CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [165]
The Information Flow model is concerned with the properties of information flow, not only the direction of the flow. This model is concerned with all information flow, not just up or down. It requires that each piece of information have unique properties, including operation capabilities.
The Noninterference model is intended to ensure that higher-level security functions don’t interfere with lower-level functions. In essence, if a higher-level user were changing information, the lower-level user wouldn’t know or be affected by the changes. This approach prevents the lower-level user from being able to deduce what changes are being made to the system.
Exam Essentials
Know the various aspects of physical security. Physical security involves mechanisms to provide access control, physical barriers, and authentication systems such as biometric systems.
Be able to describe the types of access control methods used in physical security. The primary methods of access control include perimeter security, security zones, physical barriers, and identification systems. These systems, when implemented in layers, make it harder for an intruder to gain access. Physical access methods should also include intrusion detection systems such as video surveillance in order to monitor the activities when they occur. This helps security professionals manage the threat and make changes when necessary.
Be able to describe the process of social engineering. Social engineering occurs when an unauthorized individual uses human or nontechnical methods to gain information or access to security information. Individuals in an organization should be trained to watch for these types of attempts, and they should report them to security professionals when they occur.
Be able to discuss the various aspects of environmental systems and functions. Environmental systems include heating, air conditioning, humidity control, fire suppression, and power systems. All of these functions are critical to a well-designed physical plant.
Know the purposes of shielding in the environment. Shielding primarily prevents interference from EMI and RFI sources. Most shielding is attached to an effective ground, thereby neutralizing or reducing interference susceptibility.
Be able to describe the types of fire-suppression systems in use today. Fire-suppression systems can be either fixed or portable. Portable systems usually are fire extinguishers. Fixed systems are part of the building, and they’re generally water based or gas based. Gas-based systems are usually found only in computer rooms or other locations where water-based systems would cause more damage than is warranted. Gas systems work only in environments where airflow can be limited; they remove oxygen from the fire, causing the fire to go out. Water systems usually remove heat from a fire, causing the fire to go out.
Hands-On Lab
The lab in this chapter is as follows:
Lab 6.1: Test Social Engineering
Lab 6.1: Test Social Engineering
In this lab, you’ll test your users to determine the likelihood of a social engineering attack. The following are suggestions for tests; you might need to modify them slightly to be appropriate at your workplace. Before doing any of them, make certain your manager knows that you’re conducting such a test and approves of it:
1. Call the receptionist from an outside line. Tell them that you’re a new salesperson and that you didn’t write down the username and password the sales manager gave you last week. Tell them that you need to get a file from the e-mail system for a presentation tomorrow. Do they direct you to the appropriate person?
2. Call the human resources department from an outside line. Don’t give your real name, but instead say that you’re a vendor who has been working with this company for years. You’d like a copy of the employee phone list to be e-mailed to you, if possible. Do they agree to send you the list,