Chapter 6 - 02 - Discuss Various Physical Security Controls PDF

Summary

This document discusses various physical security controls used in organizations. It categorizes these controls based on their functionality (preventive, detective, deterrent, recovery) and provides examples. Detailed information about physical security including security locks, cameras, and other technologies are also discussed.

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Module 1 Understand the Importance of Physical Security 2 Discuss Various Physical Flow Security Controls 3 Describe Workplace Security 4 Describe Various Environmental Controls Discuss Various Physical Security Controls This section explains various physical security controls that can be used in organizations. Module 06 Page 625 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Types of Physical Security Controls o Preventive Controls Q o Prevent security violations and enforce various access control mechanisms QO Examples include door lock, security guard, and other measures Detective QO Detect security violations and record any intrusion attempts Controls O Examples include motion detectors, alarm systems and sensors, video surveillance, and other methods Deterrent Controls O Used to discourage attackers and send warning messages to the attackers to discourage intrusion attempts QO Examples include various types of warning signs Recovery QO Used to recover from security violation and restore information and systems to a persistent state Controls O Compensating Controls Examples include disaster recovery, business continuity plans, backup systems, and other processes 0 Used as an alternative control when the intended controls failed or cannot be used O Examples include hot sites, backup power systems, and other means Copyright © by EC-{ L All Rights Reserved. Reproduction is Strictly Prohibited Types of Physical Security Controls Physical security application. following. Based controls are categorized on their functionality, based the types on their functionality of physical security and control the plane include of the Preventive Controls These controls prevent security violations and enforce various access control mechanisms. Preventive controls may be physical, administrative, or technical. Examples include door locks and security guards. Detective Controls These controls detect security violations and record any intrusion attempts. They act when preventive controls fail. Examples include motion detectors, alarm systems and sensors, and video surveillance. Deterrent Controls These controls may not prevent access directly. They are used to discourage attackers and send warning messages to them to discourage an intrusion attempt. Examples include various types of warning signs. Recovery Controls These controls are used in serious situations to recover from security violations and restore information and systems to a persistent state. Examples include disaster recovery, business continuity plans, and backup systems. Module 06 Page 626 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls = Exam 212-82 Compensating Controls These controls are used as alternatives when the primary controls fail or cannot be used. They do not prevent any attack attempt but attempt restoration using techniques such as restoring from a backup. Examples include hot sites and backup power systems. Based on the plane of application, the types of security controls include the following. * Physical security controls such as doors, secure facilities, fire extinguishers, and flood protection * Administrative security controls such as the organization’s guidelines to provide information security * Technical security controls such as IDSes/IPSes, firewalls, and authentication systems Module 06 Page 627 policies, procedures, and Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Location Considerations Visibility of assets Neighboring buildings Local considerations Impact of catastrophic events Joint tenancy risks L All Rights Reserved. Reproduction is Strictly Prohibited Location Considerations Organizations should consider various factors that may to buy or lease a building. The factors to consider may buildings, joint tenancy risks, power and water supply, private roads, transportation, emergency support, fire affect physical security before planning include the facility location, neighboring sewage systems, proximity to public and stations, hospitals, airports, local crime or rate of riots, and prior security incidents in the surrounding area. The location should not be prone to natural disasters such as floods, tornadoes, earthquakes, hurricanes, excessive snow or rainfall, mudslides, and fires. Module 06 Page 628 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 o Identify what are the critical infrastructures o Have a separate location for the server and storage room o Identify what safety measures are required for these systems C Have emergency exits 0D Make plans to manage environment hazards 0D Define who will be responsible for managing these systems 0O Establish procedures explaining how they should be protect ed 0 Use a proper sanitation system such as manholes, sewers etc. C Site Architecture Considerations | Keep parking away from the main building Copyright © by EC Al Rights Reserved. Reproductionis Strictly Prohibited Site Architecture Considerations After gaining adequate information about the facility locati on, the planning and designing of the internal infrastructure and architecture should be perfo rmed. While planning and designing the site architecture, an organization should prepare a list of all of its assets in the facility. The organization should consider the following points while designing the infrastructure and architecture. Decide the number of entrances required for the building, including the main entrance, staircase, parking, lift, hallway, and reception area. Find the neighboring facilities around the site locati on and check the internal and external architecture for them. Talk to the supervisors or owners of the buildings to gain additional insights about the surroundings. Analyze the assets that can be impacted by catastrophic failures as well as the visibility of assets to outsiders. Consider the joint tenancy factor; if the facility is shared with other companies, consider their impact on the organization’s sensitive information and critical assets. Identify the necessary critical infrastructure that is requi red for managing the physical security, storing sensitive data, and running business opera tions effectively. Design separate security zones to place critical components and equipment deep inside the premises without any direct contact with entry doors, compound walls, and windows. Establish a demilitarized zone (DMZ) between highly secure infrastructure and publicaccess areas. Module 06 Page 629 Certified Cybersecurity Technician Copyright © by EG-ounc il All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Ensure a separate location for the server and storage room. Identify what safety measures are required for these systems. Use security labels and warning signs wherever necessary to make visitors understand that tight security is implemented within the premises. Ensure that public areas having high accessibility are under complete and simplified surveillance. Implement emergency exits. Make plans to manage environmental hazards. Define who will be responsible for managing these systems. Establish procedures explaining how they should be protected. Use a proper sanitation system including manholes and sewers. Keep parking away from the main building. Communicate physical security control procedures and policies with the employees, tenants, stakeholders, and administration to minimize physical security threats such as insider theft, fraudulent activities, and collusion. Restrict the movement of people between different zones. These critical infrastructure systems may not use standard IT for safety, performance, and reliability, but they are critical to business operations. An improper or faulty implementation of certain physical measures such as electricity, backup, storage facilities, lighting, wiring, and cooling systems can be critical to the business operations of the organization. Module 06 Page 630 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Fire Fighting Systems Types of Fire Fighting Systems Active fire protection (manual or automatic) Q a. Passive fire protection (structural consideration). QO Use of fire-resistant construction materials Fire detection * * Q Compartmentalization of the overall buildin Smoke, flame and heat detectors b o ressi - _ O Emergency exits o Q Minimizing inflammable sources Fire extinguisher * Standpipe system * Sprinkler systems. O Maintenance of fire fighting systems Q Emergency procedures Q Educating the occupants Water A Ordinary solid combustibles B Flammable liquids & gases E Electrical equipment D Combustible metals K Oils and fats Y Dry Chemical | Wet Chemical Y Y Y Y Y Y Y Y Y Y Fire Fighting Systems Fire is an incident that can occur with or without warning and is usually attributed to man-made errors, short circuits, and defective or faulty equipment. Fire protection is an important aspect of physical security. Firefighting systems mainly detect fire incidents and alert the occupants to them. Fire incidents may be identified either manually or automatically. The types of firefighting systems include the following. Active Fire Protection Active fire protection alerts the occupants of an organization regarding a fire incident. This type of fire protection system is generally used in commercial places, process industries, and warehouses to protect storage vessels, processing plants, etc. The main aim of implementing an active fire protection system is to control the spread of fire and extinguish it as soon as possible, thereby facilitating the clearance of occupants in an organization. The system requires a certain number of actions to handle fire incidents. These actions may be performed either manually or automatically. Certain active fire systems include water sprinklers, fire/smoke alarm systems, spray systems, and fire extinguishers. Fire/smoke alarms indicate the presence of any fire or smoke in the building. Water sprinklers reduce the spread of fire, and fire extinguishers help put out fire. Water sprinklers fall under the category of automatic fire protection systems, whereas extinguishers and standpipes fall under the category of manual fire protection systems. fire Active fire protection systems include the following. = Fire detection system: A fire detection system helps detect a fire incident before allowing the fire to spread. Module 06 Page 631 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Automatic fire detection systems include the following components. o Smoke detectors: Smoke detectors generally detect smoke and send alerts about the suspected fire incident in an organization. Upon detection of smoke, the detectors send an alarm to the fire alarm control panel or generate an audio/visual alarm. Flame detectors: Flame detectors mainly detect flames in a fire incident. Flame detectors normally include sensors that detect flames. The working of a flame detector is as follows: e Analarm is generated on fire flame detection. e Gas supply is cut through the fuel line. e The fire suppression system is activated. Flame detectors work more efficiently and faster than smoke detectors and heat detectors. Heat detectors: Heat detectors are used to detect and respond to the thermal energy generated by fire incidents. Heat detectors are further classified into fixedtemperature heat detectors and rate-of-rise heat detectors. Fire suppression: A fire suppression system is used to extinguish fire without much human intervention. Fire suppression systems regulate destruction and device loss. They can be classified into manual and automatic. Commonly used fire suppression systems include the following. o Fire extinguisher: Fire extinguishers aim to extinguish fires at the initial stage. They are not useful in the case of a fire covering a large area. A fire extinguisher normally consists of an agent that is discharged inside a cylindrical vessel. Fire extinguisher systems need to be checked often to ensure that they work properly in case of fire. Fire extinguishers are usually inspected yearly or bi-yearly by trained professionals. They can also be recharged. Dry chemicals, water, wet chemicals, water additives, clean agents, and carbondioxide are used as agents in fire extinguisher systems. Below table provides details for selecting the proper extinguisher based on various types of fire sources. Module 06 Page 632 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Suppressant Fire ) Class i Fire Source Ordinary solid combustibles Water ) | Foam Dry A Wet |. Chemical | Chemical oan Agents and CO; \ Y ) Y Y. Y Special. Chemicals \ Flammable B liquids & gases C Elec_trlcal equipment 5 Combustible metals v K Oils and fats Y y Y Table 6.1: Classification for Fire Extinguishers o Standpipe system: Standpipe systems connect hose lines to the water supply. They provide a pre-piped water system for organizations as well as water supply to hose lines in certain locations. The three types of standpipe systems are Class | — A, Class |l — A, and Class Ill — A. These types differ in terms of the thickness of the hose lines used and the volume of water used for fire suppression. o Sprinkler system: Fire sprinkler systems maintain a water supply system to supply water to a water distribution piping system that controls sprinklers. The sprinklers are used to avoid loss to human lives and assets. These are mainly used in areas that firefighters cannot reach with their hose lines. Wet-pipe fire sprinklers are not optimal for sub-freezing areas because any damage to sprinklers or piping may lead to water leakage and water damage. As an alternative solution, the following fire sprinklers can be used. o Dry-pipe sprinklers: Dry-pipe sprinklers are generally used in locations where freezing is expected, i.e., where the temperature is below 40 °F. Dry-pipe systems are suitable for sub-freezing environments as nitrogen or air is maintained completely within the pipe. When the sprinkler is activated, the nitrogen or air is released from the activated pipe, minimizing the pressure, and water is released from the sprinkler. o Pre-action sprinklers: Pre-action sprinklers are employed in locations that are susceptible to water damage; they reduce accidental water discharges. Similar to dry-pipe sprinklers, pre-action pipes maintain nitrogen or air within the pipes or sprinklers, but in contrast to dry-pipe sprinklers, pre-action sprinklers hold the water from the sprinkler using electrically operable valves. The valves are operated based on the alerts received from detection systems. Module 06 Page 633 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls o Exam 212-82 Deluge system: A deluge system can be used in highly dangerous areas where high volumes of water are required to control fire or heat. In a deluge system, sprinkler heads are always open; hence, pipes are not pressurized. Like pre-action sprinklers, they are also managed by electrically operable valves. Upon activating the system, water fills into the sprinklers and is released immediately and simultaneously over the entire environment. Foam-water sprinkler system: It is a special type of sprinkling system that contains “foam-water” sprinklers that release a solution or mixture of foam and water at a specified flow rate when activated. Foam-water sprinkler systems are generally used in environments containing flammable liquids. Such systems are also managed automatic deluge valves that are activated by a heat detection device, and by the solution is distributed across the environment that needs to be protected. Clean-agent suppression system: This type of system employs an inert gas or chemicals to control a fire that is in the initial stage of growth or development. A clean-agent suppression system can be used in public places where no costly clean- up is needed after its discharge. The cleaning agents are stored in a liquid or gas form and are released as a cleaning solution to suppress the fire before it causes severe damage. Passive Fire Protection Passive fire protection systems are used to prevent fire from spreading further across the organization. Fire-resistant doors, windows, and walls may be used for passive fire protection. It facilitates the protection of the building’s occupants and reduces the rate of damage due to the fire. Passive fire protection systems do not need to be activated by other systems, and no operational assistance is required in implementing passive fire protection systems. = = Passive fire protection is implemented in the following ways: o Minimal use of flammable materials o Building additional floors and rooms in a building to slow down the spread of fire o Providing adequate training to the occupants regarding the procedures to follow in case of fire o Proper maintenance of fire-related systems o Adequate number of emergency exits The following are the steps to manage fire incidents: o Detect fire. o Evacuate occupants in the building to a safe location. O Notify the fire department and safety department regarding the fire. o Shut down all electrical and electronic systems to prevent the fire from spreading. Module 06 Page 634 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Physical Barriers QO Physical barriers restrict unauthorized people from entering the building; always use a combination of barriers to deter unauthorized entry Fences/Metal 2 X Rails/Barricades = First line of defense to stop trespassers Bollards = Other Physical Turnstiles |tisusedto = control vehicular and pedestrian traffic 2 barriers |t facilitates = entry and access controls |Include doors, windows, grills, glass, curtains, etc. Copyright © by | L All Rights Reserved. Reproductionis Strictly Prohibited Physical Barriers Many factors determine the physical security of an organization. These factors are essential considerations and contribute to the successful operation of physical security in an organization. The main goal of physical security is the control and prevention of unauthorized access, while physical barriers restrict unauthorized people from entering the building. Physical barriers define the physical boundary of an area and divide vehicle traffic from pedestrians. The use of a physical barrier deters and delays outsiders from entering the premises. An intruder or outsider can compromise a barrier by spending time and money as well as planning and contemplating on the site architecture. To discourage these intruders, it is a good policy to use a multilayer approach that includes external barriers, middle barriers, and internal barriers. External barriers include fences and walls; although they are built to form a structure, they inadvertently act as an obstruction. Middle barriers are equipment used to obstruct traffic and people. Internal barriers include doors, windows, grills, glass, and curtains. The following are different types of physical barriers used in a building. * Fences/electric fences/metal rails: These form the first line of defense against a trespasser and are the most commonly used type of physical barriers worldwide. Fences/metal rails/electric fences generally mark restricted and controlled areas and prevent unauthorized access. The aim of deploying physical barriers is as follows: o Block and deter attackers o Mark the boundary of the organization o Protect security guards from external attacks Module 06 Page 635 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 o Prevent the entry of vehicles o Protect against explosive attacks i ) o) s B E R WNRATARRRNRL ARERANARE f !“' wa » Figure 6.2: Metal Rails = Bollards: A bollard may be motor vehicles in parking people. Bollards are mainly require safety and security. defined as a short vertical post that controls and restricts areas, offices, etc. This facilitates the easy movement of used in building entrances, pedestrian areas, and areas that It is effective in controlling pedestrian and vehicle traffic in sensitive areas. Figure 6.3: Bollards = Turnstiles: This type of physical barrier allows entry to only one person at a time. Entry can be achieved only by the insertion of a coin, ticket, or pass. It allows security personnel to closely watch the people entering the organization and stop any suspicious persons at the gate. However, the use of a turnstile can hamper the fast evacuation of occupants in case of a fire emergency. Module 06 Page 636 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Figure 6.4: Turnstiles = Other Barriers: These include doors, windows, grills, glass, and curtains installed to limit access to certain areas. o Doors: Doors can be used as a good structure to control the access of users in a restricted area. Door security may be increased with the installation of CCTV cameras, proper lighting systems, locking technology, etc. o Windows: An intruder can use windows to gain unauthorized access to restricted areas. Proper security measures should be considered while installing windows. Some of these considerations include the following: e Method of opening the window e Assembling and construction of the window e Technique used in locking the window e Hinges used for the window o @Grills: Grills should be used with doors and windows to strengthen security. Grills may be used for internal as well as external security. o Glass: Sliding glass doors and sliding glass windows also strengthen physical security. LN Vi IETTT Figure 6.5: Other Barriers Module 06 Page 637 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls = Exam 212-82 The following are security considerations for physical barriers: o Use a combination of barriers to deter unauthorized entry. O Use bullet-resistant windows and glass. Install doors both at the main entrance and inside the building. Lock doors and windows. Use electric security fences to detect the climbing and cutting of wires. Use alarms to alert security personnel of any intrusions through fences. Module 06 Page 638 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Security Pexsonnel ‘ / 02 - 0 1 / O / Physical 713 etih Efficient and well trained security personnel are critical to implement, monitor, and maintain the physical security of organization People involved in physical security include guards, safety officer, plant’s security officer/supervisor, etc. ri o S L2/ policies and procedures First aid and medical assistance ; Handling emergency ” situations o Fire prevention Patrolling procedures Trespassers and crowd management Copyright © byy EC-Council PYTIE! All Rights Reserved. L Reproductions Strictly | Prohibited Security Personnel Security personnel/guards are hired to implement, monitor, and maintain the physical security of an organization. They are responsible for developing, evaluating, and implementing security functions such as the installation of security systems to protect sensitive information from loss, theft, sabotage, misuse, and compromise. Hiring skilled and trained security personnel can be an effective security measure for any organization. They play a crucial role in physical security. However, organizations generally do not consider this a core competency to invest in as part of their strategic plan. Organizations should hire security personnel by themselves and provide adequate training on physical security. Alternatively, they can contact dedicated physical security service firms to handle physical security for them. There are organizations dedicated to training security officers, providing standardized procedures, and managing security on a 24 x 7 x 365 schedule by sharing guards across different organizations. The following are the people involved in physical security. = Guards: Their responsibilities include screening visitors and employees at the main gates or entrance; documenting names and other details about visitors; conducting regular patrols on the premises; inspecting packages, luggage, and vehicles; managing vehicle traffic; and guiding visitors to the reception area after noting their details. Guards should maintain visitor logs and record entry and exit information. Guards generally handle the use of CCTV cameras as a deterrent as well as a mechanism to detect and possibly prevent an intrusion. Module 06 Page 639 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 The plant’s security officers/supervisors: Their responsibilities include training and monitoring the activities of the guards; assisting guards during crisis situations; handling crowds; and maintaining the keys, locks, lights, greenery, etc. of the facility. Safety officers: Their responsibilities include implementing and managing safety-related equipment installed around the facility and ensuring the proper functioning of this equipment. Chief information security officer (CISO): In the past, it was common for the CISO of an organization to be an extremely technically competent individual who has held various positions with an enterprise security function or even has a networking or systems background. Today, a CISO is required to be much more than technically competent. The modern CISO must have a diversified set of skills to successfully dispatch their duties and establish organization. the appropriate level of security and security investment for their Continuous training for security personnel can provide great benefits and an effective team for the organization. Regardless of the position, security-related personnel should be selected based on the experience and qualification required for the job. Executives should thoroughly evaluate the personnel’s past experiences and, based on this information, provide adequate training to fill the gap between the ability and skills necessary for the job. An organization should train newly hired security personnel in the following areas: Organizational culture, ethics, and professionalism Security policies and procedures Policy enforcement Trespassers and crowd management Handling emergency situations Human and public relations Patrolling procedures Managing workplace violence First aid and medical assistance Fire prevention Vehicle traffic management Handling foreign guests, invitees, etc. Report writing Module 06 Page 640 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Security/Access Badges Security/access badges are credential cards used to authenticate personnel while granting entry to an area secured with an automated access-control system These entry points include barriers such as parking gates, turnstiles, and doors @ When an access badge is read by a card reader, the facility code is forwarded to the access-control system to unlock the controlled access point, if the card is valid The access cards are equipped with a number called a facility code, which is unique to each badge holder Copyright © by L All Rights Reserved, Reproduction is Strictly Prohibited Security/Access Badges Security/access badges are credential cards used to authenticate personnel while gaining entry to an area secured with an automated access-control system. These entry points include barriers such as parking gates, turnstiles, and doors. The cards are assigned a number called the facility code, which is unique to each badge holder. These numbers are identified using various technologies such as smart cards, barcodes, biometrics, and magnetic stripe devices. When an access badge is read by a card reader, the facility code is forwarded to the access-control system (computer system) to unlock the controlled access point, if the card is valid. This system also records the details of access such as card swipe time and date for future reference. Module 06 Page 641 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Physical Locks Mechanical locks Uses a combination of springs, tumblers, levers, and latches, and operates Digital locks -— Requires a fingerprint, smart card or PIN authentication to unlock by means of physical keys Electronic /Electric Combination locks Requires a sequence of /Electromagnetic locks Uses magnets, solenoids and motors to operate by numbers or symbols to unlock supplying or removing power Physical Locks Various types of locking systems are available to improve the restriction of unauthorized physical access. The organization should select an appropriate locking system according to their security requirements. The following are the different types of locks. = Mechanical locks: These provide an easy method to restrict unauthorized access in an organization. Mechanical locks come with or without keys. There are two types of mechanical locks. o Warded lock: A warded lock contains a spring-loaded bolt attached to a notch. A key inserted into the notch moves the bolt backward and forward. Only the correct key can be inserted into the notch, which blocks incorrect keys. o Tumbler lock: A tumbler lock consists of metal pieces inside a slot in the bolt. This prevents the bolt from moving. A correct key contains grooves that allow the bolt to move by raising the metal pieces above the bolt. Tumbler locks are further classified into pin tumbler, disk tumbler, and lever tumbler locks. = Digital locks: Digital locks require fingerprints, smart cards, is easy to handle and does not require keys, eliminating losing keys. It provides automatic locking for doors. The fingerprint impression, swipe their smart card, or enter the = Electric/electromagnetic locks: Electric locks or electronic locking systems operate on electric current. Locking and unlocking are achieved by supplying and eliminating power. Module 06 Page 642 or keypad PINs to unlock. It the chance of forgetting or user only has to use their PIN to unlock it. Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 The locks are activated or deactivated mainly using magnets or motors. They do not require keys to be maintained for the locking system. An electromagnetic lock or magnetic lock consists mainly of an electromagnet and an armature plate. The locking device can be of two types: fail safe and fail secure. Fail secure locks remain locked even during power loss, whereas fail safe locks remain inactive when de-energized. The electromagnetic part may be placed on a door frame, and the armature plate may be placed on the door. The magnetic flux created by the electromagnet creates an attractive force towards the armature plate, which initiates the door closing process. = Combination locks: These require the user to provide a combination of numbers and letters to unlock. Users may enter the combination sequence either through a keypad or by using a rotating dial that intermingles with several other rotating discs. Combination locks do not use keys for functioning. Module 06 Page 643 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Concealed Weapon/Contraband Detection Devices 9 O Contraband includes materials that are banned from entering the environment such as explosives, bombs, Q Use different tools such as handheld metal detectors, walkthrough metal detectors, X-ray inspection systems, etc. to detect contraband materials weapons, etc. Metal detectors X-ray inspection systems Walkthrough metal detectors =" Copyright © by EC All Rights Reserved. Reproductionis Strictly Prohibited Concealed Weapon/Contraband Detection Devices Contraband detection devices act as an important physical security control as they restrict undesirable activities and/or a person carrying contraband from entering the premises. Contraband refers to illegal materials such as explosives, bombs, and weapons, which should be banned from the premises. An attempt to enter the premises with contraband can be considered an act of terrorism. Contraband detection devices are able to detect such substances, even when they are covered by other objects. Different types of devices are used to detect contraband materials; examples are handheld metal detectors, walkthrough metal detectors, and X-ray inspection systems. = Walkthrough metal detectors are mainly used in airport terminals, schools, sports stadiums, etc. They help check people who have admission to certain areas. Furthermore, walkthrough detectors should be maintained and properly monitored. They should be deployed at each entry point of the organization. Figure 6.6: Walkthrough metal detectors Module 06 Page 644 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls = Exam 212-82 Handheld metal detectors allow people to be screened more closely and detect suspicious objects. Handheld detectors are used in most places where walkthrough detectors are used. Figure 6.7: Metal Detectors » X-ray inspection systems are easy to handle and use. They use X-rays instead of visible light to screen objects. Figure 6.8: X-ray inspection systems Module 06 Page 645 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. —erHHEd Lyobersecurity Techn ician Network Security Controls — Physi cal Controls Exam 212-82 Mantrap Itis a security system having an entry and exit door on opposite sides, separating non-secure area from secure area It allows only one door to be opened at a time, people enter the mantrap, request access and if gran ted they are permitted to exit. If access is not granted they are held inside until security personnel unlocks the mantrap Passing these doors is allowed only through access control mechanisms such as access cards, password, voice recognition, biometrics, etc. A mantrap is another trespassers. It is most type of physical access securi ty control that is used for catching widely used to Separate non -secure areas from secure areas and opens. User authentication at mantrap doors is performed using smart cards, keypad PINs biometric verification. It Operat , or es automa tically, is useful in authorizi ng visitors, reduces the manpower required for security systems, and guarantees the saf ety of the organization. Working of Mantraps ® * " * * Step 1:The mantrap authentic ates the person attempting access. Step 2: The first door opens afte r authentication. The person wal ks in. Step 3: The first door closes soo n after the person enters the room. Now, the person is locked inside the room. This sign als the unlocking of the second door. Step 4: The second door opens with the person walking out of the room. The first door is automatically locked soon afte r the second door opens. Step 5: The second door enters the locked state soon after the person walks out. Module 06 Page 646 Certified Cybersecurity Technici an Copyright © by EC-Council All Rights Reserved. Reproduction ic Strict Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Warning Signs Warning signs are used @ to ensure someone does not inadvertently intrude in any restricted areas Appropriate warning 0 signs should be placed at each access control AUTHORIZED P E R S O point O N N N E L LY Copyright© by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited. Warning Signs Warning signs are generally used to restrict unauthorized access in an organization. Warning signs are placed at entrance points, boundaries of the locality, and sensitive areas. They should be visible to users such that people understand prohibited areas and avoid entering them. Warning signs also help organizations prevent a large number of people from entering sensitive areas. They are generally placed in all sensitive areas that have a threat of damage to assets or life or disclosure of information. For example, warning signs are typically placed on electrical fences because unknowingly touching the electric fence may pose a threat to life. Examples of warning signs are “RESTRICTED AREA,” “WARNING,” “CAUTION,” “DANGER,” and “BEWARE.” Module 06 Page 647 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls Exam 212-82 Alarm/Sensor System v Proper alarm systems should be installed inside and 0/0 at the entrance to It can be turned on report intrusions, suspicious activity, and emergencies either automatically or manually by smoke detectors, heat detectors, security personnel, etc. @ = It should be audible to everyone in the building and set at intervals of 5 minutes such as the first alert, second alert and then the final alert to evacuate Alarm/Sensor System (Cont’d) Types of Alarm Systems & Passive Infrared Cixcuit-based Infrasound Proximity Detector Alarm Detector Detector Q Includes a sensor that detects changesin Q temperature at a Signals when a door/window/fen ce is opened, cut O Detects malicious intrusions by burglars or thieves by any person O Includes a sensor that detects low- small range of up to 40 ft with a objects within a specified frequency sound 135¢ field of vision physical range for microwave or displacement of off, or damaged given point in time O tefnperature and raises an alarm Itincludes sensor - like open or close O Detects the movement of an object/person/ animal within a infrared rays that can easily detect O Uses RFID tags and readers to detect the movement of equipment or objects moving objects Alarm/Sensor System Alarms are used to draw attention in case of a breach or an attempted breach. Alarm sounds can be of different types based on the facility; examples include sirens, flash lighting with a sound, emails, and/or voice alerts. The organization should divide large facilities such as buildings, floors, sections, and offices into small security zones; depending on their significance, the appropriate alarm system should be installed. Security zones that store high-priority data are given multilevel security systems such as access restriction with access control devices, Module 06 Page 648 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 biometrics, surveillance, locks, and alarms to draw attention in an event of intrusion. Alarms can be turned on either automatically or manually by smoke detectors, heat detectors, security personnel, etc. They should be audible to everyone in the building and set with three alerts to evacuate in intervals of 5 min. Organizations should have a proper power backup for alarm systems so that they work in emergencies and during power shutdowns. All wiring and components of an alarm should be protected from tampering, and the alarm box should be concealed with proper locks and limited access. Proper management and regular assessments of the alarm system should be performed with emergency drills. An alarm system contains at least one sensor that detects and alerts of an intrusion. The alarms used for security purposes include the following components: an alarm control panel (ACP), sensors, an alerting system, a keypad, and wired or wireless interconnection components. The following are different types of alarms used for physical security. » with other Passive infrared detector/temperature detector: This type of alarm includes a sensor that detects changes in temperature at a given point of time. For example, if a person comes into the vicinity of the sensor, the temperature at that position changes from room temperature to the body temperature of that person. The sensor detects this fast change in temperature and raises an alarm. » (Circuit-based alarm: This type of alarm is used to signal when a door/window/fence is opened, cut off, or damaged by any person. It includes a sensor that detects circuit changes such as open or close. * Infrasound detector: This type of alarm is used to identify malicious intrusions by burglars or thieves. It includes a sensor that detects low-frequency sound vibrations below 20 Hz. When an intruder attempts to unlock a door or window using tools, the sensor identifies the low-frequency vibrations and raises an alarm. * Motion detector: This object/person/animal type of alarm is used to identify the movement of any within a small area of up to 40 ft with a 135° field of vision. It includes a sensor for microwave or infrared rays that can easily detect moving objects. = Proximity detector: This type of alarm is built using RFID tags and readers. They are used to detect the movement of objects within a specified physical range. These alarms are used to identify the displacement of equipment or objects. Module 06 Page 649 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Video Surveillance Video surveillance refers to monitoring activities in and around the premises using CCTV (Close Circuit Television) systems CCTV systems can be programmed to capture motion and trigger alarms if an intrusion or movement is detected Surveillance systems should be installed at strategic locations in and around the premises such as parking lots, reception, lobby, work area, server rooms, and areas having output devices such as printers, scanners, fax machine, etc. ™ Bullet-type CCTV Camera f Basic Types of ) | CCTV Camera ‘ — " Dome-type CCTV Camera —— Copyright © by EC-Council. All Rights Reserved. Reproductionis Strictly Prohibited Video Surveillance Video surveillance refers to monitoring activities in and around the premises using closedcircuit television (CCTV) systems. Video surveillance is considered an important component of physical security. These systems protect an organization’s assets and buildings from intruders, theft, etc. A CCTV system is used as part of the organization’s security system. It covers a large area and is often placed near gates, the reception, hallways, and at the workplace. It captures footage of illicit activities inside the premises and helps monitor activities inside, outside, and at the entrance. CCTV systems are even programmed to capture motion and initiate an alarm whenever a motion or an object is detected. They help identify activities that need attention, collect images as evidence, and aid in an alarm system. The devices used for video surveillance should be automatic, powerful, and capable of pan/tilt/zoom to capture the action and store them for later review. Many aspects need to be considered for the installation, management, and maintenance of a video surveillance system in an organization; these include the camera, lens, resolution, recording time, recording equipment, cabling, monitoring system, storage devices, and centralized control system/equipment. Recording activities through CCTV and storing this footage for reference can also help facilities provide evidence in a court of law. It is also important to decide the type of lens, resolution, and area the camera should cover, and the time and date of the footage should be recorded. Another important aspect is the storage of video recordings and the storage duration. The organization must decide what will happen to old video recordings and how they will be disposed of. The following are a few considerations for video surveillance systems: = Install surveillance systems at the parking lot, reception, lobby, and workstation. Module 06 Page 650 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Place output devices such under surveillance. Exam 212-82 as printers, scanners, and fax machine in public view and Integrate surveillance with an alarm system. Establish a policy for the duration for which recorded videos should be kept and later disposed. Store all devices in secure locations with limited access. Use proper disposal procedures such as content deletion, overwriting, and physical destruction. The following are the different types of CCTV cameras available commercially. Dome CCTV: Mainly used for indoor security and surveillance purposes, dome CCTV cameras are built as dome-shaped devices to prevent any damage to the camera or destruction. It is impossible to locate the direction to which such cameras are moving; thus, they allow for observing areas at a wide angle and cover larger areas. Speed dome CCTV camera units provide a facility with pan/tilt/zoom and spin features, allowing the operator to move the camera according to their need. P R Figure 6.9: Dome CCTV Bullet CCTV: Bullet CCTV cameras are used for indoor and outdoor surveillance. They are generally placed in protective covers that keep away dust, rain, or any other disturbance. A bullet CCTV camera usually has a long, cylindrical, and tapered shape that facilitates long-distance surveillance. ) = ,’\« { ’/" / — 8 4 Figure 6.10: Bullet CCTV Module 06 Page 651 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Physical Controls = Exam 212-82 C-mount CCTV: A C-mount CCTV camera consists of detachable lenses, which provide \\ A \\ W\ surveillance with a coverage distance of more than 40 ft. Other CCTV camera lenses provide a coverage distance of only 35-40 ft. The C-mount allows different lenses to be used according to the distance to be covered. Figure 6.11: C-Mount CCTV Camera * Day/night CCTV: Day/night CCTV cameras are commonly used for outdoor surveillance. They can capture images even in low light and darkness. These types of cameras do not require infrared illuminators to capture images. They can capture clear images under glare, direct sunlight, reflections, etc. Figure 6.12: Day/Night CCTV Camera * Infrared night-vision CCTV: Infrared night-vision CCTV cameras are commonly used for outdoor surveillance and can capture images in complete darkness. Infrared LEDs are used for areas having poor lighting. Figure 6.13: Infrared Night Vision CCTV Camera Module 06 Page 652 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls = Exam 212-82 Network/IP CCTV: Network/IP CCTV cameras are available as both wired and wireless models. They allow sending images over the Internet. A wireless IP camera is easier to install than a wired camera because the former does not require any cabling. Figure 6.14: Network/IP CCTV Camera = Wireless CCTV: Wireless CCTV cameras are easier to install than wired cameras and use different modes for wireless transmission. b3 Figure 6.15: Wireless CCTV Camera * High-definition CCTV: High-definition CCTV cameras are mainly used in sensitive locations that require greater attention. They allow operators to zoom into a particular area. Module 06 Page 653 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Lighting System Adequate lighting should be provided inside, outside, and at the entrance of the building which helps in seeing long distances during security patrols Adequate lighting will discourage intruders from entering the premises and concealing behind stones, bushes, trees, etc. Types of lighting systems: @ v Continuous v Standby v" Movable v' Emergency Lighting System Security lighting is an important aspect of the physical security of a facility. If an organization has not implemented an adequate lighting system in and around its premises, the function or performance of all other security measures can be drastically degraded. For example, if the organization does not have lighting at rear corners, near bushes, plants, parking, and near surveillance cameras, then it is difficult to find people or objects hidden in these locations. With poor lighting, it is difficult to identify people entering the premises, and an intruder may act as an employee or use tricks to circumvent the security systems. The lighting systems to install in an area depend on the layout and sensitivity of the area. Alternate power systems such as generators should be installed to handle power failures and emergencies. = Continuous lighting: Continuous lighting refers to fixed sets of lights arranged such that they provide continuous lighting to a large area throughout the night. = Standby lighting: Standby lighting is used whenever any suspicious activity is detected by security personnel or by an alarm system. These systems operate either manually or automatically. = Movable lighting: Movable lighting is a manually controlled lighting system that provides lighting at night or only when needed. These systems are normally used as an extension of a continuous or standby lighting system. = Emergency lighting: Emergency lighting is used mainly during power failures or when other regular lighting systems fail to operate properly. Module 06 Page 654 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 Power Supply O Use UPS (Uninterruptible Power Supply) systems to manage unexpected power disruptions or fluctuations in primary electric supply that may lead to equipment failure, business disruption or data loss Different types of UPS systems (UPS Topologies): e O Standby Most commonly used for @ O personal computers Line Interactive Most commonly used for when operating a modern O small business, web, and Double Conversion Most commonly used for Delta Conversion On-Line Q ls\tyal:\r ¢ii:y - server rooms departmental servers Standby-Ferro QO No longer commonly used because it becomes unstable o On-Line Generally used in environments where electrical isolation is QO Can be useful where complete isolation and/or direct necessary connectivity is required computer power supply load Copyright © by EC-{ L All Rights Reserved. Reproduction is Strictly Prohibited Power Supply Facilities may suffer blackouts or power outages that could make systems inoperable unless appropriate alternative power management capabilities are implemented. Power outages could impact the ability to provide IT services as expected as well as the ability to provide physical security. Power spikes, surges, or blackouts could result in excessive or insufficient power and could damage equipment. Consider the following security measures to handle blackouts or power outages. = Be prepared for power fluctuations. = Use an uninterruptible power supply (UPS) to manage power outages. = Safeguard systems from environmental threats. = Protect systems from the adverse effects of static electricity at a workplace. = Use plugging equipment properly. A UPS allows computers to function properly during a power failure. It protects computers during fluctuations in the power supply as well. A UPS contains a battery that senses power fluctuations in the primary device. Users need to save all their data when the UPS senses a power fluctuation. The operator must provide procedures to follow at the time of power loss. A UPS is commonly used to protect computers, data centers, telecommunication equipment, etc. The following are the different types of UPS include. = Standby: Standby UPSes are the most commonly used type of UPS for personal computers. A standby UPS is an offline battery backup facilitating the maintenance of Module 06 Page 655 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Physical Controls Exam 212-82 the primary device during a power fluctuation. A standby power supply contains AC-DC circuitry that connects to the UPS during a power fluctuation. * Line interactive: Most commonly used for small business, web, and departmental servers, line interactive mainly handles continuous power fluctuations. This method of power supply needs very little battery usage. = Standby online hybrid: Most commonly used for server rooms, standby online hybrid UPSes are mainly used to supply power below 10 kVA. They are connected to the battery during a power failure. = Stand by output. A supply to becomes = Double conversion online: Generally used in environments where electrical isolation is necessary, a double conversion online UPS is used to supply power above 10 kVA. It Ferro: In standby battery unstable this type of UPS, a Ferro resonant transformer is used for filtering the Ferro UPS provides ample time for switching from the main power power. This type of UPS is no longer commonly used because it when handling a modern computer’s power load. provides an ideal electric output presentation, but its power components are subject to continuous wear, reducing its dependability. large current load. = It exhibits a transfer time only during a Delta conversion online: A delta conversion online UPS can be useful when complete isolation and/or direct connectivity is required. It contains an inverter that supplies the load voltage. It can be used to supply power in the range between 5 kVA and 1 MW. It controls the power input performance and charging of the UPS battery. Module 06 Page 656 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.