2 cissp ® Official Study Guide Eighth Edition

Intrusion Detection Systems

Download 19,3 Mb.

Pdf ko'rish

bet	388/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 384 385 386 387 388 389 390 391 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Access Abuses

Intrusion Detection Systems
Intrusion detection systems (IDSs)
are systems—automated or manual—designed to
detect an attempted intrusion, breach, or attack; the use of an unauthorized entry/point;
or the occurrence of some specific event at an unauthorized or abnormal time. Intrusion
detection systems used to monitor physical activity may include security guards, auto-
mated access controls, and motion detectors as well as other specialty monitoring tech-
niques. These are discussed in more detail in the later sections “Motion Detectors” and
“Intrusion Alarms.”
Physical intrusion detection systems, also called
burglar alarms
, detect unauthorized
activities and notify the authorities (internal security or external law enforcement). The
most common type of system uses a simple circuit (aka dry contact switches) consisting of
foil tape in entrance points to detect when a door or window has been opened.
An intrusion detection mechanism is useful only if it is connected to an intrusion alarm.
(See “Intrusion Alarms” later in this chapter.) An intrusion alarm notifies authorities about
a breach of physical security.
There are two aspects of any intrusion detection and alarm system that can cause it to
fail: how it gets its power and how it communicates. If the system loses power, the alarm
will not function. Thus, a reliable detection and alarm system has a battery backup with
enough stored power for 24 hours of operation.
If communication lines are cut, an alarm may not function and security personnel and
emergency services will not be notified. Thus, a reliable detection and alarm system incor-
porates a
heartbeat sensor
for line supervision. A heartbeat sensor is a mechanism by which
the communication pathway is either constantly or periodically checked with a test signal.
If the receiving station detects a failed heartbeat signal, the alarm triggers automatically.
Both measures are designed to prevent intruders from circumventing the detection and
alarm system.
Access Abuses
No matter what form of physical access control is used, a security guard or other monitor-
ing system must be deployed to prevent abuse, masquerading, and piggybacking. Examples
of abuses of physical access controls are propping open secured doors and bypassing locks
or access controls.
Masquerading
is using someone else’s security ID to gain entry into a
facility.
Piggybacking
is following someone through a secured gate or doorway without
being identified or authorized personally. Detecting abuses like these can be done by creat-
ing audit trails and retaining access logs.
Audit trails and access logs are useful tools even for physical access control. They may
need to be created manually by security guards. Or they can be generated automatically if

Implement Site and Facility Security Controls
411
sufficient automated access control mechanisms (such as smartcards and certain proximity
readers) are in use. The time at which a subject requests entry, the result of the authentica-
tion process, and the length of time the secured gate remains open are important elements
to include in audit trails and access logs. In addition to using the electronic or paper trail,
consider monitoring entry points with
closed circuit television (CCTV)
or security cameras.
CCTV enables you to compare the audit trails and access logs with a visual recording of
the events. Such information is critical to reconstruct the events for an intrusion, breach,
or attack.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 384 385 386 387 388 389 390 391 ... 881