Physical Security
Much of this book has focused
on technical issues in security and their technical solutions: firewalls,
encryption techniques, and more. But many threats to security involve human or
natural disasters, events that should also be addressed in the security plan.
For this reason, in this section we consider how to cope with the nontechnical
things that can go wrong. There are two pieces to the process of dealing with
nontechnical problems: preventing things that can be prevented and recovering
from the things that cannot be prevented. Physical
security is the term used to describe protection needed outside the
computer system. Typical physical security controls include guards, locks, and
fences to deter direct attacks. In addition, there are other kinds of
protection against less direct disasters, such as floods and power outages;
these, too, are part of physical security. As we will see, many physical
security measures can be provided simply by good common sense, a characteristic
that Mark Twain noted "is a most uncommon virtue."
Natural Disasters
Computers are subject to the
same natural disasters that can occur to homes, stores, and automobiles. They
can be flooded, burned, melted, hit by falling objects, and destroyed by
earthquakes, storms, and tornadoes. Additionally, computers are sensitive to
their operating environment, so excessive heat or inadequate power is also a
threat. It is impossible to prevent natural disasters, but through careful
planning it is possible to reduce the damage they inflict. Some measures can be
taken to reduce their impact. Because many of these perils cannot be prevented
or predicted, controls focus on limiting possible damage and recovering quickly
from a disaster. Issues to be considered include the need for offsite backups,
the cost of replacing equipment, the speed with which equipment can be
replaced, the need for available computing power, and the cost or difficulty of
replacing data and programs.
Flood
Water from a natural flood
comes from ground level, rising gradually, and bringing with it mud and debris.
Often, there is time for an orderly shutdown of the computing system; at worst,
the organization loses some of the processing in progress. At other times, such
as when a dam breaks, a water pipe bursts, or the roof collapses in a storm, a
sudden flood can overwhelm the system and its users before anything can be
saved. Water can come from above, below, or the side. The machinery may be
destroyed or damaged by mud and water, but most computing systems are insured
and replaceable by the manufacturer. Managers of unique or irreplaceable
equipment who recognize the added risk sometimes purchase or lease duplicate redundant
hardware systems to ensure against disruption of service.
Even when the hardware can be
replaced, we must be concerned about the stored data and programs. The system
administrator may choose to label storage media in a way that makes it easy to identify
the most important data. For example, green, yellow, and red labels may show
which disks are the most sensitive, so that all red disks are moved from the
data center during a storm. Similarly, large plastic bags and waterproof tape
can be kept near important equipment and media; they are used to protect the
hardware and storage media in case of a burst pipe or other sudden flood.
The real issue is protecting
data and preserving the ability to compute. The only way to ensure the safety
of data is to store backup copies in one or more safe locations.
Fire
Fire is more serious than
water; often there is not as much time to react, and human lives are more
likely to be in immediate danger. To ensure that system personnel can react
quickly, every user and manager should have a plan for shutting down the system
in an orderly manner. Such a process takes only a few minutes but can make
recovery much easier. This plan should include individual responsibilities for
all people: some to halt the system, others to protect crucial media, others to
close doors on media cabinets. Provision should be made for secondary
responsibilities, so that onsite staff can perform duties for those who are not
in the office.
Water is traditionally used
to put out fires, but it is not a good idea for use in computer rooms. In fact,
more destruction can be the result of sprinklers than of the fires themselves.
A fire sensor usually activates many sprinklers, dousing an entire room, even
when the fire is merely some ignited paper in a wastebasket and of no threat to
the computing system. Many computing centers use carbon dioxide extinguishers
or an automatic system that sprays a gas such as Halon to smother a fire but
leave no residue. Unfortunately, these gas systems work by displacing the
oxygen in the room, choking the fire but leaving humans unable to breathe.
Consequently, when these protection devices are activated, humans must leave,
disabling efforts to protect media.
The best defense for
situations like these is careful placement of the computing facility. A
windowless location with fire-resistant access doors and nonflammable
full-height walls can prevent some fires from spreading from adjacent areas to
the computing room. With a fire-and smoke-resistant facility, personnel merely
shut down the system and leave, perhaps carrying out the most important media.
Fire prevention is quite
effective, especially because most computer goods are not especially flammable.
Advance planning, reinforced with simulation drills, can help make good use of
the small amount of time available before evacuation is necessary.
Other Natural Disasters
Computers are subject to
storms, earthquakes, volcanoes, and similar events. Although not natural
disasters, building collapse, explosion, and damage from falling objects can be
considered in the same category. These kinds of catastrophes are difficult to
predict or estimate.
But we know these
catastrophes will occur. Security managers cope with them in several ways:
developing contingency plans
so that people know how to react in emergencies and business can continue
insuring physical
assetscomputers, buildings, devices, suppliesagainst harm
preserving sensitive data by
maintaining copies in physically separated locations
Power Loss
Computers need their
foodelectricityand they require a constant, pure supply of it. With a direct
power loss, all computation ceases immediately. Because of possible damage to
media by sudden loss of power, many disk drives monitor the power level and
quickly retract the recording head if power fails. For certain time-critical
applications, loss of service from the system is intolerable; in these cases,
alternative complete power supplies must be instantly available.
Uninterruptible Power Supply
One protection against power
loss is an uninterruptible power supply.
This device stores energy during normal operation so that it can return the
backup energy if power fails. One form of uninterruptible power supply uses
batteries that are continually charged when the power is on but which then
provide power when electricity fails. However, size, heat, flammability, and
low output can be problems with batteries.
Some uninterruptible power
supplies use massive wheels that are kept in continuous motion when electricity
is available. When the power fails, the inertia in the wheels operates
generators to produce more power. Size and limited duration of energy output
are problems with this variety of power supply. Both forms of power supplies
are intended to provide power for a limited time, just long enough to allow the
current state of the computation to be saved so that no computation is lost.
Surge Suppressor
Another problem with power is
its "cleanness." Although most people are unaware of it, a variation
of 10 percent from the stated voltage of a line is considered acceptable, and
some power lines vary even more. A particular power line may always be 10
percent high or low. In many places, lights dim momentarily when a large
appliance, such as an air conditioner, begins operation. When a large motor
starts, it draws an exceptionally large amount of current, which reduces the
flow to other devices on the line. When a motor stops, the sudden termination
of draw can send a temporary surge along the line. Similarly, lightning strikes
may send a momentary large pulse. Thus, instead of being constant, the power
delivered along any electric line shows many brief fluctuations, called drops, spikes, and surges . A
drop is a momentary reduction in voltage, and a spike or surge is a rise. For
computing equipment, a drop is less serious than a surge. Most electrical
equipment is tolerant of rather large fluctuations of current.
These variations can be
destructive to sensitive electronic equipment, however. Simple devices called
"surge suppressors" filter spikes from an electric line, blocking
fluctuations that would affect computers. These devices cost from $20 to $100;
they should be installed on every computer, printer, or other connected
component. More sensitive models are typically used on larger systems.
As mentioned previously, a
lightning strike can send a surge through a power line. To increase protection,
personal computer users usually unplug their machines when they are not in use,
as well as during electrical storms. Another possible source of destruction is
lightning striking a telephone line. Because the power surge can travel along
the phone line and into the computer or peripherals, the phone line should be
disconnected from the modem during storms. These simple measures may save much
work as well as valuable equipment.
Human Vandals
Because computers and their
media are sensitive to a variety of disruptions, a vandal can destroy hardware,
software, and data. Human attackers may be disgruntled employees, bored
operators, saboteurs, people seeking excitement, or unwitting bumblers. If
physical access is easy to obtain, crude attacks using axes or bricks can be
very effective. One man recently shot a computer that he claimed had been in
the shop for repairs many times without success.
Physical attacks by unskilled
vandals are often easy to prevent; a guard can stop someone approaching a
computer installation with a threatening or dangerous object. When physical
access is difficult, more subtle attacks can be tried, resulting in quite
serious damage. People with only some sophisticated knowledge of a system can
short-circuit a computer with a car key or disable a disk drive with a paper
clip. These items are not likely to attract attention until the attack is
completed.
Unauthorized Access and Use
Films and newspaper reports
exaggerate the ease of gaining access to a computing system. Still, as
distributed computing systems become more prevalent, protecting the system from
outside access becomes more difficult and more important. Interception is a
form of unauthorized access; the attacker intercepts data and either breaks
confidentiality or prevents the data from being read or used by others. In this
context, interception is a passive attack. But we must also be concerned about
active interception, in the sense that the attacker can change or insert data
before allowing it to continue to its destination.
Theft
It is hard to steal a large
mainframe computer. Not only is carrying it away difficult, but finding a
willing buyer and arranging installation and maintenance also require special
assistance. However, printed reports, tapes, or disks can be carried easily. If
done well, the loss may not be detected for some time.
Personal computers, laptops,
and personal digital assistants (PDAs, such as Palms or Blackberries) are
designed to be small and portable. Diskettes and tape backup cartridges are
easily carried in a shirt pocket or briefcase. Computers and media that are
easy to carry are also easy to conceal.
We can take one of three
approaches to preventing theft: preventing access, preventing portability, or
detecting exit.
Preventing Access
The surest way to prevent
theft is to keep the thief away from the equipment. However, thieves can be
either insiders or outsiders. Therefore, access control devices are needed both
to prevent access by unauthorized individuals and to record access by those
authorized. A record of accesses can help identify who committed a theft.
The oldest access control is
a guard, not in the database management system sense we discussed in Chapter 6 but rather in the sense of a human
being stationed at the door to control access to a room or to equipment. Guards
offer traditional protection; their role is well understood, and the protection
they offer is adequate in many situations. However, guards must be on duty
continuously in order to be effective; providing breaks implies at least four
guards for a 24-hour operation, with extras for vacation and illness. A guard
must personally recognize someone or recognize an access token, such as a
badge. People can lose or forget badges; terminated employees and forged badges
are also problems. Unless the guard makes a record of everyone who has entered
a facility, there is no way to know who (employee or visitor) has had access in
case a problem is discovered.
The second oldest access
control is a lock. This device is even easier, cheaper, and simpler to manage
than a guard. However, it too provides no record of who has had access, and
difficulties arise when keys are lost or duplicated. At computer facilities, it
is inconvenient to fumble for a key when your hands are filled with tapes or
disks, which might be ruined if dropped. There is also the possibility of
piggybacking: a person walks through the door that someone else has just
unlocked. Still, guards and locks provide simple, effective security for access
to facilities such as computer rooms.
More exotic access control
devices employ cards with radio transmitters, magnetic stripe cards (similar to
24-hour bank cards), and smart cards with chips containing electronic circuitry
that makes them difficult to duplicate. Because each of these devices
interfaces with a computer, it is easy for the computer to capture identity
information, generating a list of who entered and left the facility, when, and
by which routes. Some of these devices operate by proximity, so that a person
can carry the device in a pocket or clipped to a collar; the person obtains
easy access even when hands are full. Because these devices are computer
controlled, it is easy to invalidate an access authority when someone quits or
reports the access token lost or stolen.
The nature of the application
or service determines how strict the access control needs to be. Working in
concert with computer-based authentication techniques, the access controls can
be part of defense in depthusing multiple mechanisms to provide security.
Preventing Portability
Portability is a mixed
blessing. We can now carry around in our pockets devices that provide as much
computing power as mainframes did twenty years ago. Portability is in fact a
necessity in devices such as PDAs and mobile phones. And we do not want to
permanently affix our personal computers to our desks, in case they need to be
removed for repair or replacement. Thus, we need to find ways to enable
portability without promoting theft.
One antitheft device is a pad
connected to cable, similar to those used to secure bicycles. The pad is glued
to the desktop with extremely strong adhesive. The cables loop around the
equipment and are locked in place. Releasing the lock permits the equipment to
be moved. An alternative is to couple the base of the equipment to a secure
pad, in much the same way that televisions are locked in place in hotel rooms.
Yet a third possibility is a large, lockable cabinet in which the personal
computer and its peripherals are kept when they are not in use. Some people
argue that cables, pads, and cabinets are unsightly and, worse, they make the
equipment inconvenient to use.
Another alternative is to use
movement-activated alarm devices when the equipment is not in use. Small alarms
are available that can be locked to a laptop or PDA. When movement is detected,
a loud, annoying whine or whistle warns that the equipment has been disturbed.
Such an alarm is especially useful when laptops must be left in meeting or
presentation rooms overnight or during a break. Used in concert with guards,
the alarms can offer reasonable protection at reasonable cost.
Detecting Theft
For some devices, protection
is more important than detection. We want to keep someone from stealing certain
systems or information at all costs. But for other devices, it may be enough to
detect that an attempt has been made to access or steal hardware or software.
For example, chaining down a disk makes it unusable. Instead, we try to detect
when someone tries to leave a protected area with the disk or other protected
object. In these cases, the protection mechanism should be small and
unobtrusive.
One such mechanism is similar
to the protection used by many libraries, bookstores, or department stores.
Each sensitive object is marked with a special label. Although the label looks
like a normal pressure-sensitive one, its presence can be detected by a machine
at the exit door if the label has not been disabled by an authorized party,
such as a librarian or sales clerk. Similar security code tags are available
for vehicles, people, machinery, and documents. Some tags are enabled by radio
transmitters. When the detector sounds an alarm, someone must apprehend the
person trying to leave with the marked object.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.