• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Case-Harden Your Physical Security

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering

View previous topic :: View next topic  
Author Message
CHeeKY
Just Arrived
Just Arrived


Joined: 13 Feb 2003
Posts: 3


Offline

PostPosted: Thu Sep 11, 2003 1:50 pm    Post subject: Case-Harden Your Physical Security Reply with quote

Case-Harden Your Physical Security

You may be completely prepared to defend an online attack, but are you sure your data and systems are safe from actual intrusion?

By Mike DeMaria (mdemaria@nwc.com)
Nothing says there's a hole in your security like someone walking off with your servers. You could spend millions of dollars on access lists, firewalls, USB tokens, virus scanners, VPNs, passwords and patches to secure your network from online invasions, but none of those will protect you from offline attacks.

Physical security is essential. It prevents your machines from being stolen, damaged or taken offline by someone flipping the power switch, and it restricts physical access by an adversary who might want to attack your network.

We examined two ways of monitoring and restricting physical access: networked cameras and door locks. As you decide which devices are best for your environment, keep in mind that there are a hundred ways into a location. You need to consider every angle, just as an intruder would do.

The Eye Sees All
Gotta love the production value on Webcams--small, grainy live videos that run 24/7. Networked cameras are essentially the talented offspring of Webcams, and their video quality can vary enormously. Features include remote pan, tilt or zoom capabilities; programming to let you take monitoring or still shots; and add-ons that can capture many types of activity and conditions. Networked cameras not only deter criminals, they also monitor changes to your environment that can make or break you (see a review of NetBotz's Wallbotz monitoring device).

Indoor cameras may be mounted on the wall, off the ceiling, in an equipment rack or outdoors. Outdoor cameras are designed to be waterproof and withstand a wide range of temperatures. Most cameras need a power line. Be wary of those that work off battery, as they have a very short power life. Unless you buy a wireless-enabled camera, you'll have to run a network cable. Long cable runs (greater than 100 meters) may call for coax or fiber.

If image quality is important to you, use high-resolution cameras. And we've found that color cameras produce sharper images. Cameras supporting color correction are worth considering, since low-sodium and fluorescent lamps can cast a yellow tint and wash out all color. Some cameras also may support low light or night vision. Cameras near light fixtures may become oversaturated and wash out the picture, so it's a good idea to look for a camera that adjusts to ambient light levels automatically.

Many cameras feature a built-in Web server, which can be accessed from any browser. Other cameras may require you to upload still photos to an external FTP or Web server. This method makes it easy to archive old snapshots, and is limited only by the amount of disk space you can buy. If you plan to deploy a large number of cameras, look for a vendor that offers some form of centralized management or software that lets you display multiple cameras in one window.

You should also consider units that let you limit users based on IP address range or passwords. If you don't limit access, an attacker could use the images generated by the camera to reconnoiter your room.

Environmental monitors are an excellent add-on to any camera. These probes and sensors, which are easily attached to the camera's system, can often be programmed to alert you to changes. Add-ons monitor conditions such as temperature, airflow, humidity, power draw, doors and sound levels.

To see all options, check out Network Computing's vendor survey responses in its [url=ibg.networkcomputing.com/ibg/Guide?guide_id=4425]Physical Security: Networked Cameras[/url] Interactive Buyer's Guide.

When it comes to purchasing door locks, the options are limitless. Some advanced locks require a form of power to operate. For nonmechanical combination locks, the power source might be a small built-in battery, while magnetically sealed locks need a constant power feed. If you go this route, find out what happens when, inevitably, the power goes out or the battery dies.

For locks that require power, there are two common modes when the power fails: fail-secure and fail-safe. If a lock's power-off state is fail-secure, it will remain locked; if it's fail-safe, the lock opens when the power goes out. Thus, fail-safe locks are vulnerable: Cut the power source, and the door opens.

So fail-secure is better, right? But what if there's an emergency, such as a fire? Will people be able to get out of the room easily if the door stays locked? Can firefighters get in? You'd never let security trump employee safety.

As a work-around, some fail-secure locks can be set to unlock automatically when the alarm system sounds. Other locks come with an option for fail-secure for entering but fail-safe for exiting. To see all options, check out Network Computing's vendor survey responses in its [url=ibg.networkcomputing.com/ibg/Guide?guide_id=4405]Physical Security: Locks[/url] Interactive Buyer's Guide.

Every lock needs an authentication mechanism. Metal keys are familiar, easy to use and hard to break -- but they can be easily copied, and if an employee loses one, you'll have to change all like keys. Magnetic stripes, smartcards and radio (RF) cards offer greater security: In addition to requiring specialized equipment to duplicate, each has a unique identifier that provides a log of entrances and exits and lets you revoke access if necessary.

To validate a user's key, reader devices are placed in front of doors. These door readers can be standalone units or networked together. Networked readers require new cabling, which can become quite expensive, but you won't have to go to every door to update enrollment. If you have high employee turnover or a large number of doors, the networked approach may be worth the money.

All token authentication has a common failure point -- if it's stolen or borrowed, anybody can gain access. If the token is lost or left at home, the employee can't get in until it's replaced.

Combination locks overcome this problem. The longer the combination phrase, the harder it is to guess the combination. The best combination locks can detect repetitive failures and offer a cooling-off period or an alarm. Of course, it's still possible for someone to look over a user's shoulder and see the combination being punched in. The most effective locks are those that use both a token, such as a key, and a combination that only the user would know.

Biometrics let you authenticate identity based on physical traits like fingerprints, handprints, voiceprints and retinal scans. But this option poses problems, including difficulties with enrollment, lack of user acceptance and environmental interference (see Network Computing's [url=ibg.networkcomputing.com/ibg/Guide?guide_id=4164]Biometric Authentication[/url] Interactive Buyer's Guide). One way to ease into biometrics is to look for a setup that will integrate with existing authentication systems. For the smoothest transition possible, you must have user buy-in and follow the manufacturer's instructions.

Be sure the lock you choose fits the environment. If it's not waterproof, it shouldn't be installed outdoors. As for biometrics, some locations have a high concentration of airborne particles that may cause the sensitive equipment to fail and the locks to jam.

Finally, the strength of the lock should be equal to the value of the equipment you're protecting. At Network Computing's Real-World LabsŪ at Syracuse University, we've broken the magnetic hold on several cheaper locks.

Michael J. DeMaria is an associate technology editor based at Network Computing's Syracuse University's Real-World LabsŪ. Write to him at mdemaria@nwc.com.

source: http://www.securitypipeline.com/showArticle.jhtml;jsessionid=4NIBVPWNPLTCUQSNDBCCKHQ?articleId=14500030

**Note: overall, good points to read and always nice to refresh your physical security Smile

Edited by Rottz: Added Source Link, and Article links, Authors email, Title Formating.
Back to top
View user's profile Send private message
amokk1
Just Arrived
Just Arrived


Joined: 16 Sep 2005
Posts: 0


Offline

PostPosted: Fri Sep 16, 2005 7:19 am    Post subject: Good Stuff ! Reply with quote

Yep, thanks for the information. Helped me a lot Smile
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register