0% found this document useful (0 votes)
269 views29 pages

CISSP - 5 Physical Security

The document discusses various physical security considerations for facilities. It covers site planning, perimeter security, interior security, intrusion detection systems, HVAC/power concerns, and fire safety. Some of the key recommendations include conducting a vulnerability assessment of the site and facility, implementing layered security including fences, walls, gates and CCTV around the perimeter, hardening doors and windows, properly locating critical systems like data centers, using security guards and alarms for detection, ensuring clean reliable power sources, and implementing fire prevention and suppression systems. The focus is on promoting safety, deterring and delaying threats, and implementing defense in depth.

Uploaded by

Raj Sh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
269 views29 pages

CISSP - 5 Physical Security

The document discusses various physical security considerations for facilities. It covers site planning, perimeter security, interior security, intrusion detection systems, HVAC/power concerns, and fire safety. Some of the key recommendations include conducting a vulnerability assessment of the site and facility, implementing layered security including fences, walls, gates and CCTV around the perimeter, hardening doors and windows, properly locating critical systems like data centers, using security guards and alarms for detection, ensuring clean reliable power sources, and implementing fire prevention and suppression systems. The focus is on promoting safety, deterring and delaying threats, and implementing defense in depth.

Uploaded by

Raj Sh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 29

Physical Security

CHAPTER 5
Agenda

 Facility Considerations
 Perimeter Security
 Internal Security
 Intrusion Detection
 HVAC/Power Concerns
 Fire Safety
Facility Considerations

 Site and Facility Design


 Vulnerability Assessment
 Site Planning
 CPTED (Crime Prevention Through
Environmental Design)
 Location Threats
 Utility Issues
Facility Considerations:
Site and Facility Design

 Ensuring that the building is designed in such a way as to:


 Promote the safe use of the facility (first and foremost)
 Harden the physical structure so as to provide greater security
 Considerations:
 Access zones
 Entry Controls
 Vehicular access
 Standoff Distance (Distance required to preventi unscreened vehicles from
approaching within a certain distance of a building)
 Signage
 Parking
 Loading Docks/Service Access
 Lighting
 Sight Utilities
Facility Considerations:
Risk analysis

 Risk Analysis
 The American Institute of Architects have established
these essential questions in relation to security:
 What do we want to protect?
 What are we protecting against?
 What are our vulnerabilities?
 What are consequences of loss?
 What level of protection is necessary?
 What controls are appropriate?
 What are our constraints?
 What are the specific security design requirements?
Facility Considerations:
Site Planning

 Most important goal is to protect life, property and


operations
 Often convenience, aesthetics are at cross-
purposes with security.
 Holistic approach considers both function and
security
 Layered Defense (Defense in Depth)
 Outer Perimeter
 Building Grounds and Construction
 Ingress/Egress
 Interior
Facility Considerations:
Target Hardening

 The Four D’s


 Deter
 Delay
 Detect
 Deny
Facility Considerations:
CPTED

 CPTED (Crime Prevention Through


Environmental Design
 Provides instruction on direction of the use
of:
 Organizational (People)
 Mechanical (Technology, hardware)
 Natural Design (landscaping, natural
environment)
Facility Considerations:
CPTED
 Improve Surveillance:
 Improve visibility and eliminate concealment opportunities
 Access Control:
 Actively control traffic, direct visitors, limit access
 Territoriality:
 Providing the impression of a well-tended building provides a
deterrent
 Activity Support:
 Ensure all areas of the facility are occupied at least
occasionally. Use activities like meetings, luncheons to
populate these area
Facility Considerations:
Physical Threats
 Natural
 Fire—proper fire detection and suppression equipment must be in place
 Floods: Buildings should have positive flow where water runs out of the building
 Hurricanes: Backup power supplies are often essential. Other issues such as flooding,
tornadoes, etc can be results
 Tornadoes: Quality of building materials, the presence of a basement or other “safe
place” can mitigate the risks
 Earthquakes: As with all above disasters, Emergency Planning can help in assuring
employees know what to do in the event of a disaster
 Man-made
 Theft
 Vandalism
 Fire
 Terrorist Attack
 Technical
 Failure of HVAC system
Facility Considerations:
Utilities
 Should be designed to ensure necessary power for normal, daily
operational functionality
 If possible, utilities should be concealed, underground, protected
 Minimize signs identifying critical utilities and use fencing to prevent
unauthorized access
 Locate storage tanks for oil, propane and similar substances downhill
from building and at least 100 feet away.
 Utility systems should be at least 50 feet from entrance areas, loading
docks and other high traffic areas
 Protect Drinking water supplies from waterborne contaminants by
securing access points
Perimeter Security:
Fences
Fencing
 Controls entrance access
 Can be costly and unsightly
 Heights provide degrees of protection
 3-4 feet – deters casual trespassers
 5-7 feet – too high to climb easily (preventive)
 8 feet with 3 strands of barbed wire – (preventive) Will discourage all
but the most determined intruder
 Critical areas should have
 at least 8-foot fences
 Posts should be buried in the ground and secured with cement, 6 feet apart
 Barbed wire directed out from the fence at a 45 degree angle or in a “V”
 The most critical areas should be protected with two sets of fencing and rolls of
concertina wire (razor wire)
Perimeter Security:
Fences

PIDAS Fencing
 Perimeter Intrusion Detection and Assessment
System
 Detects if someone tries to climb a fence or
damage the fence
 Mesh-wire fence with a passive cable vibration
sensor that sets off an alarm if detected
Can have barbed wire or spikes on top
 Can be Detective as well as preventive
Perimeter Security:
Walls

 Pros
 Hard to scale
 Hard to bypass
 Cons
 More expensive
 Obstruct line of site
 7 feet high with 3-4 strands of barbed wire
 A common alternative to barbed wire is concertina
wire or broken glass in the mortar
Perimeter Security:
Gates

 Gates should provide the same degree of


security as fences/walls
 UL 325 provides the following specifications for
gates:
 Class I: Ornamental/Residential
 Class II: Commercial usage where general public
access is expected: Gated community, self-storage
facility
 Class III: Industrial Usage where limited access is
expected. Example: A Warehouse
 Class IV: Restricted access: Prisons, military
Perimeter Security:
CCTV

 Detective Control
 Used to correlate facts after a security event
 Short lens offers wider angle view
 Long lens offers close up of an asset
 PTZ (pan, tilt, zoom)
 Automatic Iris (detects and adjusts to
changes in light)
Doors
 Hinges should be protected
 Hinges internal to the door provide protection for the hinges while still allowing
door to open outwardly
 Panic bar allows for quick evacuation
 Kick plate provides cosmetic protection for door
 Strike plate—T-shaped component of lock which provides reinforcement
 In the event of power failure, electronic doors can:
 Fail secure: Fails locked. No evacuation. Only in facilities where value of what
is being protected exceeds human life
 Fail Soft: Opens outward, but door is locked to bar return
 Fail Safe: Door fails open (easiest to evacuate)
 On the CISSP exam never choose fail secure . Fail soft/safe is the best choice
Doors/Windows/Walls

 Secure windows made of polycarbonate (Lexan)


 Windows should be positioned to reduce likelihood of
shoulder surfing
 Walls should provide a 2 hour burn rating (as should doors)
 Walls should go to the true ceiling instead of drop ceiling
HVAC Controls

 Positive Airflow (Contaminants/smoke should


flow out, not in)
 Temperature should be around 70 degrees for
server room
 Humidity should be around 50%
 Too high causes condensation/rust
 Too low causes ESD (Electro static discharge aka
static electricity
Location of Datacenter

 Not in basement because of floods


 Not on first floor because of traffic
 Not on top floor because of fire
 Ideally on 2nd or 3rd floor
 Should be located in center of the building to
avoid data emanation
Security Guards

 Offer Deterrence primarily


 Human element/judgement
 Best defense against piggy-backing
 Most expensive
 Liability
Security Dogs

 Deterrence
 Sense of smell
 Can cover great distance
 Work in the event of power failure
 Can present a liability
Burglar Alarms/Intrusion Detection

 Electro-mechanical
 Most common
 Rely on a connection being broken
 magnet on door and frame. Alarm sounds if the
connection is broken
 Weight based systems based on the same concept
 Volumetric
 More expensive (used for higher value assets
 Photo-electric: Changes in light—no windows
 Acoustic systems: detect certain frequencies of sounds
Power

 Good, clean power is the goal


 EMI (electromagnetic interference) can be
caused by improper grounding
 RFI (radio frequency interference) fluorescent
lighting
 UPS helps provide constant source of power
and most UPS today provide line filtering
Problems with Power

 Power Excess
 Spike: Momentary high voltage
 Surge: Prolonged high voltage
 Power Degradation
 Sag: Momentary degradation
 Brownout: Prolonged degradation
 Power Loss
 Fault: Temporary outage
 Blackout: Prolonged outage
Fire Safety

 Prevention is best!
 Protect flammables
 Limit use/placement of space heaters
 Electrical safety, for instance don’t daisy chain
extension cords
 Class C fire extinguishers should be properly labeled
and within 50 feet of electronic equipment. They
should be tested quarterly
 Halon-based systems were outlawed in the 90s
because of their effect on the ozone layer.
Sprinkler Systems
Sprinkler Systems Continued
Remember…

 Senior management is responsible for the


physical safety of their employee
 Focus on prevention, not correction
 Human life should always supersede other
assets
 Physical security is the first line of defense in
protecting a company’s assets

You might also like