NOTE: These notes have not been updated since I took the test many years ago.
To perform a more up to date study for your CISSP exam, I suggest buying the Shon Harris Book.
DOMAIN 10 – PHYSICAL SECURITY
Physical security mechanisms include site design and layout, environmental components, emergency response readiness, training, access control, intrusion detection, power and fire protection.
“The value of items to be protected can be determined by a critical path analysis”. The critical path analysis lists all pieces of an environment and how they interact. The CPA should include power, data, water and sewer lines, A/C, generators and storm drains.
“The physical security domain addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprises’ resources and sensitive information”. These include personnel, facilities, data, equipment, support systems and media.
There are seven major causes of physical loss:
- Temperate: Sunlight, fire, freezing, heat.
- Gases: War gases, vapors, humidity, dry air, smoke, smog.
- Liquids: Water and chemicals
- Organisms: People, animals, viruses, bacteria
- Projectiles: Meteors, cars and trucks, bullets, tornados
- Movement: Collapse, shearing, shaking, earthquakes
- Energy Anomalies: Surges or power failures, static, radiation, magnets.
Some common physical controls are:
- Facility selection or construction
- Facility management
- Personnel controls
- Emergency response and procedures
- Access controls
- Intrusion detection
- Power supply.
- Fire detection
- Facility construction
“Load”: How much weight can be held by a building’s walls, floors & ceiling.
Raised floors need to be electrically grounded.
A/C should have positive air pressure: Pushes smoke out.
Water should have positive flow: flows out of the builders, not in.
MTBF: Mean time between failure.
MTTR: Mean time to repair.
There are 3 main methods to protecting against power problems: UPS, Power line conditioners and backup sources.
Ground: Pathway to earth to enable excess voltage to dissipate.
Noise: Electromagnetic or frequency interference that disrupts power flow and can cause fluctuations.
Transient Noise: Short duration of power line disruption.
Clean Power does not fluctuate.
EMI is created by the different between three wires: Hot, Neutral & ground.
RFI is created by components of an electrical system such as electrical cables and fluorescent lighting.
Spike: Momentary high voltage.
Surge: Prolonged high voltage.
Fault: Momentary power out.
Blackout: Prolonged loss of power.
Sag: Momentary low voltage.
Brownout: Prolonged supply below normal voltage.
EMI is the difference between the charges in the hot, neutral and ground wires:
Common Noise: Noise from radiation generated by the difference in hot and ground.
Traverse-mode Noise: Noise from radiation generated by the difference between hot and neutral wires.
RFI is generated by components of electrical systems.
- Water, steam and gas must have proper shutoff values.
High humidity causes corrosion.
Low humidity causes static.
The ideal level of humidity is between 45% and 60%. A hygrometer measures humidity.
Ideal temperate for computing devices is 70 to 74F.
Fire Prevention, Detection and Suppression:
Fire detectors can be activated by:
Smoke: Photoelectric device detects change in electric current when there is a variation in the light intensive.
Rate-of-rise temperature sensors are more sensitive, but have more false positives. Fixed temperature sensors are less sensitive, but have fewer false positives.
Flame: Senses pulsation of flames or infrared energy associated with flames and combustion.
Detectors should be on and above suspended ceilings – smoke usually gathers there first.
Detectors should be installed below raised floors because there are many types of wire that could start an electrical fire.
Detectors should be located in enclosures and air ducts.
There are four main types of fire:
A: Common combustibles such as wood, paper, laminated. Best fought with water or soda acid.
B: Liquid fires such as petroleum products and coolants. Best fought with Gas (Halon), CO2, Soda Acid.
C: Electrical equipment and wires. Best fought with Gas (Halon) or CO2.
D: Combustible metals. Best fought with Dry Powder.
A fire needs heat, fuel and oxygen to burn. The different fire suppression methods do the following:
CO2 & Soda Acid : Remove fuel and oxygen from the fire.
Water : Lowers temperature
Halon (or substitute) : Interferes with chemical reaction between elements.
Halon is no longer legal due to environmental issues, some replacements are:
Halon 1211 does not require the sophisticated pressurization system needed by Halon 1301 and tends to be used in self-pressurized portable extinguishers.
“Sensors should be in place to shut down electrical power before water sprinklers activate”
Wet Pipe: Water in pipe. At a preset temperature (165), a link melts to release the water. Water can freeze in the pipes in colder climates.
Dry Pipe: Water is held back by a value until a specific temperature is reached, then a time delay occurs before the water is released. This can give time for shutdown in a false alarm, but not as fast response as wet pipe. Best in colder climates because water cannot freeze in the pipes.
Preaction: Combination of wet and dry pipe. Water is not held in the pipes – released into the pipes when a specific temperature is reached. The water is not then released right away – a link in the pipes has to melt to release the water. This type is most the one most recommended for a computer room.
Deluge: Same as dry pipe, except sprinkler heads are open. Large volume of water releases in a short period of time. Not recommended for electrical equipment.
HVACR: Heating, Ventilation, Air Conditioning, Refrigeration.
Emergency Response and procedures:
- Evacuation procedures
- System shutdown
- Training and drills
- Integrate with disaster recovery plans
- Documented procedures for different types of emergencies
- Periodic equipment tests
The first line of defense is perimeter security. Preventing access to the facility deals with :
Access control, surveillance, monitoring, intrusion detection and corrective actions.
Preset locks: Usually used on doors. Latches and deadbolts.
Cipher Locks: Keypads, combination entry, swipe cards or both.
Options on Cipher locks can include:
- Door delay – alarm will trigger if door is open for too long.
- Key Override – specific combination programmed for emergencies
- Master Keying – enabled supervisor personnel to change access codes and other features
- Hostage Alarm – special code that does not ring alarm locally, but at the monitoring site (police station or alarm company)
Device Locks: Locks for specific devices such as cable locks for laptops, disk drive locks, switch control, slot locks, port controls and cable traps.
Personnel Access Controls:
A common problem is “piggybacking”.
Wireless Proximity readers:
User activated: Card transmits values to the reader.
System Sensing: Three main types of system sending cards:
- Transponders – Card and reader both have a receiver, transmitter and battery.
- Passive Devices – Card uses power from the reader.
- Field-Powered Devices – Card and reader contain a transmitter. Card has its own power supply.
External Boundary Protection:
3 to 4 feet : Deters Casual Trespassers.
6 to 7 feet : Too high to climb easily.
8 ft + barbed wire: Deter more determined intruders.
Lighting: Critical access should be illuminated 8 feet high and 2 feet out.
Surveillance: There are three main categories of surveillance:
- Patrol force and guards – costly, unreliable but provide judgment.
- Visual recording devices – CCTV.
Issues with guards are availability, reliability, training and cost.
Surveillance techniques are used to watch for unusual behavior, whereas detecting devices are used to sense changes that take place in an environment. Monitoring live events is preventative, recording events is detective.
No tags for this post.