Thursday, October 30, 2014

6.3 - TCP/IP Model

Transmission Control Protocol/Internet Protocol (TCP/IP) governs the way data travel from one device to another as a suite of protocols.

IP is a network layer protocol and provides datagram routing services. IP’s main task is to support internetwork addressing and packet routing. It is a connectionless protocol that envelops data passed to it from the transport layer. It works with other protocols to transmit the data to the destination computer and then reassemble the data back into a form that the application layer can understand and process.

The text explains IP as:

"The data, IP, and network relationship can be compared to the relationship between a letter and the postal system:

  • Data = Letter
  • IP = Addressed envelope
  • Network = Postal system

The message is the letter, which is enveloped and addressed by IP, and the network and its services enable the message to be sent from its origin to its desti-nation, like the postal system."

6.2 - Open Systems Interconnection Reference Model



Created by the ISO (International Organization for Standardization), ISO has worked to develop protocols set to be used by all vendors throughout the world to allow the interconnection of network devices.

This ideology was perpetuated with the intent of ensuring all vendor products and technologies could communicate and interact across international and technical boundaries.

The protocol did not catch on as a standard, but the model of this protocol set, the OSI model, was adopted and is used as an abstract framework to which most operating systems and protocols adhere.

6.1 - Telecommunications & Network Security

Telecommunications and networking use various devices, software, and protocols that are interrelated and integrated.

Telecommunications is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types. While, networking is more complex in the computer field, due to evolving technologies. Modern technologies are improving exponentially in functionality and security monthly. Often times there seems to be new and emerging technologies that must be learned, understood, implemented, and secured.

Network administrators must know how to configure networking software, protocols and services, and devices and deal with interoperability issues, in addition to effective  troubleshooting.

5.5 - Perimeter Security (Part II)

As previously discussed, perimeter security deals with facility and personnel access controls, external boundary protection mechanisms, intrusion detection, and corrective actions.
Here, we will discuss the elements that make up these categories.


  • Facility Access Control
    • Access control needs to be enforced through physical and technical components when it comes to physical security. Having personnel within sensitive areas is one of the best security controls because they can personally detect suspicious behavior. However, they need to be trained on what activity is considered suspicious and how to report such activity.
  • Personnel Access Controls
    • Proper identification needs to verify whether the person attempting to access a facility or area should actually be allowed in. Identification and authentication can be verified by matching an anatomical attribute (biometric system), using smart or memory cards (swipe cards), or presenting a photo ID to a security guard, using a key, or providing a card and entering a password or PIN.
    • Additionally, this stops piggybacking, or when an individual gains unauthorized access by using someone else’s legitimate credentials or access rights.
  • External Boundary Protection Mechanisms
    • Proximity protection components are usually put into place to provide one or more of the following services:
    • Control pedestrian and vehicle traffic flows
    • Various levels of protection for different security zones
    • Buffers and delaying mechanisms to protect against forced entry attempts • Limit and control entry points

5.5 - Perimeter Security (Part I)

The first line of defense is perimeter control at the physical site location, this prevents unauthorized access to the facility. Perimeter security deals with facility and personnel access controls, external boundary protection mechanisms, intrusion detection, and corrective actions.

Perimeter Security Defense Model:

This defense model works in two main modes: 

1) During normal facility operations
    • When the facility is in operation, security gets more complicated because authorized individuals need to be distinguished from unauthorized individuals.
2) After the facility is closed
    • When closed, all doors should be locked with monitoring mechanisms in strategic positions to alert security personnel of suspicious activity. 


5.4 - Internal Support Systems

When dealing with physical security, consideration for support services must be considered. This is done because malfunctions or disruption could negatively affect the organization in many ways.

For example, in August of 2003, eight East Coast states (and parts of Canada) lost power for several days. During the investigation, there were rumors of a worm causing this disruption; however, the official report attributed it to a software bug in GE Energy’s XA/21 system. This left over 50 million people without power for days and resulted in four nuclear power plants being shut down. Security professionals must be able to handle both the smaller issues, such as power surges or sags, and the massive issues, such as what happened in the United States and Canada on August 14, 2003 when dealing with organizations.

  • Electric Power
    • Protecting power can be done in three ways: through UPSs, power line conditioners, and backup sources.
  • Environmental Issues
    • Improper environmental controls can cause damage to services, hardware, lives, and interruption of some services can cause unpredictable results.
    • Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices. High humidity can cause corrosion, and low humidity can cause excessive static electricity. This static electricity can short out devices, cause the loss of information, or provide amusing entertainment for unsuspecting employees.
  • Ventilation
    • Ventilation has several requirements that must be met to ensure a safe and comfortable environment.
    • A closed-loop recirculating air-conditioning system should be installed to maintain air quality. This means the air within the building is reused after it has been properly filtered, instead of bringing outside air in.
    • Positive pressurization and ventilation should also be implemented to control contamination. Positive pressurization means that when an employee opens a door, the air goes out, and outside air does not come in. 
  • Fire Prevention, Detection, and Suppression
    • Fire prevention includes training employees on how to react properly when faced with a fire, supplying the right equipment and ensuring it is in working order, making sure there is an easily reachable fire suppression supply, and storing combustible elements in the proper manner. 
    • Fire Detection includes the manual detection, such as, red pull boxes response systems seen on many building walls. These automatic detection response systems are built with sensors that react when they detect the presence of fire or smoke.
    • Fire suppression is the use of a suppression agent to put out a fire. This takes place manually through handheld portable extinguishers, or via automated systems such as water sprinkler systems, or halon or CO2 discharge systems.

Tuesday, October 21, 2014

5.3 - Protecting Assets

In this section, we identify the main physical security components to fight against threats as theft, interruption to services, physical damage, compromised systems and environment integrity, and unauthorized access.

The loss from these components being damaged as well as cost to replace these systems, consultant fees, and additional negative effects on productivity and customer confidence are considered real losses. Although, companies are generally prepared for these types of losses, by using risk analysis tools, often times the data held within these systems is of high greater value than the physical systems themselves.

Protection against physical theft can be mitigated by taking the following measures:

• Inventory all laptops, including serial numbers, so they can be properly identified if recovered.
• Password protected BIOS.
• Register physical devices with the vendor to allow a report to be filed if stolen.
• Do not check physical devices as luggage, when flying.
• Never leave a physical device unattended (should be carried in a nondescript carrying case)
• Engrave the device with a symbol or number for proper identification.
• Back up the data from the laptop and store it on a stationary PC or backup media.
• Specialized safes
• Data Encryption

Subscribe to: Posts (Atom)