PHYSICAL SECURITY

INTRODUCTION

 Physical security addresses design, implementation, and

maintenance of countermeasures that protect physical
resources of an organization.

 Physical security is as important as logical security

2
INTRODUCTION (CONTINUED)
 Major sources of physical loss
 Extreme temperature
 Gases

 Liquids

 Living organisms
 Energy anomalies

3
INTRODUCTION (CONTINUED)
 Community roles
 General management: responsible for facility security
 IT management and professionals: responsible for environmental
and access security
 Information security management and professionals: perform risk
assessments and implementation reviews

4
PHYSICAL ACCESS CONTROLS

 Secure facility: is a physical location engineered with

controls designed to minimize risk of attacks from
physical threats

 Secure facility can take advantage of natural terrain,

traffic flow, and degree of urban development; can
complement these with protection mechanisms
(fences, gates, walls, guards, alarms)

5
 SECURE FACILITY

 Walls, fencing, and gates  Mantraps

 Guards  Electronic monitoring

 Dogs  Alarms and alarm systems

 ID Cards and badges  Computer rooms and wiring

closets
 Locks and keys
 Interior walls and doors

6
MANTRAPS
 Small enclosure that has entry point and
different exit point

 Individual enters mantrap, requests access, and

if verified, is allowed to exit mantrap into
facility

 Individual denied entry is not allowed to exit

until security official overrides automatic locks
of the enclosure
7
 Mantrap

FIGURE 9-2 MANTRAPS

8
ELECTRONIC MONITORING
 Recordevents with in specific area/s where other types of
physical controls are impractical or incomplete
 May use cameras with video recorders; includes closed-
circuit television (CCT) systems
 Drawbacks

 Reactive; do not prevent access or prohibited activity

 Recorded monitoring requires an individual to review the
information collected.

9
ALARMS AND ALARM SYSTEMS
 Alarm systems notify when an event occurs
 Detect fire, intrusion, environmental disturbance, or
an interruption in services
 Rely on sensors that detect event; e.g., motion
detectors, smoke detectors, thermal detectors, glass
breakage detectors, weight sensors, contact sensors,
vibration sensors

10
COMPUTER ROOMS AND WIRING
CLOSETS

 Computer rooms & wiring, & communications closets

are facilities that require special attention to ensure
confidentiality, integrity, and availability of
information
 Logical controls easily defeated if attacker gains
physical access to computing equipment

11
FIRE SECURITY AND SAFETY
 Most serious threat to safety of people who work
in an organization is possibility of fire
 Firesaccount for more property damage,
personal injury, and death than any other threat
 Itis imperative that physical security plans
examine and implement strong measures to
detect and respond to fires

12
FIRE DETECTION AND RESPONSE
 Fire
suppression systems: devices installed and
maintained to detect and respond to a fire
 Deny an environment of heat, fuel, or oxygen
 Water and water mist systems
 Carbon dioxide systems
 Soda acid systems
 Gas-based systems

13
HEATING, VENTILATION, AND AIR
CONDITIONING
 Areaswithin heating, ventilation, and air conditioning
(HVAC) system that can cause damage to information
systems include:
 Temperature

 Humidity

 Static electricity

14
VENTILATION SHAFTS
 While ductwork is small in residential buildings,
in large commercial buildings it can be large
enough for individual to climb though

 Ifvents are large, security can install wire mesh

grids at various points to compartmentalize the
runs

15
BIG ENOUGH DUCTWORK TO LET
INTRUDERS IN

16
UPS
 In case of power outage,
UPS is backup power
source for major
computer systems

17
EMERGENCY SHUTOFF

 Important aspect of power management is the need to

be able to stop power immediately should current
represent a risk to human or machine safety

 Most computer rooms and wiring closets equipped

with an emergency power shutoff

18
STRUCTURAL COLLAPSE

 Unavoidable env’t factors or forces can cause

failures of structures that house organization
 Structuresdesigned and constructed with specific load
limits; overloading these limits results in structural
failure and potential injury or loss of life
 Periodic inspections by qualified civil engineers
assists in identifying potentially dangerous structural
conditions
19
Malicious Software

20
 WHAT IS MALICIOUS SOFTWARE
 Software deliberately designed to harm
computer systems.

 Malicious software program causes undesired actions in

information systems.

 Spreads from one system to another through:

E-mail (through attachments)
Infected disks
Downloading / Exchanging of corrupted files
Embedded into computer games

21
 MALICIOUS SOFTWARE - CATEGORIES

Malicious
Malicious Software
Software

Viruses
Viruses Rabbit
Rabbit Hoaxes
Hoaxes Trojan
Trojan Horse
Horse Spyware
Spyware Trapdoor
Trapdoor Worms
Worms

Boot
Boot Viruses
Viruses File
FileViruses
Viruses Time
TimeBomb
Bomb Logic
Logic Bomb
Bomb

22
 TYPES OF MALICIOUS SOFTWARE
 Virus : is a program that spread to other software in the
system .i.e., program that incorporates copies of itself into
other programs.
 Viruses are programs that spread malicious code to other
programs by modifying them

Two major categories of viruses:

1. Boot sector virus : infect boot sector of systems.
activate while booting machine
2. File virus : infects program files.
activates when program is run.
23
 Rabbit : This malicious software replicates itself
without limits. Depletes some or all the system’s resources.

 Re-attacks the infected systems – difficult recovery.

 Exhausts all the system’s resources such as CPU time,

memory, disk space.

 Depletion of resources thus denying user access to those

resources.

24
Hoaxes : False alerts of spreading viruses.
 e.g., sending chain letters.

 message seems to be important to recipient, forwards it to other

users – becomes a chain.

 Exchanging large number of messages (in chain) floods the

network resources – bandwidth wastage.

 Blocks the systems on network – access denied due to heavy

network traffic. 25
Trojan Horse : This is a malicious program with
unexpected additional functionality. It includes harmful
features of which the user is not aware.

 Perform a different function than what these are advertised to

do (some malicious action e.g., steal the passwords).
 Neither self-replicating nor self-propagating.
 User assistance required for infection.
 Infects when user installs and executes infected programs.
 Some types of trojan horses include Remote Access Trojans
(RAT), KeyLoggers, Password-Stealers (PSW), and logic
bombs.

26
 Transmitting medium :
1. spam or e-mail
2. a downloaded file
3. a disk from untrusted source
4. a legitimate program with the Trojan inside.

 Trojan looks for your personal information and sends it to

the Trojan writer (hacker). It can also allow the hacker to
take full control of your system.

27
 Spyware :
 Spyware programs explore the files in an information
system.
 Information forwarded to an address specified in Spyware.
 Spyware can also be used for investigation of software users
or preparation of an attack.

28
Trapdoor : Secret undocumented entry point to the
program.

 An example of such feature is so called back door, which

enables intrusion to the target by passing user
authentication methods.
 A hole in the security of a system deliberately left in place by
designers or maintainers. 
 Trapdoor allows unauthorized access to the system.

 Only purpose of a trap door is to "bypass" internal controls.  It

is up to the attacker to determine how this circumvention of
control can be utilized for his benefit.
29
 Worms :
 program that spreads copies of itself through a
network. 
 Does irrecoverable damage to the computer system.
 Stand-alone program, spreads only through network.
 Also performs various malicious activities other than spreading
itself to different systems e.g., deleting files.

 Attacks of Worms:
1. Deleting files and other malicious actions on systems.
2. Communicate information back to attacker e.g., passwords,
other proprietary information.
3. Disrupt normal operation of system, thus denial of service
attack (DoS) – due to re-infecting infected system.
30
4. Worms may carry viruses with them.
Means of spreading Infection by Worms :

 Infects one system, gain access to trusted host lists on infected

system and spread to other hosts.

 Another method of infection is penetrating a system by

guessing passwords.

 By exploiting widely known security holes, in case, password

guessing and trusted host accessing fails.

31
 VIRUSES – More Description

Desirable properties of Viruses :

 Virus program should be hard to detect by

anti-virus software.
 Viruses should be hard to destroy or deactivate.

 Spread infection widely.

 Should be easy to create.

 Be able to re-infect.

 Should be machine / platform independent, so that it can

spread on different hosts.

32
Detecting virus infected files/programs :

 Virus infected file changes – gets bigger.

 Modification detection by checksum

33
Places where viruses live :

 Boot sector
 Memory
 Disk – Applications and data stored on disk.
 Libraries – stored procedures and classes.
 Compiler
 Debugger
 Virus checking program infected by virus – unable to detect
that particular virus signature.

34
Effect of Virus attack on computer system

 Virus may affect user’s data in memory – overwriting.

 Virus may affect user’s program – overwriting.

 Virus may also overwrite system’s data or programs –

corrupting it – disrupts normal operation of system.

 “Smashing the Stack” – Buffer overflow due to execution of

program directed to virus code.

35
Preventing infection by malicious software :

 Use only trusted software, not pirated software.

 Test all new software on isolated computer system.
 Regularly take backup of the programs.
 Use anti-virus software to detect and remove viruses.
 Update virus database frequently to get new virus signatures.
 Install firewall software, which hampers or prevents the
functionality of worms and Trojan horses.
 Make sure that the e-mail attachments are secure.
 Do not keep a floppy disk in the drive when starting a program,
unless sure that it does not include malicious software, else virus
will be copied in the boot sector. 36
QUESTIONS?
ASSIGNMENT 1: VIRUS WRITING

 Study virus writing tutorials and create a simple virus

program that doesn’t spread but infects a particular
file of your choice.
 Then write an antivirus program that detects your
virus program.
 You can use either java or python programming.

38