Академический Документы
Профессиональный Документы
Культура Документы
Module Objectives
~Physical
Security ~Types Of Attacks ~Physical Security Threats ~Access Controls ~Mantrap ~Fire Safety
~ Laptop
EC-Council
Module Flow
Physical Security Types Of Attacks Physical Security Threats
Fire Safety
Mantrap
Access Controls
Laptop security
Biometric Device
Desktop Security
Dumpster Diving
PC Security
Physical Security
~
Attacker gaining access to physical security can obtain critical information related to an organization Few checks that should be ensured are:
Servers and work stations should be secured Routers, switches and other network equipment should be used as an access point to the network Wireless access point of the network should be protected Laptops should be secured when connected externally on the network IT assets should be managed and theft prevented
EC-Council
Internet Security
~
Trusted Networks
Networks inside the network security perimeter
Untrusted Networks
Networks outside the security perimeter lacking privileges over administrator and security policies
Unknown Networks
Networks neither trusted nor untrusted Resides outsides the security perimeter
EC-Council
Statistics
~
According to CSI/FBI Computer Crime Security Survey 2005, nearly 40% of victims ignore reporting computer intrusions According to Nationwide Mutual Insurance, 16% of the debit card victims bear the cost of fraudulent purchases A survey conducted by Nationwide on consumers revealed that 21% of the information are accessed by hackers from their home, car, mailbox, trash, wallet, etc The Global State of Information Security 2005, survey revealed that 37% had information security strategy and 24% of the respondents are still in the development process
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Types of Attackers
~
The explorer
Intruder who browses through all the site to know how things process Ex-employees and current employees who are displeased with the organization Intelligent agencies that deploy spies to gain confidential information Exploit computer systems to carry out terrorist attacks Attacks information security by stealing credit card numbers from e-commerce site and breach bank accounts
The spy
The terrorist
The thief
EC-Council
The hacktivist Related to cyber form of activism Utilize scripts and other automated attack tools, ignorant of what to do when unauthorized access is gained Sneaker for performing ethical hacking Mercenary hacker for performing social engineering attacks Some companys competing with each other tend to attain others confidential information Rival countries attacking information security of other countries
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
The competition
Enemy countries
EC-Council
Basic need for computers security is to avoid physical access by unauthorized persons Ensure security in following areas:
Access control
Constantly keep watch over unauthorized access of devices
Electricity
Guard against voltage fluctuations
Climatic conditions
Regulate the temperature of place wherein devices are located
Fire
Prevent fire and install fire alerting mechanism
Water
Secure machinery from floods and moisture
Backups
Refrain back ups away from magnetic fields
EC-Council
Facilitates monitoring of the physical activities of the people within and outside the organization Facilities Management
Group of people who manage access controls for a particular building structure
Secure Facility
Physical location equipped with access controls that intended to reduce the risks from physical threats
EC-Council
Guards
Estimate each situation as it arise by applying human reasoning
Dogs
Protects most valuable resource by strong sense of smell and hearing power
EC-Council
Electronic Monitoring Records the events in areas that other physical security controls may miss, using VCRs and CCTs
Alarms and Alarm Systems Provide notification for the occurrence of predefined events using sensors and alarms
Computer Rooms and Wiring Closets Guarantees the confidentiality, integrity and availability of critical data by wiring secretly
EC-Council
Types of Lock
Mechanical
Having key of carefully shaped pieces of metal
Electromechanical
Accepts keys like ID cards, radio signals, PINs
Categories of Lock
Manual
Fixed into doors and cannot be changed
Programmable
Allows key changes and can be changed
Electronic
Combination of sensor and mechanical lock and fixed into alarm system
Biometric
Uses physical characteristics of a person as a key EC-Council
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
TEMPEST
~ ~ ~
Refers to investigating and understanding compromised emanations (CE) Compromising emanations are defined as unintentiorial intelligence-bearing signals Sources of TEMPEST signals:
Functional sources:
Use switching transistors, oscillators. signal generators, synchronizers, line drivers, and line relays for generating electromagnetic energy
Incidental sources:
Use electromechanical switches and brush-type motor for generating electromagnetic energy
TEMPEST signals:
RED Baseband Signals (U) Modulated Spurious Carriers (U) (U) Impulsive Emanations Propagation of TEMPEST Signals (U)
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Mantrap
~ ~
Provides alternate access for resources Consists of two separate doors with an airlock in between Restricts access to secure areas Permits users to enter the first door and requires authentication access to exit from the second door Security is provided in three ways:
Pose difficulty in intruding into a single door Evaluates a person before discharging Permits only one user at a time
~ ~
EC-Council
Src:http://www.securitymagazine.com/Security/FILES/IMAGES/134664.gif Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council
Fire Suppression
Portable System:
Class A (interrupts ability of the fuel to be ignited) Class B (removes oxygen from the fire) Class C (uses nonconducting agents) Class D (uses special agents for combustible metal fire) Wet-pipe system
Gaseous System:
Dry-pipe system Pre-action system
EC-Council
Major Categories
Manual:
Includes human responses, manually activated alarms, etc
Automatic:
Includes automatic fire alarm consisting sensors
Basic Types
Thermal Detection:
Senses the heat in area by fixed temperature and rate of rise methods
Smoke Detection:
Senses the smoke by photoelectric sensors, ionization sensor and air-aspirating detectors
Flame Detection:
Senses the infrared or ultraviolet light produced by open flame
EC-Council
Temperature Extreme high or less temperature causes damage to sensitive hardware High Humidity: Results in short-circuiting of electrical parts Low Humidity: Increases the static electricity in the environment
Humidity
Static Electricity Increases electrostatic discharge that causes damage to sensitive circuits or shuts down the system Provides the way for intruders to break into the system
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Ventilation Shafts
EC-Council
Water Problems Less or excess of water both causes a real, dangerous threats
EC-Council
Backup power source that detects interruption of power to the power equipment
Standby or Offline UPS:
Offline battery backup that senses the interruption of power
Line-Interactive UPS:
Having pair of inverters and converters that charges the battery and gives power when needed
EC-Council
Skimming
~
Process where the account information stored on the magnetic stripe of a credit/debit card is copied for using an ATM Retrieves the PIN information A skimming device is a small electronic device that has the size of a pager Skimming devices are of two types:
Device that cause ATM to malfunction Device that do not cause ATM to malfunction
~ ~
EC-Council
Deploy secure cable and locks to safeguard laptops Use safes made up of polycarbonate material Activate motion sensors and alarms for tracking stolen laptops Fix warning labels containing tracking information on the laptops to deter thieves Other solutions applied are: Installing encryption software Using personal firewall Disabling infrared ports, wireless cards and plug out PCMCIA cards when not in use
EC-Council
Create passwords that are difficult to guess Use device locking software to password protect USB ports and infrared ports Perform regular updates on operating system software to identify loopholes and vulnerabilities Install antivirus and Spyware detection software Other measures include:
Disabling unnecessary user accounts and sessions of last user login Maintaining backup for all significant data stored
EC-Council
Biometric Device
~ ~ ~
Provides biological identification of person involving eyes, voice, fingerprints, etc Performs either identification or authentication Scan technologies:
Finger scan:
Identifies the configuration of peaks and valleys, or ridges, which distinguish one fingerprint from another
Facial scan:
Finding faces, matching faces against a database, and manually resolving 'matches' returned by the facial-scan system
Retinal scan:
Automatically image who place their eyes in the correct position and authenticate users based on the distinction of iris and the retina
EC-Council
Printer Security
~ ~ ~ ~ ~ ~
Restrict the use of printers for sensitive research data Be acquaint of the physical location of the printer as well as its functions and features Secure printer against physical threats like fire, flood and earthquakes Hold knowledge on the printer services, replaced components and the discarded non-repairable units Modify and replace the chip on the printers circuit board to secure data against third-party interception Configure printer with printer server that allows multitasking and employs mechanisms to control access
EC-Council
Desktop Security
~
People:
Education and awareness:
Educating people about the vulnerabilities and awareness to promote security consciousness among the users
Enforcement:
Ensures the security policy designed is effective and implemented
Process:
Level of governance required for each organization Policies, baselines and procedures for building management support, system configuration and operational steps respectively User classification for desktop access and effective access control Review and audit to check and verify the compliance against baseline Penetration testing for managing desktop security
EC-Council
Technology:
Centralized management:
Authorizes client applications to desktop Enables users to login from anywhere in the organization network and access the authorized information Ensures authorized users is granted access to each application
Password protection:
Passwords for multiple applications are captured and stored permanently and auto verified against every subsequent access
Desktop lock:
Protects unattended desktop from unauthorized access Detects the presence of virus on file stored via anti-virus software installed Preserves the confidentiality and integrity of the information
EC-Council
Dual booting: Uses boot loader that enables the user to choose the operating system to boot Advantages: Installing multiple operating systems on a single system minimizes the number of required systems Guides the user in installing operating systems like Linux on Windows platform Boot devices: Rescue disks used to recover corrupted systems User can boot from the CD or the floppy Examples: Trinux TOMSRTBT
EC-Council
BIOS:
BIOS settings secures the system Many tools exists that breach BIOS settings Configuring BIOS and LILO settings prevents such breaches Flashing the BIOS is another technique to devoid the BIOS C-MOS memory which involves three ways:
Identification and utilization of special jumper Disable the small lithium battery on the motherboard Electrically short out two or more pins form the C-MOS memory
EC-Council
Widely used boot loader for Linux known as Linux Loader Configuring LILO writes prompt to the console and waits for user input By default, boots Linux or Windows against no user input /etc/lilo.conf, configuration file holds all the possible boot options required by LILO Booting Linux to single user mode requires specifying:
LILO Boot : linux 1 (or) LILO Boot : linux t
EC-Council
Premise Security
~ ~
Premises is the physical area wherein the hardware is located Security should be thrust in the following areas by identifying: Malicious damage that threatens the business requirements Non-availability of essential services Accidental damage Equipment theft Unauthorized access to confidential information Physical threats like fire, flood, etc
EC-Council
Reception Area
~ ~
Benchmark normal arrival routines of persons and compare new arrival behavior Offer proper space, correct eye contact and non confrontational facial expressions or posture while encountering people Heed to intuition and sixth sense to prevent perilous situations to the organization Council people based on the requirements by guiding them to the respective staff who offer the genuine assistance Distinct suspicious persons:
Thieves, who comprise of opportunists and probers Solicitors and pedlars Charity organizations Ex-employees of the organization People involved in moving office properties
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
~ ~
EC-Council
Office Security
~
Weak elements of office involve work areas, garbage bins, consoles and laptops Examples of locations that are prone to attacks:
Post fix attached to the monitor containing passwords Open desk draw containing sensitive information Note book containing user names, system names and passwords Printouts, floppy disks, CD-ROMs, archive tapes and fax machines that hold information such as source code, email, database records Telephone list can be used to perform war dialing attack Manuals, memos, charts, calendars and letterheads that contain confidential information, agendas, network configuration, services, etc
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council
Dumpster Diving
~ ~
Searching the garbage of the targeted company to acquire information Obtained information may include credit card receipts, phone books, calendars, manuals, tapes, CDs, floppies, etc Sensitive information, though removed still resides in the systems recycle bin and can be restored back to the normal location Countermeasures:
Delete all contents from the storage device to prevent Shredding of hard copies of data
EC-Council
EC-Council
Summary
~ ~ ~ ~ ~ ~ ~ ~ ~
Attacker gaining access to physical security can obtain critical information related to an organization According to CSI/FBI Computer Crime Security Survey 2005, nearly 40% of victims ignore reporting computer intrusions Tempest refers to investigating and understanding compromised emanations (CE) Mantrap provides alternate access for resources Skimming is a process where the account information stored on the magnetic stripe of a credit/debit card is copied for using an ATM Biometric performs either identification or authentication Printer Security restricts the use of printers for sensitive research data Premises is the physical area wherein the hardware is located Dumpster diving is searching the garbage of the targeted company to acquire information
Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
EC-Council