Which of the following is an example of technical controls that can be used for physical security?

Summary

Physical security controls, to include deterrent, detective, and preventive measures, are the means we put in place to mitigate physical security issues. Deterrents aim to discourage those that might violate our security, detective measures alert us to or allow us to detect when we have a potential intrusion, and preventive controls actually prevent intrusions from taking place. In isolation, none of these controls is a complete solution, but together, they can put us on a much stronger footing for physical security.

Protecting people is the foremost concern when planning our physical security. Although data and equipment can generally be replaced, when proper precautions are taken, people can be very difficult to replace. People are fragile creatures, and one of the best steps we can take when faced with a situation where they might be harmed is to remove them from the dangerous situation. Additionally, we may implement a variety of administrative controls in order to keep them safe in their working environments.

Protecting data, second only to protecting our people, is a highly critical activity in our world of technology-based business. One of our primary concerns with data is being able to ensure its availability when it is needed, and another is being able to ensure that we can completely delete it when we no longer desire to keep it. One of our main methods of ensuring availability is to perform backups, whether this is through the use of RAID to protect against storage media failures, or backups onto removable media such as DVDs or magnetic tape.

Protecting our equipment, although the lowest of the three categories on our priority list, is still a vital task. When we select the site for our facility, we need to take into account the threats that might be relevant to the location and take steps to mitigate them. We also need to take the necessary steps to secure access outside, to, and within our facility. We have to protect our equipment not only from those that would intrude from the outside but also from those that have legitimate access to the facility, but not to certain areas within it. Lastly, we need to maintain the appropriate environmental conditions for our equipment to function, largely power, temperature, and humidity.

12.4.1 General Forensic Laboratory Physical Controls

The following physical security controls are typical of those that may be in place in the Forensic Laboratory:

The Forensic Laboratory does not have signage stating what activities are carried out on the site.

Access to the Forensic Laboratory is passed a manned reception area. All Visitors and service engineers are required to report to this reception area before being granted access, as defined in Section 12.4.2.

The only access point to the Forensic Laboratory is through the manned reception, which is manned 24/7. During the working day, two Forensic Laboratory employees man the reception desk, so that they can manage the switchboard, Visitors, and deliveries.

All emergency exits are only operable from inside using break glass locks and are alarmed.

CCTV covers the entrance and all exits, as well as all secure areas (as defined above). The use of CCTV in the Forensic Laboratory is defined in Section 12.4.5 and how it is managed is defined in Chapter 7, Section 7.5.3.

All access to the Forensic Laboratory is via access control cards with associated PIN numbers. This is for employees as well as Visitors and service engineers.

Access to secure areas within the Forensic Laboratory is as above but reinforced with biometric fingerprint readers.

Full burglar alarms are in place throughout the Forensic Laboratory for both perimeter and internal detection. The alarm system is connected to a 24/7 manned site.

Full fire detection and quenching is in place throughout the Forensic Laboratory. The alarm system is connected to a 24/7 manned site. Fire quenching is provided using a variety of quenching mechanisms, from fire blankets in the kitchens to FM 200 in the Data Center.

Where a secure area has been defined, it is secured from real floor to real ceiling, rather than just using internal partition walling.

Specific procedures to support physical security access control are given in the following sections:

Civil Disturbance

An organization’s risk from a civil disturbance can include a range of exposures from peaceful protest to the direct action against its workers and facilities, or from the result of being located in “the wrong place at the wrong time” by suffering the consequences of a violent and destructive street protest, too often sparked by the infection of an anarchist element. Organized labor activity can also pose its own set of problems, and it demands its own set of protective measures. While the need to protect people and facilities from these destructive elements is easily recognized, the workers who need to respond must keep in mind the potential to create legal liability and media exposure if an encounter with a protester is not handled properly.

5.1 Segmentation

Segmentation applies the cyber-physical security control of deterrence by constructing a physical or logical barrier between groups of devices grouped according to communication, function, criticality, and risk. Segmentation in cyber systems may be accomplished through subnetting, encryption, virtual local area networks, access controls such as firewalls, access control lists, or software-defined networking. In general, computing assets that need to communicate with one another, that share the same risk profile, or that perform the same function should be put on a segment together. Devices that do not need frequent communication or that perform different kinds of functions should be separated. Critical functions should be split across separate machines if possible, making it difficult for an adverse circumstance to harm more than one critical function at a time.

Convenience may dictate that CPSs communicate over common IT networks or that multiple layers of functionality use the same infrastructure. However, when applying the cyber-physical security principle of segmentation, we recommend that barriers be erected between these layers and functions. Allowing unregulated access between segments with different risk profiles allows opportunities for less critical (and less well protected) functions to be used as a beachhead to attack more critical ones. The example of automotive hacking demonstrates how the less critical entertainment systems were exploited to access the critical real-time controls. Because the entertainment system is the only intermediary between the outside-world networks and the real-time, critical network, an adversary can send commands to the throttle, brake, etc., by compromising this system. Additionally, the CAN-bus protocol connecting the automotive subsystem controllers is designed for real-time communication, not security. CAN-bus has no authentication protocol, allowing any system on the segment to act at any privilege/priority level it chooses. Typical automotive network implementations have a single CAN-bus or separate busses organized by physical proximity of components. Assuming a CAN-bus is a requirement, segments should be separated by criticality, function, and risk rather than proximity. Separate segments may be joined, but security controls must be placed at the junction.

Connections between segments should employ the principles of least-privilege and need-to-know. Least-privilege provides client components or users general access to only the resources needed to fulfill their role. Need-to-know further restricts these privileges by allowing access to authorized resources only as needed to accomplish the current job. For example, a smartphone’s word-processing application may need occasional access to the camera. Least-privilege would require the program to ask the user to grant this permission. Need-to-know would further prevent the application from using the camera while the user was typing, because it should not be taking pictures or video while the user is writing. Application firewalls and proxies are least-privilege measures to monitor and restrict the communication to only specific devices, protocols, and messages that are needed to communicate across the connection. State-aware protocols are need-to-know measures that prevent senseless command combinations like throwing a connected car’s transmission into reverse while the car was moving forward rapidly.

Access time and user role are other dimensions of segmentation. Applications installed on and resources provided by devices in the network may be segmented. For example, iPhone applications must get permission to access the camera or other resources. However, access to the camera, once granted, endures beyond the transient need. Temporal segmentation, where access is granted only for a time, can improve security. Role-based access control is a form of segmentation that permits access to groups of functions needed to perform a particular job. If, for instance, one machine can be both a workstation and a server, the applications necessary for both of these tasks should be segmented, perhaps accessible only from separate user accounts. Specifically, the permissions required to operate these applications should be carefully monitored and restricted to only what is necessary for the particular function it must serve at that moment.

Deter

The goal of these physical security controls is to convince potential intruders and attackers that the likelihood of success is low because of strong defenses. Typically, the implementation of deterrent security controls are found in the combined use of physical barriers (ie, walls), surveillance (ie, closed caption television (CCTV)), and lighting (ie, spot lights).

Chapter 9: Physical security

In this chapter, we discuss physical security. We address the main categories of physical security controls, to include deterrent, detective, and preventive measures, and discuss how they might be put in place to mitigate physical security issues. We talk about the foremost concern in physical security, ensuring the safety of our people, and talk about how data and equipment can generally be replaced, when proper precautions are taken, though people can be very difficult to replace. We also cover the protection of data, secondary only to protecting our people and how this is a highly critical activity in our world of technology-based business. Lastly, we discuss protecting our equipment, both outside of and within our facilities

Shared tenancy and adjacent buildings

Other tenants in a building case pose security issues: they are already behind the physical security perimeter. Their physical security controls will impact yours: a tenant's poor visitor security practices can endanger your security, for example.

Adjacent buildings pose a similar risk. Attackers can enter a less secure adjacent building and use that as a base to attack an adjacent building, often breaking in through a shared wall.

A crucial issue to consider in a building with shared tenancy is a shared demarc (the demarcation point, where the ISP's (Internet Service Provider) responsibility ends and the customer's begins). Access to the demarc allows attacks on the confidentiality, integrity, and availability of all circuits and the data flowing over them.

Shared Tenancy and Adjacent Buildings

Other tenants in a building can pose security issues: they are already behind the physical security perimeter. Their physical security controls will impact yours: a tenant’s poor visitor security practices can endanger your security, for example.

Adjacent buildings pose a similar risk. Attackers can enter a less secure adjacent building and use that as a base to attack an adjacent building, often breaking in through a shared wall. Many bank heists have been pulled off this way; including the theft of over $20 million dollars from British Bank of the Middle East in 1976 (the attackers blasted a hole through the shared wall of an adjacent church). For more detail see: http://www.dailymail.co.uk/home/moslive/article-459185/Soldiers-Fortune.html.

Another security risk associated with shared tenancy (or neighbors who are physically close) is wireless security. Physical proximity is required to launch many types of wireless attacks. Also, neighbors running wireless equipment at the same frequency as you can cause interference, raising wireless availability issues.