Protecting your domain is an on-going process to secure an organization’s network infrastructure. It requires that individuals remain constantly vigilant to threats and take action to prevent any compromises. This chapter discusses the technologies, processes and procedures that cybersecurity professionals use to defend the systems, devices, and data that make up the network infrastructure.
A secure network is only as strong as its weakest link. It is important to secure the end devices that reside on the network. Endpoint security includes securing the network infrastructure devices on the local-area network (LAN) and end systems, such as workstations, servers, IP phones, and access points.
Device hardening is a critical task when securing the network. It involves implementing proven methods of physically securing network devices. Some of these methods involve securing administrative access, maintaining passwords, and implementing secure communications.
Operating System Security
The operating system plays a critical role in the operation of a computer system and is the target of many attacks. The security of the operating system has a cascading effect on the overall security of a computer system.
An administrator hardens an operating system by modifying the default configuration to make it more secure to outside threats. This process includes the removal of unnecessary programs and services. Another critical requirement of hardening operating systems is the application of security patches and updates. Security patches and updates are fixes which companies release in an effort to mitigate vulnerability and correct faults in their products.
An organization should have a systematic approach in place for addressing system updates by:
- Establishing procedures for monitoring security-related information
- Evaluating updates for applicability
- Planning the installation of application updates and patches
- Installing updates using a documented plan
Another critical requirement of securing operating systems is to identify potential vulnerabilities. This can be accomplished by establishing a baseline. Establishing a baseline enables the administrator to do a comparison of how a system is performing versus its baseline expectations.
Microsoft Baseline Security Analyzer (MBSA) assesses missing security updates and security misconfigurations in Microsoft Windows. MBSA checks blank, simple, or non-existent passwords, firewall settings, guest account status, administrator account details, security event auditing, unnecessary services, network shares, and registry settings. After hardening the operating system, the administrator creates the policies and procedures to maintain a high level of security.
Antimalware
Malware includes viruses, worms, Trojan horses, keyloggers, spyware, and adware. They all invade privacy, steal information, damage the system, or delete and corrupt data.
It is important to protect computers and mobile devices using reputable antimalware software. The following types of antimalware programs are available:
- Antivirus protection - Program continuously monitors for viruses. When it detects a virus, the program warns the user, and it attempts to quarantine or delete the virus, as shown in Figure 1.
- Adware protection – Program continuously looks for programs that display advertising on a computer.
- Phishing protection – Program blocks the IP addresses of known phishing websites and warns the user about suspicious sites.
- Spyware protection – Program scans for keyloggers and other spyware.
- Trusted / untrusted sources – Program warns the user about unsafe programs trying to install or unsafe websites before a user visits them.
It may take several different programs and multiple scans to remove all malicious software completely. Run only one malware protection program at a time.
Several reputable security organizations such as McAfee, Symantec, and Kaspersky offer all-inclusive malware protection for computers and mobile devices.
Be cautious of malicious rogue antivirus products that may appear while browsing the Internet. Most of these rogue antivirus products display an ad or pop-up that looks like an actual Windows warning window, as shown in Figure 2. They usually state that malware is infecting the computer and prompts the user to clean it. Clicking anywhere inside the window may actually begin the download and installation of the malware.
Unapproved, or non-compliant, software is not just software that a user unintentionally installs on a computer. It can also come from users that meant to install it. It may not be malicious, but it still may violate security policy. This type of non-compliant system can interfere with company software, or network services. Users must remove unapproved software immediately.
Patch Management
Patches are code updates that manufacturers provide to prevent a newly discovered virus or worm from making a successful attack. From time to time, manufacturers combine patches and upgrades into a comprehensive update application called a service pack. Many devastating virus attacks could have been much less severe if more users had downloaded and installed the latest service pack.
Windows routinely checks the Windows Update website for high-priority updates that can help protect a computer from the latest security threats. These updates include security updates, critical updates, and service packs. Depending on the setting configured, Windows automatically downloads and installs any high-priority updates that the computer needs or notifies the user as these updates become available.
Some organizations may want to test a patch before deploying it throughout the organization. The organization would use a service to manage patches locally instead of using the vendor’s online update service. The benefits of using an automated patch update service include the following:
- Administrators can approve or decline updates
- Administrators can force the update of systems for a specific date
- Administrators can obtain reports on the update needed by each system
- Each computer does not have to connect to the vendor’s service to download patches; a system gets the update from a local server
- Users cannot disable or circumvent updates
An automated patch service provides administrators with a more controlled setting.
Host-Based Firewalls and Intrusion Detection Systems
A host-based solution is a software application that runs on a local host computer to protect it. The software works with the operating system to help prevent attacks.
Host-based Firewalls
A software firewall is a program that runs on a computer to allow or deny traffic between the computer and other connected computers. The software firewall applies a set of rules to data transmissions through inspection and filtering of data packets. Windows Firewall is an example of a software firewall. The Windows operating system installs it by default during installation.
The user can control the type of data sent to and from the computer by opening or blocking selected ports. Firewalls block incoming and outgoing network connections, unless exceptions are defined to open and close the ports required by a program.
In Figure 1, the user selects Inbound Rules to configure the types of traffic allowed to pass through to the system. Configuring inbound rules will help protect the system from unwanted traffic.
Host Intrusion Detection Systems
A host intrusion detection system (HIDS) is software that runs on a host computer that monitors suspicious activity. Each server or desktop system that requires protection will need to have the software installed as shown in Figure 2. HIDS monitors system calls and file system access to ensure that the requests are not the result of malicious activity. It can also monitor system registry settings. The registry maintains configuration information about the computer.
HIDS stores all log data locally. It can also affect system performance because it is resource intensive. A host intrusion detection system cannot monitor any network traffic that does not reach the host system, but it does monitor operating system and critical system processes specific to that host.
Secure Communications
When connecting to the local network and sharing files, the communication between computers remains within that network. Data remains secure because it is off other networks and off the Internet. To communicate and share resources over a network that is not secure, users employ a Virtual Private Network (VPN).
A VPN is a private network that connects remote sites or users together over a public network, like the Internet. The most common type of VPN accesses a corporate private network. The VPN uses dedicated secure connections, routed through the Internet, from the corporate private network to the remote user. When connected to the corporate private network, users become part of that network and have access to all services and resources as if they physically connected to the corporate LAN.
Remote-access users must have a VPN client installed on their computers to form a secure connection with the corporate private network. The VPN client software encrypts data before sending it over the Internet to the VPN gateway at the corporate private network. VPN gateways establish, manage, and control VPN connections, also known as VPN tunnels.
Operating systems include a VPN client that the user configures for a VPN connection.
WEP
One of the most important components of modern computing are mobile devices. The majority of devices found on today’s networks are laptops, tablets, smart phones and other wireless devices. Mobile devices transmit data using radio signals that any device with a compatible antenna can receive. For this reason the computer industry has developed a suite of wireless or mobile security standards, products and devices. These standards encrypt information transmitted through the airwaves by mobile devices.
Wired Equivalent Privacy (WEP) is one of the first and widely used Wi-Fi security standards. The WEP standard provides authentication and encryption protections. The WEP standards are obsolete but many devices still support WEP for backwards compatibility. The WEP standard became a Wi-Fi security standard in 1999 when wireless communication was just catching on. Despite revisions to the standard and an increased key size, WEP suffered from numerous security weaknesses. Cyber criminals can crack WEP passwords in minutes using freely available software. Despite improvements, WEP remains highly vulnerable and users should upgrade systems that rely on WEP.
WPA/WPA2
The next major improvement to wireless security was the introduction of WPA and WPA2. Wi-Fi Protected Access (WPA) was the computer industry’s response to the weakness of the WEP standard. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system.
The WPA standard provided several security improvements. First, WPA provided message integrity checks (MIC) which could detect if an attacker had captured and altered data passed between the wireless access point and a wireless client. Another key security enhancement was Temporal Key Integrity Protocol (TKIP). The TKIP standard provided the ability to better handle, protect and change encryption keys. Advanced Encryption Standard (AES) superseded TKIP for even better key management and encryption protection.
WPA, like its predecessor WEP, included several widely recognized vulnerabilities. As a result, the release of Wi-Fi Protected Access II (WPA2) standard happened in 2006. One of the most significant security improvements from WPA to WPA2 was the mandatory use of AES algorithms and the introduction of Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCM) as a replacement for TKIP.
Mutual Authentication
One of the great vulnerabilities of wireless networks is the use of rogue access points. Access points are the devices that communicate with the wireless devices and connect them back to the wired network. Any device that has a wireless transmitter and hardwired interface to a network can potentially act as a rouge or unauthorized access point. The rouge access point can imitate an authorized access point. The result is that wireless devices on the wireless network establish communication with the rouge access point instead of the authorized access point.
The imposter can receive connection requests, copy the data in the request and forward the data to the authorized network access point. This type of man-in-the-middle attack is very difficult to detect and can result in stolen login credentials and transmitted data. To prevent rouge access points, the computer industry developed mutual authentication. Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate to each other. In a wireless network environment, the client authenticates to the access point and the access point authenticates the client. This improvement enabled clients to detect rouge access points before connecting to the unauthorized device.
Activity – Hardening Wireless and Mobile Devices
File Access Control
Permissions are rules configured to limit folder or file access for an individual or for a group of users. The figure lists the permissions that are available for files and folders.
Principle of Least Privilege
Users should be limited to only the resources they need on a computer system or on a network. For example, they should not be able to access all files on a server if they only need access to a single folder. It may be easier to provide users access to the entire drive, but it is more secure to limit access to only the folder that they need to perform their job. This is the principle of least privilege. Limiting access to resources also prevents malicious programs from accessing those resources if the user’s computer becomes infected.
Restricting User Permissions
If an administrator denies permissions to a network share for an individual or a group, this denial overrides any other permission settings. For example, if the administrator denies someone permission to a network share, the user cannot access that share, even if the user is the administrator or part of the administrator group. The local security policy must outline which resources and the type of access allowed for each user and group.
When a user changes the permissions of a folder, she has the option to apply the same permissions to all sub-folders. This is permission propagation. Permission propagation is an easy way to apply permissions to many files and folders quickly. After parent folder permissions have been set, folders and files created inside the parent folder inherit the permissions of the parent folder.
In addition, the location of the data and the action performed on the data determine the permission propagation:
- Data moved to the same volume will keep the original permissions
- Data copied to the same volume will inherit new permissions
- Data moved to a different volume will inherit new permissions
- Data copied to a different volume will inherit new permission
File Encryption
Encryption is a tool used to protect data. Encryption transforms data using a complicated algorithm to make it unreadable. A special key returns the unreadable information back into readable data. Software programs encrypt files, folders, and even entire drives.
Encrypting File System (EFS) is a Windows feature that can encrypt data. The Windows implementation of EFS links it directly to a specific user account. Only the user that encrypted the data will be able to access the encrypted files or folders.
A user can also choose to encrypt an entire hard drive in Windows using a feature called BitLocker. To use BitLocker, at least two volumes must be present on a hard disk.
Before using BitLocker, the user needs to enable Trusted Platform Module (TPM) in the BIOS. The TPM is a specialized chip installed on the motherboard. The TPM stores information specific to the host system, such as encryption keys, digital certificates, and passwords. Applications, like BitLocker, that use encryption can make use of the TPM chip. Click TPM Administration to view the TPM details, as shown in the Figure.
BitLocker To Go encrypts removable drives. BitLocker To Go does not use a TPM chip, but still provides encryption for the data and requires a password.
System and Data Backups
An organization can lose data if cyber criminals steal it, equipment fails, or a disaster occurs. For this reason, it is important to perform a data backup regularly.
A data backup stores a copy of the information from a computer to removable backup media. The operator stores the backup media in a safe place. Backing up data is one of the most effective ways of protecting against data loss. If the computer hardware fails, the user can restore the data from the backup once the system is functional.
The organization’s security policy should include data backups. Users should perform data backups on a regular basis. Data backups are usually stored offsite to protect the backup media if anything happens to the main facility.
These are some considerations for data backups:
- Frequency - Backups can take a long time. Sometimes it is easier to make a full backup monthly or weekly, and then do frequent partial backups of any data that has changed since the last full backup. However, having many partial backups increases the amount of time needed to restore the data.
- Storage - For extra security, transport backups to an approved offsite storage location on a daily, weekly, or monthly rotation, as required by the security policy.
- Security – Protect backups with passwords. The operator then enters the password before restoring the data on the backup media.
- Validation - Always validate backups to ensure the integrity of the data.
Content Screening and Blocking
Content control software restricts the content that a user can access using a web browser over the Internet. Content control software can block sites that contain certain types of material such as pornography or controversial religious or political content. A parent may implement content control software on the computer used by a child. Libraries and schools also implement the software to prevent access to content considered objectionable.
An administrator can implement the following types of filters:
- Browser-based filters through a third-party browser extension
- Email filters through a client- or server-based filter
- Client-side filters installed on a specific computer
- Router-based content filters that block traffic from entering the network
- Appliance-based content filtering similar to router based
- Cloud-based content filtering
Search engines such as Google offers the option of turning on a safety filter to exclude inappropriate links from search results.
Click here for a comparison of content-control software providers.
Disk Cloning and Deep Freeze
Many third-party applications are available to restore a system back to a default state. This allows the administrator to protect the operating system and configuration files for a system.
Disk cloning copies the contents of the computer’s hard disk to an image file. For example, an administrator creates the required partitions on a system, formats the partition, and then installs the operating system. She installs all required application software and configures all hardware. The administrator then uses disk-cloning software to create the image file. The administrator can use the cloned image as follows:
- To automatically wipe a system and restore a clean master image
- To deploy new computers within the organization
- To provide a full system backup
Click here for a comparison of disk cloning software.
Deep Freeze “freezes” the hard drive partition. When a user restarts the system, the system reverts to its frozen configuration. The system does not save any changes that the user makes, so any applications installed or files saved are lost when the system restarts.
If the administrator needs to change the system’s configuration, she must first “thaw” the protected partition by disabling Deep Freeze. After making the changes, she must re-enable the program. The administrator can configure Deep Freeze to restart after a user logs out, shuts down after a period of inactivity, or shuts down at a scheduled time.
These products do not offer real-time protection. A system remains vulnerable until the user or a scheduled event restarts the system. A system infected with malicious code though, gets a fresh start as soon as the system restarts.
Security Cables and Locks
There are several methods of physically protecting computer equipment:
- Use cable locks with equipment.
- Keep telecommunication rooms locked.
- Use security cages around equipment.
Many portable devices and expensive computer monitors have a special steel bracket security slot built in to use in conjunction with cable locks.
The most common type of door lock is a standard keyed entry lock. It does not automatically lock when the door closes. Additionally, an individual can wedge a thin plastic card such as a credit card between the lock and the door casing to force the door open. Door locks in commercial buildings are different from residential door locks. For additional security, a deadbolt lock provides extra security. Any lock that requires a key, though, poses a vulnerability if the keys are lost, stolen, or duplicated.
A cipher lock, uses buttons that a user presses in a given sequence to open the door. It is possible to program a cipher lock. This means that a user’s code may only work during certain days or certain times. For example, a cipher lock may only allow Bob access to the server room between the hours of 7 a.m. and 6 p.m. Monday through Friday. Cipher locks can also keep a record of when the door opened, and the code used to open it.
Logout Timers
An employee gets up and leaves his computer to take a break. If the employee does not take any action to secure his workstation, any information on that system is vulnerable to an unauthorized user. An organization can take the following measures to deter unauthorized access:
Idle Timeout and Screen Lock
Employees may or may not log out of their computer when they leave the workplace. Therefore, it is a security best practice to configure an idle timer that will automatically log the user out and lock the screen after a specified period. The user must log back in to unlock the screen.
Login Times
In some situations, an organization may want employees to log in during specific hours, such as 7 a.m. to 6 p.m. The system blocks logins during the hours that fall outside of the allowed login hours.
GPS Tracking
The Global Positioning System (GPS) uses satellites and computers to determine the location of a device. GPS technology is a standard feature on smartphones that provide real-time position tracking. GPS tracking can pinpoint a location within 100 meters. This technology is available to track children, senior citizens, pets, and vehicles. Using GPS to locate a cell phone without the user’s permission though is an invasion of privacy and it is illegal.
Many cell phone apps use GPS tracking to track a phone’s location. For example, Facebook allows users to check in to a location, which is then visible to people in their networks.
Inventory and RFID Tags
Radio frequency identification (RFID) uses radio waves to identify and track objects. RFID inventory systems use tags attached to all items that an organization wants to track. The tags contain an integrated circuit that connects to an antenna. RFID tags are small and require very little power, so they do not need a battery to store information to exchange with a reader. RFID can help automate asset tracking or wirelessly lock, unlock, or configure electronic devices.
RFID systems operate within different frequencies. Low frequency systems have a shorter read range and slower data read rates, but are not as sensitive to radio wave interference caused by liquids and metals that are present. Higher frequencies have a faster data transfer rate and longer read ranges, but are more sensitive to radio wave interference.
Activity - Defending Systems and Devices
Managing Remote Access
Remote access refers to any combination of hardware and software that enables users to access a local internal network remotely.
With the Windows operating system, technicians can use Remote Desktop and Remote Assistance to repair and upgrade computers. Remote Desktop, as shown in the figure, allows technicians to view and control a computer from a remote location. Remote Assistance allows technicians to assist customers with problems from a remote location. Remote Assistance also allows the customer to view the repair or upgrade in real time on the screen.
The Windows installation process does not enable remote desktop by default. Enabling this feature opens port 3389 and could result in a vulnerability if a user does not need this service.
Telnet, SSH, and SCP
Secure Shell (SSH) is a protocol that provides a secure (encrypted) management connection to a remote device. SSH should replace Telnet for management connections. Telnet is an older protocol that uses unsecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices. SSH provides security for remote connections by providing strong encryption when a device authenticates (username and password) and for transmitting data between the communicating devices. SSH uses TCP port 22. Telnet uses TCP port 23.
In Figure 1, cyber criminals monitor packets using Wireshark. In Figure 2, cyber criminals capture the username and password of the administrator from the plaintext Telnet session.
Figure 3 shows the Wireshark view of an SSH session. Cyber criminals track the session using the IP address of the administrator device, but in Figure 4, the session encrypts the username and password.
Secure copy (SCP) securely transfers computer files between two remote systems. SCP uses SSH for data transfer (including the authentication element), so SCP ensures the authenticity and confidentiality of the data in transit.
Securing Ports and Services
Cyber criminals exploit the services running on a system because they know that most devices run more services or programs than they need. An administrator should look at every service to verify its necessity and evaluate its risk. Remove any unnecessary services.
A simple method that many administrators use to help secure the network from unauthorized access is to disable all unused ports on a switch. For example, if a switch has 24 ports and there are three Fast Ethernet connections in use, it is good practice to disable the 21 unused ports.
The process of enabling and disabling ports can be time-consuming, but it enhances security on the network and is well worth the effort.
Privileged Accounts
Cyber criminals exploit privileged accounts because they are the most powerful accounts in the organization. Privileged accounts have the credentials to gain access to systems and they provide elevated, unrestricted access. Administrators use these accounts to deploy and manage operating systems, applications, and network devices. The figure summarizes the types of privileged accounts.
Organization should adopt the following best practices for securing privileged accounts:
- Identify and reduce the number of privileged accounts
- Enforce the principle of least privilege
- Establish a process for revocation of rights when employees leave or change jobs
- Eliminate shared accounts with passwords that do not expire
- Secure password storage
- Eliminate shared credentials for multiple administrators
- Automatically change privileged account passwords every 30 or 60 days
- Record privileged sessions
- Implement a process to change embedded passwords for scripts and service accounts
- Log all user activity
- Generate alerts for unusual behavior
- Disable inactive privileged accounts
- Use multi-factor authentication for all administrative access
- Implement a gateway between the end-user and sensitive assets to limit network exposure to malware
Locking down privileged accounts is critical to the security of the organization. Securing these accounts needs to be a continuous process. An organization should evaluate this process to make any required adjustments to improve security.
Group Policies
In most networks that use Windows computers, an administrator configures Active Directory with Domains on a Windows Server. Windows computers are members of a domain. The administrator configures a Domain Security Policy that applies to all computers that join. Account policies are automatically set when a user logs in to Windows.
When a computer is not part of an Active Directory domain, the user configures policies through Windows Local Security Policy. In all versions of Windows except Home edition, enter secpol.msc at the Run command to open the Local Security Policy tool.
An administrator configures user account policies such as password policies and lockout policies by expanding Account Policies > Password Policy. With the settings shown in Figure 1, users must change their passwords every 90 days and use the new password for at least one (1) day. Passwords must contain eight (8) characters and three of the following four categories: uppercase letters, lowercase letters, numbers, and symbols. Lastly, the user can reuse a password after 24 unique passwords.
An account Lockout Policy locks a computer for a configured duration when too many incorrect login attempts occur. For example, the policy shown in Figure 2 allows the user to enter the wrong username and/or password five times. After five attempts, the account locks users out for 30 minutes. After 30 minutes, the number of attempts resets to zero and the user can attempt to login again.
More security settings are available by expanding the Local Policies folder. An Audit Policy creates a security log file used to track the events listed in Figure 3.
Enable Logs and Alerts
A log records all events as they occur. Log entries make up a log file, and a log entry contains all of the information related to a specific event. Logs that relate to computer security have grown in importance.
For example, an audit log tracks user authentication attempts, and an access log provides all of the details on requests for specific files on a system. Monitoring system logs can determine how an attack occurred and whether the defenses deployed were successful.
With the increase in the sheer number of log files generated for computer security purposes, the organization should consider a log management process. Log management determines the process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
Operating System Logs
Operating system logs record events that occur because of operational actions performed by the operating system. System events include the following:
- Client requests and server responses such as successful user authentications
- Usage information that contains the number and size of transactions in a given period of time
Security Application Logs
Organizations use network-based or system-based security software to detect malicious activity. This software generates a security log to provide computer security data. Logs are useful for performing auditing analysis and identifying trends and long-term problems. Logs also enable an organization to provide documentation showing that it is in compliance with laws and regulatory requirements.
Power
A critical issue in protecting information systems is electrical power systems and power considerations. A continuous supply of electrical power is critical in today's massive server and data storage facilities. Here are some general rules in building effective electrical supply systems:
- Data centers should be on a different power supply from the rest of the building
- Redundant power sources: two or more feeds coming from two or more electrical substations
- Power conditioning
- Backup power systems are often required
- UPS should be available to gracefully shutdown systems
An organization must protect itself from several issues when designing its electrical power supply systems.
Power Excess
- Spike: momentary high voltage
- Surge: prolonged high voltage
Power Loss
- Fault: momentary loss of power
- Blackout: complete loss of power
Power Degradation
- Sag/dip: momentary low voltage
- Brownout: prolonged low voltage
- Inrush Current: initial surge of power
Heating, Ventilation, and Air Conditioning (HVAC)
Hardware Monitoring
Activity - Hardening Servers
Operation Centers
Switches, Routers, and Network Appliances
Wireless and Mobile Devices
- Open system authentication - Any wireless device can connect to the wireless network. Use this method in situations where security is of no concern.
- Shared key authentication - Provides mechanisms to authenticate and encrypt data between a wireless client and AP or wireless router.
- Wired Equivalent Privacy (WEP) - This was the original 802.11 specification securing WLANs. However, the encryption key never changes when exchanging packets, making it easy to hack.
- Wi-Fi Protected Access (WPA) - This standard uses WEP, but secures the data with the much stronger Temporal Key Integrity Protocol (TKIP) encryption algorithm. TKIP changes the key for each packet, making it much more difficult to hack.
- IEEE 802.11i/WPA2 - IEEE 802.11i is now the industry standard for securing WLANs. 802.11i and WPA2 both use the Advanced Encryption Standard (AES) for encryption, which is currently the strongest encryption protocol.
Network and Routing Services
VoIP Equipment
- A traditional phone with an adapter (the adapter acts as a hardware interface between a traditional, analog phone and a digital VoIP line)
- A VoIP-enabled phone
- VoIP software installed on a computer
- Encrypt voice message packets to protect against eavesdropping.
- Use SSH to protect gateways and switches.
- Change all default passwords.
- Use an intrusion detection system to detect attacks such as ARP poisoning.
- Use strong authentication to mitigate registration spoofing (cyber criminals route all incoming calls for the victim to them), proxy impersonating (tricks the victim into communicating with a rogue proxy set up by the cyber criminals), and call hijacking (the call is intercepted and rerouted to a different path before reaching the destination).
- Implement firewalls that recognize VoIP to monitor streams and filter abnormal signals.
Cameras
Videoconferencing Equipment
Network and IoT Sensors
Activity - Hardening Networks
Fencing and Barricades
- Perimeter fence system
- Security gate system
- Bollards (a short post used to protect from vehicle intrusions as shown in Figure 2)
- Vehicle entry barriers
- Guard shelters
- 1 meter (3-4 ft.) will only deter casual trespassers
- 2 meters (6-7 ft.) are too high to climb by casual trespassers
- 2.5 meters (8 ft.) will offer limited delay to a determined intruder
Biometrics
