ND Wk8
Network Defense and
Countermeasures
by Chuck Easttom
Chapter 14: Physical Security and Disaster Recovery
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 2
Objectives
Understand Physical Security
Implement Physical Security
Understand Disaster Recovery
Understand Business Continuity
Definition: Physical Security
The physical measures and their associated
procedures to safeguard and protect against:
Damage
Loss
Theft
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 3
Required Physical Controls
Perimeter and Building Grounds
Building Entry Points
Inside the Building – Building Floors / Offices
Data Centers or Server Room Security
Computer Equipment Protection
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 4
Examples of Threats
Emergencies
Fire and Smoke Contaminants
Building Collapse or Explosion
Utility Loss (Power, AC, Heat)
Water Damage (Broken Pipes)
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 5
Fire Prevention
Use Fire Resistant Materials for Walls, Doors, Furnishings, etc.
Reduce the Amount of Combustible Papers Around Electrical Equipment
Provide Fire Prevention Training to Employees REMEMBER: Life Safety is the Most Important
Issue!
Conduct Fire Drills on All Shifts So that Personnel Know How to Exit A Building
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 6
Fire Detection
Automatic Dial-Up Fire Alarm
System Dials the Local Fire or Police Department and
Plays a Prerecorded Message When a Fire is
Detected
Usually Used in Conjunction with One of the Other
Type of Fire Detectors
This Type of System Can Be Easily/Intentionally
Subverted
Combinations are Usually Used for The Best
Effectiveness in Detecting a Fire
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 7
Fire Suppression
Carbon Dioxide (CO2), Foam, Inert Gas and
Dry Power Extinguishers DISPLACE Oxygen
to Suppress a Fire
CO2 Is a Risk to Humans (Because of
Oxygen Displacement)
Water Suppresses the Temperature
Required to Sustain a Fire
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 8
Fire Suppression – Halon
Halon Banned for New Systems Under 1987
Montreal Protocol on Substances that Deplete
the Ozone Layer
Began Implementation of Ban in 1992
Any New Installations of Fire Suppression systems
Must Use Alternate Options
EU Requires Removal of Halon for Most Applications
Halon Replacements:
FM200,
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 9
Safety Fire Extinguishers
Class A – Ordinary combustibles such as
wood or paper.
Class B – Flammable liquids such as grease,
oil, or gasoline.
Class C – Electrical Equipment
Class D – Flammable Metals
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 10
Fire Suppression – Water
Wet Pipe Always Contains Water
Most Popular and Reliable
165° Fuse Melts Can Freeze in Winter
Pipe Breaks Can Cause Floods
Dry Pipe No Water in Pipe
Preferred for Computer Installations
Water Held Back by Clapper
Air Blows Out of Pipe, Water Flows
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 11
Fire Suppression – Water
Deluge
Type of Dry Pipe
Water Discharge is Large
Not Recommended for Computer Installations
Preaction
Most Recommended for Computer Room
Combines Both Dry and Wet Pipes
Water Released into Pipe First Then After Fuse Melts in Nozzle the Water is Dispersed
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 12
What Is a Disaster
Any natural or man-made event that disrupts
the operations of a business
in such a significant way that a considerable
and coordinated effort is required to achieve
a recovery.
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 13
How BCP and DRP
Support Security BCP (Business Continuity Planning) and
DRP (Disaster Recovery Planning)
Security pillars: C-I-A
Confidentiality
Integrity
Availability
BCP and DRP directly support availability
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 14
BCP and DRP Differences
and Similarities BCP
Activities required to ensure the continuation of
critical business processes in an organization
Alternate personnel, equipment, and facilities
Often includes non-IT aspects of business
DRP
Assessment, salvage, repair, and eventual
restoration of damaged facilities and systems
Often focuses on IT systems
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 15
The Role of Prevention
Not prevention of the disaster itself
Prevention of surprise and disorganized response
Reduction in impact of a disaster
Better equipment bracing
Better fire detection and suppression
Contingency plans that provide [near] continuous
operation of critical business processes
Prevention of extended periods of downtime
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 16
Running a BCP / DRP Project
Main phases
Pre-project activities
Perform a Business Impact Assessment (BIA)
Develop business continuity and recovery
plans
Test resumption and recovery plans
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 17
Performing a Business
Impact Analysis Asset Analysis
Purchase cost, development cost, administrative
cost, maintenance cost.
Survey critical processes
Perform risk analyses and threat assessment
Determine Maximum Tolerable Downtime
(MTD)
Establish key recovery targets
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 18
RAID
RAID 0 (striped disks) distributes data across multiple disks in a way that gives improved speed at
any given instant. NO fault tolerance
RAID 1 mirrors the contents of the disks, making a form of 1:1 ratio realtime backup. Also called
mirroring
RAID 3 or 4 (striped disks with dedicated parity) combines three or more disks in a way that protects
data against loss of any one disk. Fault tolerance is achieved by adding an extra disk to the array and
dedicating it to storing parity information. The storage capacity of the array is reduced by one disk
RAID 5 (striped disks with distributed parity) combines three or more disks in a way that protects data
against the loss of any one disk. It is similar to RAID 3 but the parity is not stored on one dedicated
drive, instead parity information is interspersed across the drive array. The storage capacity of the
array is a function of the number of drives minus the space needed to store parity
RAID 6 (striped disks with dual parity) combines four or more disks in a way that protects data against
loss of any two disks.
RAID 1+0 (or 10) is a mirrored data set (RAID 1) which is then striped (RAID 0), hence the “1+0”
name. A RAID 1+0 array requires a minimum of four drives: two mirrored drives to hold half of the
striped data, plus another two mirrored for the other half of the data.
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 19
Backups
Full – all changes
Differential – all changes since last full backup
Incremental – all changes since last backup of
any type
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 20
Summary
Physical security involves lighting, locks,
fences, and physical access control.
Fire suppression systems are an important
part of physical security.
A Business Impact Analysis must be done
before disaster recovery.
RAID is a fundamental part of fault tolerance.
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 21
Summary cont.
Disaster Recovery Plans are aimed at
restoring full normal operations.
Business Continuity Plans are designed to
maintain some level of operations until full
recovery can be achieved.
Data backups are a significant part of fault
tolerance and disaster recovery.
© 2014 by Pearson Education, Inc. Chapter 14 Physical Security and Disaster
Recovery 22