Plagonia physical security scenario

 

Plagonia physical security scenario

As the security officer for Plagonia you have been tasked with setting up the security requirements for a new distribution warehouse in the UK. Plagonia sells a wide range of products through its online presence and ships to locations throughout Europe. A new warehouse complex has been acquired just outside of a major city. It consists of the warehouse itself and offices for 100 staff members. There is a large car park for the employees and loading docks for goods.

Your first task is to address the physical security of the complex. An aerial photograph of the site is shown below:

Warehouse aerial photograph

The warehouse areas are to the left and right with the office and reception area in the middle.

 

Q1. The value of the stock held on this site is high and restricting access is a primary concern. There will be a high volume of traffic (trucks, vans) entering and leaving the site. What are the best options for security at the site perimeter?

Here are the steps involved in securing your perimeter.

  1. Carry out a perimeter survey, examining all areas of your property boundary. A drawing or a plan can be helpful, especially when dealing with larger properties.
  2. Identify all entrances, doorways, gateways and openings.
  3. Identify areas which are not overlooked or clearly visible from the road or from the property. These are most vulnerable to attack. 
  4. Make a note of the details and location of any perimeter fencing that’s in place (e.g. the fence height).
  5. Similarly, note the details and locations of any perimeter walls (note the wall heights).
  6. Determine whether there are any flat rooftops that are potentially accessible from your property boundary.
  7. Note the locations of any potentially climbable drain pipes or poles.
  8. Having determined exactly what your property perimeter consists of and key areas of vulnerability, focus on the weaknesses (such as low walls or fences) and determine how best to bolster these.
  9. Select appropriate security precautions for each area of your perimeter and implement them all.

 

 

Q2. There is currently access to each warehouse area from the office area via simple doors. What controls could be deployed to make this more secure?

Secure Gateways and Doorways

Gateways and doorways immediately attract would-be intruders so it’s essential that these entrances are rigorously protected.

Make certain that your gates are closed and locked and that the gates are high enough to deter intruders. The previously mentioned fence topper spikes are also highly effective on top of gates. You should always be using robust locks on your gates as weak locks are easily overcome by professional criminals. In addition, you might consider installing security cameras, monitoring your entrances. These might be triggered by proximity detectors that will pick up any significant movement and start recording video. Proximity detectors can also be used to trigger alarms, alerting you to movement at your gateways. Security lights, pointed at your gateways and triggered by movement, are another low-cost but highly effective perimeter security precaution.

Doorways require special attention as these are most often the entrance paths used by burglars. Many of the precautions that apply to gateways also apply to doors. Ensure that your doors have robust locks and hinges and use proximity detectors to trigger security lights and possibly security cameras. Door security chains offer an additional level of security protection and door security bars are another highly effective intruder prevention device.

 

Q3. There are access doors at the rear of each warehouse area opening to the outside that have been barricaded by the previous tenant. You find out that the locks on the doors are faulty and thieves had been able to use them for access. Should you keep the doors unopenable? What other issues might this discovery raise?

The doors should be fixed and Be certain that the precautions you install do not present a risk of injury to any innocent passers-by.

 

Q4. The local network serves both the open-plan offices and warehouse stock monitoring and order fulfillment systems, some of which use embedded controllers. It will be a wired connection with “drops” at various locations around the building. How do you protect these network ports from misuse?

Securing ports, and services and vulnerabilities

The enterprise can protect SSH by using SSH public key authentication, disabling logins as root, and moving SSH to a higher port number so that attackers won’t easily find it, says Widen. “If a user connects to SSH on a high port number like 25,000, it will be harder for the attackers to locate the attack surface for the SSH service,

If your enterprise runs IRC, keep it behind the firewall. “Don’t allow any traffic to the IRC service that came from outside the network. Have users VPN into the network to use IRC,” says Widen.

Security across all network ports should include defense-in-depth. Close any ports you don’t use, use host-based firewalls on every host, run a network-based next-generation firewall, and monitor and filter port traffic, says Norby. Do regular port scans as part of pen tests to ensure there are no unchecked vulnerabilities on any port. Pay particular attention to SOCKS proxies or any other service you did not set up. Patch and harden any device, software, or service connected to the port until there are no dents in your networked assets’ armor. Be proactive as new vulnerabilities appear in old and new software that attackers can reach via network ports.

 

Q5. The two floors of the office and the reception area will also be served by wireless networks. The reception area will provide open wireless to allow guests and suppliers to access the internet while visiting the site. It is important for the signal not to propagate too strongly into the warehouse areas, as it has been found to interfere with some of the monitoring systems. What general procedures should you follow to set up secure wireless networks to meet these goals?

By following some simple “best practices” you can ensure that your small or medium-sized business’ wireless network remains as secure or even more secure than any wired network.

1. Make a Password 

We’ve mentioned this before, and it may almost seem like it goes without saying, but it amazes many people how often the default passwords on routers go unchanged. You absolutely must make your own password for all of your access points to prevent unwanted access. Hackers will know the default passwords for even the most obscure routers, and they’ll exploit them if you let them.

2. Used the Most Advanced Encryption

Encryption is key to keeping the two way signals between devices and access points safe from prying eyes. That’s why it’s crucial to use the best encryption available to you.

These days WPA2 encryption is the cutting edge of wireless security. The best news is that it’s available on every modern router and access point. Take the time to learn a little bit about encryption and activate it on your routers. It will save you lots of headaches in the future.

3. Avoid WPS 

Wi-Fi Protected Setup (WPS) was devised as a simple way for users to add new devices to their networks. The WPS Pin is an 8-digit number physically printed onto wireless devices.

While this is a great idea in theory, it has been shown that WPS security is very susceptible to brute force attacks from hackers. WPS can be cracked in as little as four hours using an automated brute force system – so it’s a good idea to just avoid this kind of security entirely.

4. Disable Admin Access on Wireless 

This option can be viewed as your “Plan B.” By disabling admin access through wireless you prevent any hackers that may make it through your other security from doing too much damage as they won’t be able to change your router configuration or passwords.

You’ll have to make admin changes using a wired computer plugged directly into the router, but the minor inconvenience is worth it.

5. Be a Good Host 

You want to be able to provide a wireless connection to anyone who visits your business, but you definitely don’t want to be handing out your password to everyone who walks in the door. That’s why it’s a good idea to setup a wireless network specifically for guests.

Many wireless routers support a second SSID just for guests, so you don’t need to worry about orchestrating an entirely new network.

 

Q6.A decision is made to use smart card authentication for the office network. What protocol should you deploy on the office WLAN to support this?

I have found the three protocols to implement smart card authentication for a company :

U2F Protocol

The U2F protocol allows online services to augment the security of their existing password infrastructure by requiring a physical token, called an authenticator. The authenticator provides a strong second user authentication factor to augment user login. In a U2F deployment, the user logs in to an online service as usual, with an established credential. When prompted, the user presents a U2F token and “unlocks” it. At the moment three interface types are specified in FIDO U2F. Universal Serial Bus (USB) was the first, followed by Near Field Communication (NFC) and Bluetooth (Classic and Smart aka Low Energy (BLE)). Unlocking is a test of user physical presence and requires a token-specific gesture, such as pushing a button on a USB device, tapping a U2F device to an NFC-enabled device such as a mobile phone or tablet, or pressing a button on a BLE-enabled token or fob. The user can use the same FIDO U2F device4 on all online services that support the protocol.

 UAF Protocol

The UAF protocol authenticates a user locally, before the local device used to access the online service authenticates itself to the server. No user password is required. The FIDO authenticator authenticates the user using a PIN, biometric factor (e.g., face, voice, iris, fingerprint recognition), or similar data before proving presence to the online services. The PIN or biometric data should be securely stored, thereby preventing these credentials from leaving the device. FIDO specifications define a common interface for whatever local authentication method the user exercises.

 

FIDO Protocol

Implementation and Security The FIDO protocols described are based on strong cryptography and provide a high security level. However, this is of limited benefit if the actual implementations of these protocols do not provide the corresponding assurance. The following properties should be ensured: • The cryptographic keys should be securely generated, stored and used. Any recovery or modification by an attacker would potentially allow impersonation of the user. • The random number generator should be secure, meaning that its outputs are cryptographically strong and unpredictable. The random number generator is used in key generation and signatures and the strength of this security mechanism relies on its quality. • All data used for the local user authentication (e.g., PIN, biometric data) should be securely stored. Any disclosure or modification would allow impersonation of the user or constitute a privacy breach

Comments

Post a Comment

Popular posts from this blog

What is a Firewall and How Does It Work?

Image
  What is the firewall? Firewall is a protective layer. Based on the pre-configured rules, it monitors and controls each packet passing through it. Broadly there are two types of firewall; hardware firewall and software firewall. Hardware firewall In this type of firewall, firewall is installed in a dedicated device. This device only runs the firewall. Since all resources of the device are available only for the firewall, it filters the traffic blazingly fast and accurate. It also offers several additional security features such as encryption and logging. Hardware firewalls are complex in configuration. Only experienced network administrators can configure these firewalls. Besides configuration, hardware firewalls also cost a lot of money as they use dedicated device. Fast speed and max accuracy are the advantages of the hardware firewall while high cost and complex configuration are the disadvantages of this firewall. Software firewall In this type of firewall, firewall is install...
Read more

Hardenign Host security measures

PC are now pretty much synonymous with the internet, and the internet is also associated with a wild world of hackers, threats, and scams. If you know what it's like to deal with a PC that's in trouble because of a lack of security, you likely never want to experience it again. Even if you haven't yet had to deal, you'll have a much better chance of keeping your PC secure if you follow these tips. 1. Ensure Windows Defender is operating properly The Windows Defender Security Center is a native Windows 10 app that includes an antivirus, firewall, and more. These tools are designed to keep unwanted malware from getting onto your computer, to cleanse your PC when an infection occurs, and to keep malware that has made it onto your PC from communicating with the open internet. There are, of course,  plenty more antivirus options out there , but Windows Defender is a strong option. No antivirus is 100-percent effective, but it should give you some peace of mind knowing that ...
Read more