B. The second canon of the ISC
confidential, a constant signal of a specific frequency, a randomly variable signal such as the white noise heard between radio stations or television stations, or even a jam signal that causes
interception equipment to fail. White noise is most effective when created around the perimeter of an area so that it is broadcast outward to protect the internal area where emanations may be
needed for normal operations.
The final type of TEMPEST countermeasure, a control zone, is simply the implementation of either a Faraday cage or white noise generation in an environment where a specific area is
protected while the rest is not. A control zone can be a room, a floor, or an entire building. Con- trol zones are those areas where emanation signals are supported and used by necessary equip-
ment, such as wireless networking, mobile phones, radios, and televisions. Outside of the control zones, emanation interception is blocked or prevented through the use of various TEM-
PEST countermeasures.
Environment and Life Safety
An important aspect of physical access control and maintaining the security of a facility is pro- tecting the basic elements of the environment and protecting human life. In all circumstances
and under all conditions, the most important aspect of security is protecting people. Preventing harm to people is the most important goal of all security solutions.
Personnel Safety
Part of maintaining safety for personnel is maintaining the basic environment of a facility. For short periods of time, people can survive without water, food, air conditioning, and power. But
in some cases, the loss of these elements can have disastrous results or they can be symptoms of more immediate and dangerous problems. Flooding, fires, release of toxic materials, and natu-
ral disasters all threaten human life as well as the stability of a facility. Physical security proce- dures should focus on protecting human life and then on restoring the safety of the environment
and restoring the utilities necessary for the IT infrastructure to function.
People should always be your top priority. Only after personnel are safe can you consider addressing business continuity issues. Many organizations are adopting Occupant Emergency
Plans OEPs to guide and assist with sustaining personnel safety in the event of a disaster. The OEP provides guidance on how to minimize threats to life, prevent injury, and protect property
from damage in the event of a destructive physical event. The OEP does not address IT issues or business continuity, just personnel and general property. The BCP and DRP address IT and
business continuity and recovery issues.
Power and Electricity
Power supplied by electric companies is not always consistent and clean. Most electronic equip- ment demands clean power to function properly. Equipment damage due to power fluctuations
is a common occurrence. Many organizations opt to manage their own power through several means. An uninterruptible power supply UPS is a type of self-charging battery that can be used
to supply consistent clean power to sensitive equipment. A UPS functions basically by taking power in from the wall outlet, storing it in a battery, pulling power out of the battery, and then
feeding that power to whatever devices are connected to it. By directing current through its bat- tery, it is able to maintain a consistent clean power supply. A UPS has a second function, one
that is used most often as a selling point. A UPS provides continuous power even after the pri- mary power source fails. A UPS can continue to supply power for minutes or hours, depending
on its capacity and the amount of power the equipment needs.
Another means to ensure that equipment is not damaged by power fluctuations is the use of power strips with surge protectors. A surge protector includes a fuse that will blow before power
levels change significantly enough to cause damage to equipment. However, once a surge protec- tor’s fuse or circuit is tripped, the electric flow is completely interrupted. Surge protectors should
be used only when instant termination of electricity will not cause damage or loss to the equip- ment. Otherwise, a UPS should be employed.
If maintaining operations for considerable time in spite of a brownout or blackout is a neces- sity, then onsite electric generators are required. Such generators turn on automatically when a
power failure is detected. Most generators operate using a fuel tank of liquid or gaseous pro- pellant that must be maintained to ensure reliability. Electric generators are considered alternate
or backup power sources.
The problems with power are numerous. Here is a list of terms associated with power issues you should be familiar with:
Fault A momentary loss of power Blackout A complete loss of power
Sag Momentary low voltage Brownout Prolonged low voltage
Spike Momentary high voltage Surge Prolonged high voltage
Inrush An initial surge of power usually associated with connecting to a power source, whether primary or alternatesecondary
Noise A steady interfering disturbance Transient A short duration of line noise disturbance
Clean Nonfluctuating pure power Ground The wire in an electrical circuit that is grounded
A brownout is an interesting power issue because its definition references the ANSI standards for power. The ANSI standards allow for an 8-percent drop in power between the power source
and the facility meter and a drop of 3.5 percent between the facility meter and the wall outlet before the instance of prolonged low voltage is labeled as a brownout. The ANSI standard further
distinguishes that the low voltage outside of your meter is to be repaired by the power company, while the internal brownout is your responsibility.
Noise
Noise can cause more than just problems with how equipment functions; it can also interfere with the quality of communications, transmissions, and playback. Noise generated by electric current
can affect any means of data transmission that relies on electromagnetic transport mechanisms, such as telephone, cellular, television, audio, radio, and network mechanisms. There are two types
of electromagnetic interference EMI: common mode and traverse mode. Common mode noise is generated by the difference in power between the hot and ground wires of a power source or
operating electrical equipment. Traverse mode noise is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment.
A similar issue is radio frequency interference RFI, which can affect many of the same sys- tems as EMI. RFI is generated by a wide number of common electrical appliances, including flu-
orescent lights, electrical cables, electric space heaters, computers, elevators, motors, and electric magnets.
Protecting your power supply and your equipment from noise is an important part of main- taining a productive and functioning environment for your IT infrastructure. Steps to take for
this kind of protection include providing for sufficient power conditioning, establishing proper grounding, shielding all cables, and limiting exposure to EMI and RFI sources.
Temperature, Humidity, and Static
In addition to power considerations, maintaining the environment involves control over the HVAC mechanisms. Rooms primarily containing computers should be kept at 60 to 75 degrees
Fahrenheit 15 to 23 degrees Celsius. Humidity in a computer room should be maintained between 40 and 60 percent. Too much humidity can cause corrosion. Too little humidity causes
static electricity. Even on nonstatic carpeting, if the environment has low humidity it is still pos- sible to generate 20,000-volt static discharges. As you can see in Table 19.1, even minimal levels
of static discharge can destroy electronic equipment.
T A B L E 1 9 . 1 Static Voltage and Damage
Static Voltage Possible Damage
40 Destruction of sensitive circuits and other electronic components
1,000 Scrambling of monitor displays
1,500 Destruction of data stored on hard drives
2,000 Abrupt system shutdown
4,000 Printer jam or component damage
17,000 Permanent circuit damage
Water
Water leakage and flooding should be addressed in your environmental safety policy and pro- cedures. Plumbing leaks are not an everyday occurrence, but when they do happen, they often
cause significant damage. Water and electricity don’t mix. If your computer systems come in contact with water, especially while they are operating, damage is sure to occur. Plus water and
electricity create a serious risk of electrocution to personnel. Whenever possible, locate server rooms and critical computer equipment away from any water source or transport pipes. You
may also want to install water detection circuits on the floor around mission-critical systems. Water detection circuits will sound an alarm and alert you if water is encroaching upon the
equipment. To minimize emergencies, be familiar with shutoff valves and drainage locations. In addition to monitoring for plumbing leaks, you should evaluate your facility’s capability of han-
dling severe rain or flooding in your area. Is the facility located on a hill or in a valley? Is there sufficient drainage? Is there a history of flooding or accumulation of standing water? Is your
server room located in the basement or on the first floor?
Fire Detection and Suppression
Fire detection and suppression must not be overlooked. Protecting personnel from harm should always be the most important goal of any security or protection system. In addition to protect-
ing people, fire detection and suppression is designed to keep damage caused by fire, smoke, heat, and suppression materials to a minimum, especially in regard to the IT infrastructure.
Basic fire education involves knowledge of the fire triangle see Figure 19.2. The three cor- ners of the triangle represent fire, heat, and oxygen. The center of the triangle represents the
chemical reaction of the three elements. The point of the fire triangle is to illustrate that if you can remove any one of the four items from the fire triangle, the fire can be extinguished. Dif-
ferent suppression mediums address different aspects of the fire:
Water suppresses the temperature. Soda acid and other dry powders suppress the fuel supply.
CO
2
suppresses the oxygen supply. Halon and its substitutes interferes with the chemical reaction of combustion andor sup-
presses the oxygen supply. When selecting a suppression medium, it is important to consider what aspect of the fire tri-
angle it addresses, what this represents in reality, how effective the suppression medium usually is, and what effect the suppression medium will have on your environment.
In addition to understanding the fire triangle, it is also helpful to understand the stages of fire. Fire has numerous stages, and Figure 19.3 addresses the four most vital stages.
Stage 1: The incipient stage At this stage, there is only air ionization but not smoke. Stage 2: The smoke stage In Stage 2, smoke is visible from the point of ignition.
Stage 3: The flame stage This is when a flame can be seen with the naked eye. Stage 4: The heat stage At Stage 4, the fire is considerably further down the timescale to the
point where there is an intense heat buildup and everything in the area burns.
F I G U R E 1 9 . 2 The fire triangle
F I G U R E 1 9 . 3 The four primary stages of fire
The earlier a fire is detected, the easier it is to extinguish and the less damage it and its sup- pression mediums can cause.
One of the basics of fire management is proper personnel awareness training. Everyone should be thoroughly familiar with the fire suppression mechanisms in their facility. Everyone should
also be familiar with at least two evacuation routes from their primary work location and know how to locate evacuation routes elsewhere in the facility. Personnel should be trained in the
location and use of fire extinguishers. Other items that can be included in fire or general emer- gency response training are cardiopulmonary resuscitation CPR training, emergency shut-
down procedures, and a preestablished rendezvous location or safety verification mechanism such as voicemail.
Chemical Reaction
Heat
Oxygen Fuel
Temperature
Time
Stage 1: Incipient Stage 2: Smoke
Stage 3: Flame Stage 4: Heat
Most fires in a data center are caused by overloaded electrical distribution outlets.
Fire Extinguishers
There are several different types of fire extinguishers. Understanding what type to use on vari- ous forms of fire is essential to effective fire suppression. If a fire extinguisher is used improperly
or the wrong form of fire extinguisher is used, the fire could spread and intensify instead of being quenched. Fire extinguishers are to be used only when a fire is still in the incipient stage.
Table 19.2 lists the three common types of fire extinguishers.
Water cannot be used on Class B fires because it splashes the burning liquids and said liquids usually float. Water cannot be used on Class C fires because of
the potential for electrocution. Oxygen suppression cannot be used on metal fires because burning metal produces its own oxygen.
Fire Detection Systems
To properly protect a facility from fire is to install an automated detection and suppression system. There are many types of fire detection systems. Fixed temperature detection systems trigger suppres-
sion when a specific temperature is reached. The trigger is usually a metal or plastic component that is in the sprinkler head and melts at a specific temperature. Rate of rise temperature detection sys-
tems trigger suppression when the speed at which the temperature changes reaches a specific level. Flame actuated systems trigger suppression based on the infrared energy of flames. Smoke actuated
systems trigger suppression based on photoelectric or radioactive ionization sensors.
T A B L E 1 9 . 2 Fire Extinguisher Classes
Class Type
Suppression Material
A Common combustibles
Water, soda acid a dry powder or liquid chemical
B Liquids
CO
2
, Halon, soda acid C
Electrical CO
2
, Halon D
Metal Dry powder
Halon or EPA-approved Halon substitute.
Most fire detection systems can be linked to fire response service notification mechanisms. When suppression is triggered, such linked systems will contact the local fire response team and
request aid using an automated message or alarm. To be effective, fire detectors need to be placed strategically. Don’t forget to place them in
dropped ceilings and raised floors, in server rooms, in private offices and public areas, in HVAC vents, in elevator shafts, in the basement, and so on.
As for the suppression mechanisms used, they can be based on water or on a fire suppression gas system. Water is the most common in human-friendly environments, whereas gaseous sys-
tems are more appropriate for computer rooms where personnel typically do not reside.
Water Suppression Systems
There are four main types of water suppression systems. A wet pipe system also known as a closed head system is always full of water. Water discharges immediately when suppression is
triggered. A dry pipe system contains compressed air. Once suppression is triggered, the air escapes, opening a water valve that in turn causes the pipes to fill and discharge water into the
environment. A deluge system is another form of dry pipe system that uses larger pipes and therefore a significantly larger volume of water. Deluge systems are inappropriate for environ-
ments that contain electronics and computers. A preaction system is a combination dry pipewet pipe system. The system exists as a dry pipe until the initial stages of a fire smoke, heat, etc.
are detected and then the pipes are filled with water. The water is released only after the sprin- kler head activation triggers are melted by sufficient heat. If the fire is quenched before the sprin-
klers are triggered, the pipes can be manually emptied and reset. This also allows for manual intervention to stop the release of water before sprinkler triggering occurs. Preaction systems
are the most appropriate water-based system for environments that include both computers and humans in the same locations.
The most common cause of failure for a water-based system is human error, such as turning off the water source when there is a fire or triggering a water
release when there is no fire.
Gas Discharge Systems
Gas discharge systems are usually more effective than water discharge systems. However, gas discharge systems should not be employed in environments in which people are located. Gas dis-
charge systems usually remove the oxygen from the air, thus making them hazardous to per- sonnel. They employ a pressurized gaseous suppression medium, such as CO
2
, Halon, or FM-200 a Halon replacement.
Halon is a very effective fire suppression compound, but it degrades into toxic gases at 900 degrees Fahrenheit. Additionally, it is not environmentally friendly. The EPA has banned the man-
ufacture of Halon in the United States, but it can still be imported. However, according to the Mon- treal Protocol, you should contact a Halon recycling facility to make arrangements for refilling a
discharged system instead of contacting a vendor or manufacturer directly. This action is encour- aged so that already produced Halon will be consumed and less new Halon will be created.
Due to the issues with Halon, it is often replaced by a more ecological and less toxic medium. The following list includes EPA-approved replacements for Halon:
FM-200 HFC-227ea CEA-410 or CEA 308
NAF-S-III HCFC Blend A FE-13 HCFC-23
Aragon IG55 or Argonite IG01 Inergen IG541
Halon may also be replaced by low-pressure water mists, but those systems are usually not employed in computer rooms or electrical equipment storage facilities. A low-pressure water
mist is a vapor cloud used to quickly reduce the temperature of an area.
Damage
Addressing fire detection and suppression includes dealing with the possible contamination and damage caused by a fire. The destructive elements of a fire include smoke and heat, but they also
include the suppression medium, such as water or soda acid. Smoke is damaging to most storage devices. Heat can damage any electronic or computer component. One hundred degrees Fahr-
enheit can damage storage tapes, 175 degrees can damage computer hardware i.e., CPU and RAM, and 350 degrees can damage paper products i.e., warping and discoloration.
Suppression mediums can cause short circuits, initiate corrosion, or otherwise render equip- ment useless. All of these issues must be addressed when designing a fire response system.
Don’t forget that in the event of a fire, in addition to damage caused by the fire and your selected suppression medium, members of the fire department may
cause damage using their hoses to spray water and their axes while searching for hot spots.
Equipment Failure
No matter what the quality of the equipment your organization chooses to purchase and install is, eventually it will fail. Understanding this fact and preparing for it will ensure the ongoing
availability of your IT infrastructure and will help you to protect the integrity and availability of your resources.
Preparing for equipment failure can take many forms. In some non-mission-critical situa- tions, simply knowing where you can purchase replacement parts for a 48-hour replacement
timeline is sufficient. In other situations, maintaining onsite replacement parts is mandatory. Keep in mind that the response time in returning a system back to a fully functioning state is
directly proportional to the cost involved in maintaining such a solution. Costs include storage,
transportation, prepurchasing, and maintaining onsite installation and restoration expertise. In some cases, maintaining onsite replacements is infeasible. For those cases, establishing a service
level agreement SLA with the hardware vendor is essential. An SLA clearly defines the response time a vendor will provide in the event of an equipment failure emergency.
Aging hardware should be scheduled for replacement andor repair. The schedule for such operations should be based on the mean time to failure MTTF and mean time to repair
MTTR estimates established for each device. MTTF is the expected typical functional lifetime of the device given a specific operating environment. MTTR is the average length of time
required to perform a repair on the device. A device can often undergo numerous repairs before a catastrophic failure is expected. Be sure to schedule all devices to be replaced before their
MTTF expires. When a device is sent out for repairs, you need to have an alternate solution or a backup device to fill in for the duration of the repair time. Often, waiting until a minor failure
occurs before a repair is performed is satisfactory, but waiting until a complete failure occurs before replacement is an unacceptable security practice.
Summary
If you don’t have control over the physical environment, no amount of administrative or tech- nicallogical access controls can provide adequate security. If a malicious person can gain phys-
ical access to your facility or equipment, they own it. There are many aspects and elements to implementing and maintaining physical security.
One of the core elements is selecting or designing the facility that will house your IT infrastruc- ture and the operations of your organization. You must start with a plan that outlines the secu-
rity needs of your organization and emphasizes methods or mechanisms to employ to provide security. Such a plan is developed through a process known as critical path analysis.
The security controls implemented to manage physical security can be divided into three groups: administrative, technical, and physical. Administrative physical security controls
include facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures. Technical physical security controls include
access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression. Examples of physical controls for physical security include fenc-
ing, lighting, locks, construction materials, mantraps, dogs, and guards.
There are many types of physical access control mechanisms that can be deployed in an envi- ronment to control, monitor, and manage access to a facility. These range from deterrents to
detection mechanisms. They can be fences, gates, turnstiles, mantraps, lighting, security guards, security dogs, key locks, combination locks, badges, motion detectors, sensors, and alarms.
The technical controls most often found employed as an access control mechanism to man- age physical access include smartdumb cards and biometrics. In addition to access control,
physical security mechanisms can be in the form of audit trails, access logs, and intrusion detec- tion systems.
An important aspect of physical access control and maintaining the security of a facility is protecting the basic elements of the environment and protecting human life. In all circumstance
and under all conditions, the most important aspect of security is protecting people. Preventing harm is the utmost goal of all security solutions. Providing clean power sources and managing
the environment are also important. Fire detection and suppression must not be overlooked. In addition to protecting people, fire
detection and suppression is designed to keep damage caused by fire, smoke, heat, and suppres- sion materials to a minimum, especially in regard to the IT infrastructure.
Exam Essentials
Understand why there is no security without physical security. Without control over the physical environment, no amount of administrative or technicallogical access controls can pro-
vide adequate security. If a malicious person can gain physical access to your facility or equip- ment, they can do just about anything they want, from destruction to disclosure and alteration.
Be able to list administrative physical security controls. Examples of administrative physical security controls are facility construction and selection, site management, personnel controls,
awareness training, and emergency response and procedures.
Be able to list the technical physical security controls. Technical physical security controls can be access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies,
and fire detection and suppression.
Be able to name the physical controls for physical security. Physical controls for physical security are fencing, lighting, locks, construction materials, mantraps, dogs, and guards.
Know the functional order of controls. The are denial, deterrence, detection, then delay. Know the key elements in making a site selection and designing a facility for construction.
The key elements in making a site selection are visibility, composition of the surrounding area, area accessibility, and the effects of natural disasters. A key element in designing a facility for
construction is understanding the level of security needed by your organization and planning for it before construction begins.
Know how to design and configure secure work areas. There should not be equal access to all locations within a facility. Areas that contain assets of higher value or importance should
have restricted access. Valuable and confidential assets should be located in the heart or center of protection provided by a facility. Also, centralized server or computer rooms need not be
human compatible.
Understand how to handle visitors in a secure facility. If a facility employs restricted areas to control physical security, then a mechanism to handle visitors is required. Often an escort is
assigned to visitors and their access and activities are monitored closely. Failing to track the actions of outsiders when they are granted access into a protected area can result in malicious
activity against the most protected assets.
Know the three categories of security controls implemented to manage physical security and be able to name examples of each. The security controls implemented to manage physical secu-
rity can be divided into three groups: administrative, technical, and physical. Understand when and how to use each and be able to list examples of each kind.
Know the common threats to physical access controls. No matter what form of physical access control is used, a security guard or other monitoring system must be deployed to prevent
abuse, masquerading, and piggybacking. Abuses of physical access control are propping open secured doors and bypassing locks or access controls. Masquerading is using someone else’s
security ID to gain entry into a facility. Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally.
Understand the need for audit trails and access logs. Audit trails and access logs are useful tools even for physical access control. They may need to be created manually by security guards.
Or they can be generated automatically if sufficiently automated access control mechanisms are in place i.e., smart cards and certain proximity readers. You should also consider monitoring
entry points with CCTV. Through CCTV, you can compare the audit trails and access logs with a visually recorded history of the events. Such information is critical to reconstructing the events
of an intrusion, breach, or attack.
Understand the need for clean power. Power supplied by electric companies is not always consistent and clean. Most electronic equipment demands clean power in order to function
properly. Equipment damage due to power fluctuations is a common occurrence. Many orga- nizations opt to manage their own power through several means. A UPS uninterruptible power
supply is a type of self-charging battery that can be used to supply consistent clean power to sensitive equipment. UPSs also provide continuous power even after the primary power source
fails. A UPS can continue to supply power for minutes or hours depending on its capacity and the draw by equipment.
Know the terms commonly associated with power issues. Know the definitions of the follow- ing: fault, blackout, sag, brownout, spike, surge, inrush, noise, transient, clean, and ground.
Understand controlling the environment. In addition to power considerations, maintaining the environment involves control over the HVAC mechanisms. Rooms primarily containing
computers should be kept at 60 to 75 degrees Fahrenheit 15 to 23 degrees Celsius. Humidity in a computer room should be maintained between 40 and 60 percent. Too much humidity can
cause corrosion. Too little humidity causes static electricity.
Know about static electricity. Even on nonstatic carpeting, if the environment has low humid- ity, it is still possible to generate 20,000-volt static discharges. Even minimal levels of static dis-
charge can destroy electronic equipment.
Understand the need to manage water leakage and flooding. Water leakage and flooding should be addressed in your environmental safety policy and procedures. Plumbing leaks are
not an everyday occurrence, but when they do happen, they often cause significant damage. Water and electricity don’t mix. If your computer systems come in contact with water, espe-
cially while they are operating, damage is sure to occur. Whenever possible, locate server rooms and critical computer equipment away from any water source or transport pipes.
Understand the importance of fire detection and suppression. Fire detection and suppression must not be overlooked. Protecting personnel from harm should always be the most important
goal of any security or protection system. In addition to protecting people, fire detection and suppression is designed to keep damage caused by fire, smoke, heat, and suppression materials
to a minimum, especially in regard to the IT infrastructure.
Understand the possible contamination and damage caused by a fire and suppression. The destructive elements of a fire include smoke and heat, but they also include the suppression
medium, such as water or soda acid. Smoke is damaging to most storage devices. Heat can dam- age any electronic or computer component. Suppression mediums can cause short circuits, ini-
tiate corrosion, or otherwise render equipment useless. All of these issues must be addressed when designing a fire response system.
Review Questions
1. Which of the following is the most important aspect of security?