Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In exploring Physical security and environmental controls, we look at physical components that effect business operations. For example, we discuss why it's important to have a solid HVAC and electrical system for the business environment, and what the effects of poor air pressure can produce in the workplace. [toggle_content title="Transcript"] Now we are discussing section 2.7 of the CompTIA syllabus, physical security and environmental controls. The first topic we look at is HVAC, heating, ventilation and air conditioning. We should have some considerations for the design of our heat, ventilation and air conditioning. First it's that, we need, they must have their own independent power source. Heating, ventilation and air conditioning should have an independent power source, such that if there is outage for electricity, the likelihood that it is also down is minimized. We also should consider positive air pressurization. When you implement positive air pressure, the pressure in the room is done in such a way that when you open the door, the air flows out not in. You don't want to contaminate the air in the room so you pressurize the room in such a way when people open for exit or entry into the room you are not bringing any contaminant, the air flows out. This is done to protect the room, the air in the room because the air in the room will also be circulated around the machines for cooling the machines. You want clean air within the room. We'll also talk about, you need to protect the intake vents, you want to protect the intake vents from tampering and you want to avoid intrusions on the heating ventilations and air conditioning. You want to make it to such a way that not just everybody has access to such a room whereby they could put poisonous gases or introduce toxic gases into the air conditioning system. Also, the HVAC should have emergency cut offs, such that, you have emergency cut offs, in case of a fire you could quickly cut off the supply or in case of an intrusion you could cut off the supply, or the circulation of the air conditioning system. Then we talk about fire suppression, usually we have to look at many types of chemicals and solutions for suppressing the fire. In most cases what we are seeking to do is to suppress the agents that facilitate a fire. We seek to halt these agents so that they do not continue the fire, usually we would have to reduce the oxygen, the heat. The chemicals or the solutions we use will suppress these agents that support or facilitate the fire, so that we can exhaust the fire or eventually put out the fire. This is how we do fire suppression, you suppress the fuels, we have the oxygen, you suppress oxygen and heat. Sometimes we could use hand held extinguishers to drop the temperature of surfaces on which we spray the extinguisher. You could also use carbon dioxide but you have to be cautious as to how you use carbon dioxide. You have to ensure there are no humans in such an environment. We also could use things like FM 200, FM 200 will bind with the gases or the fuels to suppress the fire. Then we have to talk about EMI shielding. Electromagnetic interference shielding, what we consider electromagnetic interference shielding, we give considerations for the types of cabling we use on our networks. We could use coaxial cable or shielded twisted pair cables. These are cables that have layers or shielding to protect against the interference from generators or equipment around the computing facility. We have to protect them for electromagnetic interference by using specialized coaxial cable or shielded twisted pair cables. We also have a topic we refer as the cold tiles and hot tiles, in this strategy what we do is, our servers are carefully arranged in such a way that we have, front side of a server facing the front side of another server. Usually these servers are in racks and the front side is facing the front side, the back side is facing the back side of another server. If you don't want the back side of one server facing the front side of another server because the hot air that is released from one system will be pulled into another system. You want the cooling systems to be on both ends in this fashion. We have our cooling systems on both ends in that fashion, and then we have our servers. That is the cold side, that is the cold side and this will be the hot side. That is the cold side. What you have here is the cold side facing cold side, hot side facing hot side and your cooling systems, hot air will rise, the idea is that the hot air is moved, channeled to the systems for cooling. We push out cold air on the front side so that cool air is released to cool the internals of a system. The hot air is pushed out. You want to arrange your servers in such a way that no one side of the room or part of the room is hotter than the other. Your cooling systems will not be very efficient. You have to be very strategic as to how you arrange the cold side facing cold side and the hot side facing the hot side. That way you can carefully pipe cool air and channel hot air for cooling. We also have to give consideration for environmental monitoring. Here we have to consider the airflow, humidity, water against flooding, water in pipes that run within the facility. Humidity is very important so that we do not have humidity to sustain corrosion within the equipment or high electrostatic discharge. We have to be very careful we maintain humidity to about 50-60%, we monitor our humidity at this level. We also want to pay attention to temperature and humidity controls. We should have thermometers within the facility to monitor temperature. We should have hygrometers to monitor humidity, temperature and humidity control should be present such that we can effectively, scientifically measure these constants to see how they meet the baseline. We will now consider the physical security. When we talk about physical security we give considerations to hardware locks. If you have anything, be it a printer, a laptop, a system, you don't want it moving around or you don't want people moving it away from the room or you don't want people changing the arrangement of your systems, lock it down. Best practice is that you have the devices in such a way that you can pass a chain lock through it, lock it down, put a padlock. That way, people or unauthorized rearrangement or repositioning or moving the system out of the room or a facility is prohibited. We also have man traps. A man trap involves the use of multiple doors to control access to a facility or a server processing center. In such an instance we could have the first door over here, the next door over there. The user approaches the first door, you either swipe a card or you punch in a code, that door opens. This door opens, you are granted access, that door stays locked, while you are in that portion of the room, then this door is locked and this door will open. This is a method to ensure only the right person is granted access to the facility or to a server. We use a man trap to enforce this. Then we talk about video surveillance. When we do video surveillance, we have video cameras that can pun, tilt and zoom, to monitor the facility. Usually, this is very good for physical security controls. Many people like to better conduct themselves when they see cameras are present. You can have cameras that are recording and you can have cameras that are supported by personnel to actively monitor what is taking place. Then we talk about fencing, fencing is a strategy we use fences to establish our perimeter, we also use fences to dictate where people could have access into the facility. By putting a fence you are able to deter access to the facility, there are several ways but you can control the route through which people have access to the facility. You could also use a fence to establish the perimeter. For some facilities they also use a wire mesh at the top of the fence. You want to keep people in, you have the mesh pointing inward, you want to keep people out you have the mesh pointing outwards. Our physical security control is very concerned about our access lists. The access list is a list of individuals that have had access to the facility or individuals that should have access to a facility. In some cases this could be a roster that is kept at the front desk where visitors to the facility or personnel to the facility sign in indicating their name, ID number or badge number as they go into the facility. Our facilities should also have proper lighting to support physical security. The environments should be well lit so that people can see from a considerable distance people can see what is happening around them. It could be for a car park, it should be well lit so that nobody can hide. People can hide and stop your client, your personnel as they leave the facility but when the environment is well lit this will deter any malicious persons from trying to commit any crimes in that area. It is also very good that the environment is well lit so that incase we are doing any video recording. We can see clearly what is taking place. It is no point that we do a recording and we can't tell what's in the recording because the environment is not well lit. We also need to have signs around, signs that clearly indicate where people are allowed to go and not allowed to go, signs that clearly direct people around the facility, exit signs, entrance signs, do not enter, all such signs to clearly show where access is permitted or not permitted. We could also use guards to implement physical security. Guards will be very good to stop people from accessing certain parts of the facility. Guards will also be good to implement checks and balances like checking for ID card, checking for access permits to the facility. We also could have barricades, some of these could be in form of bollards, devices that could be surrounding the perimeter of the facility to prevent somebody driving a vehicle into the facility or causing a heavy physical attack on the facility. We could also use biometric controls for physical security. Here we have devices that can capture the physical attributes could be finger prints, hand geometry, pupil pattern, retina pattern at the back of the eye. We use these to grant physical access to the facility, where a user's credentials or attributes do not match what's in the database, access will be denied. We also could have proximity readers. Proximity readers, card readers, where users would have proximity cards, these depend on a technology we refer to as RFID, radio frequency identification. Users will have cards that carry their permissions or access permission to a facility or to certain portions of the facility. The user would approach the card reader with a card and the card is able to read the access permit to grant physical access to the facility or to portions of the facility. We also have for physical security, we have motion detectors, motion detectors could be carefully placed around the facility to help detect. We could have zones in the facility where we don't need anybody roaming around. We shouldn't have anybody or at certain times cannot have people roaming around those facilities. We would have motion detectors that can detect an intrusion, can detect a person, maybe overstepping their bounds into portions where we don't want anyone. Alarms or alerts could be given out to our systems security personnel or to the guards to go investigate. We should have alarms as well, alarms to detect or alert. When we implement alarms, we could implement alarms in 2 strategies. We could have alarms on site and alarms remotely. Alarms on site will be very good to scare away people that are attempting to break into the facility. Alarms off site would also be good to allow some personnel respond to whatever is taking place on the facility. Alarms off site would also be good in case of maybe a flooding at the facility. This could be an alarm that responds off site so that other personnel can respond to whatever it is at the facility. These are controls that enforce physical security, thank you. We'll see you in our next video. [/toggle_content]