PHYSICAL SECURITY OF REMOTE TERMINALS
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP79M00096A000100020011-2
Release Decision:
RIFPUB
Original Classification:
K
Document Page Count:
6
Document Creation Date:
December 15, 2016
Document Release Date:
March 10, 2004
Sequence Number:
11
Case Number:
Publication Date:
March 30, 1972
Content Type:
REPORT
File:
Attachment | Size |
---|---|
CIA-RDP79M00096A000100020011-2.pdf | 617.09 KB |
Body:
Approved For Release X004/03/25: CIA-RDP79M00096 1
Approved For Release 2004/03125 : CIA-RDP79M00096AO00100020011-2 '
Approved, For Release 2004/03/25 CIA-RDP79M00096AU001000200112';
BACKGROUND:
Physical security, , i s .certainly not :a term that i s new. to any of us'.'-...
in.government., It has, however, with the integration of,-the computer.
into our informatioh systems .taken on a, more. complicated and less
clearly definable meaning. In fact, 'only in the last few years have
commercial. users and industry, with:,a few exceptions, begun to give
physical security any' real attention as' they, begin to move away from;
displaying' their computer, systems as "showplaces." .Physical security
can no longer be merely construed. in terms of putting an approved lock
on a'door and ensuring that the walls run slab to slab. :,.Sound physical
control features'or structures must be augmented. with new and more practi-
cal.innovations G1 ass, walls or partitions may not, afford the protection
.of a ' concrete` wall, but. such a concrete wall prohibits visibility of the
area from the outside and makes it , possible: for' an intruder to do
;able damage before being detected The luxury
fortresses is not available since cost'-I~aCJ"Cors
consider
of building impenetrable
of the new systems:_
orce us
o ensure that each organization utilizes'the full
potential'of the system.
Because of the new considerations allowing for unvarying humidity ranges
and immediate response inthe.event of fire, physical security, cannot just
protect : the installation, it also'mustnow participate in maintaining the
system.
It is difficult to make's olund 'determinations. of, the 'need, for. 'security'
measures or to .justify not applying them unless',there isa quantitative
assessment of: the value of,the data being protected.'
Approved For Release 2004/03/25 CIA-RDP79M00096A000100020011-2
Physical
;A,p,pr4ved..F-or.Release 2004/03/25 CIA-RDP79M00096A00010d0.10011~? :1 1
security plays. an integral.part .in protecting the classified,
compartmented
or otherwise privileged data in an information system
against'access?by persons not cleared for and/or not.authorized access
to that,data. No information system can beabsolutely'secure, however,
every reasonable effort must be taken to ensure that the probability
of compromise is severely minimized .',,'Consequently, the'phys,1cal security
standards 'appl i ed, to every "l i nk" or access point to the `system itself
must be commensurate with the highest level of the information in the system.
With the "expansion"'of the computer center to remote'terminals, we have,
i!n factsignificantly. increased . the potential threat to subvert the system.
The remote terminal cannot be allowed to become the "weak link" in the security
-chain' '.Such immediate factors as emanations, intrusion, and physical access
control measures must be considered in the overall planning of the physical
protection of. each remote terminal While at the same, time,` conscious of
electronic'eavesdroppi,ng and that, by observing the terminal:.,i,n operation
or by collecting the discarded printouts or ' printing' ribbons, a person
could possibly gain the necessary passwords , to' allow hm unauthorized access
to the files and programs of all or part of the information system:, lJith
out applying the same stringent,physical 'standard's at each terminal 'the
relatively elaborate measures taken to protect the entire informat1on sys
tem itself becomes sharply , devalued.'!
Incidental to these purposes is the need to prevent.damage ~o faculties and
equipment at the terminal due to 'accidents ',"disasters , or acts of, sabotage.,
Approved For Release 2004/03/25 : CIA-RDP79M00096AO00100020011-2
Approved For Release 2004/03/25: CIA-RDP79M00096A00010O620019'-2
PROBLEMS:
In the foregoing section this paper, alluded to a number of problems.,'.
concerning remote terminals, Some of the more significant areas of
concern facing an organization about to implement such ..a system are
>The:,actual.'physical location of'the building; that is to sa
is the location in:an isolated area, public area?
The peripheral security measures that encompass this building;
such as fences, hedges,. etc Included in this section. are
exterior guard patrol
Access control measures implemented in an agency. or building;
have a clearly defined
this includes internal guards, who must
role and ,instructions i n the event) of unauthorized entry or di s rup- .
tions
Specific location of the remote terminal area, included i n thi his
category are again access controls, since this type of area will be.
.des,igned a secure; or restricted area because of the direct. link
into the computer center (data base).
Locking devices ultrasonic, alarms, which type'and.model should be
installed and where
Disaster control procedures in"cluding,fire,"water; and riot contro
Approved For Release 2004/03/25 : CIA-RDP79M00096AO00100020011-2
Approved For Release 2004/03/25.:. CIA-RDP79M00096A00010002001,1-2
.ANSWERS:
In this concept of. remote terminals physical; security measures are the
initial barrier for the protection of such'devices,.,These?measures are
interwoven into ,the overall hardware and software security procedures
The following are suggested applications which are generally accepted
throughout the intelligence/security. community:
Adequate guard force with a concise pass system for employees
icentification and the installation itself must 'afford a sig
nificant deterrent to the entry of unauthorized persons
IDefi.ne security or restricted area, conduct liaison and coor
dination.with involved offices to arrive'.at.an approved plan
Separate identification for.users.of the remote terminal and
strict enforcement of the.,. need to know" doctrine
Eliminate all unnecessary traffic throughout remote terminal,
area and prominent signs that. identify the' location of.the '
terminal. inviting unnecessary attention
Restrict access to the remote terminal to authorized operating
personnel and supervisory personnel.. This number should be kept'.'
to an absolute minimum and their duties and responsibilities mus
be clearly defined.
'Implement remote terminal?access'logs'with employees, including
.requirement that they log in. and out.
'Visitors should be given appropriate identification'badges and escort..
Approved For Release 2004/03/25 : CIA-RDP79M00096A00010002001.1-2
Approved For Release.2004/03/25:; CIA-RDP79M0.009.6A0001O002001:1' 2
failure to test security measures can. easily result in a reliance on a
While the foregoing may be. the panacea ; for. physical security problems,
CONCLUSION:
number of things which are ineffective. Reasonably frequent tests of
improve the sensitivity of, employees toward security as a continuing pro
security measures indicate a continui,ng awareness. and concern, for security
and for that reason, are in themselves a security measure in. that they
Clearly conceived and normally effective security measures become quite
ineffective when people find they can circumvent them without incurring
Approved 'For Release 2004/03/25 : CIA-RDP79M00096A000100020011-2