Professional Documents
Culture Documents
INTRODUCTION
2
INTRODUCTION (CONTINUED)
Major sources of physical loss
Extreme temperature
Gases
Liquids
Living organisms
Energy anomalies
3
INTRODUCTION (CONTINUED)
Community roles
General management: responsible for facility security
IT management and professionals: responsible for environmental
and access security
Information security management and professionals: perform risk
assessments and implementation reviews
4
PHYSICAL ACCESS CONTROLS
5
SECURE FACILITY
6
MANTRAPS
Small enclosure that has entry point and
different exit point
8
ELECTRONIC MONITORING
Recordevents with in specific area/s where other types of
physical controls are impractical or incomplete
May use cameras with video recorders; includes closed-
circuit television (CCT) systems
Drawbacks
9
ALARMS AND ALARM SYSTEMS
Alarm systems notify when an event occurs
Detect fire, intrusion, environmental disturbance, or
an interruption in services
Rely on sensors that detect event; e.g., motion
detectors, smoke detectors, thermal detectors, glass
breakage detectors, weight sensors, contact sensors,
vibration sensors
10
COMPUTER ROOMS AND WIRING
CLOSETS
11
FIRE SECURITY AND SAFETY
Most serious threat to safety of people who work
in an organization is possibility of fire
Firesaccount for more property damage,
personal injury, and death than any other threat
Itis imperative that physical security plans
examine and implement strong measures to
detect and respond to fires
12
FIRE DETECTION AND RESPONSE
Fire
suppression systems: devices installed and
maintained to detect and respond to a fire
Deny an environment of heat, fuel, or oxygen
Water and water mist systems
Carbon dioxide systems
Soda acid systems
Gas-based systems
13
HEATING, VENTILATION, AND AIR
CONDITIONING
Areaswithin heating, ventilation, and air conditioning
(HVAC) system that can cause damage to information
systems include:
Temperature
Humidity
Static electricity
14
VENTILATION SHAFTS
While ductwork is small in residential buildings,
in large commercial buildings it can be large
enough for individual to climb though
15
BIG ENOUGH DUCTWORK TO LET
INTRUDERS IN
16
UPS
In case of power outage,
UPS is backup power
source for major
computer systems
17
EMERGENCY SHUTOFF
18
STRUCTURAL COLLAPSE
20
WHAT IS MALICIOUS SOFTWARE
Software deliberately designed to harm
computer systems.
21
MALICIOUS SOFTWARE - CATEGORIES
Malicious
Malicious Software
Software
Viruses
Viruses Rabbit
Rabbit Hoaxes
Hoaxes Trojan
Trojan Horse
Horse Spyware
Spyware Trapdoor
Trapdoor Worms
Worms
Boot
Boot Viruses
Viruses File
FileViruses
Viruses Time
TimeBomb
Bomb Logic
Logic Bomb
Bomb
22
TYPES OF MALICIOUS SOFTWARE
Virus : is a program that spread to other software in the
system .i.e., program that incorporates copies of itself into
other programs.
Viruses are programs that spread malicious code to other
programs by modifying them
24
Hoaxes : False alerts of spreading viruses.
e.g., sending chain letters.
26
Transmitting medium :
1. spam or e-mail
2. a downloaded file
3. a disk from untrusted source
4. a legitimate program with the Trojan inside.
27
Spyware :
Spyware programs explore the files in an information
system.
Information forwarded to an address specified in Spyware.
Spyware can also be used for investigation of software users
or preparation of an attack.
28
Trapdoor : Secret undocumented entry point to the
program.
Attacks of Worms:
1. Deleting files and other malicious actions on systems.
2. Communicate information back to attacker e.g., passwords,
other proprietary information.
3. Disrupt normal operation of system, thus denial of service
attack (DoS) – due to re-infecting infected system.
30
4. Worms may carry viruses with them.
Means of spreading Infection by Worms :
31
VIRUSES – More Description
anti-virus software.
Viruses should be hard to destroy or deactivate.
Be able to re-infect.
32
Detecting virus infected files/programs :
33
Places where viruses live :
Boot sector
Memory
Disk – Applications and data stored on disk.
Libraries – stored procedures and classes.
Compiler
Debugger
Virus checking program infected by virus – unable to detect
that particular virus signature.
34
Effect of Virus attack on computer system
35
Preventing infection by malicious software :
38