Module 5: Designing Physical Security for Network Resources

Slides:

Advertisements

Similar presentations

Chapter 7: Physical & Environmental Security

Advertisements

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Physical (Environmental) Security.

1 Telstra in Confidence Managing Security for our Mobile Technology.

Security+ Guide to Network Security Fundamentals

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Microsoft Technology Associate

Essentials of Security Steve Lamb Technical Security Advisor

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

The Impact of Physical Security on Network Security

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Technology Solutions Conference School Security Technology Solutions Conference School Security.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Storage Security and Management: Security Framework

Understanding Security Layers

Module 13: Configuring Availability of Network Resources and Content.

Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

1.1 System Performance Security Module 1 Version 5.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Module 14: Configuring Server Security Compliance

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Data Integrity Lesson 12. Skills Matrix Maintaining Data Integrity Maintaining data integrity is your most important responsibility. –Performing backups.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Physical Site Security.  Personnel  Hardware  Programs  Networks  Data  Protection from:  Fire  Natural disasters  Burglary / Theft  Vandalism.

Appendix C: Designing an Operations Framework to Manage Security.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Module 6: Designing Security for Network Hosts

Chapter 2 Securing Network Server and User Workstations.

Physical (Environmental) Security

Module 11: Designing Security for Network Perimeters.

Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.

Chap1: Is there a Security Problem in Computing?.

Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.

Security fundamentals Topic 11 Maintaining operational security.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Development of a Clean Room/Highly Restricted Zone June 12, 2012 Thomas Garrubba - CVS Caremark; Manager, Technical Assessments Group ©2011 The Shared.

Module 2: Designing Network Security

Module 10: Implementing Administrative Templates and Audit Policy.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Physical security By Ola Abd el-latif Abbass Hassan.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Module 7: Designing Security for Accounts and Services.

INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Cybersecurity: Risk Management

Risk management.

Working at a Small-to-Medium Business or ISP – Chapter 8

Understanding Security Layers

Business Risks of Insecure Networks

Module 1: Introduction to Designing Security

CompTIA Security+ Study Guide (SY0-401)

Level 2 Diploma Unit 11 IT Security

12 STEPS TO A GDPR AWARE NETWORK

Security of Data

Implementing Client Security on Windows 2000 and Windows XP Level 150

Physical Security.

Managing the IT Function

Welcome to all Participants

Presentation transcript:

Module 5: Designing Physical Security for Network Resources

Overview Creating a Plan for Physical Security Designing Physical Security for Network Resources

Lesson 1: Creating a Plan for Physical Security MSF and Physical Security Network Resources That Require Physical Security Defense in Depth and Physical Security STRIDE Threat Model and Physical Security Activity: Analyzing Risks to Physical Security

MSF and Physical Security The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Ensure that appropriate countermeasures are applied Identify and achieve the goals of physical security: Deter Detect Delay Respond 3 4 5 Plan Envision

Network Resources That Require Physical Security Desktops Servers Portable Computers Include physical security for network resources Routers/hubs/switches Wireless media Physical media

Defense in Depth and Physical Security Policies, Procedures, and Awareness Physical Security Perimeter Internal Network Host Application Data

STRIDE Threat Model and Physical Security Attackers pretending to be someone else Spoofing Attackers breaking or picking locks Tampering Attackers denying that they are breaking in Repudiation Attackers shoulder surfing Information disclosure Attackers damaging entry systems Denial of service Attackers configuring entry systems to provide more access than they are allowed Elevation of privilege

Activity: Analyzing Risks to Physical Security In this practice you will: Read the scenario Answer the questions Discuss with the class

Lesson 2: Creating a Design for Physical Security of Network Resources Methods for Securing Facilities Methods for Securing Access to Computers Methods for Physically Securing Portable Computers and Mobile Devices Considerations for Disaster Recovery Activity: Physical Threats and Countermeasures

Methods for Securing Facilities To Secure Consider Entrances and exits Hiring security guards Requiring identification badges Installing video surveillance Installing fences and parking lot gates Permitting entry and exit only from main gates Information in buildings Securing data cables from wiretapping Positioning monitors and keyboards away from windows Erasing whiteboards in meeting rooms

Methods for Securing Access to Computers To Secure Consider Access to computers Regulating the removal of computers Regulating the movement of computers Removing externally accessible drives such as floppy disks and DVDs Disabling USB ports Installing device locks Access to computers in sensitive areas Controlling entry points to server rooms Restricting LAN access from lobbies and reception areas

Methods for Physically Securing Portable Computers and Mobile Devices To protect your mobile devices: Educate users about potential threats Require the use of hardware locks and alarms Require the use of biometric logon devices Avoid storage of sensitive data

Considerations for Disaster Recovery To protect your data: Store backup media offsite Maintain cold spares and facilities Maintain hot spares and facilities

Activity: Physical Threats and Countermeasures In this practice you will: Read each scenario Choose the best risk management strategy Determine an appropriate security response Discuss with the class

Lab: Designing Physical Security for Network Resources Exercise 1 Identifying Potential Physical Vulnerabilities Exercise 2 Implementing Countermeasures