Time
3 hours 47 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

In exploring Physical security and environmental controls, we look at physical components that effect business operations. For example, we discuss why it's important to have a solid HVAC and electrical system for the business environment, and what the effects of poor air pressure can produce in the workplace. [toggle_content title="Transcript"] Now we are discussing section 2.7 of the CompTIA syllabus, physical security and environmental controls. The first topic we look at is HVAC, heating, ventilation and air conditioning. We should have some considerations for the design of our heat, ventilation and air conditioning. First it's that, we need, they must have their own independent power source. Heating, ventilation and air conditioning should have an independent power source, such that if there is outage for electricity, the likelihood that it is also down is minimized. We also should consider positive air pressurization. When you implement positive air pressure, the pressure in the room is done in such a way that when you open the door, the air flows out not in. You don't want to contaminate the air in the room so you pressurize the room in such a way when people open for exit or entry into the room you are not bringing any contaminant, the air flows out. This is done to protect the room, the air in the room because the air in the room will also be circulated around the machines for cooling the machines. You want clean air within the room. We'll also talk about, you need to protect the intake vents, you want to protect the intake vents from tampering and you want to avoid intrusions on the heating ventilations and air conditioning. You want to make it to such a way that not just everybody has access to such a room whereby they could put poisonous gases or introduce toxic gases into the air conditioning system. Also, the HVAC should have emergency cut offs, such that, you have emergency cut offs, in case of a fire you could quickly cut off the supply or in case of an intrusion you could cut off the supply, or the circulation of the air conditioning system. Then we talk about fire suppression, usually we have to look at many types of chemicals and solutions for suppressing the fire. In most cases what we are seeking to do is to suppress the agents that facilitate a fire. We seek to halt these agents so that they do not continue the fire, usually we would have to reduce the oxygen, the heat. The chemicals or the solutions we use will suppress these agents that support or facilitate the fire, so that we can exhaust the fire or eventually put out the fire. This is how we do fire suppression, you suppress the fuels, we have the oxygen, you suppress oxygen and heat. Sometimes we could use hand held extinguishers to drop the temperature of surfaces on which we spray the extinguisher. You could also use carbon dioxide but you have to be cautious as to how you use carbon dioxide. You have to ensure there are no humans in such an environment. We also could use things like FM 200, FM 200 will bind with the gases or the fuels to suppress the fire. Then we have to talk about EMI shielding. Electromagnetic interference shielding, what we consider electromagnetic interference shielding, we give considerations for the types of cabling we use on our networks. We could use coaxial cable or shielded twisted pair cables. These are cables that have layers or shielding to protect against the interference from generators or equipment around the computing facility. We have to protect them for electromagnetic interference by using specialized coaxial cable or shielded twisted pair cables. We also have a topic we refer as the cold tiles and hot tiles, in this strategy what we do is, our servers are carefully arranged in such a way that we have, front side of a server facing the front side of another server. Usually these servers are in racks and the front side is facing the front side, the back side is facing the back side of another server. If you don't want the back side of one server facing the front side of another server because the hot air that is released from one system will be pulled into another system. You want the cooling systems to be on both ends in this fashion. We have our cooling systems on both ends in that fashion, and then we have our servers. That is the cold side, that is the cold side and this will be the hot side. That is the cold side. What you have here is the cold side facing cold side, hot side facing hot side and your cooling systems, hot air will rise, the idea is that the hot air is moved, channeled to the systems for cooling. We push out cold air on the front side so that cool air is released to cool the internals of a system. The hot air is pushed out. You want to arrange your servers in such a way that no one side of the room or part of the room is hotter than the other. Your cooling systems will not be very efficient. You have to be very strategic as to how you arrange the cold side facing cold side and the hot side facing the hot side. That way you can carefully pipe cool air and channel hot air for cooling. We also have to give consideration for environmental monitoring. Here we have to consider the airflow, humidity, water against flooding, water in pipes that run within the facility. Humidity is very important so that we do not have humidity to sustain corrosion within the equipment or high electrostatic discharge. We have to be very careful we maintain humidity to about 50-60%, we monitor our humidity at this level. We also want to pay attention to temperature and humidity controls. We should have thermometers within the facility to monitor temperature. We should have hygrometers to monitor humidity, temperature and humidity control should be present such that we can effectively, scientifically measure these constants to see how they meet the baseline. We will now consider the physical security. When we talk about physical security we give considerations to hardware locks. If you have anything, be it a printer, a laptop, a system, you don't want it moving around or you don't want people moving it away from the room or you don't want people changing the arrangement of your systems, lock it down. Best practice is that you have the devices in such a way that you can pass a chain lock through it, lock it down, put a padlock. That way, people or unauthorized rearrangement or repositioning or moving the system out of the room or a facility is prohibited. We also have man traps. A man trap involves the use of multiple doors to control access to a facility or a server processing center. In such an instance we could have the first door over here, the next door over there. The user approaches the first door, you either swipe a card or you punch in a code, that door opens. This door opens, you are granted access, that door stays locked, while you are in that portion of the room, then this door is locked and this door will open. This is a method to ensure only the right person is granted access to the facility or to a server. We use a man trap to enforce this. Then we talk about video surveillance. When we do video surveillance, we have video cameras that can pun, tilt and zoom, to monitor the facility. Usually, this is very good for physical security controls. Many people like to better conduct themselves when they see cameras are present. You can have cameras that are recording and you can have cameras that are supported by personnel to actively monitor what is taking place. Then we talk about fencing, fencing is a strategy we use fences to establish our perimeter, we also use fences to dictate where people could have access into the facility. By putting a fence you are able to deter access to the facility, there are several ways but you can control the route through which people have access to the facility. You could also use a fence to establish the perimeter. For some facilities they also use a wire mesh at the top of the fence. You want to keep people in, you have the mesh pointing inward, you want to keep people out you have the mesh pointing outwards. Our physical security control is very concerned about our access lists. The access list is a list of individuals that have had access to the facility or individuals that should have access to a facility. In some cases this could be a roster that is kept at the front desk where visitors to the facility or personnel to the facility sign in indicating their name, ID number or badge number as they go into the facility. Our facilities should also have proper lighting to support physical security. The environments should be well lit so that people can see from a considerable distance people can see what is happening around them. It could be for a car park, it should be well lit so that nobody can hide. People can hide and stop your client, your personnel as they leave the facility but when the environment is well lit this will deter any malicious persons from trying to commit any crimes in that area. It is also very good that the environment is well lit so that incase we are doing any video recording. We can see clearly what is taking place. It is no point that we do a recording and we can't tell what's in the recording because the environment is not well lit. We also need to have signs around, signs that clearly indicate where people are allowed to go and not allowed to go, signs that clearly direct people around the facility, exit signs, entrance signs, do not enter, all such signs to clearly show where access is permitted or not permitted. We could also use guards to implement physical security. Guards will be very good to stop people from accessing certain parts of the facility. Guards will also be good to implement checks and balances like checking for ID card, checking for access permits to the facility. We also could have barricades, some of these could be in form of bollards, devices that could be surrounding the perimeter of the facility to prevent somebody driving a vehicle into the facility or causing a heavy physical attack on the facility. We could also use biometric controls for physical security. Here we have devices that can capture the physical attributes could be finger prints, hand geometry, pupil pattern, retina pattern at the back of the eye. We use these to grant physical access to the facility, where a user's credentials or attributes do not match what's in the database, access will be denied. We also could have proximity readers. Proximity readers, card readers, where users would have proximity cards, these depend on a technology we refer to as RFID, radio frequency identification. Users will have cards that carry their permissions or access permission to a facility or to certain portions of the facility. The user would approach the card reader with a card and the card is able to read the access permit to grant physical access to the facility or to portions of the facility. We also have for physical security, we have motion detectors, motion detectors could be carefully placed around the facility to help detect. We could have zones in the facility where we don't need anybody roaming around. We shouldn't have anybody or at certain times cannot have people roaming around those facilities. We would have motion detectors that can detect an intrusion, can detect a person, maybe overstepping their bounds into portions where we don't want anyone. Alarms or alerts could be given out to our systems security personnel or to the guards to go investigate. We should have alarms as well, alarms to detect or alert. When we implement alarms, we could implement alarms in 2 strategies. We could have alarms on site and alarms remotely. Alarms on site will be very good to scare away people that are attempting to break into the facility. Alarms off site would also be good to allow some personnel respond to whatever is taking place on the facility. Alarms off site would also be good in case of maybe a flooding at the facility. This could be an alarm that responds off site so that other personnel can respond to whatever it is at the facility. These are controls that enforce physical security, thank you. We'll see you in our next video. [/toggle_content]

Video Transcription

00:04
Now we're discussing
00:05
section 2.7 of the county of syllables
00:08
Physical security on the environmental controls.
00:12
The first topic will look at is our age. BSC are heating, ventilation and air conditioning,
00:18
heating, ventilation and air condition conditioning. We should have some considerations for the design of our heating, ventilation and air conditioning. First is that we need
00:29
the most have their own independent power source. Your heating, ventilation and air conditioning should have an independent power source such that there's out age for electricity.
00:40
Likely that it is also down is minimized.
00:45
We also should consider positive air pressurization When you implement positive air pressure. The pressure in the room is done in such a way that when you open the door, the air flows out, not in. You don't want to contaminate the route the air in the room. So
01:04
you pressurize the room in such a way. When people open for exit or entry into the room, you're not bringing in contaminants. The air flows out.
01:14
This is done to protect the room, the air in the room because the air in the room will also be circulated around the machines for cooling the machines you want clean air within the room,
01:26
we also talk about
01:27
you need to protect the inter vents. You want to protect the intervention
01:33
from Tom Free
01:34
Onda. Um,
01:37
you want to avoid intrusions on the
01:41
heating, ventilation and air conditioning. You want to make it to such a way that not just everybody has access to such a room, where by the cold,
01:49
put in
01:51
poisonous gases or introduced toxic gases into the air conditioning system.
01:59
Also, the
02:00
Adria's issue. Have emergency cutoffs
02:04
said that you have in my Jessica out of in the case of a fire, you could quickly cut off the supply. Or, in the case of an intrusion, you could cut off the supply
02:14
or the circulation off the air conditioning system.
02:17
Then we talk about fire suppression. Usually, we have to look at many types off chemicals on solutions for suppressing the fire.
02:29
In most cases,
02:30
what we're seeking to do is to suppress the agents that facilitated a fire. We seek toe halt these agents so that they do not continue
02:42
the fire. Usually we would have toe reduce the oxygen, the heat
02:47
so the chemicals are the solutions we use will suppress these agents that support or facilitated the fire so that we can exhaust the fire or eventually put out the fire. These is are we do fire suppression. You saw president worlds.
03:06
We have the oxygen. You suppress oxygen on heat.
03:08
Sometimes we could use handheld extinguishers to drop the temperature off still faces on which we spray the extinguisher you could also use. Come on the outside. But you have to be cautious as to how we use come on dogs that we have to ensure there are no humans in such an environment.
03:27
We also could use things like FM 200. FM 200 will bind with the gases or the swells to suppress the fire.
03:37
Then we have to talk about Am I shooting electromagnetic interference shielded When we consider electromagnetic interference shielding, we give consideration for the types off cabling we use on our networks. We could use, um, coaxial cable or shield a twist that pair cables.
03:57
These are cables that have layers off shielding
03:59
toa protect against the interference from generators or equipment around
04:06
the computing facility. We have to protect them for electromagnetic interference by using specialized quasi our cable or shell that twisted pair cables.
04:16
We also have a topic we refer to as the Cold Isles on dhe ho tiles.
04:24
In this strategy, what we do is our servers are carefully arranging such a way that we have
04:30
front sight off a server facing the front side off another seven. Usually this other Zion rocks on the front side is facing the front side. The backside is facing the backside off another server.
04:44
You don't want the backside off one server face in the phone side of another server because the hot air that is released from the one system will be pulling into another system.
04:55
You want to
04:58
cooling systems, Toby on both ends
05:00
in this fashion. So we have our cooling systems on both ends in that fashion. Then we have our servers.
05:09
So that is a cool side. That is a cool side.
05:14
And this will be the outside
05:16
that is the cold side.
05:18
So what you have here is the cold side facing Cole side, cold side facing courtside, courtside face and hot side on your cooling systems. Hot air will rise.
05:30
Hot air would rise.
05:35
The idea is that the hot air has moved, channeled tow the systems for cooling
05:45
on dhe. We push out cold air
05:47
on the front side
05:54
so that cool air is released to cool the internals of the system. The hot air is pushed out. You want to arrange your service in such a way that no one side of the room or part of the room is hotter than the other. Your cooling systems will not be very efficient, so you have to be very strategic as to how you arrange the cold side
06:15
facing cold side,
06:16
cool side
06:17
facing cold site on the hot side facing the hot side. That way
06:23
you can carefully pipe cool air
06:26
on channel hot air for cooling.
06:29
We also have to give consideration for environmental monitoring.
06:32
Here we have to consider the airflow humidity water
06:39
for this flooding.
06:43
What I am pipes that run within the facility.
06:46
Humidity is very important so that we don't know
06:49
have humidity toe sustain corrosion within the equipment.
06:55
Oh, hi. Electrostatic discharge.
06:59
We have to be very careful with maintain humidity to about 50 to 60%.
07:03
We need to maintain humidity at about 50 to 60%. We monitor our humidity at these levels.
07:12
We also want to pay attention to temperature and humidity controlled. We should have the more meters within the facility toe money, toe temperature. We shall have. I grow meters to monitor humidity, temperature and humidity. Controls should be present such that we can effectively, scientifically measure
07:30
this gun. Is this
07:34
scientifically measure
07:36
this Constance to see how
07:41
they made the baseline. We will now consider the physical security. When we talk about physical security, we give consideration toe hardware locks. If you have anything, beat a printer, a laptop, a system.
07:57
You don't want it moving around or you don't want people moving it away from a room or you don't want people change in the arrangement off your systems.
08:03
Lock it down.
08:07
Best practices that you have. The device is in such a way that you can pass a chain. Look through it, lock it down, put a padlock that way people or unauthorized rearrangement or reposition in or moving the system out of a room or a facility is prohibited.
08:24
We also have mon traps.
08:28
Iman Trap involves the use off multiple doors to control access to a facility or Osama processing center.
08:35
In such an instance, we could have the force door over here,
08:41
the next door over there.
08:43
So the user approaches the first door.
08:48
You need a swipe card. Are you punching a chord?
08:52
That door opens.
08:54
So there's the opens. Your granted access
08:58
that does. It is locked
09:01
while you're in that portion of the room and this door is locked
09:05
on. These doors would open.
09:07
This is a method to ensure on Lee. The right person is granted access to the facility or tow a sovereign. We use a man trap to enforce this.
09:18
Then we talk about video surveillance.
09:20
When we do video surveillance,
09:22
we have video cameras,
09:26
cameras that can pan tilt zoom
09:28
to monitor the facility.
09:31
Usually, this is very good for physical security controls. Many people would liketo bet upon Dr themselves when they see cameras are present.
09:39
You can have cameras that are recording,
09:43
and you can have cameras at a
09:46
supported by personnel toe actively monitor what is taking place.
09:50
Then we talk about fencing.
09:52
Fencing is a strategy we used. We used fences to establish our perimeter. We also use fences to dictate where people could have access into the facility. So by putting their fans
10:07
you used to be able to deter access, tow the facility where several ways, but you can control the route through which people have access to the facility. You could also use the offense to establish the perimeter on some for some facilities. They also use a wire mesh
10:24
at the top of the fence. You want to keep people in.
10:28
You have the mesh point in the woods. You want to keep people out. You have the mesh pointing outwards. Our physical security control
10:35
is very concerned about our access lists.
10:39
The access list, the list off individuals that have had access to the facility or individuals that should have access to a facility.
10:48
In some cases, this could be a roster that has kept at the front desk, where visitors to the facility or personnel to the facility sign in
10:58
indicating their name I D number or badge number
11:03
as they go into the facility.
11:05
Our facilities should also have pro by lightning to support physical security,
11:11
the environment. She'll be well, eat
11:13
well. It's so that people can see from a considerable distance. People can see what is happening around them. It could be for a car park. People should be, well, it so that nobody can hide.
11:28
People can hide and stop your client your personnel as they leave the facility. But when their environment is well, eat, this will deter any malicious persons from trying to commit any crimes in that area.
11:41
It is also very good that the environment is well lit so that in case we're doing any video recording, we can see clearly what is taking place.
11:52
It is no point that we do a recording and we can't tell what's in the recording because the environment is no, we're late.
12:01
We also need to have signs around
12:03
signs that clearly indicates
12:07
where people are allowed to go on, not allow to go signs that clearly direct people around the facility.
12:13
Exit signs, entrance signs do not enter
12:18
all such signs to clearly show where access is permitted or not permitted. We could also use guards. We could also use guards to implement physical security. Guards will be very good to stop people from access in certain parts of the facility. God's will also be good
12:37
to implement checks and balances like
12:39
checking for I D card checking for access permits to the facility.
12:48
We also could have barricades.
12:50
Some of these could be in the form of Bullard's
12:54
devices that could be surrounding the perimeter of the facility toe. Prevent somebody driving a vehicle into the facility or causing heavy physical attack on the facility.
13:07
We could also use biometric controls for physical security.
13:11
Here
13:13
we have devices that can capture
13:16
the physical attributes. Could be fingerprint hand geometry,
13:20
pupil Parton Retina pattern at the back of the eye. We use these toe grand physical access to the facility where a user
13:30
they use US credentials, so attributes do not much. What's in the database. Access will be denied.
13:35
We also could have proximity. Readers
13:39
prompted me to readers, UH,
13:43
card readers where users would have proximity cards. These depend on technology we refer to as R F I. D radio frequency identification, so users would have parts that carry the permissions or access permission to a facility or to a certain portions on the facility.
14:03
The user would approach the card reader with the card on the cut is able to read the access permit
14:09
toe grant, physical access to the facility or toe portions or the facility. We also have for physical security. We have motion detectors. Motion detectors could be carefully placed around the facility.
14:24
Toe help detect. We could have zones in the facility where we don't need anybody rooming around. We shouldn't have anybody or at certain times cannot have people roaming around those facilities.
14:37
So we will have motion detectors that can detect,
14:43
detect an intrusion can detect a person may be overstepping their bounds into portions where we don't want anyone.
14:52
Alarms or alerts will be given out to our systems, security personnel or to the guards to go investigate. We should have alarms as well. Alarms toe, detect or
15:05
alert. When we implement alarms, we could implement alarms in two strategies. We could have alarms on site on alarms. Remotely alarms on site will be very good to scare away people that are attempting to break into the facility. Alarms off site would also be good toe. Allow
15:26
some personnel respond.
15:28
Tow whatever is taking place on the facility.
15:31
Alarms off site would also be good in case or maybe a flooding at the facility. So this could be an alarm, that response off site so that other personnel can respond to whatever it is at the facility. These are controls that enforced physical security.
15:50
Thank you. We'll see you in our next video.

Up Next

IT Security Governance

IT Security Governance is a type of risk management process that can be applied to business operations, identifying critical information and protecting that information from enemies

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor