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/7.jpg)
Mechanical DeterrentsMechanical Deterrents
Can range from simple ID card to Can range from simple ID card to high-tech biometricshigh-tech biometrics
Locked gates, key cardsLocked gates, key cards
Access controlAccess control
![Page 8: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/8.jpg)
Surveillance DeterrentsSurveillance Deterrents Used to help prevent Used to help prevent
future attacks and future attacks and provide information on provide information on past attackspast attacks
Cameras, microphones, Cameras, microphones, detection systemsdetection systems
CCTV/cameras can help CCTV/cameras can help deter “shoulder deter “shoulder surfing”surfing”
![Page 9: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/9.jpg)
Human DeterrentsHuman Deterrents
Can be used to prevent both outside Can be used to prevent both outside and inside attacksand inside attacks
Security guards and checkpoints – Security guards and checkpoints – outsideoutside
Reception desks and the employees Reception desks and the employees (when trained)- inside(when trained)- inside
One is not enough!One is not enough!
![Page 10: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/10.jpg)
True StoryTrue Story
2 attackers obtained entry to data 2 attackers obtained entry to data centercenter
Security guard wasn’t at post, one Security guard wasn’t at post, one employee on dutyemployee on duty
Attackers beat employee and used Attackers beat employee and used employee to gain access to equipmentemployee to gain access to equipment
![Page 11: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/11.jpg)
Employee TrainingEmployee Training
Common problem is lazinessCommon problem is laziness Train employees to always:Train employees to always:
– Lock all unattended workstationsLock all unattended workstations– Turn monitors away from common areasTurn monitors away from common areas– Shred sensitive documentsShred sensitive documents– Lock laptopsLock laptops
Stolen laptops are becoming a big security Stolen laptops are becoming a big security issueissue
![Page 12: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/12.jpg)
Social EngineeringSocial Engineering
Tricking people Tricking people into giving into giving confidential confidential information or information or granting accessgranting access
Several different Several different methodsmethods– PretextingPretexting– BaitingBaiting– Quid pro quoQuid pro quo
![Page 13: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/13.jpg)
PretextingPretexting
Using a invented scenario to convince the Using a invented scenario to convince the victim to give up personal information or victim to give up personal information or do some actiondo some action
Justin Long’s character in Live Free or Die Justin Long’s character in Live Free or Die Hard; carHard; car
![Page 14: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/14.jpg)
BaitingBaiting
Attacker puts Attacker puts harmful harmful virus/malware on a virus/malware on a devicedevice
Leave device in Leave device in public place with public place with legitimate titlelegitimate title
Victim uses device Victim uses device and uploads the and uploads the malware to systemmalware to system
![Page 15: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/15.jpg)
Quid Pro QuoQuid Pro Quo
““Something for something”Something for something”
Attacker offers help with problem, Attacker offers help with problem, but while helping, hurts toobut while helping, hurts too
The Italian Job- Becky the The Italian Job- Becky the cablewomancablewoman
![Page 16: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/16.jpg)
Dumpster divingDumpster diving
Searching through the trash for Searching through the trash for valuable information that is still valuable information that is still intactintact
Prevent by:Prevent by:– Thoroughly shredding all important dataThoroughly shredding all important data
![Page 17: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/17.jpg)
Regular old theftRegular old theft
Mission ImpossibleMission Impossible
Katie’s work applicationKatie’s work application
![Page 18: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/18.jpg)
Natural DisastersNatural Disasters
Risk AssessmentRisk Assessment
– See what problems are the most likely for See what problems are the most likely for your location and guard against themyour location and guard against them
– Example: in Tallahassee, don’t really need Example: in Tallahassee, don’t really need to worry about earthquakes, so don’t to worry about earthquakes, so don’t spend money protecting against themspend money protecting against them
![Page 19: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/19.jpg)
Natural disastersNatural disasters
FireFire Fire can destroy Fire can destroy
computer hardwarecomputer hardware Prevent with:Prevent with:
– Smoke detectorsSmoke detectors– Fire alarmsFire alarms– Fire extinguishers Fire extinguishers
![Page 20: Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062805/5697bfdb1a28abf838cb0901/html5/thumbnails/20.jpg)
Other Natural DisastersOther Natural Disasters Liquid damageLiquid damage
– Keep sensitive equipment Keep sensitive equipment on 2on 2ndnd floor or higher floor or higher
– Don’t run water pipes Don’t run water pipes through or near rooms through or near rooms with susceptible with susceptible equipmentequipment
EarthquakesEarthquakes– Support with gel padding Support with gel padding
and springsand springs LightningLightning
– Faraday cagesFaraday cages– GeneratorsGenerators