Professional Documents
Culture Documents
Lecture 4: Physical Security: Succeed We Must
Lecture 4: Physical Security: Succeed We Must
Succeed We Must
Lecture 4: Physical Security
Physical Security Concern
Computer Security Research Group
Introduction
Physical Security Controls
Controls for protecting the secure facility
Maintenance of Facility Systems
Interception of Data
Mobile and Portable Systems
Remote Computing Security
Special Considerations for Physical
Security Threats
Inventory Management
Practical Exercise
07/12/22 Fred Kaggwa 1
Faculty of Computing and Informatics
Is Physical Security An IT Concern?
Succeed We Must
Succeed We Must
Introduction
Physical security addresses design,
Computer Security Research Group
Succeed We Must
Introduction cont’d
Seven major sources of physical Loss
Computer Security Research Group
suspended particles
•Liquids: water, chemicals
Succeed We Must
Introduction cont’d
Community roles
Computer Security Research Group
Succeed We Must
Physical Security Controls
Secure facility: physical location
Computer Security Research Group
Guards
Dogs
Mantraps
Electronic monitoring
electromechanical
Locks can also be divided into four categories:
manual, programmable, electronic, biometric
Locks fail and alternative procedures for controlling
access must be put in place
Locks fail in one of two ways
Fail-safe lock-lock fails, door becomes unlocked
Fail-secure lock-lock fails, door remains locked
More on locks and keys (next 5 slides)
07/12/22 Fred Kaggwa 9
Faculty of Computing and Informatics
Compromising Locks
Succeed We Must
nondestructive methods
Sometimes within seconds and with readily
available tools
“Locks keep honest people honest”
07/12/22 Fred Kaggwa 10
Faculty of Computing and Informatics
1860: Yale Pin Tumbler Lock
Succeed We Must
• Modern version of
Computer Security Research Group
locking
• Modern version of
the Egyptian single-
pin design
• Utilizes two pins for
locking
Images from http://en.wikipedia.org/wiki/File:Pin_tumbler_with_key.svg used with permission under Gnu Free Documentation License 1.2
If an inappropriate
key is inserted, then
the pins do not align
along the shear line
and the lock does
not turn.
Image from http://en.wikipedia.org/wiki/File:Pin_tumbler_with_key.svg used with permission under Gnu Free Documentation License 1.2
Succeed We Must
Tubular lock
Usually on car alarms or
Computer Security Research Group
vending machines
6-8 pins
Easy to pick with special tool
The tool could become a new
key
Images from http://en.wikipedia.org/wiki/File:Tubular_locked.png used with permission under Gnu Free Documentation License 1.2
Succeed We Must
Mantraps
Small enclosure that has entry point and different
Computer Security Research Group
exit point
Succeed We Must
Mantraps
Computer Security Research Group
Succeed We Must
Electronic Monitoring
Records events where other types of physical
Computer Security Research Group
Succeed We Must
Alarms and Alarm Systems
Alarm systems notify when an event occurs
Computer Security Research Group
Succeed We Must
Computer Rooms and Wiring Closets
Require special attention to ensure
Computer Security Research Group
Succeed We Must
Interior Walls and Doors
Information asset security sometimes compromised
Computer Security Research Group
Succeed We Must
Fire Security and Safety
Most serious threat to safety of people who
work in an organization is possibility of fire
Computer Security Research Group
Succeed We Must
Fire Detection and Response
Fire suppression systems: devices installed
Computer Security Research Group
Succeed We Must
Fire Detection
Fire detection systems fall into two general
Computer Security Research Group
Succeed We Must
Fire Suppression
Systems consist of portable, manual, or
Computer Security Research Group
automatic apparatus
Succeed We Must
Ventilation Shafts
While ductwork is small in residential
Computer Security Research Group
Succeed We Must
Emergency Shutoff
Important aspect of power management is
Computer Security Research Group
Succeed We Must
Water Problems
Lack of water poses problem to systems, including
Computer Security Research Group
Succeed We Must
Interception of Data
Three methods of data interception
Computer Security Research Group
Direct observation
Interception of data transmission
Electromagnetic interception
E.g. The U.S. government developed
TEMPEST program to reduce risk of
electromagnetic radiation (EMR) monitoring
How about in Uganda? Find out!
Succeed We Must
Mobile and Portable Systems
With the increased threat to information
Computer Security Research Group
Succeed We Must
Remote Computing Security
Remote site computing: away from organizational
Computer Security Research Group
facility
Telecommuting: computing using
telecommunications including Internet, dial-up, or
leased point-to-point links
Employees may need to access networks on
business trips; telecommuters need access from
home systems or satellite offices
To provide secure extension of organization’s
internal networks, all external connections and
systems must be secured
07/12/22 Fred Kaggwa 38
Faculty of Computing and Informatics
Special Considerations for Physical Security Threats
Succeed We Must
Succeed We Must
Inventory Management
Computing equipment should be
Computer Security Research Group
Succeed We Must
Summary
Threats to information security that are unique to
Computer Security Research Group
physical security
Key physical security considerations in a facility site
Physical security monitoring components
Essential elements of access control
Fire safety, fire detection, and response
Importance of supporting utilities, especially use of
uninterruptible power supplies
Countermeasures to physical theft of computing
devices
Succeed We Must
Individual Exercise
You are required to move around the MUST Upper or Lower
(Choose one but not both) campus and make a summarized
Computer Security Research Group