CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
3. Page 3
PACE-IT.
– The why of physical network security.
– Physical network security practices.
5. Page 5
Security begins at the door.
The boundaries of your
building should be your first
line of defense.
If an attacker has physical access to the network
resources, then there is a high probability that the
network can be breached.
The level of security that gets deployed should be
driven by the amount of security that is needed. As the
need for overall security increases, so should the level
of physical security.
Physical network security control.
6. Page 6
Physical network security control.
– The dangers of unauthorized physical
access.
» Theft of network resources: they’re expensive to replace.
» Damaged network resources: it only takes a spilled drink to
destroy a server, or a router, or a switch.
» Reconfigured network resources: this can result in a breached
network.
– Credential workaround.
» Some networking equipment comes with a known workaround
for when administrator credentials needs to be recovered.
• An administrator leaves an organization without disclosing
his/her login credentials.
• An administrator forgets his/her credentials.
» Cisco even publishes the steps of its workaround on its
website:
http://www.cisco.com/c/en/us/support/docs/routers/2600-series-
multiservice-platforms/22188-pswdrec-2600.html.
• This well known vulnerability is an easy exploit for anyone
with physical access to the equipment.
8. Page 8
Physical network security control.
– Basic physical security.
» Know who is in the building and who has access to equipment.
• Employee badges.
• Security check-in for visitors.
• All vulnerable network resources—servers and networking
equipment—are kept in a secure (e.g., locked) area.
– Intermediate physical security.
» Access to all vulnerable network resources is controlled and
logged.
• Radio frequency identification (RFID) badges or cipher locks
are used to gain access to the resources.
» Switches and routers are secured separately from servers with
different access levels.
– Advanced physical security.
» A zoned approach to physical security.
• A layering of security in which multiple barriers—security
tests—must be passed before physical access is granted.
9. Page 9
Physical network security control.
– Methods of physical security.
» Security guards.
• Requiring all authorized personnel to have some form of ID.
» Door locks.
• Simple keyed locks: the analog approach.
• Cipher locks: allow for logging who has unlocked the lock.
• RFID magnetic locks: also allow for logging who has unlocked
the lock.
• Biometric keyed locks: make the person gaining access prove
who they are.
» Video monitoring.
• Recording who has had access; remember to store the
recordings separately from the resources being monitored.
» Separation of resources.
• Networking equipment is separated from servers, and the
methods of access are different.
» Mantraps.
• Usually involve at least two doors. Access is granted through
one door, but the next door cannot be opened until further
verification has been achieved; ideally, the person between
the two doors is trapped until some action is taken.
10. Page 10
Physical network security control.
If an attacker has physical access to networking resources, there is a high
probability that the network can be breached. Unrestricted physical access
can also lead to theft of resources, damage to resources, or to networking
equipment being reconfigured, which can lead to a breached network.
Topic
The why of physical network
security.
Summary
The best approach to physical network security practices uses a zoned
approach—implementing several different barriers before access can be
achieved. Some physical access methods that can be put in place include:
security guards, door locks, video monitoring, separation of resources, and
mantraps.
Physical network security
practices.
12. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.