Ebook - CISSP - Domain - 03 - Security Architecture and Engineering
Ebook - CISSP - Domain - 03 - Security Architecture and Engineering
Ebook - CISSP - Domain - 03 - Security Architecture and Engineering
Least Privilege
Threat Modeling
Policies, Procedures
and Awareness
Device
Secure Design Principles
Secure The default behavior of the system is to be secure. If you use 10% of the
Defaults features 90% of the time, the other features can be disabled.
Failure is unavoidable and should be planned for. There are two possible failure modes:
fail secure and fail safe.
• Fail secure is a design feature that in • Fail safe is a design feature that in the
the event of a failure, it should fail to a event of a specific type of failure, it should
state that prevents further operations. cause minimal or no harm to other
equipment, the environment, or people.
• For example, a firewall must be
configured to fail securely. In the event • For example, if a building catches fire,
of an operational failure of the firewall, fail-safe systems would unlock doors to
all traffic is subsequently denied. ensure quick escape and allow firefighters
inside, while fail secure would lock doors
to prevent unauthorized access to the
building.
Trust but Verify
It is a holistic approach to network security wherein every person and device trying to
access resources on a private network must require strict identity verification, regardless
of whether they are inside or outside the network perimeter.
Zero Trust
Privacy by Design is a design-thinking approach to proactively embed into the design and
operation of IT systems, networked infrastructure, and business practices, by default.
Source: https://privacy.ucsc.edu/resources/privacy-by-design---foundational-principles.pdf
Privacy by Design
Privacy by Design is a design-thinking approach to proactively embed into the design and
operation of IT systems, networked infrastructure, and business practices, by default.
5. End-to-end security: Lifecycle protection: extend securely across the entire lifecycle
of the data from collection to retention to destruction at the end of the process.
6. Visibility and transparency: Assure stakeholders that business practices and
technologies are operating according to stated promises and objectives and subject to
independent verification.
7. Respect for user privacy: Keep things user-centric. Prioritize an individual's privacy
interests by offering such measures as strong privacy defaults, appropriate notice, and
user-friendly options.
Source: https://privacy.ucsc.edu/resources/privacy-by-design---foundational-principles.pdf
Shared Responsibility
Some examples:
An access control matrix is a table of subjects and objects that indicates the actions or functions
that each subject can perform on each object.
Kathryn Read, Write Print, Manage Print Queue Read, Write, Execute
Read, Write, Change Print, Manage Print Queue Read, Write, Execute
Colin
Permissions Change Permissions Change Permissions
Table 8.1 An access control matrix
Noninterference Model
o Inference attack
Source: https://www.youtube.com/watch?v=v7MHq3Kwt8k
Information Flow Model
Point of Sale
Examples of Security Models: Bell–LaPadula Confidentiality Model
Bell–LaPadula
No write down
system.
No read up
Secret
• It’s a framework for computer systems that store
and process sensitive information.
Confidential
• Matrix and security levels are used to determine
if a subject can access an object.
Unclassified
• It uses subjects, objects, access operations, and
security labels.
Examples of Security Models: Bell–LaPadula Confidentiality Model
The BIBA Integrity Model protects the integrity of the information and the activities that
take place within a system. The following are the axioms of the BIBA Integrity Model:
Access triple,
separation of duties is
enforced.
Users
CDIs
UDIs
Brewer and Nash Model
Source: https://infosectests.com/cissp-study-references/domain-3-security-engineering-and-architecting/
Graham Denning Model
Employs a direct graph to dictate how rights can be passed from one subject
to another subject or an object
• Security of components must be considered when these components are combined into larger
systems.
• This is based on the notion of how inputs and outputs between multiple systems relate to one
another
o It follows how information flows between systems rather than within an individual system.
Composition Theories
Cascading:
Input for one system comes from the output of another system.
A🡪 B🡪 C
Feedback:
One system provides input to another system, which reciprocates by reversing those roles
(so that system A first provides input for system B and then system B provides input to system A).
A🡪 B
B🡪 A
Hookup:
One system sends input to another system but also sends input to external entities.
A🡪 B
A🡪 C
Covert Channel
Covert channel is a type of attack that creates a capability to transfer information objects
between processes that are not allowed to communicate by the computer security policy.
Improper coding
The two types of covert channels are covert storage channel and covert timing channel.
The two types of covert channels are covert storage channel and covert timing channel.
• Methods: System
Writes Reads Recourse
Data Data
o Knowing when data is transmitted
Data at High Security Level “Sees” effects as real
between parties Subject condition within
system
• This solution is the one where the source • It is the one where the source code and
code and other internal logic are hidden other internal logic are exposed to the
from the public. public.
Kevin Butler, the security administrator at Nutri Worldwide Inc., wants to set up
different accesses to a set of folders on a network.
The access should be such that some of his colleagues will have read and write
access, while others are allowed read-only access to the files in the folder.
Kevin starts the process of selecting a security model.
Question: Which security model should Kevin Butler implement in the given scenario?
Business Scenario
Kevin Butler, the security administrator at Nutri Worldwide Inc., wants to set up
different accesses to a set of folders on a network.
The access should be such that some of his colleagues will have read and write
access, while others are allowed read-only access to the files in the folder.
Kevin starts the process of selecting a security model.
Question: Which security model should Kevin Butler implement in the given scenario?
Answer: The one-to-one relationship among subjects and objects is the focus of a matrix-based
model. Kevin should choose the matrix-based model.
Select Controls Based on System Security Requirements
Privacy Frameworks
Source: http://www.oecdprivacy.org/
and
https://www.aicpa.org/interestareas/informationtechnology/privacy-management-framework.html
Cybersecurity Frameworks
Source: http://www.oecdprivacy.org/
and
https://www.aicpa.org/interestareas/informationtechnology/privacy-management-framework.html
Risk Frameworks
Committee of Sponsoring
ISO 31000
Organizations (COSO)
Source: http://www.oecdprivacy.org/
and
https://www.aicpa.org/interestareas/informationtechnology/privacy-management-framework.html
Understand Security Capabilities of Information Systems
Architecture
It describes the major components of the system and how they interact with each other.
System architecture describes the major components of a system and how they interact with
each other, users, and other systems.
Trusted
computing base
Security perimeter
Some of the core
tenets of these
requirements are:
Reference monitor
Security kernel
Trusted Computing Base
It is the collection of all the hardware, software, and firmware components within the
system that provides security control and enforces the system security policy.
Hardware Hardware
TCB
Hardware
Software Software
Software
Firmware
Firmware Firmware
Trusted Computing Base
The TCB does not only address operating system components, but it
also addresses hardware, software, and firmware components as
they can also affect the system negatively or positively.
Trusted Computing Base
Examples: Windows Vista, Windows 7, and Windows 8. Windows Server 2008 uses
the disk encryption software named BitLocker.
Security Architecture: Security Perimeter
Security Perimeter
Interface
considered a part of TCB Components on Hardware
Software
either side of the boundary that can interact Software
only via interfaces.
Firmware
• The interfaces limit or restrict the commands
and data that can be passed on either side of Firmware
the boundary creating a security perimeter. Trusted System
Not Trustworthy
Security Architecture: Reference Monitor
Subject
Object
Security Architecture: Security Kernel Requirements
• It allows a process to read • Bounds are the limits of • It is the mode a process
from and write to only memory a process runs in when it is confined
certain memory locations cannot exceed when using memory bounds.
and resources. reading or writing. • Process isolation ensures
• If a process attempts to • The bounds of a process that any behavior will affect
initiate an action beyond its consist of limits set on only the memory and
granted authority, that the memory addresses resources associated with
action will be denied and and resources it can the isolated process.
logged. access.
Assess and Mitigate the Vulnerabilities of Security Architectures,
Designs, and Solution Elements
CPU Architecture: Ring Model
Ring 3 Users
Ring 2
Ring model is a form of CPU hardware layering that
separates and protects domains from each other.
Ring 1
• Many CPUs have four rings, ranging from ring 0 to 3.
• The innermost ring is the most trusted.
Ring 0
• Processes communicate between rings via system Kernel
calls.
Ring 0 : kernel
Ring 1 : Other OS Components
Ring 2 : Device Drives
Ring 3 : User Applications
Client-Server Systems and Local Environment
Server
Server
Network
• Application platform
• Technology interface
DEPT Table DEPT Table
• Information
Industrial Control System (ICS) is a general term that encompasses several types of
control systems, including supervisory control and data acquisition (SCADA) systems,
distributed control systems (DCS), and other control system configurations such as
Programmable Logic Controllers (PLC) often found in the industrial sectors and critical
infrastructures. ~ NIST
Supervisory Control
Programmable Logic Distributed Control
and Data Acquisition
Controllers (PLC) Systems (DCS)
(SCADA)
Programmable Logic Controller (PLC)
SCADA (Supervisory Control and Data Acquisition) systems are used to monitor and control a plant or
equipment in industries such as telecommunications, water, waste control, energy, oil and gas
refining, and other public transportation systems (airport, traffic control, and rails).
Supervisory Control and Data Acquisition (SCADA)
Radio
SCADA Microwave
Meter
Master Spread-spectrum
Accumulator
Twisted-pair
External Control Fiber-optics Dial-up Programmable Logic
Points Leased line Controller(PLC)
Difference between PLC, DCS, and SCADA
A key differential with Stuxnet was that, unlike most viruses, the worm
targeted systems that are air-gapped and not connected to the internet
for security reasons, via USB keys.
Business Scenario
• Its complexity indicated that only nation-state actors could have been involved
in its development and deployment.
• Its complexity indicated that only nation-state actors could have been involved
in its development and deployment.
Answer: A zero-day exploit is an attack that exploits a previously unknown security vulnerability.
Case Study
For nation-states,
Cyber-criminals are shifting identifying weaknesses in
their focus to industrial critical infrastructures of
facilities as a lucrative adversaries can be used
target, where they can strategically in case of
blackmail facilities through conflicts, where cyber-
techniques such as attacks can be launched to
ransomware. paralyze a nation's key
sectors, such as power,
water, and transportation.
Cloud Computing
Resource Pooling
Deployment
Public Private Hybrid Community Models
Cloud Computing Characteristics
On-Demand
Access
Resource Pooling
Multitenancy
The provider abstracts resources and
collects them into a pool, portions of which
can be allocated to different consumers
(typically based on policies).
Broad Network
Access
Cloud Computing Characteristics
On-Demand
Access
Resource Pooling
Multitenancy
It allows consumers to expand or contract
the resources they use from the pool
(provisioning and deprovisioning), often
completely automatically.
Broad Network
Access
Cloud Computing Characteristics
On-Demand
Access
Resource Pooling
Multitenancy
Broad Network
Access
Cloud Computing Characteristics
On-Demand
Access
Resource Pooling
Multitenancy
Broad Network
Access
Cloud Computing Characteristics
On-Demand
Access
Resource Pooling
Multitenancy
It is a reference to the mode of operation of
software where multiple independent
instances of one or multiple applications
operate in a shared environment.
Broad Network
Access
Cloud Computing Characteristics
On-Demand
Access
Broad Network
Access
Categorization of Cloud: Deployment Categories
Public Cloud
Private Cloud
Community Cloud
Hybrid Cloud
The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances, and other
items embedded with electronics, software, sensors, actuators, and connectivity that enables these
objects to connect and exchange data.
Any Path
IoT Architecture
Embedded
Cloud
The Internet
Private
Big cloud
Data
Source: https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf
Microservices Architecture
Source: https://www.tiempodev.com/blog/disadvantages-of-a-microservices-architecture/
Microservices
Benefits Disadvantages
Source: https://www.tiempodev.com/blog/disadvantages-of-a-microservices-architecture/
Uber: Case Study
Source: https://hackernoon.com/microservices-are-hard-an-invaluable-guide-to-microservices-2d06bd7bcf5d
And
https://dzone.com/articles/microservice-architecture-learn-build-and-deploy-a
Uber: Case Study
Source: https://hackernoon.com/microservices-are-hard-an-invaluable-guide-to-microservices-2d06bd7bcf5d
And
https://dzone.com/articles/microservice-architecture-learn-build-and-deploy-a
Uber: Case Study
Source: https://hackernoon.com/microservices-are-hard-an-invaluable-guide-to-microservices-2d06bd7bcf5d
And
https://dzone.com/articles/microservice-architecture-learn-build-and-deploy-a
Microservices
The figure illustrates the difference between a monolithic architecture and a microservice architecture:
UI
UI
Microservice
Business Data
Logic Access Microservice
Layer
Microservice Microservice
Microservice
Microservice
Monolithic Architecture
Microservice Architecture
Source: https://hackernoon.com/microservices-are-hard-an-invaluable-guide-to-microservices-2d06bd7bcf5d
Containerization
Containerized Applications
App D
App A
App B
AppCC
App E
App F
application with all its related configuration files,
App
libraries, and dependencies required for it to run
in an efficient and bug-free way across different
computing environments.
Docker
Infrastructure
Source: https://tsa.com/top-5-benefits-of-containerization/
Containerization: Benefits
Source: https://tsa.com/top-5-benefits-of-containerization/
Serverless
Benefits
Function
Microservice
Function
Function
Monolithic
Microservice
Application
Function
Function
Microservice
Function
Source: https://www.cloudflare.com/en-in/learning/serverless/glossary/function-as-a-service-faas/
High-Performance Computing (HPC) Systems
User/Scheduler
Data Storage
Computer Cluster
Edge and Fog Computing
Fog computing is a standard that defines the way edge computing should work, and it
enables the operation of computing, storage, and networking services between end devices
and cloud computing data centers.
The data is
It has a processed in the
decentralized local network
computing where the device
structure. connected to the
sensor is located.
Source: https://www.e-zigurat.com/innovation-school/blog/cloud-edge-fog-computing-practical-applications/
Edge and Fog Computing
Fog computing is a standard that defines the way edge computing should work, and it
enables the operation of computing, storage, and networking services between end devices
and cloud computing data centers.
Benefits:
• Real-time data analysis
• Improved response time
• Lower bandwidth consumption
Source: https://www.e-zigurat.com/innovation-school/blog/cloud-edge-fog-computing-practical-applications/
Edge and Fog Computing: Vulnerabilities and Mitigations
Vulnerabilities Mitigations
Source: https://www.e-zigurat.com/innovation-school/blog/cloud-edge-fog-computing-practical-applications/
Virtualization
Virtualization is a technology that enables running multiple operating systems side-by-side on the
same processing hardware.
OS OS OS OS
Type 1 hypervisors run directly on the host
machine’s hardware
Hypervisor Hypervisor
• Example: Microsoft Hyper-V hypervisor,
VMware ESX/ESXi
Hardware Operating System
• The hacker used a JavaScript engine bug within Microsoft Edge to achieve the code
execution inside the Edge sandbox, and he used a Windows 10 kernel bug to escape
from it and fully compromise the guest machine.
• Then he exploited a hardware simulation bug within VMware to escape from the guest
operating system to the host one.
• This sets up a scenario in which malicious websites can not only compromise a visitor's
virtual machine, but also the much more valuable host machine the VM runs on.
• VMware patched the vulnerabilities within 2 weeks.
• The hacker used a JavaScript engine bug within Microsoft Edge to achieve the code
execution inside the Edge sandbox, and he used a Windows 10 kernel bug to escape
from it and fully compromise the guest machine.
• Then he exploited a hardware simulation bug within VMware to escape from the guest
operating system to the host one.
• This sets up a scenario in which malicious websites can not only compromise a visitor's
virtual machine, but also the much more valuable host machine the VM runs on.
• VMware patched the vulnerabilities within 2 weeks.
Science of secret writing that enables an entity to store and transmit data in a
Cryptography form that is available only to the intended individuals
Kerckhoff’s The concept that an algorithm should be known and only the keys should be
principle kept secret
Conventional Encryption
• A good cryptosystem
should be cost-
Work factor is an
efficient and less
estimate of the effort and
time-consuming.
resources it would take
an attacker to penetrate
• A brute force attack
a cryptosystem.
is used to break a
cryptosystem.
Strength of Cryptosystem
Initialization Secrecy of
vectors the key
Length of the
key
Cryptosystem Elements
XOR function returns a true value when only one of the input values is true.
A B XOR
0 0 0
0 1 1
1 0 1
1 1 0
If both values are false or both values are true, the output of the XOR function is false.
Mod Function
The modulo function is quite simply the remainder value left over
after a division operation is performed.
• Random values are used with algorithms to ensure patterns are not created during the
encryption process.
• They are used with keys and need to be encrypted when being sent to the destination.
• If IVs are not used, then two identical plaintext values that are encrypted with the same key will
create the same ciphertext.
• The IV and the key are both used by the algorithm to provide more randomness to the
encryption process.
One-Time Pad
KeyStream KeyStream
(Pseudo-random string) (Pseudo-random string)
• A stream of ciphertext data is generated by combining the keystream (sequence of bits) with
plaintext data bit by bit using XOR operations
11 0 1 1
Plaintext
1 0 1 1 0 1 1 0 Key stream
Ciphertext
Stream Cipher
Modes of operations
• The plaintext is divided into 1, 8, 64, or 128-bit segments (the four sub-modes of CFB).
• Block cipher is used as a stream cipher.
o Can encrypt any number of bits. For example, single bits or single characters (bytes)
• Advantages:
o More resistant to transmission errors; a bit error in a ciphertext segment affects only the
decryption of that segment
o IV should be generated randomly each time and sent with the ciphertext
• Uses:
o Stream encryption over noisy channels (digital video and audio signals)
DES Operation Modes: Counter
• Strengths:
o Needs only the encryption algorithm
• Uses: High-speed network encryptions, encrypting ATM cells, IPSec, and Wireless 802.11i
Triple DES
o 192-bit keys (12 rounds of encryption) or a 3,0 a 3,1 a 3,2 a 3,3 b 3,0 b 3,1 b 3,2 b 3,3
• Uses key size of 128, 192, and 256-bits and has a block
RC6 size of-128 bits
• Based on RC5 and was also a candidate for AES
Symmetric Keys: Round Up
Compromised by meet-in-
2DES 64 bit 112 bit
the-middle attack
Hilda Jacobs who is the general manager, IT Security, assigned Kevin Butler the task
of selecting a good encryption system to secure the confidentiality of the
company’s data. She had asked for a symmetric block cipher system that can
encrypt using a 128-bit encryption key.
Question: Which encryption standard should Kevin select, the DES, the 3DES, or the AES?
Business Scenario
Hilda Jacobs who is the general manager, IT Security, assigned Kevin Butler the task
of selecting a good encryption system to secure the confidentiality of the
company’s data. She had asked for a symmetric block cipher system that can
encrypt using a 128-bit encryption key.
Question: Which encryption standard should Kevin select, the DES, the 3DES, or the AES?
Answer: With the given requirement, AES is the best choice as it supports a 128-bit key.
Introduction to Asymmetric Cryptography
In asymmetric cryptography, two keys are used that are linked mathematically but are
mutually exclusive. One key is for encryption, and the other is for decryption.
Introduction to Asymmetric Cryptography
• Asymmetric cryptography is also called public-key encryption as one key is made public.
• A pair of keys is required for encryption or decryption.
• The keys are mathematically related.
• Each key is used to encrypt or decrypt.
• You cannot encrypt or decrypt with only one key.
• The public key is usually shared, while the private key is secured by the owner.
• Secure Message format: The message is encrypted with the receiver's public key (confidentiality).
• Open Message format: The message is encrypted with the sender’s private key (authenticity).
o This provides authenticity, integrity, and non-repudiation.
o Examples: RSA, Diffie-Hellman, Elliptic curve cryptosystem (ECC), El Gamal, and Digital signature
algorithm (DSA).
Introduction to Asymmetric Cryptography
RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman, the inventors of this algorithm.
RSA:
Ownership: Membership:
Proves that you own a private Proves you are part of a group,
key without revealing your identity
Application of
Zero-Knowledge
Proof
Source: https://slideplayer.com/slide/12293221/
M of N Control
• It’s a tool that prevents the recreation of private and public key material from the backup.
• The key materials are backed up and then mathematically distributed across several systems
or devices.
• Implementing three of eight controls would require three people out of the eight with the
assigned work task of key escrow recovery agent to work together to pull a single key out of
the key escrow database (thereby also illustrating that M is always less than or equal to N).
Other Types of Asymmetric Cryptography: Diffie-Hellman Key Exchange
• The recipient uses his private key to decrypt the secret key.
• The secret key is then used to decrypt the message.
• A symmetric algorithm is used for bulk encryption.
• To distribute the symmetric key, the asymmetric algorithm
is used.
Session Key
Is much faster Used to distribute the symmetric key as they are slower
Types of
Advantages Disadvantages
cryptography
• Presents the challenge of key
• Very fast to encrypt or decrypt,
Symmetric management
secure, and affordable
cryptography • Does not provide authenticity,
• Best for encrypting large files
nonrepudiation
Provides:
• Better key distribution than
• Much slower operation
symmetric systems
than symmetric systems
Asymmetric • Better scalability due to ease of key
cryptography • Vulnerable to man-in-the-middle
distribution
attacks
• Authenticity and
nonrepudiation, in addition to
confidentiality and integrity
Introduction to Public Key Infrastructure
Registration
Authority(s)
Users
Certificate
Authority(s)
“A public key infrastructure (PKI) is a set of
hardware, software, people, policies, and
procedures needed to create, manage, distribute, Components
use, store, and revoke digital certificates.” of PKI
Keys
Certificates
Introduction to Public Key Infrastructure
Source: https://searchsecurity.techtarget.com/definition/encryption
and
https://searchsecurity.techtarget.com/definition/digital-signature
PKI Certificate
Source: https://searchsecurity.techtarget.com/definition/encryption
and
https://searchsecurity.techtarget.com/definition/digital-signature
Enrollment Process
When a user wants to obtain a digital certificate, the user must first prove his identity to the CA in
some manner. This process is called enrollment.
Enrollment Process
When a user receives a digital certificate from a person with whom he wishes to communicate,
he must verify if:
Occasionally, a certificate authority needs to revoke a certificate. This might occur because:
• They contain the serial numbers of • It checks the CRL that is maintained by the CA.
certificates that have been issued by a CA and
have been revoked along with the date and
time the revocation went into effect.
PKI Process
A hash function uses an algorithm without any key for encryption. This encryption cannot be
reversed and hence is called one-way.
Characteristics:
A hash function is any algorithm or subroutine that maps large data sets of variable length to smaller
data sets of a fixed length.
• A Message Authentication Code (MAC), also known as a tag, is a short piece of information
used to authenticate a message to confirm that the message came from the stated sender
(its authenticity) and has not been changed.
• The MAC value protects both a message's data integrity as well as its authenticity by
allowing verifiers (who also possess the secret key) to detect any changes to the
message content.
• The receiver performs the same computation on the message and checks if it matches the MAC.
• If the algorithm does produce the same value for two distinctly different
messages, it is called a hash collision.
Birthday • It is based on the statistical probability that with 23 people in a room, there
Attack is more than 50% probability that two people have the same birthday.
• SHA-1 (160 bits) may require approximately 280 computations to find a hash
collision.
• A hashing algorithm that has a larger bit output, such as a birthday attack, is
less vulnerable to brute force attacks.
Salting
Salt is a random value that is added to password hash to prevent dictionary attacks
and hash collisions.
Salting
Password Creation
• It makes it difficult for the attacker to break Plaintext
Random Salt
into a system by using the strategy of password
password hash-matching.
• For each password, a new salt is randomly
Hashing
generated.
• Instead of the original password, the
output of the cryptographic hash function
processed is stored in the database. Salt Hash
Key management includes taking backup copies and adopting multi-party key recovery.
Question: What should be the relationship between key’s lifetime and sensitivity of data?
Business Scenario
Question: What should be the relationship between key’s lifetime and sensitivity of data?
Answer: Shorter key lifetime is for more sensitive data and longer key lifetime is for less sensitive
data.
Understand Methods of Cryptanalytic Attacks
Cryptanalysis
Cryptanalysis
• The attacker attempts to break the key by systematically checking all possible
combinations of characters until the correct one is found.
• Each of the messages has been encrypted using the same encryption algorithm.
• It is the hardest attack to be successful at because the attacker has very little information about
the encryption process.
Known-Plaintext
An Adaptive Chosen-
Plaintext attack is where The attacker can compare
the attacker can modify the ciphertexts to possibly
chosen plaintext based on discover the encryption
the resulting ciphertext. key.
Chosen-Ciphertext
Implementation Attacks
SW / HW Bugs
Side-channel Attacks
The attacker analyzes the information retrieved from the encryption device.
The goal is to retrieve the secret key with a very small number of experiments.
Man-in-the-Middle (MITM)
DEFINED
LEGIBILITY ‘PERMEABILITY’ Access Control: It limits the opportunities
for crime.
Discussion
Discussion
Review the blueprint of Conwy Castle (in the next slide) and determine if it
demonstrates the use of CPTED principles.
Discussion
Source: https://www.pinterest.com/pin/342203271683079513/
Business Scenario
Hilda Jacobs, General Manager, IT Security at Nutri Worldwide Inc. was planning
the physical security controls of the new site along with Kevin. Hilda asked Kevin
to assist her in this project since she is handling the planning all by herself.
Question: Which concept of physical security are Hilda and Kevin trying to implement here?
Business Scenario
Hilda Jacobs, General Manager, IT Security at Nutri Worldwide Inc. was planning
the physical security controls of the new site along with Kevin. Hilda asked Kevin
to assist her in this project since she is handling the planning all by herself.
Question: Which concept of physical security are Hilda and Kevin trying to implement here?
Answer: Crime Prevention through Environmental Design (CPTED)
Site Location
The site location of the facility is also a concern during the initial planning.
Existing
Location and
Boundary
Access
Protection
Stable Power
Local Crime
Supply
The areas that require attention during the construction planning stage are:
Floor slab
Raised flooring
Walls
Ceilings
Windows
Doors
Business Scenario
Nutri Worldwide Inc. is a rapidly growing company with offices in different parts
of the world. Recently, the company thought of opening an office in India. Hilda
Jacobs, General Manager, IT Security at Nutri Worldwide Inc. was reviewing the
physical and environmental security of the proposed office.
• She assigned the task of listing out various threats from natural and
environmental factors, man-made factors, and political factors based on
the location of the proposed office to Kevin.
Question: What is the first thing Kevin should consider when designing good physical and
environmental security?
Business Scenario
Nutri Worldwide Inc. is a rapidly growing company with offices in different parts
of the world. Recently, the company thought of opening an office in India. Hilda
Jacobs, General Manager, IT Security at Nutri Worldwide Inc. was reviewing the
physical and environmental security of the proposed office.
• She assigned the task of listing out various threats from natural and
environmental factors, man-made factors, and political factors based on
the location of the proposed office to Kevin.
Question: What is the first thing Kevin should consider when designing good physical and
environmental security?
Answer: Life safety is the most important and first factor Kevin needs to consider for designing
good physical and environmental security.
Design Site and Facility Security Controls
Support Facilities
Turn off all electrical power to the equipment, allow water to drain out,
Water place all affected equipment or media in an air-conditioned area, and wipe
with water displacement spray.
Keep computers away from glass windows and high surfaces, place
Earthquakes components on shock absorbers and anchors, and ensure other objects do
not fall on computers.
Best practice is to switch off the systems, unplug them, and store the
Lightning
backup tapes away from the building’s steel support.
Data Center Security: Guidelines
Data Centers, server rooms, and wiring closets should be at the core of the facility.
Wiring closets in a multistory building should be placed directly above or below each
other. This helps with the easier connectivity of wires across the building.
Access to DC should be via only one door. If there are additional doors, they should
function as one-way exit doors.
The data processing center should be constructed as one room rather than different
individual rooms.
DC should have a positive air pressure. No contaminants can be sucked into the room.
Water detectors should be placed under raised floors and on dropped ceilings.
The HVAC system should be implemented for temperature and humidity control.
Personnel Access Control
Tailgating
Tailgating is when another
Piggybacking
person, whether an employee
Piggybacking is when another
or not, passes through a
person follows through a
secure door without the
door with the permission of
knowledge of the person who
the person who has received
has gained legitimate access
access.
through the secure door.
Mantraps and Turnstiles
Fire Prevention
• Training employees for fire safety
• Supplying the right equipment and ensuring their working conditions
• Storing combustible materials in a proper manner
Fire Detection
Placing fire detectors at strategic points to detect smoke or fire
Initial stage, only air Smoke is visible Flame can be seen Fire is considerably
ionization, no smoke from the point of with naked eye higher
ignition
Fire Detection Devices
Smoke Activated
Heat Activated
Class A Fires Class B Fires Class C Fires Class D Fires Class K Fires
Environmental Controls: Fire
The table given below indicates the types of fires and the corresponding extinguishing
methods.
• Another form of dry pipe system that uses larger pipes and can deliver a
Deluge
significantly larger volume of water.
Gas Suppression
Deterrent
• Alarms that trigger deterrent actions
• The goal is to make intrusion attempts more difficult.
Repellent
• Alarms that trigger sound or light
• The goal is to discourage intruders.
Notification
• Alarms that trigger notifications to security analyst
• Silent from an attacker's perspective, but it gives
warning signals to the security team.
Alarm Categories
• Must broadcast an audible alarm signal that can be heard within 400 feet.
• Security guards should be stationed nearby.
Central Station
• The alarm is silent locally, but offsite monitoring agents are notified.
Auxiliary system
Kevin Butler is studying the importance of security for data centers. He reads
about the recent unauthorized intrusion in data centers caused by a faulty design.
He studied some of the countermeasures for the same. He understands that for
dropped ceilings, the walls should extend above the ceiling to the true ceiling.
● Similarly, for the raised floors, the walls should extend below the false floor.
● Even the air ducts should be small enough to prevent an intruder from crawling
through them.
● Kevin identified, apart from the above-mentioned considerations, the need to
have strong access control for the data center and made his suggestions to Hilda.
Question: What suggestion did Kevin include in his report to ensure strong access control for the
data center?
Business Scenario
Kevin Butler is studying the importance of security for data centers. He reads
about the recent unauthorized intrusion in data centers caused by a faulty design.
He studied some of the countermeasures for the same. He understands that for
dropped ceilings, the walls should extend above the ceiling to the true ceiling.
● Similarly, for the raised floors, the walls should extend below the false floor.
● Even the air ducts should be small enough to prevent an intruder from crawling
through them.
● Kevin identified, apart from the above-mentioned considerations, the need to
have strong access control for the data center and made his suggestions to Hilda.
Question: What suggestion did Kevin include in his report to ensure strong access control for the
data center?
Answer: The use of three-factor authentication for access control.
HVAC
A reliable power supply is critical for any data center. The following are common
threats to the power system:
Power Excess
• Surge: Prolonged high voltage
• Spike: Momentary high voltage
Power Loss
• Blackout: Prolonged, complete loss of electric power
• Fault: Momentary power outage
Power Degradation
• Brownout: Prolonged reduction in voltage
• Sag or dip: Momentary reduction in voltage
Training and Awareness