Chapter 6 - 01 - Understand the Importance of Physical Security_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Module 1 Understand the Importance \‘\ of Physical Security y / Flow 3 Describe Workplace Security 4 Describe Various / z Discuss Various Physical Security Controls Environmental Controls Understand the Importance of Physical Security Physically safeguarding systems and networks is the top priority of network section explains the importance of physical security in organizations. Module 06 Page 620 security. This Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Need for Physical Security o A successful unauthorized physical access may lead to thefl, The physical layer of your network is not protected by traditional firewalls é.............................................................................. damage, or modification of the information systems @) Application Layer 7 @ Presentation Layer 6 y A physical security breach can directly impact confidentiality, : & integrity, and availability of information and systems & ] Physical security is the basis of any information security & program in an organization. It deals with restricting unauthorized physical access to the infrastructure, office a premises, workstations, and employees of the organization \. L ealiognd Session Layer 5 Transport Layer 4 - D} Traditional F—— Network Layer 3 Data Link Layer 2 Physical Layer 1 The 7 Layers of OSI Copyright © by EC L All Rights Reserved. Reproductionis Strictly Prohibited. Need for Physical Security Although cyber-attacks are becoming increasingly complex, attackers continue to use various techniques to compromise the physical security of an organization. However, organizations are increasingly focusing on strengthening their IT security, which overshadows physical security. Physical security is the most overlooked aspect of security, and this fact has been brought to the notice of many organizations over the last five years. Knowing this fact, attackers are taking advantage of loopholes to compromise the physical security of organizations. According to data collected by the US Department of Health and Human Services Breach Portal, physical security breaches are among the most frequently occurring security incidents in organizations. According to the findings of the fifth annual Horizon Business Continuity Institute (BCl) Scan Report, physical security is now perceived as a growing concern for business continuity professionals. According to this report, a degree of concern has been expressed with regard to the possibility of both an act of terrorism and a security incident such as vandalism, theft, or fraud disrupting the organization at some point. Physical security breaches are vastly different from other security breaches. They can be performed with little to no technical knowledge. Physical security concerns arise because conventional security measures such as firewalls and IDSes do not ensure physical security. Deploying a firewall at various levels ensures security from different types of attacks but does not ensure the physical security of the organization. A conventional firewall is entirely unrelated to physical security as it works above the physical layer of the OSI model. Thus, conventional firewalls do not protect the physical layer of a network. A successful attempt at unauthorized physical access may lead to the theft, damage, or modification of information systems. A physical security breach can directly impact the confidentiality, integrity, and availability of information and systems. Therefore, physical Module 06 Page 621 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 security forms the basis of any information security program in an organization. It entails restricting unauthorized physical access to the infrastructure, office premises, workstations, and employees of the organization. The physical layer of your network is not protected by traditional firewalls fi & O fl ) O a Application Layer 7 Presentation Layer 6 S Session Layer 5 Transport Layer Traditional 4 FlreENall Network Layer 3 Data Link Layer 2 Physical Layer 1 The 7 Layers of OSI Figure 6.1: OSI layers and physical security Physical security cannot be ensured in the same manner as network, application, or database security, and separate security measures are required for physical security. Physical security should be implemented at the physical layer of the OSI model. A physical layer includes the following: = All cabling and network systems = Physical access to cables and systems = Power support for cables and systems = Environment supporting the systems Module 06 Page 622 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Physical Security Attack Vectors Natural/Environmental Threats Man-made Threats v Floods v Vandalism v Fires v Device loss Earthquakes Damage of physical devices Lightning and thunder 1_dbmy Temperature and humidity Theft Terrorism Social engineering Unauthorized access to systems D TaR 0 rk D @ oy Copyright © by EC-CounciL All Rights Reserved. Reproduction is Strictly Prohibited Physical Security Attack Vectors Organizations are at a risk of the following types of physical security threats. Natural/Environmental Threats * Floods: Floods commonly occur because of heavy rains or the melting of ice. Floods may affect electrical systems and server rooms in an organization. Server rooms located in the basement have a greater chance of being affected by floods. = Fires: Fires mainly occur because of short circuits or poor building materials. They may affect the operational facility and computer rooms in an organization. Fires can damage the hardware, cabling system, and other important components. = Earthquakes: An earthquake is the sudden release of stored energy in the Earth’s crust that creates seismic waves. It disrupts the physical infrastructure in an organization. It damages computers and other hardware devices and documents in the sensitive areas inside an organization. Moreover, it can affect the safety or security of the organization. Earthquakes mainly affect the cabling, the wiring system, and the physical building itself. Any damage to the cabling system affects the working of the computer systems. = Lightning and thunder: Lighting and thunder occur because of environmental changes. It necessitates the shutdown of all outdoor activities. Lightning and thunder lead to power and voltage fluctuations that, in turn, affect the working of systems. In particular, it may affect the memory chips and other hardware components of a system. It may lead to a short circuit in the cabling and other wiring systems if they are not covered properly. The information system may stop working with one lightning strike. Lightning may damage all electrical and electronic appliances and lead to the loss of all sensitive information. Module 06 Page 623 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Temperature and humidity: Exam 212-82 Computer systems operate in a certain range of temperatures; otherwise, they function in an inappropriate manner. Computer systems do not work well in hot areas and may become damaged if the temperature increases or decreases by extreme amounts. Although every computer has cooling systems, the performance of a computer still depends on the exterior temperature conditions. Furthermore, electrical and electronic appliances in an organization may be affected by a change in humidity. A high humidity leads to issues such as corrosion and shortcircuits and damages magnetic tapes and optical storage media. A low humidity affects electronic devices mainly through electric discharge. Man-made Threats The most significant threat to physical components and the network is from man-made errors, both intentional and unintentional. There is a wide range of such possibilities, including hackers/crackers, theft, fire, and human error. Some examples of human error that may lead to man-made threats are the unintentional pressing of an incorrect button and unplugging of the wrong device. Typical man-made threats include mechanical errors, electrical disturbance, pollution, radio-frequency interference, and explosion. Vandalism: Disgruntled employees or former employees may attempt to compromise a system by willingly breaking or harming system components. During civil unrest or a disaster, there is a chance of systems being mishandled. Device loss: Unauthorized access may lead to the loss of important information and devices. Device theft is a concern if devices are not properly secured. Damage to physical devices: Improper device maintenance activities such as the improper handling of a device or information, failure to replace damaged devices, and poor cabling can damage physical devices to a great extent. Theft: Lack of proper security and locks may result in equipment theft. Terrorism: Terrorism activities such as the planting of a vehicle bomb, human bomb, or postal bomb in and around the organization’s premises impact physical security in many ways. Social engineering: Social engineering is defined as an illegal act of acquiring personal information from people. An attacker can gain unauthorized physical access by performing social engineering on an organization’s employees. Unauthorized access to systems: Both internal and external users can attempt to gain unauthorized access to a system or information about the organization. Module 06 Page 624 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.