Explaining Physical Security

# Explain the Importance of Physical Site Security Controls ## Physical Security Controls - AAA still applies - Authentication - Create access lists and identification mechanisms to allow approved persons thru barriers - Authorization - Create barriers around a resource so that access can be controlled thru defined entry and exit points - Accounting - Keep a record of when entry/exit points are used and detect security breaches ## Site Layout, Fencing, and Lighting - Site layout - Zone-based design to accommodate traffic flows and surveillance - Signage - Industrial camoflage - Barricades and entry/exit points - Bollards -> cement poles to keep cars out - Fencing - Lighting - Make staff feel secure - Assist surveillance ## Gateways and Locks - Lock types - Physical (conventional/deadbolt) - Electronic - Cipher/combination - Magnetic swipe card - Smart card/proximity reader - Biometric - Access control vestibules/mantraps and turnstiles - Cable locks ## Physical Attacks Against Smart Cards and USB - Smart card attacks - Cloning - Skimming - Card types and vulnerability level - Malicious USB/juice-jacking - USB data blocker ## Alarm and Sensor Systems - Circuit - Open or closed - Detect intrusion through a barrier - Motion detection - Radar or infrared - Detect intrusion in a space - Noise detection - Proximity readers - Duress (button) - Fixed or mobile ## Security Guards and Cameras - Security guards - Police entry points - Operate surveillance mechanisms - Respond to alarms - Remote surveillance and monitoring - Video/CCTV - Motion recognition - Object detection - Robot sentries - Drones/UAV ## Reception Personnel and ID Badges - Challenge policy - Reception personnel and visitor logs - Sign-in/sign-out - Visitor information - Two-person integrity/control - ID badges # Explain the Importance of Physical Host Security Controls ## Secure Areas - Server rooms and data centers - Lockable cabinets - Colocation cages - Air gaps and demilitarized zones - Safes - Vaults ## Protected Distribution and Faraday Cages - Protected cable distribution/protected distribution system (PDS) - Prevent eavesdropping - Prevent/delay cable cutting DoS - Faraday cage - Transient Electromagnetic Pulse Emanation Standard (TEMPEST) ## HVAC - heating, ventilation, air conditioning - Cooling/warming, humidity, dust control - Optimum temperature and humidity levels - Moisture detection sensors - Temperature detection sensors - HVAC sizing - Equipment wattage - British Thermal Units (BTU)/hour - Air flow - Positive air pressure to remove contaminants ## Hot and Cold Aisles - Optimize air flow - Place servers back-to-back - Hot aisle/cold aisle - Do not allow contamination of cooled air by warmed air ## Fire Detection and Supression - Fire safety - Fire exits and evacuation procedures - Fire-resistant building design - Smoke/flame detectors/alarms - Personal fire extinguishers - Class C for use around electrical hazard - Sprinklers - Dry pipe - Pre-action - Halon - Clean Agent ## Secure Data Destruction - Media sanitization/remnant removal - Physical destruction - Burning/incineration - Shredding/pulping - Pulverizing - Degaussing - Use of third-parties and certificates of destruction ## Data Sanitization Tools - Secure disposal of electronic data remnants - Overwriting/disk wiping - Zero filling - Multiple passes - **Secure Erase (SE)** - **Hard disk drives (HDD)** - **Solid state drives (SSD)/flash media** - Instant Secure Erase (ISE)/crypto erase - Self-encrypting drives (SED) - Delete media encryption key