CompTIA® Security+ Exam Notes : Explain The Importance Of Physical Security Controls

3. Architecture and Design

3.7 Explain the importance of physical security controls

Some security controls frequently used for server's devices are given below. Some of these are the same as the mobile devices, and some are unique for servers:

Strong password: Any time a password is used to protect a mobile device (or any device or system), it should be strong. This means they are at least eight characters and include multiple character types, such as upper case, lower case, numbers, and symbols.

Least privilege: Least privilege is a technical control. It specifies that individuals or processes are granted only those rights and permissions needed to perform their assigned tasks or functions. Rights and permissions are commonly assigned on servers, but rarely on mobile devices such as tablets and smart-phones.

Data encryption: Encryption protects the confidentiality of data on servers just as it can protect the confidentiality of data on mobile devices. It's possible to selectively encrypt individual files or entire disk volumes.

Mantrap and cipher lock: These are examples of physical security and they can be used to restrict access to a server room. A man-trap refers to a small space having two sets of interlocking doors such that the first set of doors must close before the second set opens. Identification is usually required for each door. One door may use a token and the other may use some biometric parameter to provide access. "Man-traps" may be configured so that when an alarm is activated, all doors lock and trap the suspect between the doors in the "dead-space". A man-trap usually allows only one person at a time. If multiple persons try to enter, a security alarm may be raised.

Proximity lock: This secures the Server by locking it when the sensor (say a blue-tooth device worn by the administrator) is not within a specified distance from the server.

Firewall: Software-based firewalls are commonly used on servers but are extremely rare on mobile devices.

images/pin-icon.png

TPM and HSM. Trusted Platform Modules (TPMs) and Hardware Security Modules (HSMs) are hardware encryption devices.

Note that Remote Wipe, GPS tracking, Cable lock, and Screen Lock are typically used with mobile devices.

Biometrics is the ability measure physical characteristics of a human such as fingerprints, speech etc. These measured values are then used for authentication purpose. Given below are few of the measurable quantities:

  • Fingerprint: Scans and matches finger print to a securely stored value.
  • Voiceprint: Identifies a person by measuring speech pattern.
  • Iris profile: Identifies a person by using Iris part of the eye.
  • Signature: Matches an individual's signature with the stored value.

Cable Lock : If your laptop rarely leaves your home and the house itself has good security, you may not want to bother with a laptop cable lock. However, if you're using the laptop in a place where a lot of people have access to it, like a university library or an unsupervised lab, you'd really benefit from a lock. According to one research, college dorms are another hotspot for notebook theft.

Most laptops have some kind of security slot built into their chassis. Locks can connect to this opening, which makes it hard for a thief to pull them out.

Cable Lock

There are other types of cable locks which may differ in the way that they secure your laptop, but essentially perform the same function. If you own a MacBook or another laptop that doesn't have a built-in lock slot, you can buy a slot on a plate that superglues onto the lid, like Kensington's Security Slot Adapter kit and then use a standard Kensington lock.

Fingerprint scanners : are security systems of biometrics. A fingerprint scanner identifies and authenticates the fingerprints of an individual in order to grant or deny access to a computer system or a physical facility.

Tablet with Fingerprint scanner

As may be seen in the figure above, a finger print scanner is frequently integrated with laptops, mobiles, and tablet PCs.

In employer issued laptops, the employer usually ties the laptop with the employee so that the machine is not misused by any other person, and the data is secure.

Advantages of fiber optic cable over CAT5 cable include the following:

1. It provides communication over longer distance

2. It is difficult to tap into a fiber optic cable

3. It provides higher communication bandwidth

4. It is more immune to external interference

However, from security point of view, two chief advantages are

a. difficulty to tap and

b. immunity to external interference, which makes the communication not easily interruptible.

Fire Suppression:

There are five types of extinguishers:

a. Water

b. Dry chemical

c. Halon

d. Carbon dioxide

e. Foam

Water is used with Class A fires. Regular dry chemical extinguishers have a sodium bicarbonate base and are effective on Class B and C fires. Carbon Dioxide Extinguishers are used primarily on Class C fires and are also effective on Class B fires. Halon Extinguishers are best used on Class B or C fires. Foam extinguishers are less commonly used.

There are primarily 5 classes of fire:

  • Class 'A' Fire: Involves ordinary combustible materials such as wood, cloth and paper. Most fires are of this class.
  • Class 'B' Fire: Involves flammable liquids or liquid flammable solids such as petrol, paraffin, paints, oils, greases and fat.
  • Class 'C' Fire: Involves gases. Gaseous fires should be extinguished only by isolating the supply. Extinguishing a gas fire before the supply is off may cause an explosion.
  • Class 'D' Fire: Involves burning metals. These should only be dealt with, by using special extinguishers, by personnel trained in the handling of combustible metals.
  • Class 'F' Fire: Involves flammable liquids (Deep Fat Fryers)
  • The first three classes are most common.

Logs: Computer log files can be tampered with by a hacker to erase any intrusions. Computer logs can be protected using the following methods:

1. Setting minimal permissions

2. Using separate logging server

3. Encrypting log files

4. Setting log files to append only

5. Storing them on write-once media

Implementing all the above precautions ensures that the log files are safe from being tampered.

Three widely used logs in Windows OS are:

Application log: The application log contains events logged by applications or programs. For example, a database program might record a file error in the application log. The developer decides which events to record.

System log: The system log contains events logged by the Windows operating system components. For example, the failure of a driver or other system component to load during startup is recorded in the system log. The event types logged by system components are predetermined.

Security log: The security log can record security events such as valid and invalid logon attempts, as well as events related to resource use, such as creating, opening, or deleting files. An administrator can specify what events are recorded in the security log. For example, if you have enabled logon auditing, attempts to log on to the system are recorded in the security log.

Antivirus log: Antivirus log analyzer can process log files from various antivirus packages and generate dynamic statistics from them, analyzing and reporting events.

Faraday cage: A Faraday cage consists of an electrically conductive wire mesh or other conductor woven into a "cage" that surrounds a room that needs to be secured. The conductive cage is then grounded. This arrangement provides a ground path to electromagnetic signals that are emanating from the computer room. Only the signals that are routed through physical cables can make it outside the Faraday cage. Faraday cage is useful in securing a computer system from leaking any information outside the room.

HVAC: HVAC is an acronym for heating, ventilating and air conditioning. As the name represents, HVAC system designer will take care of heating, ventilation, and air conditioning of the facility. Preventing fire is done by fire extinguishers, and are not necessarily a part of HVAC. Similarly, EMI shielding and physical security are not part of HVAc.

Previous   Contents   Next


Security+ Cram Notes Contents certexams.com ad