Human Intrusion. Natural Disasters* Attackers looking to perform some sort of damage or obtain useful information



Similar documents
ARE YOU READY FOR A DISASTER? THE ROAD TO PHYSICAL SECURITY

Fax

Reduce the cost and delays associated with troubleshooting with the help of round-the-clock Service Desk Support.

AT&T Internet Data Center Site Specification - Phoenix Area (Mesa, AZ)

Security Policy JUNE 1, SalesNOW. Security Policy v v

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

SITECATALYST SECURITY

san francisco//usa data center specifications tel: fax: internet + intellectual property + intelligence

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN

AT&T Internet Data Center Site Specification Washington-DC Area (Ashburn, VA)

Course: Information Security Management in e-governance. Day 2. Session 3: Physical and Environmental Security

Learning Outcomes. Physical Security. Zoning systems. Zone 1 Open areas. Information Security

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Powering the Cloud Desktop: OS33 Data Centers

Information Technology Internal Controls Part 2

IT - General Controls Questionnaire

SolveXia Business Continuity Planning

Supply Chain Security Audit Tool - Warehousing/Distribution

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

melbourne//australia data center specifications internet + intellectual property + intelligence tel: fax:

NeuStar Ultra Services Physical Security Overview

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Understanding Sage CRM Cloud

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service

Frankfurt Data Centre Overview

AT&T Internet Data Center Site Specification San Diego Koll (San Diego, CA)

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

IBM Twin Data Center Complex Ehningen Peter John IBM BS 2011 IBM Corporation

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Physical Security Requirements. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Disaster Prevention and Protection Checklist

Best Practices for Telecommunications Network Reliability

Physical Security Policy

VISTA Operations Management Systems COMPLETE SECURITY SOLUTIONS FOR ANY RETAIL BUSINESS. Value Beyond Security

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

Physical Security. Paul Troncone CS 996

How To Visit An Internet Data Center

SHS Annual Information Security Training

Experience Matters...

State of Vermont. Physical Security for Computer Protection Policy

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

Alarm Systems. The purpose of an intruder alarm system is: Commonly utilised detection devices include:

Best Practices for Telecommunications Network Reliability

When Does a Hosted Tax Solution Equal Greater Peace of Mind?

singapore//singapore data center specifications tel: fax: internet + intellectual property + intelligence

Guide to Computer Forensics and Investigations, Second Edition

HIPAA Security Series

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Protecting the Palace: Cardholder Data Environments, PCI Standards and Wireless Security for Ecommerce Ecosystems

HIPAA Security Alert

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

DAtA security. the protection Of your INfORMAtION. Is OuR prime DIREctIVE

AT&T Internet Data Center Site Specification New York III (Secaucus, NJ)

SaaS architecture security

GATES, GUARDS, AND GADGETS: AN INTRODUCTION TO THE PHYSICAL SECURITY OF IT

hong kong//china data center specifications tel: fax: internet + intellectual property + intelligence

White Paper January The difference between an ASP and LCS EMR and what solution is right for you.


Tk20 Network Infrastructure

Application Development within University. Security Checklist

Our Hosting Infrastructure. An introduction to our Platform, Data Centres and Data Security.

AT&T Internet Data Center Site Specification Chicago Area (Lisle, IL)

ReadyGuard Touch Security System

Data Centre Basiglio, Milan Flexible, advanced and efficient by design.

INTRUSION ALARM SYSTEM

SOC 2 Report Seattle, WA (SEF)

White Paper: Server Room Environmental Monitoring

CISSP Exam Notes - Physical Security

Protection of Computer Data and Software

Enterprise Security Model in SAS Environment

Quick Start Guide. Rev. 1.0

LEVEL 3 DATA CENTER ASSESSMENT

Network Router Monitoring & Management Services

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

How To Ensure Security At A Site Security Site

HIPAA RISK ASSESSMENT

Tyan Computer. Transport PX22. Service Engineer s Manual

Data Centre Management

DC-8706K Auto Dial Alarm System

DATA CENTRE DATA CENTRE

Policy for Protecting Customer Data

GSM ALARM SYSTEM USER MANUAL

Data Center Presentation

Data Centre Services. JT First Tower Lane Data Centre Facility Product Description

Building tomorrow s solutions.

INFORMATION SECURITY FOR YOUR AGENCY

Print Shop/Mail Room

Safeguard your critical IT assets in a highly secure, fully redundant, environmentally-conditioned and constantly monitored hosting space to receive

GE Security. FHSD Monitor / Web Server user manual

Risk Management Report

DATA CENTRE DATA CENTRE MAY 2015

Understanding Alarm Systems

The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

BRANCH SECURITY REVIEW CHECKLIST

HIPAA Security. assistance with implementation of the. security standards. This series aims to

ECP & ECP240-32EX

Physical Security of Remote Pilot Stations and Aircrafts (when On Ground)

Transcription:

Physical Security

Types of Threats Human Intrusion Attackers looking to perform some sort of damage or obtain useful information Natural Disasters* Fire Flood Earthquake/Seismic Vibrations Power Outages/Fluctuations

Physical Protection from Human Attackers One example why physical security should be taken very seriously A The Phillips-head only tools you screwdriver need to break into an unsecured PC: Knoppix CD USB Thumbdrive or an external hard drive Knoppix Floppy BIOS password can be bypassed. Remove the machine s hard drive and put it in another machine Reset the BIOS password via jumpers on the motherboard Simply remove the CMOS battery to reset Once accomplished, boot off CD or floppy (in this example, KNOPPIX), and copy.

Resetting admin passwords has never been easier Insert the Windows XP installation on a healthy installation Choose to repair the installation While Setup is copying files, simply press Shift+F10 This brings up a console in which the user has administrative rights and can, for example, reset the current administrator s password.

Risk Assessment Determine your primary threats and act accordingly A very large company participating in the global market obviously has more at stake than John Q s Computer Store. While their susceptibility of attack is the same, the large company will house more profitable information and technology. FBI statistics indicate that approximately 72% of all thefts, fraud, sabotage, and accidents are caused by a company s own employees. Only about 5% is done by external sources.

The How-Tos of Protection Guarding the Outer Perimeter* Disguise Out of sight, out of mind If disguising is not possible High fences Barbed wire Round-the-clock security guard Security Cameras Motion Sensors The ServPath building, located in San Francisco, is a datacenter that houses supernodes for both AT&T and MCI.

The Workstations Workstations should ALWAYS be logged off or locked out whenever unattended Screens positioned such that they cannot be seen through the windows Hackers with telescopes to record keystrokes Workstations should be secured and physically locked while unattended Steel cable that runs through the computer case and attaches to an anchor to prevent the tower from being removed

Safeguarding the Computer Rooms Keep the doors locked Tuck networking cables out of sight Keep networking cables inaccessible from outside room Secure items in the room according to value Intrusion detection systems Ensure walls extend to the physical ceiling versus ceiling panels Attackers can gain access to the room via scaling the wall Access Control Methods Biometrics Key Card access w/ PIN #s Security Guard presence at all times Watchdogs if the assets merit Security Cameras

Control the flow of people in the building Employee and visitor badges Access restricitions to visitors and maintenance Any unscheduled dropoffs or deliveries should be verified with vendors You don t want the wrong people getting in

Physical Protection from Natural Disasters Physical security is more than "guns, gates and guards" Risk Assessment Proper security solutions require a proper threat assessment The likelihood of tsunami s is very low in Phoenix

Security Mechanisms Fire* Extinguishers Carbon Dioxide Halon Inergen Harmful to Humans Preferred Choice, but very expensive to refill Binds with available oxygen molecules to starve the fire Harmful to the ozone Safer and cleaner alternative to Halon Allows a breathable atmosphere and starvation of the atmosphere without ozone harm

Fire Detectors/Alarms Detectors VESDA Laser smoke detection Dry pipe suppression

Flood/Water Go to the high ground Locate sensitive equipment on the second story or above Don t allow water pipes to run through or around computer room Earthquake/Seismic Vibrations Airports, railroads, major thoroughfares, industrial tools, and road construction are common sources of vibration Common solutions involve supporting the foundation of computers with springs, gel-filled mats, or rubber pads. THE most effective solution: Don t position your data center near a source of seismic vibrations

Power Outages/Fluctuations UPS Large solutions available to large power consumption Generator When UPS just isn t enough Extreme Temperature/Humidity Control must be maintained over the environment Larger computers run hotter and thus more susceptible to heat in the room Humidity problems with moisture developing on the inside of the machine Redundant HVAC unit (Heating, Ventilation, and Air Conditioning) that can handle temperature and humidity control of the computer room, sheltered from the weather

THANKYOU

Physical Security

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information