P1: JDV
Michael WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:10 Char Count= 0
Physical SecurityPhysical Security
Mark Michael,King’s CollegeIntroduction 64
Physical Threats to Integrity and Availability
of Resources 64
Basic Environmental Threats to Computing
Resources 64
Fire 66
Power Anomalies 66
Computing Infrastructure Problems 67
Physical Damage 67
Local Hazards 68
Humans 68
Physical Means of Misappropriating Resources 69
Unauthorized Movement of Resources 69
Social Engineering and Information Mining 69
Unauthorized Connections and Use 69
Eavesdropping 70
Preventive Measures 70
Control and Monitoring of Physical Access
and Use 71
Control and Monitoring of Environmental Factors 71Health and Safety Issues 72
Fire Preparedness 73
Power Maintenance and Conditioning 74
Electromagnetic Shielding 76
Weather Preparedness 76
Earthquake Preparedness 76
Ruggedization of Equipment 77
Redundancy 77
Sanitization of Media 78
Physical Security Awareness Training 78
Reactive Measures 79
Fire Suppression 79
First Response to Other Types of Incidents 80
Disaster Recovery 80
Physical Aspects of Computer and Network
Security Planning 81
Conclusion 82
Glossary 82
Cross References 83
References 83INTRODUCTION
Digital information is at the heart of every Internet
transaction. The confidentiality, integrity, and availability
of that information depends on the security of the follow-
ing physical constituents of any computing environment:- hardware, in the broadest sense—machines, storage
media, and transmission media; - the physical expression of the zeroes and ones that rep-
resent digital information (data and programs); - electricity, without which no digital information could
change, move, or incite action; and - humans and the information they possess to run the
system.
Internet security can be divided into two distinct areas:
cybersecurity and physical security. The former term
pertains to threats and defenses mounted via the same
channels as legitimate exchanges of digital information.
Encryption of information falls into this category. The role
of physical security is to guard the four physical ingre-
dients just outlined in two ways. First, it must protect
the integrity and availability of resources for legitimate
use. Second, it must prevent the misuse of resources,
for example, by breaches of confidentiality or theft of
services.
Physical security and cybersecurity complement one
another. Where an organization’s control over the phys-
ical ingredients ends, encryption and the like must take
over. When cyberdefenses are strengthened, physical vul-nerabilities become more inviting targets. Physical secu-
rity serves cybersecurity. A breach of physical security,
such as a password in the trash, can give a cyberattacker
a foothold. The advent of biometrics and smart cards can
be viewed either as an expansion of physical security into
cybersecurity territory or as a blurring of the line between
the two forms of security.
Physical security issues extend as far as an organi-
zation’s resources. Because human knowledge is one of
those assets, physical security concerns can span as far as
information can spread. For instance, sensitive informa-
tion could be revealed by an indiscreet question posted on
a newsgroup. Thus, physical security is not constrained by
a geographical footprint.
Physical security is intractable in the sense that cer-
tain events cannot be prevented. We cannot stop someone
from demanding an off-duty employee’s password at gun-
point, for instance. Redundancy is the last line of defense
for the integrity and availability of resources. Confiden-
tiality, on the other hand, cannot be “backed up”; some
damage, such the as revelation of personal information,
can never be repaired.PHYSICAL THREATS TO INTEGRITY
AND AVAILABILITY OF RESOURCES
Basic Environmental Threats to
Computing Resources
Four basic threats to the physical health of computing
equipment are inappropriate temperature, inappropriate
humidity, foreign particles, and water.64