[CCCure CISSP] physical security

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] physical security

waleed zidan
what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?

--
Eng. Mohamed Waleed Zidan
IT  Engineer
CCIE Security ID 36851
CCNP, CCSP,Mitel Certified 
Mob: +971 55 1566719
Linkedin: http://www.linkedin.com/in/mzidan

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] physical security

Jim White

Mohamed,

 

If an adversary gains physical access to your facilities, they are no longer “your” facilities.

 

All security starts with your physical perimeter. If the bad guys can get their hands on your equipment, all bets are off. Think of booting a server to a Knoppix Live distro. This is also why we keep our wiring closets locked, to deny access to Layer One bit streams and Layer Two and Three console ports, etc.

 

The Physical and Environmental Security Domain represents one tenth of the CISSP scope and should be taken just as seriously as the other nine. There is no “more important” part. It’s all important. J

 

Best of luck in your preparations,

 

Jim

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of waleed zidan
Sent: Thursday, January 10, 2013 3:11 AM
To: [hidden email]
Subject: [CCCure CISSP] physical security

 

what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?

--

Eng. Mohamed Waleed Zidan

IT  Engineer
CCIE Security ID 36851

CCNP, CCSP,Mitel Certified 

Mob: +971 55 1566719
Linkedin: http://www.linkedin.com/in/mzidan


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] physical security

Rogelio O'Farril
In reply to this post by waleed zidan
Think about this for a second: an attacker on the other side of the world has to bypass firewalls, IPD, IDS and a million other things. An attacker than has physical access to a network or server has a clear advantage over the first guy. Stealing equipment, deploying rogue access points, setting Pwn Plugs (http://arstechnica.com/security/2012/07/power-strip-or-network-hacking-tool-its-both-actually/), the options are endless.

Look at it from another angle: environmental issues. You spend thousands or millions protecting data but forget about fire protection or the proper HVAC system. There's a small fire and you don't have the appropriate protection in place. See where I'm going? In a nutshell, all your effort can be brought down to it's knees in a matter of minutes.

Never forget that security starts at the physical level. I suggest more reading so you can understand the importance of this domain:

- http://www.techrepublic.com/article/lock-it-down-dont-overlook-physical-security-on-your-network/5054057
- http://www.sans.org/reading_room/whitepapers/physcial/implementing-robust-physical-security_1447
- http://www.themetropreneur.com/columbus/importance-physical-security/



From: waleed zidan <[hidden email]>
To: [hidden email]
Sent: Thursday, January 10, 2013 3:10 AM
Subject: [CCCure CISSP] physical security

what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?

--
Eng. Mohamed Waleed Zidan
IT  Engineer
CCIE Security ID 36851
CCNP, CCSP,Mitel Certified 
Mob: +971 55 1566719
Linkedin: http://www.linkedin.com/in/mzidan

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] physical security

clementdupuis
Administrator
Good day Rogelio and All,

I think we all agree that:

NO PHYSICAL SECURITY = NO SECURITY

Physical Security is one of the biggest issue in real life because it is not always done properly.  However, the focus on the exam is not very strong on Physical Security.   It is about 4 to 5% of the whole exam.  

As far as I am concerned we need to be more aware of physical security issues.  I fully understand we do not always do it ourselves and it is often time outsource to some third party or the building owner.   But we must ensure there is enough in place and it is done adequately.

As I often time mentions,   if you get 698 on the exam it means that any topics, any domains, any single item could allow you to pass by having one more question that you answer properly. 

Great thread and great links.

Keep up the dicussions

Best regards

Clement


On Thu, Jan 10, 2013 at 9:33 AM, Rogelio O'Farril <[hidden email]> wrote:
Think about this for a second: an attacker on the other side of the world has to bypass firewalls, IPD, IDS and a million other things. An attacker than has physical access to a network or server has a clear advantage over the first guy. Stealing equipment, deploying rogue access points, setting Pwn Plugs (http://arstechnica.com/security/2012/07/power-strip-or-network-hacking-tool-its-both-actually/), the options are endless.

Look at it from another angle: environmental issues. You spend thousands or millions protecting data but forget about fire protection or the proper HVAC system. There's a small fire and you don't have the appropriate protection in place. See where I'm going? In a nutshell, all your effort can be brought down to it's knees in a matter of minutes.

Never forget that security starts at the physical level. I suggest more reading so you can understand the importance of this domain:




From: waleed zidan <[hidden email]>
To: [hidden email]
Sent: Thursday, January 10, 2013 3:10 AM

Subject: [CCCure CISSP] physical security

what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?

--
Eng. Mohamed Waleed Zidan
IT  Engineer
CCIE Security ID 36851
CCNP, CCSP,Mitel Certified 
Mob: <a href="tel:%2B971%2055%201566719" value="+971551566719" target="_blank">+971 55 1566719
Linkedin: http://www.linkedin.com/in/mzidan

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Clement Dupuis, CD
CCCure Founder and Owner
CLO @ SecureNinja.Com
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] physical security

Doug Spindler
In reply to this post by Jim White
Jim, 
What about when your data is stored in the cloud?   It's not your facilities.

Whole drive and whole volume encryption would prevent someone from accessing your data booting with a Knoppix Live distro.

 




On Jan 10, 2013, at 5:53 AM, "Jim White" <[hidden email]> wrote:

Mohamed,

 

If an adversary gains physical access to your facilities, they are no longer “your” facilities.

 

All security starts with your physical perimeter. If the bad guys can get their hands on your equipment, all bets are off. Think of booting a server to a Knoppix Live distro. This is also why we keep our wiring closets locked, to deny access to Layer One bit streams and Layer Two and Three console ports, etc.

 

The Physical and Environmental Security Domain represents one tenth of the CISSP scope and should be taken just as seriously as the other nine. There is no “more important” part. It’s all important. J

 

Best of luck in your preparations,

 

Jim

 

From: CISSPstudy [mailto:[hidden email]] On Behalf Of waleed zidan
Sent: Thursday, January 10, 2013 3:11 AM
To: [hidden email]
Subject: [CCCure CISSP] physical security

 

what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?

--

Eng. Mohamed Waleed Zidan

IT  Engineer
CCIE Security ID 36851

CCNP, CCSP,Mitel Certified 

Mob: +971 55 1566719
Linkedin: http://www.linkedin.com/in/mzidan

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] physical security

Doug Spindler
In reply to this post by Rogelio O'Farril
Environmental issues can be overcome with a good dr plan such as replicating and services to the cloud in near real time.  Fire or hvac problem in the data center are no longer a problem.






On Jan 10, 2013, at 6:33 AM, Rogelio O'Farril <[hidden email]> wrote:

Think about this for a second: an attacker on the other side of the world has to bypass firewalls, IPD, IDS and a million other things. An attacker than has physical access to a network or server has a clear advantage over the first guy. Stealing equipment, deploying rogue access points, setting Pwn Plugs (http://arstechnica.com/security/2012/07/power-strip-or-network-hacking-tool-its-both-actually/), the options are endless.

Look at it from another angle: environmental issues. You spend thousands or millions protecting data but forget about fire protection or the proper HVAC system. There's a small fire and you don't have the appropriate protection in place. See where I'm going? In a nutshell, all your effort can be brought down to it's knees in a matter of minutes.

Never forget that security starts at the physical level. I suggest more reading so you can understand the importance of this domain:




From: waleed zidan <[hidden email]>
To: [hidden email]
Sent: Thursday, January 10, 2013 3:10 AM
Subject: [CCCure CISSP] physical security

what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?

--
Eng. Mohamed Waleed Zidan
IT  Engineer
CCIE Security ID 36851
CCNP, CCSP,Mitel Certified 
Mob: +971 55 1566719
Linkedin: http://www.linkedin.com/in/mzidan

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org