Bank IT Officer Descriptive Solved Question Paper For SBI, Allahabad Bank

Q1. What is Client-server Computing?

Ans: The short answer: Client/server is a computational architecture that involves client
processes
requesting service from server processes.
The long answer: Client/server computing is the logical extension of modular programming.
Modular programming has as its fundamental assumption that separation of a large piece of
software into its constituent parts ("modules") creates the possibility for easier development and
better maintainability. Client/server computing takes this a step farther by recognizing that those
modules need not all be executed within the same memory space.
With this architecture, the calling module becomes the "client" (that which requests a service),
and the called module becomes the "server" (that which provides the service). The logical
extension of this is to have clients and servers running on the appropriate hardware and
software platforms for their functions. For example, database management system servers
running on platforms specially designed and configured to perform queries, or file servers
running on platforms with special elements for managing files. It is this latter perspective that
has created the widely-believed myth that client/server has something to do with PCs or Unix
machines.

Q2 What is a Client process?

Ans: The client is a process (program) that sends a message to a server process (program),
requesting that the server perform a task (service). Client programs usually manage the user-
interface portion of the application, validate data entered by the user, dispatch requests to
server programs, and sometimes execute business logic. The client-basedprocess is the front-
end of the application that the user sees and interacts with. The client process contains solution-
specific logic and provides the interface between the user and the rest of the application system.
The client process also manages the local resources that the user interacts with such as the
monitor, keyboard, workstation CPU and peripherals. One of the key elements of a client
workstation is the graphical user interface (GUI). Normally a part of operating system i.e. the
window manager detects user actions, manages the windows on the display and displays the
data in the windows.

Q3 What is a Server process?

Ans : A server process (program) fulfills the client request by performing the task requested.
Server programs generally receive requests from client programs, execute database retrieval
and updates, manage data integrity and dispatch responses to client requests. Sometimes server
programs execute common or complex business logic. The server-based process "may" run on
another machine on the network. This server could be the host operating system or network file
server; the server is then provided both file system services and application services. Or in some
cases, another desktop machine provides the application services. The server process acts as a
software engine that manages shared resources such as databases, printers, communication
links, or high powered-processors. The server process performs the back-end tasks that are
common to similar applications.
Q4 What is a Two-Tier Architecture?

Ans : A two-tier architecture is where a client talks directly to a server, with no intervening
server. It is typically used in small environments (less than 50 users). A common error in
client/server development is to prototype an application in a small, two-tier environment, and
then scale up by simply adding more users to the server. This approach will usually result in an
ineffective system, as the server becomes overwhelmed. To properly scale to hundreds or
thousands of users, it is usually necessary to move to a three-tier architecture.

Q5 What is a Three-Tier Architecture?

A three-tier architecture introduces a server (or an "agent") between the client and the server.
The role of the agent is manyfold. It can provide translation services (as in adapting a legacy
application on a mainframe to a client/server environment), metering services (as in acting as a
transaction monitor to limit the number of simultaneous requests to a given server), or
intellegent agent services (as in mapping a request to a number of different servers, collating the
results, and returning a single response to the client.
For SBI Speciality Officer, Allahabad bank IT Officer Exam

Model Questions : The Descriptive Test should be Prepared on Basis of All Books of Degree
Exam with Special Emphasis on Banking.We are Listing Sample Questions

1. What do you understand by 'Authentication' and 'Encryption' in the context of system

security? In this context explain
(i) Kerberos
(ii) IP Security
(iii) RSA Encryption

2.Write short notes on each of the following:

(a) Trojan Horse
(b) Smart Cards

3. Write short notes on each of the following:

(a) Trojan Horse
(b) Smart Cards
(c) Physical threats and security
(d) PGP

4. Explain the DMA controller with block diagram. What is meant by a block transfer? What are
the various phases of an instruction cycle ? Give the micro operation of fetch and decode phases
Compare Static RAM with Dynamic RAM.

5. Using NAND gate generate the AND and NOR functions

6. Which of the following services should be enabled in a secure workstation connected in an

Ethernet LAN ?

Give reasons for your answer.

Anacron, ftp, netfs, nfs, telnet, sendmail, SSH, syslog, SNMP, time. (Assume the LAN is
connected to the Internet but is not connected via Firewall nor is Kerberos used).

7. What is a Socket ? Write two differences between a TCP Socket and a UDP Socket.

8. What are the standard port numbers for (i) Web Server (ii) Mail Server (iii) FTP Server (iv)
Telnet ?

9 What is Network Address Translation (NAT) ? Give any two advantages and two
disadvantages of NAT.

10 What is VPN ? How is it useful for an organization ?

11. What is a Search Engine ? How is it useful for Internet/Intranet ? Give the names of any four
Search engines.

12 What is WAP ? Give any two advantages and two limitations of WAP. Also explain its layered
architecture.

ANSWERS

1. a. Kerberos ( /ˈkɛərbərəs/) is a computer network authentication protocol, which allows

nodes communicating over a non-secure network to prove their identity to one another in a
secure manner. Its designers aimed primarily at a client–server model, and it provides mutual
authentication — both the user and the server verify each other's identity. Kerberos protocol
messages are protected against eavesdropping and replay attacks. Kerberos builds on symmetric
key cryptography and requires a trusted third party, and optionally may use public-key
cryptography by utilizing asymmetric key cryptography during certain phases of authentication.
[1]

Kerberos is also a suite of free software published by Massachusetts Institute of Technology

(MIT) that implements this protocol.
Kerberos uses port 88 by default.
Theory
Kerberos uses as its basis the symmetric Needham-Schroeder protocol. It makes use of a trusted
third party, termed a key distribution center (KDC), which consists of two logically separate
parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). Kerberos works on the
basis of "tickets" which serve to prove the identity of users.
The KDC maintains a database of secret keys; each entity on the network — whether a client or
a server — shares a secret key known only to itself and to the KDC. Knowledge of this key serves
to prove an entity's identity. For communication between two entities, the KDC generates a
session key which they can use to secure their interactions. The security of the protocol relies
heavily on participants maintaining loosely synchronized time and on short-lived assertions of
authenticity called Kerberos tickets.
[edit] Description
The following is an intuitive description. The client authenticates itself to the Authentication
Server and receives a ticket (All tickets are time-stamped). It then contacts the Ticket Granting
Server, and using the ticket it demonstrates its identity and asks for a service. If the client is
eligible for the service, then the Ticket Granting Server sends another ticket to the client. The
client then contacts the Service Server, and using this ticket it proves that it has been approved
to receive the service.
A simplified and more detailed description of the protocol follows. The following abbreviations
are used:
• AS = Authentication Server
• SS = Service Server
• TGS = Ticket-Granting Server
• TGT = Ticket Granting Ticket
Kerberos negotiations

The client authenticates to the AS once using a long-term shared secret (e.g. a password) and
receives a TGT from the AS. Later, when the client wants to contact some SS, it can (re)use this
ticket to get additional tickets from TGS, for SS, without resorting to using the shared secret.
These tickets can be used to prove authentication to SS.
The phases are detailed below.
[edit] User Client-based Logon
1. A user enters a username and password on the client machine.
2. The client performs a one-way function (hash usually) on the entered password, and
this becomes the secret key of the client/user.

[edit] Client Authentication

Kerberos Protocol

1. The client sends a cleartext message of the user ID to the AS requesting services on
behalf of the user. (Note: Neither the secret key nor the password is sent to the AS.)
The AS generates the secret key by hashing the password of the user found at the
database (e.g. Active Directory in Windows Server).
2. The AS checks to see if the client is in its database. If it is, the AS sends back the
following two messages to the client:
○ Message A: Client/TGS Session Key encrypted using the secret key of the
client/user.
○ Message B: Ticket-to Get-Ticket (which includes the client ID, client network
address, ticket validity period, and the client/TGS session key) encrypted
using the secret key of the TGS.
3. Once the client receives messages A and B, it attempts to decrypt message A with
the secret key generated from the password entered by the user. If the user entered
password does not match the password in the AS database, the client's secret key
will be different and thus unable to decrypt message A. With a valid password and
secret key the client decrypts message A to obtain the Client/TGS Session Key. This
session key is used for further communications with the TGS. (Note: The client
cannot decrypt Message B, as it is encrypted using TGS's secret key.) At this point,
the client has enough information to authenticate itself to the TGS.
b.
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication session.
IPsec also includes protocols for establishing mutual authentication between agents at the
beginning of the session and negotiation of cryptographic keys to be used during the session.
IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol
Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a
pair of security gateways (network-to-network), or between a security gateway and a host
(network-to-host).[1]
Some other Internet security systems in widespread use, such as Secure Sockets Layer (SSL),
Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the
TCP/IP model. Hence, IPsec protects any application traffic across an IP network. Applications
do not need to be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must
be designed into an application to protect the application protocols.
IPsec is a successor of the ISO standard Network Layer Security Protocol (NLSP). NLSP was
based on the SP3 protocol that was published by NIST, but designed by the Secure Data
Network System project of the National Security Agency (NSA).
IPsec is officially specified by the Internet Engineering Task Force (IETF) in a series of Request
for Comment documents addressing various components and extensions. It specifies the spelling
of the protocol name to be IPsec.[2]
[edit] Security architecture
The IPsec suite is an open standard. IPsec uses the following protocols to perform various
functions:[3][4]
• Authentication Headers (AH) provide connectionless integrity and data origin
authentication for IP datagrams and provides protection against replay attacks.[5][6]
• Encapsulating Security Payloads (ESP) provide confidentiality, data origin
authentication, connectionless integrity, an anti-replay service (a form of partial
sequence integrity), and limited traffic flow confidentiality.[1]
• Security associations (SA) provide the bundle of algorithms and data that provide the
parameters necessary to operate the AH and/or ESP operations. The Internet Security
Association and Key Management Protocol (ISAKMP) provides a framework for
authentication and key exchange,[7] with actual authenticated keying material provided
either by manual configuration with pre-shared keys, Internet Key Exchange (IKE and
IKEv2), Kerberized Internet Negotiation of Keys (KINK), or IPSECKEY DNS records.[8]
[9][10][11]

[edit] Authentication Header

Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees
connectionless integrity and data origin authentication of IP packets. Further, it can optionally
protect against replay attacks by using the sliding window technique and discarding old packets
(see below).
• In IPv4, the AH protects the IP payload and all header fields of an IP datagram except
for mutable fields (i.e. those that might be altered in transit). Mutable (and therefore
 unauthenticated) IP header fields are DSCP/TOS, ECN, Flags, Fragment Offset, TTL
and Header Checksum.[6]
• In IPv6, the AH protects the AH itself, the Destination Options extension header after the
AH, and the IP payload. It also protects the fixed IPv6 header and all extension headers
before the AH, except for the mutable fields: DSCP, ECN, Flow Label, and Hop Limit.[6]
AH operates directly on top of IP, using IP protocol number 51.[12]
c.This article is about an algorithm for public-key encryption. For the U.S. encryption and
network security company, see RSA Security. For the Republic of South Africa, see South Africa.
For other uses, see RSA (disambiguation).

In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly
described it) is an algorithm for public-key cryptography.[1] It is the first algorithm known to be
suitable for signing as well as encryption, and was one of the first great advances in public key
cryptography. RSA is widely used in electronic commerce protocols, and is believed to be
sufficiently secure given sufficiently long keys and the use of up-to-date implementations.
Operation
The RSA algorithm involves three steps: key generation, encryption and decryption.
[edit] Key generation
RSA involves a public key and a private key. The public key can be known to everyone and is
used for encrypting messages. Messages encrypted with the public key can only be decrypted
using the private key. The keys for the RSA algorithm are generated the following way:
1. Choose two distinct prime numbers p and q.
○ For security purposes, the integers p and q should be chosen at random, and
should be of similar bit-length. Prime integers can be efficiently found using a
primality test.
2. Compute n = pq.
○ n is used as the modulus for both the public and private keys
3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and gcd(e,φ(n)) = 1, i.e. e and φ(n) are
coprime.
○ e is released as the public key exponent.
○ e having a short bit-length and small Hamming weight results in more efficient
encryption - most commonly 0x10001 = 65537. However, small values of e (such
as 3) have been shown to be less secure in some settings.[4]
5. Determine d = e–1 mod φ(n); i.e. d is the multiplicative inverse of e mod φ(n).
○ This is often computed using the extended Euclidean algorithm.
○ d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e. The private
key consists of the private (or decryption) exponent d which must be kept secret.
Notes:
 • An alternative, used by PKCS#1, is to choose d matching de ≡ 1 mod λ with λ = lcm(p − 
1,q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more
choices for d. λ can also be defined using the Carmichael function, λ(n).
• The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p
and q match additional requirements: be strong primes, and be different enough that
Fermat factorization fails.
[edit] Encryption
Alice transmits her public key (n,e) to Bob and keeps the private key secret. Bob then wishes to
send message M to Alice.
He first turns M into an integer m, such that 0 < m < n by using an agreed-upon reversible
protocol known as a padding scheme. He then computes the ciphertext c corresponding to
c = me (mod n).
This can be done quickly using the method of exponentiation by squaring. Bob then transmits c
to Alice.
[edit] Decryption
Alice can recover m from c by using her private key exponent d via computing
m = cd (mod n).
Given m, she can recover the original message M by reversing the padding scheme.
(In practice, there are more efficient methods of calculating cd using the pre computed values
below.)
[edit] A worked example
Here is an example of RSA encryption and decryption. The parameters used here are artificially
small, but one can also use OpenSSL to generate and examine a real keypair.
1. Choose two distinct prime numbers, such as
p = 61 and q = 53.
2. Compute n = pq giving
n = 61 · 53 = 3233.
3. Compute the totient of the product as φ(n) = (p − 1)(q − 1) giving
φ(3233) = (61 − 1)(53 − 1) = 3120.
4. Choose any number 1 < e < 3120 that is coprime to 3120. Choosing a prime number for
e leaves us only to check that e is not a divisor of 3120.
Let e = 17.

5. Compute d, the modular multiplicative inverse of yielding

d = 2753.
The public key is (n = 3233, e = 17). For a padded plaintext message m, the encryption function
is m17 (mod 3233).
The private key is (n = 3233, d = 2753). For an encrypted ciphertext c, the decryption function
is c2753 (mod 3233).
For instance, in order to encrypt m = 65, we calculate
c = 6517 (mod 3233) = 2790.
To decrypt c = 2790, we calculate
m = 27902753 (mod 3233) = 65.
Both of these calculations can be computed efficiently using the square-and-multiply algorithm
for modular exponentiation. In real life situations the primes selected would be much larger; in
our example it would be relatively trivial to factor n, 3233, obtained from the freely available
public key back to the primes p and q. Given e, also from the public key, we could then compute
d and so acquire the private key.

2. A Trojan horse:
Trojan, is software that appears to perform a desirable function for the user prior to run or
install, but (perhaps in addition to the expected function) steals information or harms the
system.[1] The term is derived from the Trojan Horse story in Greek mythology.

Purpose and uses

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses
do not replicate themselves but they can be just as destructive. One of the most insidious types of
Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses
onto the computer.
The term comes from the Greek story of the Trojan War, in which the Greeks give a giant
wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans
drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and
open the city gates, allowing their compatriots to pour in and capture Troy.
[edit] Security
Trojan may allow a hacker remote access to a target computer system. Once a Trojan has been
installed on a target computer system, a hacker may have access to the computer remotely and
perform various operations, limited by user privileges on the target computer system and the
design of the Trojan .
Operations that could be performed by a hacker on a target computer system include:
• Use of the machine as part of a botnet (e.g. to perform automated spamming or to
distribute Denial-of-service attacks)
• Data theft (e.g. retrieving passwords or credit card information)
• Installation of software, including third-party malware
• Downloading or uploading of files on the user's computer
• Modification or deletion of files
• Keystroke logging
• Watching the user's screen
 • Crashing the computer
• Anonymizing internet viewing
Trojan horses in this way require interaction with a hacker to fulfill their purpose, though the
hacker need not be the individual responsible for distributing the Trojan horse. It is possible for
individual hackers to scan computers on a network using a port scanner in the hope of finding
one with a malicious Trojan horse installed, which the hacker can then use to control the target
computer.[2]
A recent innovation in Trojan horse code takes advantage of a security flaw in older versions of
IE explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively
hide internet usage. The hacker is able to view internet sites while the tracking cookies, internet
history, and any IP logging are maintained on the host computer. The host computer may or may
not show the internet history of the sites viewed using the computer as a proxy. The first
generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of
the host computer. Newer generations of the Trojan horse tend to "cover" their tracks more
efficiently. Several versions of Slavebot have been widely circulated in the US and Europe and
are the most widely distributed examples of this type of Trojan horse. .[3]
[edit] Current use
Due to the popularity of botnets among hackers and the availability of advertising services that
permit authors to violate their users' privacy, Trojan horses are becoming more common.
According to a survey conducted by BitDefender from January to June 2009, "Trojan-type
malware is on the rise, accounting for 83-percent of the global malware detected in the world".
This virus has a relationship with worms as it spreads with the help given by worms and travel
across the internet with them. [4

Smart Card Primer

A smart card is a device that includes an embedded integrated circuit chip (ICC) that can be
either a secure microcontroller or equivalent intelligence with internal memory or a memory
chip alone. The card connects to a reader with direct physical contact or with a remote
contactless radio frequency interface. With an embedded microcontroller, smart cards have the
unique ability to store large amounts of data, carry out their own on-card functions (e.g.,
encryption and mutual authentication) and interact intelligently with a smart card reader. Smart
card technology conforms to international standards (ISO/IEC 7816 and ISO/IEC 14443) and is
available in a variety of form factors, including plastic cards, fobs, subscriber identity modules
(SIMs) used in GSM mobile phones, and USB-based tokens.
Smart Card Technology
There are two general categories of smart cards: contact and contactless.
A contact smart card must be inserted into a smart card reader with a direct connection to a
conductive contact plate on the surface of the card (typically gold plated). Transmission of
commands, data, and card status takes place over these physical contact points.

A contactless card requires only close proximity to a reader. Both the reader and the card have
antennae, and the two communicate using radio frequencies (RF) over this contactless link. Most
contactless cards also derive power for the internal chip from this electromagnetic signal. The
range is typically one-half to three inches for non-battery-powered cards, ideal for applications
such as building entry and payment that require a very fast card interface.
Two additional categories of cards are dual-interface cards and hybrid cards. A hybrid card has
two chips, one with a contact interface and one with a contactless interface. The two chips are
not interconnected. A dual-interface card has a single chip with both contact and contactless
interfaces. With dual-interface cards, it is possible to access the same chip using either a contact
or contactless interface with a very high level of security.
The chips used in all of these cards fall into two categories as well: microcontroller chips and
memory chips. A memory chip is like a small floppy disk with optional security. Memory chips
are less expensive than microcontrollers but with a corresponding decrease in data management
security. Cards that use memory chips depend on the security of the card reader for processing
and are ideal for situations that require low or medium security.
A microcontroller chip can add, delete, and otherwise manipulate information in its memory. A
microcontroller is like a miniature computer, with an input/output port, operating system, and
hard disk. Smart cards with an embedded microcontroller have the unique ability to store large
amounts of data, carry out their own on-card functions (e.g., encryption and digital signatures)
and interact intelligently with a smart card reader.

3.D. Pretty Good Privacy (PGP) is a data encryption and decryption computer program
that provides cryptographic privacy and authentication for data communication. PGP is often
used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk
partitions to increase the security of e-mail communications. It was created by Philip
Zimmermann in 1991.
PGP and similar products follow the OpenPGP standard (RFC 4880) for encrypting and
decrypting data.
How PGP encryption works
PGP encryption uses a serial combination of hashing, data compression, symmetric-key
cryptography, and, finally, public-key cryptography; each step uses one of several supported
algorithms. Each public key is bound to a user name and/or an e-mail address. The first version
of this system was generally known as a web of trust to contrast with the X.509 system which
uses a hierarchical approach based on certificate authority and which was added to PGP
implementations later. Current versions of PGP encryption include both options through an
automated key management server.
[edit] Compatibility
As PGP evolves, PGP systems that support newer features and algorithms are able to create
encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Thus,
it is essential that partners in PGP communication understand each other's capabilities or at
least agree on PGP settings.
[edit] Confidentiality
PGP can be used to send messages confidentially. For this, PGP combines symmetric-key
encryption and public-key encryption. The message is encrypted using a symmetric encryption
algorithm, which requires a symmetric key. Each symmetric key is used only once and is also
called a session key. The session key is protected by encrypting it with the receiver's public key
thus ensuring that only the receiver can decrypt the session key. The encrypted message along
with the encrypted session key is sent to the recipient.
[edit] Digital signatures
PGP supports message authentication and integrity checking. The latter is used to detect
whether a message has been altered since it was completed (the message integrity property), and
the former to determine whether it was actually sent by the person/entity claimed to be the
sender (a digital signature). In PGP, these are used by default in conjunction with encryption,
but can be applied to the plaintext as well. The sender uses PGP to create a digital signature for
the message with either the RSA or DSA signature algorithms. To do so, PGP computes a hash
(also called a message digest) from the plaintext, and then creates the digital signature from that
hash using the sender's private key.
[edit] Web of trust
Main article: Web of trust
Both when encrypting messages and when verifying signatures, it is critical that the public key
used to send messages to someone or some entity actually does 'belong' to the intended recipient.
Simply downloading a public key from somewhere is not overwhelming assurance of that
association; deliberate (or accidental) impersonation is possible. PGP has, from its first
versions, always included provisions for distributing a user's public keys in an 'identity
certificate' which is also constructed cryptographically so that any tampering (or accidental
garble) is readily detectable. But merely making a certificate which is impossible to modify
without being detected effectively is also insufficient. It can prevent corruption only after the
certificate has been created, not before. Users must also ensure by some means that the public
key in a certificate actually does belong to the person/entity claiming it. From its first release,
PGP products have included an internal certificate 'vetting scheme' to assist with this; a trust
model which has been called a web of trust. A given public key (or more specifically,
information binding a user name to a key) may be digitally signed by a third party user to attest
to the association between someone (actually a user name) and the key. There are several levels
of confidence which can be included in such signatures. Although many programs read and
write this information, few (if any) include this level of certification when calculating whether to
trust a key.
c. Physical Security Threats and Controls
Physical security is the lifeblood of all security controls. If physical security is compromised, all
other controls are irrelevant.
Why? Think about it. If someone manages to get into your server, physically accessing your
computers, he or she can cause serious damage. Some examples of damage possible can
include: removing the hard drives from your computer, stealing computer backup tapes, or
simply shutting down the power to your servers. All of these can be accomplished in the blink of
an eye, without involving serious technical skills. As we have mentioned before, security is the
weakest link in your system. For this reason, we should not overlook physical security.
To understand physical security, we first need to understand physical threats.
The are three types of physical threats:
External physical threats:
• Flooding, lightning, earthquake, wind, tornado, hurricane, ice, fire, chemical
Internal physical threats:
• Fire, environmental failure, liquid leakage, electrical interruption
Human physical threats:
• Theft, vandalism, sabotage, espionage, errors
To prevent these threats from becoming reality, physical security controls should be
implemented. Some examples of effective physical security controls include:
Exterior physical security controls:
• Fences, Barriers
Entrance physical security controls:
• Doors and Gates with Locks
Administrative physical security controls:
• Badges and Escorts
Property physical security controls:
• Monitoring/Detection Systems, Lighting
Environmental physical security controls:
• HVAC System, Power Protection, Water and Fire Protection
All of these controls require detailed and careful planning prior to setting up an office with
computing facilities. We will discuss physical controls in more detail later.
Tags: Administrative Physical Security Control, Environmental Physical Security Control,
Water Protection