CISSP Domain: Physical (Environmental) Security

recognize basic threats to an organization's physical security and identify the security mechanisms used in securing an enterprise environment. identify the security mechanisms and strategies used to protect the perimeter of a facility. identify the appropriate physical security mechanisms to implement in a given scenario. identify the appropriate mechanisms and controls for securing the inside of a building or facility. select the most appropriate intrusion detection technology for a scenario. determine the appropriate intrusion detection system to implement, given a specific scenario.

Physical Security Fundamentals

Learning objective

After completing this topic, you should be able to recognize basic threats to an organization's physical security and identify the security mechanisms used in securing an enterprise environment.

1. Physical security threats

To achieve complete enterprise security, you not only need to protect your critical resources and information against unauthorized technological access, but you also need to secure these assets against unauthorized physical access. Unless a network is physically secure from threats, all other types of security can be negated. Similar to any other security type, physical security aims to ensure the integrity, confidentiality, and availability of information and resources. But physical security addresses a different set of risks, threats, and vulnerabilities from that which is addressed by computer or information security. Physical security involves securing organizational resources from theft, vandalism, intruders, physical destruction, and environmental factors. It also involves the implementation of countermeasures to address such threats and vulnerabilities. The physical security threats encountered by an organization can be categorized into four types:

environmental threats manmade threats supply system threats political threats

environmental threats Environmental threats are caused by environmental factors, such as earthquakes, hurricanes, floods, tornadoes, natural fires, volcanic eruptions, extreme temperatures, and excessive humidity.

manmade threats Manmade threats are caused by human beings, either intentionally or unintentionally. These threats include arsons, explosions, chemical contamination, fraud, vandalism, and embezzlement performed by hackers or disgruntled employees. These also include unintentional acts, such as employee errors and accidents. supply system threats These are threats that arise because of some defects or disruptions in the supply system. For example, power surges, interruptions in water or gas supply, communication interruptions, and power distribution outages. political threats These are threats caused by politically motivated acts. Such threats include bombings, terrorist attacks, wars, riots, strikes, insurgency, and civil disturbances. Physical security threats can prove to be detrimental to the organization because they can interrupt normal business operations and can compromise the integrity, confidentiality, and availability of resources. They can also cause irreparable damage to the public image of the organization, resulting in loss of revenue or customers for the organization.

2. Sources of physical loss

Some major sources of physical loss for an organization can be listed as energy anomalies such as static electricity, electric surges, magnetism, radio waves, and microwaves gases such as fuel vapors, humidity, commercial vapors, dry air, and war gases liquids such as water and chemicals movement such as vibration, shaking, shearing, collapse, and slides organisms such as animals, people, insects, viruses, and bacteria projectiles such as bullets, moving vehicles, aircraft, falling objects, and meteorites temperature such as extreme heat or cold

The different sources of physical loss can interrupt normal business operations and therefore, can result in heavy losses for the organization. The extent of the losses that an organization may need to suffer depends on the timing and the duration of service interruptions caused by these sources. The severity of the losses is also positively correlated to the criticality of the operation that has been interrupted. Even a small interruption to a highly critical service can accrue major losses for the organization. When planning for your organization's physical security, you need to perform a risk analysis to identify all existing vulnerabilities and potential threats to the organization. You also need to evaluate the potential impact of these threats on your organization and identify the most cost-effective countermeasures to combat the threats.

When planning for physical security, you need to consider both the life safety goals and security concerns of the organization. Life safety goals are concerned with the protection of life against potential dangers such as fire and natural calamities, while security concerns deal with the protection of resources from threats such as theft, vandalism, and attack. You should never allow a security concern to override life security goals. However, with good planning, you can achieve an effective balance between these two.

3. Security components and layered defense

The facility design of an organization can help increase the level of physical security you can provide for your organization. The organization's physical environment consisting of entrances, landscaping, road placement, lighting, and neighborhood layouts can be effectively designed to enhance the level of security within the organization. The various components that are involved in the physical security of an organization and require special security considerations are entry points protective barriers infrastructure support systems electrical power supplies water and gas lines internal compartmentalized areas

entry points When designing a facility, you need to consider all potential entry points such as doors, windows, fire escapes, chimneys, roof access, and service doors for their strength and the level of resistance they can provide against intruders. You also need to evaluate their combustibility, fire ratings, and placement. protective barriers From the physical security point of view, you need to consider all protective barriers, such as walls, floorings, and ceilings for the level of safety and security they provide. They need to be evaluated on their combustibility, fire rating, and weight-bearing ratings. Other protective barriers such as fire-detection and suppression equipment should also be considered for their placements and effectiveness. infrastructure support systems Infrastructure support systems, such as heating, ventilation, and air conditioning, comprise an important component of physical security. You need to evaluate these systems for their placements, emergency shut-off valves, recommended air pressures, and protected intake vents.

electrical power supplies You should plan and arrange for alternate power supplies to avoid any disruption in electrical supplies because this can cause major losses for the organization. You should ensure a clean and steady power supply and set up distribution panels and circuit breakers at appropriate places. water and gas lines Water and gas lines require special consideration because these can cause irreparable damage to a computing environment. You need to evaluate water and gas lines for proper and well-placed shutoff valves and the proper flow of gases and water. internal compartmentalized areas Internal compartmentalized areas generally house sensitive equipment and critical data. Therefore, these require special security consideration. These areas should be located in the center of the facility and should be protected using appropriate access control mechanisms. The physical security of a facility should be implemented based on a layered defense solution. Layered defense involves the implementation of several layers of security measures to protect a facility. A layered defense approach works on the concept that if an intruder can bypass one layer of security measures, additional layers of defense can protect the valuable assets of the organization. The principle objective of a layered defense solution is to protect the facility by deterring or preventing illegal or unauthorized events. In case an illegal event occurs, a layered defense solution aims to detect and delay the event to allow the system to appropriately respond to the event. A typical layered defense system can comprise four layers of defense: Perimeter Building entry points Building floors and offices Compartmentalized areas

Perimeter The first line of defense involves securing the perimeter of the facility. You can implement protective barriers, such as fences, gates, bollards, walls, protective landscaping, and surveillance devices to secure the perimeter of the facility. Building entry points Securing all building entry points in walls, roofs, floors, ceilings, and basements creates the second line of defense. These entry points can be constructed appropriately to provide resistance and can be further secured using proper intrusion detection devices and access control measures.

Building floors and offices Building floors, offices, and office suites need to be appropriately secured to create the third line of defense. You need to implement proper security control measures to secure this area against any unauthorized intrusion. Compartmentalized areas Compartmentalized areas containing sensitive equipment and information must remain protected at all times to create a fourth and final layer of defense.

Summary
Physical security involves securing organizational resources from theft, vandalism, intruders, physical destruction, and environmental factors. Some physical security threats that are usually encountered by organizations are environmental, manmade, supply system, and political threats. Some major sources of physical loss that can interrupt the normal business operations of an organization are energy anomalies, gases, liquids, movements, organisms, projectiles, and temperature variations. An organizational physical security plan should consider both life security goals and the security concerns of the organization. Various components make up the physical security of an organization and require special security considerations. The physical security of a facility should be implemented based on a layered defense solution that involves the implementation of several layers of security measures to protect a facility.

Perimeter Security
Learning objective

After completing this topic, you should be able to identify the security mechanisms and strategies used to protect the perimeter of a facility.

1. Perimeter security mechanisms

In the layered defense model of physical security, the perimeter provides the first line of defense for the facility. As a result, to mitigate the possibility of unauthorized penetration into the facility, you need to identify the perimeter weaknesses and devise ways to alleviate them. You can implement different types of protective barriers to secure the perimeter: Landscaping Fences Gates Bollards

Landscaping Landscaping provides natural access control. Low landscaping, which allows for straight line of sight can discourage intruders. You can also use spiny shrubs and trees as natural barriers for intruders. Fences Fences define a property's boundary and secure the area. Depending on specific security requirements, you can determine the height of the fencing to be used. In addition, for high-security facilities, you can supplement fences with security patrols. Gates A swinging, rolling, sliding, lowering, or raising gate is used as a moving barrier to restrict the entry or exit of vehicles and people. Depending on their use, gates are separated into
class I gates for residential operations class II gates for commercial operations class III gates for industrial or limited access operations class IV gates for restricted access operations

Bollards Bollards are short, vertical posts that are generally used as barriers preventing vehicles from accidentally or intentionally ramming into the facility. Lighting forms an essential component of perimeter security because it prevents intruders from concealing themselves under cover of darkness. For effective perimeter security, you should arrange for even lighting for the bordering areas, glaring lights on intruders, and low lights for security posts and patrolling areas. Common types of protective lighting systems include continuous lighting trip lighting standby lighting emergency lighting gaseous lighting

continuous lighting Continuous lighting consists of an array of fixed luminaries that provide continuous lighting across a specified area. You can use three different types of lighting glare projection, flood, and controlled to provide continuous lighting. trip lighting Trip lightings are turned on when a trigger is activated. For example, the lights within a specific area turn on when an intruder moves across a sensor. standby lighting In standby lighting luminaries are not continuously lit but are turned on only when some malicious activity is suspected. You can also configure the luminaries to turn on and off automatically at predetermined times. emergency lighting Emergency lighting is used as a backup lighting system during power failures or other emergencies. gaseous lighting Gaseous lighting is provided by high-pressure sodium and mercury vapor lamps. An inherent weakness with these lamps is that they take several minutes to re-ignite and therefore, can allow intruders to enter unnoticed during the re-ignition period.

Perimeter intrusion detection systems (IDSs) contain sensors that can be installed across the perimeter area to detect unauthorized intrusion into the area. The perimeter IDS can detect intrusion across or under a specified land area can detect intrusion through a physical barrier, such as fencing can detect someone approaching or touching an object such as a car can set off alarms when an intrusion is detected are prone to false alarms triggered by animals, birds, or flying objects

You can use surveillance devices to provide additional security for locked buildings. Surveillance devices enable the surveillance of an area using either visual motion detectors or detectors using microwave, ultrasonic, laser, infrared, or an audio technology. These devices can detect abnormal behaviors, activities, or conditions. Closed-circuit television (CCTV) is a monitoring device that uses video cameras to capture the who, what, where, and how of an event and transmits it to various display monitors. The three levels of CCTV are detection detects the presence of an object recognition determines the type of the object identification determines the details of the object The main components of a CCTV system are camera and lens transmission media display monitors

camera and lens In a CCTV, the camera and lens capture an optical image and convert it to video signals. transmission media Transmission media, which can be wired or wireless, transmits video signals from the camera to the monitors. display monitors

Display monitors convert and display the electronic signals received over transmission media. Guard stations are small enclosures, especially constructed to keep watch over the premises of high-security enterprises. These stations are manned 24 hours a day to provide continuous vigil and monitoring. They are often equipped with devices such as TV monitors, intercoms, radio devices, alarm systems, and walkietalkies, and therefore, can provide effective deterrence and security response in the event of an unauthorized intrusion. You need to consider these questions while installing a guard station for your enterprise: Will hiring or contracting be more cost-effective? Are there union considerations? Do the guards require certification or licensing? Do the guards require specific training? How will the guards be screened for the positions? Should the guards be armed? Will bonding be necessary? What will be the impact on insurance policies?

2. Facility design and construction

The building material used to construct a building structure should be strong enough to offer resistance to unauthorized entry and penetration. In addition, the outside building structure must also comply with the mandatory building codes. The basic types of construction material are light frame heavy timber incombustible fire resistant

light frame Light frame construction materials are used to build homes. These offer the least amount of resistance to forced entry attempts and have a fire-survival capacity of only 30 minutes. heavy timber These building materials are used to construct office buildings. The structural elements used in these building materials are at least 4-inches thick. Consequently, they have an increased firesurvival capacity of 1 hour. incombustible

Incombustible building materials, such as steel, provide increased fire resistance but tend to lose their strength at high temperatures and can, eventually, cause the structure to collapse. fire resistant This construction material provides the highest level of resistance against fire and forced entry. Fire resistant building material and steel rods encased in concrete are used to construct the building structure. Doors are a critical entry point in any building structure and, therefore, should provide adequate resistance against unauthorized entry. The level of security that a door can provide depends on the quality of the door and its hinges, frame, strike plates, installation method, and lock. Attackers can employ different methods to enter through a locked door. These methods include brute force attackers uses force to kick open the door prying attackers use tools such as a wire loop or a crow bar to pry open the door

Note
Doorframes are often the weakest point in the entire door assembly and are, therefore, used as the first point of attack by intruders. Depending on their structure, doors can be of two types: hollow core the structural, inner part of hollow-core door consists of a light-weight frame and can be easily kicked in, cut, or sawed solid core the structural inner part of this door is solid and offers better resistance against attacks and fire A mantrap is a small room with two interlocked controlled doors. The two doors cannot be opened at the same time. To pass through the second door, a person needs to produce some identification, such as a swipe card or a badge. If the authentication fails, the person is trapped inside the room. The placement of a window, the method of constructing it, and the construction material used determines its security. Based on the construction material used, windows can be of five types: plate glass window tempered glass window acrylic window polycarbonate window glass-clad polycarbonate window

plate glass window Standard plate glass windows are mostly used in residential homes. These can be easily cut and can shatter into dangerous splinters when broken. tempered glass window Tempered glass is five to seven times stronger than plate glass and therefore, offers better protection. acrylic window Acrylic windows offer more resistance than standard plate glass windows. But these windows can be easily cut or sawed, are flammable, and produce toxic flames. polycarbonate window Polycarbonate windows are 20 times stronger than acrylic windows, but are combustible, just as acrylic windows are. glass-clad polycarbonate window Glass-clad polycarbonate windows offers the greatest resistance to fire, chemicals, and abrasions, and are anti-ballistic. Some security controls available for windows are laminated glass wired glass solar window films window security films glass breakage sensors

laminated glass Laminated glass is made by bonding two sheets of glasses with a plastic layer in between them. This glass offers increased resistance to breakage. wired glass Wired glass has a wire mesh reinforced between two sheets of ordinary glass. This prevents objects from smashing through the glass. solar window films Solar window films are affixed to glass windows to protect them from ultraviolet rays. It also provides increased security by preventing the glass from shattering. window security films Window security films are transparent films that are affixed to windows. These provide security against storms, unwanted entries, and even exploding bombs. glass breakage sensors

Glass breakage sensors are specifically designed small microphones that can be mounted on windows. These microphones can be tuned to the vibrations caused by breaking glass and can set off alarms in case of glass breaking. Locks are the most accepted and used security device. But these can only serve as a delay device to keep out determined intruders. Intruders can gain entry through any type of locks although the time taken for this may vary, depending on the lock type. Two lock-defeating techniques commonly used by intruders are picking intruders use tools such as tension wrenches and picks to open locks by imparting a rotary motion to the key plug, finding the lock tumblers, and then aligning each locking tumbler to the shear line raking intruders use a pick with a wider tip to bounce up all the pins of a lock and then use a tension wrench to turn the plug and make the pins fall, opening the lock

The types of locking devices are combination locks electronic combination locks deadbolt locks keyless locks smart locks key locks combination locks A combination lock contains some wheels and a dial face. You need to use a sequence of numbers in a specific order to open this lock. electronic combination locks An electronic combination lock uses digital play out and obtains its power from the energy generated by turning the dial. deadbolt locks Deadbolt locks use bolts that are inserted into the door jambs mounted on the doorframe. Consequently, these provide an added measure of security. keyless locks Keyless locks generally contain push buttons that need to be pressed in a specific sequence to open the lock. smart locks Smart locks generally contain a plastic card that is programmed to open specific doors, thus permitting only authorized access for specific doors. key locks

A key lock is the most popular locking device, requiring a key to open. Different types of key locks include
warded locks use obstructions in the keyhole to allow only properly cut keys to enter wafer or disc tumbler locks use several wafers under spring tension to prevent the plug from turning pin tumbler locks require a key that can move pins for obtaining a shear line interchangeable core locks use a core that can be removed and replaced by another core using a specialchange key

3. CPTED strategies
Crime prevention through environmental design (CPTED) is an approach that involves designing the physical environment to influence human behavior for reducing crime and the fear of crime. The CPTED concept states that any physical environment can be manipulated to dissuade offenders from committing a crime. This approach addresses the designing and placement of entrances, facilities, neighborhood areas, roads, lighting, landscaping, and traffic-circulation patterns. CPTED provides guidance in loss and crime prevention. It combines psychology, site design, and security hardware to create a physical environment that makes legitimate users feel safe and illegitimate users feel unsafe. For example, CPTED recommends the use of street furnishings, such as benches and tables, because these encourage people to sit and watch the surroundings, which discourages criminal activity. The CPTED approach is different from a typical target-hardening approach, which focuses on securing the target by creating various physical or artificial barriers. This approach follows more subtle ways to psychologically deter people from engaging in criminal activities. For example, to deter people from using a specific door, a target-hardening approach will involve installing locks, alarms, and cameras on the door. However, the CPTED approach would ensure that there are no sidewalks leading to the door and the door is not hidden behind any vegetation that can offer a hiding place for an intruder. The best approach is to apply CPTED strategies when building an environment and then use targethardening methods on top of it, wherever necessary. The three main strategies used by CPTED are natural access control natural surveillance territorial reinforcement

natural access control Natural access control involves using properly constructed entrances, exits, fences, and landscapes to control access to the facility. Naturally or artificially created barriers, such as cliffs, rivers, and fences, can be used to dissuade intruders from entering the facility. natural surveillance Natural surveillance involves using natural strategies, such as low landscaping, raised entrances, and lighting, to maximize the ability to observe a potential unauthorized activity. territorial reinforcement Territorial reinforcement involves using physical design, such as fences, pavements, and company

Summary
Perimeter security provides the first line of defense in a layered defense model. The different protective barriers that can be installed to protect a perimeter are landscaping, fences, gates, and bollards. Protective lighting systems, perimeter IDSs, surveillance devices, guard stations, and CCTVs provide additional security against unauthorized intrusion. The basic types of construction material that offer different levels of protection against intrusion are light frame, heavy timber, incombustible, and fire-resistant material. Depending on the security need, the appropriate type of doors, windows, and locks can also provide the required security. CPTED strategies can be used to design a physical environment to influence the human behavior for reducing crime and the fear of crime.

Internal Protection
Learning objective

After completing this topic, you should be able to identify the appropriate mechanisms and controls for securing the inside of a building or facility.

1. Electrical power system security

Securing the inside of a facility is necessary to ensure continuous system operations. The first step toward ensuring internal security involves securing the power supply of the facility. This requires specific technical training and expert consultation because most technology-based security mechanisms depend on electrical power. Some electrical power concepts that you need to know are ground noise clean power transient noise ground A ground is a direct electrical connection to earth to drain away excess build up of electrical charge. An effective ground connection ensures that people and devices are not negatively affected by the excessive current. noise Noise refers to the unwanted disturbance caused in an electrical circuit by steady electromagnetic or frequency interference. This interference disrupts power flow, causes fluctuations, and can adversely affect equipment. clean power Clean power refers to electrical current that does not fluctuate and has been regulated to remove electrical noise. transient noise Transient noise refers to a short power disturbance in the supply circuit caused by line noise. This disturbance can cause electrical interference and power fluctuations. The configuration of a power system can create a critical difference in the availability of the system. Therefore, you need to work with utility providers to identify and configure a suitable protection strategy based on your organization's processing demands and system availability requirements.

Electrical power supply can be subject to specific vulnerabilities and threats that can cause total power loss or degradation in power quality. The vulnerabilities that cause total power loss include blackout a large-scale power disruption or a complete power loss that can result from lightening, storms, collapsing of the power line, or failure to pay the electricity bill fault an electrical malfunction that causes momentary power outage or complete power loss for a short duration

Other vulnerabilities and threats that can result in power degradation are brownout sag or dip surge inrush current spike electrostatic discharge brownout Brownout is an intentional reduction in voltage by utility providers, resulting in the dimming of lights. A brownout occurs when the demand for power exceeds the generation capabilities. sag or dip A sag or dip refers to a low-voltage condition for a short duration. This condition may last for a few seconds or a complete cycle. surge A surge is a sudden, prolonged rise in the voltage of the power supply, which can cause immense damage to unprotected electrical equipment. inrush current Some types of electrical equipment require an initial surge of current to start, which is much higher than that required during normal operations. This leads to an inrush of current to the equipment and eventually results in a sag for other equipment. spike A spike is a sudden, short-duration upsurge in the voltage of an electrical circuit. This is generally caused by lightening strikes. electrostatic discharge Electrostatic discharge refers to the static electricity generated due to the friction between two nonconductive materials. This discharge can damage electronic equipment. Interference refers to unwanted disturbances in the flow of electric power, which can interfere with normal device operations. This disturbance can cause errors in data processing and may lead to

erratic program operations. Two types of interference are electromagnetic interference (EMI) and radio frequency interference (RFI). EMI is the electrical circuit interference caused by the varying electromagnetic radiation of nearby electronic equipment. The most common source of EMI are electrical motors and lightening. RFI is the interference created by the reception of radio waves. Some possible sources of RFI are fluorescent lights, cellular phones, radio stations, small office equipment, and loose electrical connections. You can control interference by installing a wire-in filter suppressant or a single-socket power line filter suppressant. To protect industrial equipment, you may need to use extreme duty, twist-type, or other high-current filter suppressants. Ensuring proper grounding and shielding power lines can also help protect against interferences. Other methods for preventing power problems include UPS surge suppressors static controls power line conditioners back-up power sources UPS An uninterrupted power supply (UPS) system maintains continuous power supply to connected equipment. It provides clean power in the event of an unexpected power shutdown or interruption from the primary power source. surge suppressors Installing surge suppressors can help protect against spikes and surges. A surge suppressor does not allow the incoming power to exceed the optimal level and controls a surge by directing the excess power to the ground. static controls You can use higher humidity to prevent static build-up. In low humidity areas, you can use antistatic mats, carpets, and sprays to control static electricity around sensitive equipment. power line conditioners Power line conditioners use a bank of batteries and an inverter to maintain continuous power supply. These conditioners continuously charge their batteries and always make the normal primary electricity pass through the inverters to smoothen any peaks or dips in this power. back-up power sources

You need to plan for back-up power sources, such as a redundant line from another power source or motor generator, to protect against long duration power failures. You can use these power sources to supply main power or to charge the batteries of the UPS. You need to implement some preventive measures and follow some good practices to protect electrical devices. You should install fluorescent lights away from power lines install power line monitors to detect frequency and voltage amplitude variations install regulators to ensure clean power avoid plugging outlet strips and extension cords into each other plug in every device to a surge suppressor shut down devices in the proper way to avoid data loss use access controls to protect distribution panels, master circuit breakers, and transformer cables use shielded lines to help protect against magnetic induction use shielded cabling for long cable runs use three-prong connections when using two-prong cables

2. HVAC system security

HVAC refers to the system that provides comfort heating, ventilation, and air conditioning within a specified area. Security issues related to an HVAC system include location of the HVAC system maintenance of pressurization risk of chemical and biological attacks location of the HVAC system The location of the main controls and cable runs of the HVAC system can cause security concerns if it allows for unauthorized access and acts of sabotage. The remote access capabilities of the HVAC system also need monitoring to prevent malicious use by attackers. maintenance of pressurization Maintaining positive pressurization within an HVAC system is crucial to prevent air contamination. Maintaining positive pressurization within a building ensures that when you open a door the inside air exits and the outside air does not enter. In the event of a fire, positive pressurization would force the smoke out while a negative pressurization would push the smoke back in and trap people inside.

risk of chemical and biological attacks Terrorists and other malicious users can exploit the HVAC system to launch chemical and biological attacks. The attackers can scatter the chemical or biological agents near HVAC ventilation registers and cause them to spread throughout the facility. To ensure greater control over humidity and temperature in areas containing sensitive equipment, you should have separate air-conditioning controls for data center or server rooms. Ideally, for the server rooms, you should have a separate air conditioning system that is independent of the rest of the building. You need to ensure the proper monitoring of the control centers and rooms containing HVAC equipment to prevent unauthorized access. Intruders can use the building support system areas, such as furnace areas, air-conditioning ducts, and underground ventilation shafts, to penetrate into the facility and can cause a shutdown of the entire facility. Documenting all activities should be made an integral part of HVAC maintenance procedures. Records of all faults, actions, resolutions, and upgrades should be maintained for at least 1 year and reviewed quarterly.

3. Water and gas supply security

Water leaks or condensation can cause acute and irreparable damage to a computing environment. Common sources of water problems include fire-suppression systems improperly installed air-conditioning system burst pipes evaporative coolers condensers

Water damage can also result in mold and mildew, which can interfere with the proper functioning of the information system resources and can cause serious health hazards. If not treated on time, mold and mildew can grow very fast and render the workspace unlivable. Because water can render irreparable damage to information system resources, you need to implement appropriate controls to limit this damage. Some water damage controls include placement of computer rooms location of the facility emergency shut-off valves

mold and mildew controls placement of computer rooms You should ensure that the computer rooms are not located next to or directly below water pipes.You can also install water-detection sensors to detect leakage in water pipes under raised floors. location of the facility In a flood-prone area, you should ensure that the server rooms and physical security control centers within the facility are placed well above ground level. Similarly, in hilly areas, the facility should be constructed at the highest point of the slope. emergency shut-off valves You should necessarily install emergency shut-off valves for chilled water. In the event of an emergency, this valve will automatically shut off the flow of water and prevent outside contaminants from entering the water supply. mold and mildew controls To prevent and limit the damage caused by mold and mildew, you can use dehumidifiers combined with water damage disinfectants and sanitizers.

If your company uses natural gas, you need to implement these security precautions: identify the location of the main, incoming shut-off valve for the natural gas distinguish this main shut-off valve from other valves verify that the shut-off valve is operational attach a shut-off wrench to a cord near the shut-off valve secure the main gas line in a fenced and locked area communicate the location of the shut-off valves to the local fire department know your natural gas distribution system to identify how the gas pipelines are laid out paint the shut-off valves with fluorescent or white paint to increase their visibility

4. Fire protection
Though fire prevention is primarily concerned with saving lives, it also involves identifying and disseminating information about alarms, exit routes, and refuge areas. Fire protection comprises three main activities: prevention, detection, and suppression. Fire prevention involves preventing and limiting fire-related problems before they occur. Fire detection involves detecting fire when it is still controllable while fire suppression is concerned with using

a suppression agent to contain and put out a fire. Fire-prevention measures include

using fireproof construction material providing fire-prevention training conducting fire drills storing backup media in fireproof containers using fireproof construction material The construction material for the facility should have the maximum possible fire-resistance capabilities. You should also exercise other preventive measures, such as building a nonflammable false ceiling, using fireproof walls and doors for data centers and server rooms, and storing combustible materials away from computer rooms and electrical equipment. providing fire-prevention training Through fire-prevention training, you can educate employees about ways to deal with emergency fire situations and inform them about emergency fire exits and the location of emergency power shut-offs and fire extinguishers. conducting fire drills You need to conduct periodic fire drills to test employees' awareness about how to safely exit the building and perform other precautionary steps, such as emergency power shut-off, while exiting the building. storing backup media in fireproof containers To minimize the damage that can be caused by a fire, backup tapes, software, and other critical documents should be stored in fireproof containers, preferably in an off site location. The goal of fire detection is to detect a fire in its early stages to facilitate the quick control of the fire and minimize the damage to property and other resources. Different fire-detection systems available are

ionization smoke detectors photoelectric detectors heat detectors

ionization smoke detectors Ionization smoke detectors can identify charged particles in smoke and trigger a warning alarm to activate the fire-suppression system.

photoelectric detectors Photoelectric or optical detectors detect variations in light intensity. They function by sending a straight-line beam of light from a sender device to a receiver device. When this beam is obstructed by smoke, the device sounds a warning alarm to activate the suppression system. heat detectors Heat-activated detectors can be of two types:
rate-of-rise temperature sensors you can configure these to sound an alarm when the temperature increases over a period of time fixed-temperature sensors you can configure these to sound an alarm when a predefined temperature is reached

Along with installing various fire-detection systems, you can exercise appropriate fire-containment measures, such as creating different fire barriers and using vents, dampers, and the HVAC system, to contain the spread of fire and smoke. You can suppress or extinguish a fire either manually with the help of portable fire extinguishers or automatically through water sprinkler systems or halon or CO2 discharge systems. You need to know the different categories of fire to be able to select the most appropriate fire-extinguishing agent. These are the four different categories of fire: type A type B type C type D

type A Type A fires consist of common combustibles, such as wood products, paper, and laminates. These can be suppressed with water, or soda acid. type B Type B fires consist of combustible liquids, such as petroleum products and coolants and can be suppressed using halon or halon substitutes, CO2, dry powders, or soda acids. type C Type C fires consist of electrical equipment and wires and can be extinguished using gas, dry powders, or CO2. type D Type D fires consist of combustible metals and can only be suppressed with dry powder.

You should install a portable fire extinguisher near any electrical equipment. Generally, these extinguishers have markings to indicate which type of fire they should be used on. You should use a type ABC extinguisher to suppress a computer room fire because computer rooms can contain all element types, such as combustible solids, liquids, and electricity. Fire extinguishers are primarily used to provide an escape route for people to exit the building. They can be used to extinguish fire only when the fire is small enough and only after all the people have been evacuated. Automatic water sprinkler systems are another commonly used fire-suppression system. However, they can cause water problems and increase fire intensity in case of electrical fires by working as electricity conductors. Therefore, all electricity must be turned off before activating a water sprinkler system to extinguish an electrical fire.

Summary
The first step toward ensuring internal security involves securing the power supply of the facility. Some methods of protecting against power problems are surge suppressors, UPS, power line conditioners, backup sources, and static controls. The HVAC system should be protected against unauthorized access or sabotage. Additionally, you should have a separate air-conditioning system for data centers and server rooms. Appropriate controls should be implemented to secure the facility's water and gas supply systems. Some water damage controls include installing emergency shut-off valves and adopting proper mold and mildew controls. Fire-protection comprises three main activities: preventing a fire before it occurs, detecting a fire when it is small and controllable, and suppressing a fire in the event of an emergency.

Intrusion Detection Systems

Learning objective

After completing this topic, you should be able to select the most appropriate intrusion detection technology for a scenario.

1. Overview to IDS

Intrusion detection systems (IDSs) are mechanisms that are employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity. An IDS uses different devices to sense changes in an environment and detect the presence of an intruder. All IDS devices act as support mechanisms that can detect unauthorized entry and raise an alert to activate the security response system. The IDS devices can be installed at entry points, such as doors, windows, walls, and ceilings. The IDS mechanisms can be used to detect changes in electrical circuits microwave fields beams of light sounds vibrations motions ultrasonic fields

The different technologies used by an IDS include photoelectric system passive infrared system vibration detection system acoustical detection system motion detection system electro-mechanical system electrostatic detection system

photoelectric system The photoelectric system of IDS functions by detecting changes in a light beam. This IDS uses a projected light source to send the light beam and a light-sensitive cell to receive this light beam. passive infrared system The passive infrared (PIR) system of IDS functions by detecting fluctuations in the infrared energy within the protected area. This IDS detects the rise in the particle's temperature caused by the presence of an intruder. vibration detection system The vibration detection system of IDS uses vibration sensors to detect any vibrations caused by forced entry attempts. acoustical detection system The acoustical detection system of IDS uses sound sensors to detect any variation in sound within the protected area. motion detection system The motion detection system of IDS detects changes in wave pattern caused by a motion. This IDS uses microwave or ultrasonic motion sensors to detect these changes. electro-mechanical system The electro-mechanical system of IDS functions by detecting a break in an electrical circuit. This device can be installed at building entry points to detect unwanted penetration. electrostatic detection system The electrostatic detection system of IDS functions by detecting a capacitance change in an electrostatic field. An IDS device cannot prevent or apprehend intrusions by itself. It requires human intervention to respond to security alarms. Therefore, these mechanisms need to work in close collaboration with other security mechanisms, such as security guards, patrol forces, and guard dogs. Security guards or security patrols can provide an appropriate response to suspicious activities and can work as an effective deterrent for intrusion attempts. However, because of the recurring expenses, such as salary, benefits, and leaves, associated with security guards, these can prove to be a costly solution for an organization. Guard dogs can also be trained to detect and deter intrusion attempts. Because of their inherent traits, such as intelligence, loyalty, and superior hearing and seeing powers, dogs can be effectively used to provide supplementary security services.

2. IDS technologies

The photoelectric system of IDS detects changes in a light beam using a light-sensitive cell and a projected light source. The IDS projects a beam that hits a specified receiver. An alarm is activated the moment this beam is interrupted at any point. To avoid being detected by intruders, this beam can be made invisible by using an infrared filter over the light source. Moreover, with the help of hidden mirrors, you can make this beam criss-cross over itself until it reaches the receiver. This fills the area with many light beams, increasing the chances of intrusion detection. An IDS using a photoelectric system can be very reliable if used in a windowless environment. Another advantage of this system is that it can be used in open entry points, where obstructions cannot be used. Some disadvantages associated with this IDS are intruders can climb over or pass under the beam if they detect the beam when used in an open environment, fog, rain, dust, or smoke can cause frequent false alarms

The photoelectric system of IDS will be an appropriate security device for a jewelry exhibitor, who is exhibiting priceless jewels in a windowless room. This exhibitor can install the photoelectric IDS in the room to prevent any intrusion attempts. The passive infrared (PIR) system of an IDS uses an optical device to view a specified area. It constantly measures the emission of infrared energy from this area to detect any variation in the specified energy level. To focus the distant infrared energy on the measuring element of the PIR detectors, it uses lenses or mirrors. The system notifies the security system by sending an alert when there is an increase or fluctuation in the received energy, caused by the presence of an intruder. The PIR movement detectors can detect the radiation of heat caused by body heat as well as movement caused by blocking the received energy. The PIR system has become the preferred method of motion detection because of the flexibility and ability that it offers to control the area in view. However, a PIR system can raise false alarms if it detects changes in heat that are caused by factors other than humans, such as an HVAC system. The PIR system can be most appropriately used to secure a data center containing critical equipment. This system can be installed in the data center and can be activated during off hours. If an intruder enters this data center during unauthorized periods, the system triggers an alarm.

The vibration detection system of IDS uses vibration sensors mounted on doors, walls, floors, or ceilings to detect changes in vibrations. This system detects the vibrations caused by an attempted forced entry and activates the alarm. The vibration detection system is a good mechanism for securing critical entry points that intruders can use to enter secure areas. This system is also easy to install and is, simultaneously, quite economical. But, this system is prone to nuisance alarms if installed in areas with latent vibrations, such as near railway tracks or airports. The vibration detection system of IDS can be implemented to secure the exterior walls of a bank against forced penetration attempts by intruders. Such attempts will be detected in the early stages by the vibration detection system, which will alert the bank security system, minimizing the losses to the bank. These are some more technologies used by an IDS: Acoustical detection system Motion detection system Electro-mechanical system Electrostatic detection system Acoustical detection system The acoustical detection system of IDS detects the sounds made during forced entry. This system uses very sensitive microphones that can be installed on walls, ceilings, or floors and can detect any changes in sound volume. An advantage associated with the acoustical detection system is that it is economical and can be installed very easily. However, it can raise false alarms if it is installed in areas with high extraneous sounds, such as sounds of traffic, airports, or storms. The acoustical detection system is commonly implemented by banks to provide security solutions for bank vaults. This system can detect attempts of forced penetration, such as drilling through the external walls, ceiling, or floor of the bank's vault, and trigger an alarm to activate the security response system. Motion detection system The motion detection system of IDS uses microwave or ultrasonic sensors to detect changes in wave patterns caused by motion. These devices generate a wave pattern that is sent to the enclosed area to be protected and is reflected back to a receiver. Any motion inside this area will disturb the wave pattern received by the receiver and activate the alarm. The ultrasonic motion detection system emits a pattern of acoustic energy to fill the protected area. Any motion in this area leads to a disturbance in the energy pattern and sets off an alarm to alert the security system. The ultrasonic motion detection system can be very effective in detecting intrusions because it is

not visible to the intruders. But, a vulnerability associated with this system is that it can be activated by external sounds and can raise false alarms. You can lower the sensitivity level of the sensors to overcome this problem. However, lowering the sensitivity will reduce the effectiveness of the system. A microwave motion detection system transmits a pattern of radio waves, which is reflected back to an antenna. Any movement inside the protected area causes a change in the frequency of the reflected waves. The system triggers an alarm if it detects a change in this frequency. You can use the microwave system to provide coverage to large areas if the antennae are properly placed. However, because microwaves can penetrate through thin walls, this system can be accidentally activated by objects that are outside the protected area. Say, a company wants to detect any activity in its remote backup site during off hours when no one is allowed to enter this backup site. More importantly, they want to be immediately informed of any unauthorized movement in this remote backup site. An ultrasonic or microwave sensor can effectively be used as a solution in this situation. Electro-mechanical system An electro-mechanical system detects a change or break in an electric circuit. You can install electrically sensitized metal strips or foils on doors or windows to create an electric circuit. A forced entry attempt will cause this circuit to break, which in turn will set off the alarm. Similarly, you can install magnetic contact switches on doors or windows. Opening the window or door will cause the contacts to separate and trigger an alarm. Pressure pads are another type of electro-mechanical detector. You can place the pressure pads under the carpet and activate them during off hours. Anyone stepping on this carpet during unauthorized hours will trigger an alarm. The electro-mechanical system is very effective because it rarely causes false alarms and is mostly trouble free. But these can prove to be a costly solution if the area to be protected has many entry points. Say, an old museum building, with large French windows, contains some priceless art pieces. The museum authority wants to implement security devices on the exterior windows to alert the museum security operations team when someone attempts to break into the museum through these windows. An electro-mechanical detector would be an ideal solution to address the museum's needs. Electrostatic detection system The electrostatic IDS works by detecting capacitance change in an electrostatic field. It creates a measurable electrostatic field around the object to be protected. The body capacitance of any intruder entering this field disturbs the electrostatic balance of the area and causes the capacitance change. The system detects this change and activates the alarm.

The electrostatic system is a flexible system that can be installed to secure specific objects, such as a safe, cabinet, door, window, or artwork. It is also easy to install and operate. But a disadvantage with the electrostatic system is that it can only be applied to ungrounded equipment. Suppose, an art museum authority wants to provide individual security to each valuable art piece kept in the museum. An electrostatic detection system would effectively address the specific security needs of the art museum to protect the individual art pieces.

Summary
Intrusion detection systems (IDSs) are employed to monitor and detect possible attacks and raise an alarm to activate the security response system. The IDS mechanisms can be used to detect changes in electrical circuits, microwave fields, beams of light, sounds, vibrations, motions, and ultrasonic fields. The different technologies used by an IDS to detect such changes are photoelectric systems, PIR systems, vibration detection systems, acoustical detection systems, motion detection systems, electro-mechanical systems, and electrostatic systems.

Compartmentalization
Learning objective

After completing this topic, you should be able to select the appropriate strategy for securing compartmentalized areas in a given scenario.

1. Compartmentalized areas
An organization may decide to create a compartmentalized area if it is determined that by isolating the sensitive data and processes, the chances of a major loss to the organization can be minimized. Usually, such compartmentalized areas are found in organizations requiring high security, such as government facilities, military establishments, aerospace enterprises, chemical laboratories, and electronic industries. A compartmentalized area refers to a specific location within a facility, where highly sensitive equipment and information is stored or processed. These areas can either remain active 24 hours a day or can be open to a selected few at specific times only. Because of the sensitivity of the information that it contains, a compartmentalized area is usually a restricted access area and needs to be protected all the time. For effective protection, the compartmentalized areas must have automatic entry controls. Moreover, those who are authorized to enter these areas need to undergo exhaustive background investigations to avoid any fraud. These personnel are also subjected to regular need-to-know determinations to verify their requirement for access permissions.

2. Securing data center or server rooms

Because of the criticality and sensitivity of the information that is processed in a data center or server room, you need to implement strict security clearance and control mechanisms to protect their integrity. Some access control measures that can be adopted to protect a data center or server room are electronic access controls physical access controls administrative access controls

surveillance mechanisms electronic access controls Access to the data centers and server rooms should be controlled using security badges, smart card readers, or biometric readers. physical access controls You should install alarmed doors, which can be activated during nonworking hours, for the data centers. Moreover, you can secure access doors with locks, both during office hours and after business hours. You should also ensure that the lock combinations are changed whenever appropriate. The secondary access doors to the server rooms should be locked from inside to prevent outside access. administrative access controls Organizations should have strict access control policies dictating access control during normal business hours, post business hours, and during emergencies. An access control list, stating who is allowed unescorted entry into the room, can be posted on the access door. Additionally, all entries into the room should be documented along with the reason for entry. surveillance mechanisms Surveillance mechanisms, such as closed circuit television can be installed to facilitate continuous monitoring of the area.

The data centers or server rooms should be located in the center of the building, away from the external walls and windows to provide protection from natural disasters or bomb attacks. Moreover, the location of the data centers should not allow direct accessibility from public areas to prevent people from loitering around the sensitive area without a reason. The location of the data centers should be determined based on some more considerations. A data center or server room should be located away from water pipes to prevent water damage not be located on roof tops to allow easy access for emergency crews not be located in basements to prevent against flooding be located well above ground level in hilly areas

To safeguard the structural integrity of data centers or server rooms, these should be constructed as a single unit rather than multiple small units. Some good practices that you should follow when constructing data centers or server rooms include wall construction practices door installation practices

wall construction practices You must ensure that no wall of the data center is a part of the external wall of the building. To prevent intruders from entering the room by climbing over the wall, these walls should extend right up to the true ceiling of the room. The roofs, walls, and floors of this room should not form part of an adjoining area that is not under the control of the security administration. Additionally, you must use shatter-resistant glass if you are using a glass wall structure for the room. door installation practices When installing doors in data centers, you must use solid core doors and ensure that they open inward. The doors must be firmly mounted on doorframes, which in turn should be securely fixed to the wall studs. You must also review the emergency exit door's locking mechanisms. To safeguard the data centers and the server rooms against fire, you should install portable fire extinguishers close to equipment and exits. You can install fire sensors or smoke detectors to provide early warning of fire. You must also install water sensors under raised floors to detect water leakage, which can cause a fire hazard if the water comes in contact with the electrical cables running underneath the raised floor. In addition to protecting against fire threats, you need to safeguard these utilities for data centers and server rooms: Power supply HVAC system Power supply To ensure continuous and clean power to the data center and server rooms, these should have a separate electrical power supply from the rest of the facility. You should also arrange for a redundant power supply for these rooms from a different power supply source. This can act as a backup supply that can keep the critical services running in the event of a power failure. The data centers should also have their own backup power supply, such as an uninterrupted power supply (UPS) or a generator. It is equally important to test the backup systems regularly to ensure that these are functioning. You should have properly secured electrical closets, power cables, and wiring in the server rooms or data centers. In addition, you should install emergency power turn-off switches near all exits to facilitate power turn-off in case of fire. To prevent the unauthorized use of these emergency switches, you should encase them in protective plastic covers. HVAC system You should ensure that the vents and ducts of the heat, ventilation, and air-conditioning (HVAC) system are too small to allow intruders to crawl through and penetrate into the server rooms or data centers. If required, you should also protect the ducts and vents using some type of barrier bars. It is also necessary to maintain positive air pressure inside the data center to prevent air contaminants from being sucked into the room.

Because extreme temperatures and humidity can cause acute damage to the sensitive equipment and critical data stored in the server rooms or data centers, you should install separate airconditioning controls for these rooms. If possible, you should have a separate HVAC system for the data centers and server rooms, independent of the rest of the building.

3. Protecting computer equipment

The simplest method of securing your computer equipment against theft is to bolt down the computers. You can also secure the workstations and servers with locks that require special keys, such as smart cards, electronic tokens, or cryptographic algorithms. Apart from securing the computer equipment, you should construct the computer rooms in a way that is equipment-friendly, rather than people-friendly. The computer room should allow for the optimum and efficient usage of space. You can stack the smaller systems vertically, place them on racks, or inside equipment cabinets. You can also save on cable cost and reduce the tripping hazard by keeping the wiring close to the equipment. Portable devices include laptops, notebooks, and handheld devices, such as personal digital assistants (PDAs). You need to devise user-friendly security controls to protect the portable devices and the data stored on them. The different solutions available for portable equipment security are locks tracking motion alarms encryption software locks You can use several types of locks to secure the laptops and notebooks that are kept in docking stations or some fixed location. To prevent the laptop from being stolen, you can use steel cords to wrap around the laptop or attach a crossbar that is cabled to the desk. tracking You can install tracking software on the portable devices. This software enables the portable device to send homing signals to a monitoring network, whenever it is connected to the Internet or a phone. If the device is stolen, these signals help track the location of the device. motion alarms You can install an audible motion alarm on your portable device, which can sound an alarm if the device is taken beyond a specific perimeter. Some motion alarms can provide additional security by disabling the boot routine or encrypting the data on the hard drive if the laptop is moved beyond a specific perimeter.

encryption software You can secure the data on your laptop by installing encryption software. This software encrypts all the data and allows access only through some access control system, such as by using a biometric device, inserting a smart card, or entering a password. You need to observe these general guidelines for the security of your portable devices: always keep the device close by and never leave it unattended back up the data of the laptop and store it on a separate system do not check the laptop as luggage when traveling encrypt all sensitive data on the portable devices engrave an identification number on each portable device ensure the regular update of anti-virus software on laptops maintain an inventory of all portable devices along with their serial numbers use a locking cable when leaving the laptop on a desk use a sturdy, waterproof, but nondescript case to carry the portable device

4. Securing objects
Object protection is the final layer of security in a layered security system. Objects denote the items that are placed inside a secured container, such as a vault, locked cabinet, or safe. When using security containers, such as a safe, you should consider the degree of theft protection it provides. A theft-resistant safe is built with steel or other metal alloys that provide resistance against attacks by tools or explosives. Fire-resistant safes are also available that are installed with insulating material to provide protection against fire. But these safes usually do not offer the same theft-protection capabilities. Safes are designed to provide resistance against attacks. However, you must remember that these cannot be attack-proof. Any safe can be stolen or destroyed, although the time taken for this may vary depending on the type of safe. To determine the appropriate type of security container to use, you must understand the security ramifications of the items that need to be secured. For example, bank safes need to provide the highest level of resistance against attacks as well as fire. You can exercise some security measures to secure the safes: create strong combinations for safes with combination locks change these combinations frequently and make these known only to a selected few

install a lightweight safe in reinforced concrete or anchor it to the building install a relocking device on the safe, which activates if forced entry is attempted install the safe in a visible location that can be easily monitored for unauthorized access

Summary
A compartmentalized area stores highly sensitive equipment and information and, therefore, is a restricted access area that needs to be protected all the time. Strict security clearance and control mechanisms need to be implemented to protect the integrity of the data center or server rooms. These rooms should be appropriately located and should be secured with appropriate access controls. Appropriate fire control measures should also be implemented. The simplest method of securing computer equipment against theft is to bolt down the computers. The portable computing devices and the data stored on them can be protected by using locks, encryption software, tracking software, and motion alarms. Object protection is the final layer of security in a layered security system. You can secure objects by placing them inside a security container.