Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
5.9.7  Destruction
Previous Page
Pages in Current Topic/Section
1
2345
Next Page
5.11  Success Questions
Next Topic/Section

5.10  Summary
(Page 1 of 5)

In this chapter, we looked at the topics in the fifth domain of the Security+ exam, Operational/Organizational Security.

Physical Security

You discovered that Physical Security involves the safety and security of physical components of your network. In the area of physical security, you learned about various facets of access control (the process by which you restrict access to physical resources), including:

  • Physical Barriers, implementation of concentric rings of security by creating layered physical perimeters; can include warning signage, use of cardkeys for access, man-traps to limit passage into secured areas and reduce piggybacking, and the use of guards and/or video monitoring.

  • Biometrics, which add an additional layer of security through authentication based on “something you are” or “something you do” but which should not be relied on as a sole method of authentication.

  • Social Engineering, and its role in circumventing access control (when an unauthorized person could gain access to secured areas by pretending to be a repairman, relative of a key executive, contractor, etc.)

You also looked at the environment in which your network operates. Be aware of wireless cells (areas in which wireless transmissions can occur) and take steps to ensure that unauthorized individuals cannot hop onto or snoop traffic on those networks. Carefully look at the location of your facilities, because improper location of resources can leave your network unnecessarily vulnerable to harm (like locating a machine room directly under a washroom). Additionally, careful placement of wireless antennas will help minimize vulnerability to unauthorized access. Similarly, shielding (of both equipment, to protect surrounding areas from RF, and buildings/rooms, to prevent leakage of RF from wireless communications) is often advised or even required to maintain confidentiality of data or network traffic. For example, metal paint and Mylar window covering can minimize wireless signal leakage and reduce your organization’s vulnerability to war-driving (in which users cruise around outside buildings looking for open wireless access points).

Another area you reviewed in physical security is fire suppression. Computers and water don’t mix well, so historically computer room fire suppression used Halon 1211 gas; recently due to ozone layer concerns, this was replaced with FE-36. In addition to arranging for suitable fire suppression technology for equipment rooms, also consider logistics. You should set your servers up with a batch function which can be invoked to shut them down in the event of an emergency; when a fire alarm occurs, invoke this function as you leave, so that no one can come along behind you (after setting the false alarm) and access the now-unguarded systems.


Previous Topic/Section
5.9.7  Destruction
Previous Page
Pages in Current Topic/Section
1
2345
Next Page
5.11  Success Questions
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.