ClaudeBleed - The Hidden Risk In AI Browser Extensions and CISSP Domain 3

Show Notes

Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sending, data loss through Google Drive, or code theft from private repos.

We walk through the mechanics in plain language: the extension’s communication model is too trusting, relying on origin assumptions instead of validating true execution context. That opens the door to script injection and environment-level manipulation, where the most sophisticated part of the attack is making bad actions look normal from the inside. We also talk about the vendor response, why partial patches can still leave uncomfortable gaps, and why “trust but verify” matters when AI tools move faster than enterprise controls.

Then we pivot to CISSP Domain 3.9 design site and facility security controls, because reliability and security still live in wiring closets, server rooms, and restricted work areas. We cover practical facility security: locks and limited access, airflow and HVAC planning, avoiding storage-room chaos, why cameras must be monitored, how badge systems fail in real life, and how media and evidence storage ties into legal hold, forensics, encryption, and key management. We finish with environmental and resilience essentials including UPS vs generators, fire detection and suppression options, and power quality issues like sags, spikes, surges, and brownouts.

Subscribe for weekly CISSP-ready lessons, share this with a teammate who lives in Chrome, and leave a review so more security pros can find the show.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Chapters

• 0:00: Welcome And Weekly CISSP Focus
• 0:51: ClaudeBleed Hits The Browser
• 2:22: How Malicious Extensions Hijack Claude
• 4:06: Vendor Patch Gaps And Why It Matters
• 6:05: Practical AI Extension Security Takeaways
• 6:47: Training Plug And Cohort Invite
• 6:56: Wiring Closets And Physical Basics
• 10:05: Server Rooms Controls And Badge Pitfalls
• 13:52: Media Evidence Storage And Legal Holds
• 19:24: Restricted Areas SCIF Mindset
• 21:27: HVAC Generators And Environmental Risks
• 25:40: Fire Suppression And Power Quality
• 32:48: Final Wrap Reviews YouTube Free Questions

Transcript

Welcome And Weekly CISSP Focus

SPEAKER_00 0:00

Welcome to the CISP Cybertraining Podcast. We provide cyber training and tools you need to CISP exam first. Hi, my name is Sean Gerbert. I'm your host of the action active for the podcast. Join me each week as I provide the information you need. And grow your cyber checker in the light. Alright, let's get started.

ClaudeBleed Hits The Browser

How Malicious Extensions Hijack Claude

Vendor Patch Gaps And Why It Matters

Practical AI Extension Security Takeaways

Training Plug And Cohort Invite

Wiring Closets And Physical Basics

Server Rooms Controls And Badge Pitfalls

Media Evidence Storage And Legal Holds

Restricted Areas SCIF Mindset

HVAC Generators And Environmental Risks

Fire Suppression And Power Quality

Final Wrap Reviews YouTube Free Questions

SPEAKER_01 0:25

Good morning, everybody. It's Sean Gerber with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is Monday. And on Monday, what do we talk about? Yes, CISSP content related to the domains or other things that may come up that are also tied to the CISSP. This week we're going to be getting into domain 3.9, site display, site design. So we're pretty excited about that. And but before we do, I had a quick article I wanted to pass on to you all that I thought was extremely interesting. And I think it's going to be coming a bigger challenge as we all get going forward. And it deals with the extensions on your Chrome browser and it deals with Claude. So what we're going to talk about is your AI browser extension that gets hijacked. And this is from Claude Bleed. So today we're talking about a vulnerability that hits extremely close to home. It's literally inside the browser, and it's called Cloud, Cloud, Claude Bleed. And yes, it involves Claude's AI Chrome extension. And this is a good example of why AI security is not just about the model, it's about the whole attack surface. And I bring this up a lot on CISSP cyber training. You need to understand the whole picture. And as a security professional, understanding this new AI world we live in is extremely important. And here this comes up as well. So what actually happened? Anthropics Claude and Chrome extension has a bug that lets other malicious extensions hijack it. And researchers at Layer X security discovered the flaw and named it Claudeble. That sounds familiar, right? So the core issue is Claude Bleed's browser communications are too trusting. And the extension can inject scripts and manipulate what Claude does. So we see this can be a challenge in many different ways. And we've seen this in super and numerous different aspects around there. So how does this specific attack work? Well, Claude's extension uses the manifest setting called externally underscore connectable. So that's something you're going to want to understand is that externally connectable. And this defines which external sites or extensions it can talk to. So the problem is it trusts the origin, as we see Claude.ai, which we all know, rather than the actual execution context. So a bad extension. Even the one with zero special permissions can issue commands directly to Claude. No special permissions required. That's the scary part about it. We talk about this a lot, right? Having admin accounts that can do things they shouldn't be able to do. Well, the Chrome extensions are no different. And the more extensions you have that can operate in this space, it is very scary. And I actually bring that up. A friend of mine who owns an MSP was just asking me recently about uh Chrome extensions and what they should do to help protect those. So I just sent this link to him. I'm sure he's really happy about that. So, what an attacker can do, right? They send files from your Google Drive to an outsider, which we know from a DLP standpoint is a big deal. You can send emails on be your behalf without you even knowing it. Oh, that's not good. Uh that I need to tell my wife that would not be good. Steal code from your private GitHub repository and then summarize your emails and exfiltrate them to an external attacker. This is everything I wanted to do in the red team world, and it can do it for you automatically or automagically. And so it all comes down to adding these Chrome extensions. And I mean it. This ability for Claude or any of these open type AI type LLM aspects can do so much damage, but they can also be extremely helpful. You have to be extremely careful with the permissions that you allowed. So, what's Anthropic's response? Well, they released an update of extension 1.0.70 on May 6th with a partial partial patch. It didn't take care of everything. It switched the extension to privilege mode, which requires no explicit user permissions or notifications. So it's there. They've done some things to it, but they promised they remove the responsibility message handler entirely. And that didn't happen. So CSO reached out to them. They haven't responded to it at this point. I know they're going to update this patch because it's a big deal. Uh, but when it's going to happen, it's hard to say. So, why this matters to you guys, it breaks Chrome's extension security model. It's a zero permission extension, can inherit the full capabilities of a trusted AI. One expert said on there, he put it the most sophisticated part of this attack isn't the injection, it's the agent's perceived environment, right? This was manipulated to produce actions that looked legitimate from the inside. So, yes, we know that that's a problem that needs to be addressed. So that's a new threat class that we need to be building defenses for, right? AI agent manipulation at the environment level. So I just it's it's it's there, guys. It's all there, and you just need to be prepared for it. So, what are some takeaways you need to think about? If you're running Claude in Chrome, an enterprise environment, pay attention to this one. The AI browser agents are new and expanding attack surface, and a trust model hasn't caught up yet. I know some companies out there like Chrome, or not Chrome, there's uh Island IO, they've got some different aspects to kind of control uh different browsers and in the environment, especially dealing with Chrome, but you're gonna need to really consider how you want to do this within your organization. So, this is why I talk about all the time securing AI workflows from end to end, not just securing the model itself. So keep an eye on the next Claude extension release. Anthropic says a real fix is coming. But again, like we always say, you must trust but verify. Okay, so that's all I have for that. Let's move on to what we're gonna talk about today. Okay, so before we get into domain three of uh design site and facility security controls, want to put a quick shout out there for CISSP Cyber Training. Head on over to CISSP Cyber Training and get access to all my free content that's there, as well as access to all the content that's available to help you pass the CISSP exam. If I was starting up a cohort cohort this uh year, we're gonna be dealing with the cohort that is gonna be helping you get the CISSP done within two months. That's eight weeks. You can do it. We're gonna set you up for the fact that you begin with the cohort and you can start this process and you have the ability to be able to get the CISSP completed in a fat manner that is extremely meet your timelines in the next two months. So go check it out. CISSP Cyber Training, check out my cohort, check out all the other paid products and the free stuff as well. Okay, so domain three, 3.9, design site, and facility security controls. So we're gonna be getting to wiring closets, right? You're gonna, what is a wiring closet? Well, many of you probably are dealing with a lot of stuff that's online and in the cloud, and you're going, I don't really have much for wiring closets. It used to be the day you had a lot of stuff with wiring closets, but that has gone down substantially. So this is where, but you're if you're in a sitting in a business office in some sort, you're this is houses the most critical aspects of many businesses. It truly does. The days of data centers are gone and those are no longer around. However, the critical aspects of your business are operating within these closets or these specifically these small areas where there are computer systems. Now, I'll tell you something, a funny story. I had, I went to a facility one time. This is a manufacturing facility, and in that manufacturing facility, there was a computer that was extremely critical sitting inside the bathroom. Yeah, you heard it. It was up on top of a rack inside the bathroom over the head. I mean, it was just amazing. It was it was it was actually not good. And there was cables running everywhere, right? So that is probably not the most properly air-conditioned area. That's also probably just really disgusting. So that being said, you need to truly have some level of proper air conditioning and airflow in any of these places where you have. And what ends up being a challenge in the past, we would always say put this in a data center slash whatever. And they would have underground or I should say underfloor uh cables, they would have air conditioning, they'd have all those things that you need. But in today's world where we actually don't need as much of that, they just find a closet and throw it into. Well, that can be a problem, right? So air conditioning and airflow in a closet usually is not the best. Most times they don't put air handlers in closets. Why? Because they're dead space. And so therefore the airflow in there could be very poor. So you need to think about that. You shouldn't need to ensure that it remains locked with limited access. You do not need somebody walking around plugging stuff in, cutting lines. Yes, I've seen that. Had an individual who went to a knew that there was a locker, I should say a closet, and he went in there and didn't like his boss. So what'd he do? Well, he pulled out his sawzall and decided to go after all the lines in that little room. Yeah, that was not good, not good for him, and not good for the company. Caused us a lot of issues, a lot of heartache. Never use a general storage or a bathroom. Yep, remember? See, don't use that. That's not a good idea. Keep clear and free of debris, and also because it's in a closet, sometimes people will put their cleaning supplies in there. Those are very corrosive for the components that are in a computer. So, yes, don't do not do that. So don't store inflammable areas that are in that area as well. And then uh, if you have video surveillance, that is important. I've had many times when I went as a red team and we would break into facilities and they had cameras in these facilities, but they didn't turn them on. Yeah, that's really not good. It's kind of hard to have a camera when you don't actually utilize it. Yeah, it's a little bit of a placebo. So make sure you have video for sale surveillance if you have it available. Yes, and that's a big word that I don't know how to say very well. That's showing my age, I guess. Okay, so when we're dealing with server rooms and data centers, which are going the way of the Dodo Bird, um, the thing you still have them out there, raised floors and cable trays are important. Now, if you're not familiar with a cable tray, it's something that runs above the ceiling in many cases, and this is where the cables will sit in there nicely. It keeps very organization, it keeps your cables from falling everywhere, it it can become a trip hazard, all those aspects. Cable trays are important. Now, I had a senior executive go to me one time and said, What is the need for this extra expense for these cable trays? And I said to him, I said, Do you ever trip over your extension cord? He says, Well, yeah. So, how would you think about 10,000 extension cords wherever you go? Uh, he goes, point taken. I said, Okay, see, there you go. So these also need to have proper air conditioning, airflow, all of those actions we talked about. Avoid the ground floor when possible. Now, I understand that that isn't always easy. I had one in a basement. Yes, it was in a basement of a facility, which isn't bad. However, when the basement flooded, yeah, that was a problem, right? Everything went down and they lost their entire company and they had to move everything around. So it was not good. Uh, uninterruptible power supplies, UPSs, those are very good. These are designed, as if you're listening to any of them in my podcast, they are designed to help you shut down gracefully. That is the old purpose of a UPS. It is not designed for you to stay up and running for a long period of time. Now, it can keep it going up for hours in many cases, so they work really well when you have power fluctuations. However, the main purpose of a UPS is to help you shut down gracefully. These systems do not like just going blink and shutting off. That is usually bad on computer systems, especially when you deal with powers that is maybe going blink on, blink off, blink on, blink off. Yeah, that doesn't like that. It did things break a lot when stuff like that happens. So anytime a UPS can be extremely helpful in that space. Same aspects for wiring closets as well, for that you you want to make sure that they are well conditioned, you have UPSs, all of those things are set up specifically for your data centers and your server rooms. Now, when you're dealing with server rooms, some of the different security mechanisms you want in place. Smart cards, right? ID badge containing information about your access. I call them the beep beeps. You basically have a card and you beep beep it. And those work wonderful to help reduce some level of access. However, that being said, the beep beep has to work. And I went to plenty of places when I was a red teamer and I would use the beep beep and it would beep, but it wouldn't lock. And so once that happens, you were in. Now, however, once we knew that, then what we would do is we'd still beep and badge our way in, acting like it's just doing what it's supposed to do. Because we want people to pay attention to go, hey, he beeped. Oh, beeping is good. He has access. Wonderful. Also, it works works really well is when you go the beep beep and you hit it and it doesn't work and you don't have access. Oh my gosh, I don't, I don't have access. This is not good. So you do that when somebody's walking up and saying, Oh, Bill, man, I'm sorry, man. I can't get in because of my beep beep. What are you gonna do? Well, Bill says, Oh, okay, I'll let you in, no problem. Thanks, Bill. I'll get it taken care of right away. Yeah, right. So proximity readers, passive control, physical access. Again, these are ones that can come in. They're a passive setup, and they see you coming in. You have something on you that is saying, yes, you are allowed to come in and it then lets you come in, right? So these are different areas that it have. The proximity readers, you see these a lot on DVDs. I go to Lowe's too much, and they have little prox readers in there, a little bar that sits there and connected to tools that are easily thefted or lifted. And thefted, that's not really a good word. Uh, but the but tools that are taken, these little things work wonders and they will go off at any point in time. Now, media storage facilities. This is where you want to store digital media. Now, in the days of old, we had many types of backups. And I hear, I haven't confirmed this, but I hear they're going back to these types of backups because of some of the situations that people have run into and businesses have. But if you're dealing with any sort of digital media that you're storing, it is put on legal hold. If you have that, it's stored in these places. There are backups that are stored here. It's also a central repository where you keep all of this. Now, this can be done in a building. You may have a facility in your house, not in your house, in your office space that has is specifically locked for these types of activities. Um, we've we've had it. Now, you had a sign-in log anytime you went in, you signed in, you had cameras on the door, so you could verify if somebody went in there, who they were. All of those pieces are a key factor in your media storage facilities. Now, some key takeaways around this locked room or storage containers, these are good. Custodian who manages the data is extremely important. Think of it as you are going to the police department and you have to check in evidence and check out evidence. Not that many of us do that. There's probably some of you out there that do that, but not many do that. But you look at a show that you've seen on TV and they have the data, you put it in, you check it in, you check it out, kind of thing. Well, this check-in-check-out process is extremely important for media storage facilities. There needs to be a sanitization process also for any sort of reusable media as well. If you have some media that you're going to use, I you wouldn't typically, because remute reusable media is so inexpensive, I would recommend that you don't reuse it. I would say from a sanitization style standpoint, I would say if you had something that was in a media storage facility that was important, you probably just want to just shred it when it's done. I wouldn't even think about sanitizing it, personal opinion. Uh because it's so inexpensive. Now, if these drives cost you$10,000 or$15,000, that might be a different conversation. But when it comes to these things are$100, if you're a business and you can't lose$100 on a media, then you probably aren't in the right business. So you want to kind of think about that. So when you're coming to media storage facilities, do you want to deal with reusable media? So another thing about evidence storage, these are becoming more and more prevalent, specifically around legal litigation. Uh, this is happening a lot with employees and vendors. This is the part where I think people forget. And this is as a security professional, if you're studying for the CISSP or the CISM, and you're gonna hear I'm gonna be doing a little bit more information around CISM as well. But if you're studying for some of these security leader type roles, legal litigation is a key factor. And vendors, your third-party suppliers are your gateway. They're actually some of your risk. So keeping this data on your vendors is extremely important. I knock, knock, important part of the test. You may not see it on the CISSP, you might see it on the CISM, but when it comes right down to it is you need to keep your vendors' information for periods of time. I mean it. Just do it. Even if you don't see it on the test, do it. Forensics data storage, you got criminal and civil legal actions as well. You need to make sure that you have any sort of forensics data that you're keeping, all of that back because you don't know if there's any going to be any civil or criminal actions that come out of it. So dedicated storage is an important part, and it needs to be a segregated network if you have a network connectivity. Now, in many cases, the data that sit in these storage locations are not connected to the network, and I would recommend that you do not connect them to the network. Uh, the if there should be a process by which you're pulling this information out of this room to put it on the network. Uh, and if you do have network data that is specifically for legal type stuff, it does need to be completely segregated from your overall enterprise network, and there needs to be controls in place to limit the amount of people coming into the organization. Monitor all activity entering any sort of storage location. Like we talked about, any electronic or physical monitoring should be dumb and then encrypting data stored within that location. Obviously, this goes without saying that if you have data within that location, it should be encrypted. It should not just be sitting in a drive that is just hanging out there. Um I've had that happen with numerous times where we encrypted the data, but I made sure that I created a log of where the keys are stored. That's another key part. You encrypt the data, but as a CISO, I was the organ in the organization for eight years. Well, guess what? I knew a lot of information about that company. Now, I leave and I left the company and I've been gone for two and a half years. Well, I had stuff that was encrypted, and if I would have kept the encryption keys, they wouldn't be able to get access to it. If I didn't tell somebody where they're at and how they're stored and how they're done and had documentation on that, they wouldn't be able to get into that. Now, will they get into it? Maybe not. They may never ever deal with it. However, the time that you think, and as a CISO, you're gonna know this, at the time that you need that information, it's not gonna be available to you. So it's extremely important that you have a good plan around that. You need to restrict access again, security and legal counsel only. I would highly recommend that you have that well defined. And and even senior leaders, I've had senior leaders come in with a lot of bravado going, hey, I am the boss of this place. I'm the senior leader. I want in. Uh, nope, sorry. Do you have do you have a need? You don't have a need? Need to know? No, no. Have a nice day. Um, it's also wonderful to do that, but it doesn't happen very often. Because when I do when I do that, someone comes down with a bigger hammer and smacks me over the head. So again, use that very sparingly. So restricted and area, work area security. So when you're dealing with restricted and work areas, I've had to deal with this when you're co in with your R and D environments. Also, my manufacturing. We worked in an area that was compromised of it, it was in a foreign country where lots of people were trying to spy on our information. So I had to figure out how to keep that data secure. You need to have a restricted and work area security in place for that specifically. So you need to limit all the access to that area. This and utilize physical security mechanisms to do so. Could be man traps, could be people using little boop boop boop little things, I don't know, little wand thing about bobbers. Uh use those. You have a limited, you have a policy on what kind of electronics are allowed in. Um, you can have walls. Obviously, instead of having cubicles, cubicles can avoid the overpeople inadvertently listening. I had a room that was specifically set aside with cubicles, but that room was set up with cameras and with the badge access in and out. So those are all very key parts, as well as there was no electronics allowed in or out of the organization, of that cubicle specifically. Military and law enforcement, they have high restrictions around this. You're dealing with the SCIF as an example. This is your specialized compartmental information facility. I think that's what they call it, if I remember right. And your SCIF is where you have all the top secret, super secret stuff, right? And even in the SCIF, it is compartmentalized so that you don't know everything. There are very few people that have very good have the level of access where they have know everything. And also to keep in mind, if you have you have the ability to know everything, doesn't mean you should know everything. Uh as an example, when we go into facilities such as a SCIF or even in my RD environment, uh the senior leaders understood the chemical aspects of it. However, they didn't have physical access or network access to the chemical aspects of our product. So there's again the 11 herbs and spices of the Kentucky Fried Chicken needs to be segregated from most people. It needs to be only a very small subset of people that have access to it. So utilities and heating, ventilation, and air conditioning. Yeah, we kind of touched on this just a little bit, but your environmental controls need to be addressed at all times. HVAC will enable or restrict your usage. Once the AC goes down, things start to get hot and they start shutting down. So power is your ultimate consideration. If your HVAC, I had it on a network that was specifically defined for my HVAC. It was basically an IoT network. I could monitor the access to it. You also have third parties that will monitor your HVAC. Make sure they're on a third network, an IoT type network that they have the access to. Now there's power considerations. We talked about battery backup with UPSs, there's control shutdowns, power spike surgers, we kind of got into that a little bit. Generators, this is a big one that people don't think about. So generators provide long-term power requirements. If you have a long-term power requirement, so let's just say, for instance, you are in a facility, and in this facility you have a need that must have electricity all the time. You've got to have it all the time. So if that's the case, so then what do you do? Well, you put in a generator. This generator will then help in the event that if your power goes down for any significant amount of time, the generator will come online. Now you'll make sure though, a generator is only as good as the gas you have in it. If you don't have gas in your generator, it doesn't work. So you need to make sure that you have gas available in a close proximity to your generator system so that in the event that it does go down, it is readily available. You need to have a plan also on ensuring that you do routine runs of your generator and then routine swap overs. Just like a disaster recovery plan, you need to swap over your power at times. This is usually done typically on the weekends, um, and there's usually a test for you to do that. And I would work with your gener with your people that help design the system to come up with a really good plan around that. But the ultimate goal is you need to plan for the disaster. It's not a matter of if, it's a matter of when. There will be a disaster of some kind. Especially if you watch any of these TV dramas on TV, it's always happening all the time. So if you go to any of these places that are these, we watch a hospital drama. My wife and I, it's old, it's been around for a while. We we laugh because every time a new episode comes on, there's something going on from hackers to you name it. Like these poor people, they just they live in a life of full stress. It's just funny. Environmental issues, again, noise and temperatures, humidity, and static. These are all things that need to be considered. These systems create a lot of noise. And because I'm former military and listen to jet engines and computer systems in many ways, I'm deaf as a post in many cases. So I can't hear, especially in a certain frequency range. Well, these things create a lot of noise in these frequency ranges. You need to make sure that you have some level of protection or noise suppression for your people. Now, again, you you need to make it available. If they don't choose to use it, that is up to them. But you need to make sure, and this comes back to the governance aspects, you need to make sure people are aware of what they need to do and that you provide them the tools they need to best protect themselves. Temperatures can be significant. 90 degrees Fahrenheit is common, especially in a data center of some kind, so you need to plan for that. It's also when you put the HVAC on, it gets so cold that it is extremely painful for you to even be in there. It hurts. Humidity will cause corrosion. Again, high humidity areas, locations, uh especially on the coast, will cause a lot of challenges as well. So some level of um humidifier or anything like that will be important in your overall HVAC system. Static discharge is extremely important. I have seen this firsthand working on airplanes. Uh, you need to make sure these airplanes are grounded. Same thing with your computers because static electricity will be generated in certain cases. And so it I've seen it actually zap a dude on the flight line and it like shot him across the tarmac. I mean, it was bad. So, again, I you won't typically get that in a computer system, but you just never know, right? That would be bad. That'd be really bad. Fire prevention, detection, and suppression. So the differences must not just be brushed over. This comes out a lot. I get a lot of students that get have questions around this, and this comes down to the different types of fire extinguishers will do this. You focus on fire, heat, and oxygen. So water will suppress the temperature, it gets the temperature down. Dry powders suppress the fuel supply. What basically, if you're dealing with some sort of paper or something like that, is that's actually burning. And then CO2 will suppress the oxygen, which causes the flame to exist. Fire extinguishers. There are various types, A through D. A is your common combustibles. That is your stuff like leaves, uh, paper, anything that is normal things that would be burning. That is the common combustible under A. Liquids, gasoline, oils, those types of aspects are your liquids. Electrical fires, kind of goes without saying. That's the whole electrical piece of this. It's the the insulation that's wrapped around it. All of those pieces start on fire. And then D, metal. This is the things that are such as your lithium, sodium, potassium, titanium, those things will burn. So they take different types of uh suppression systems for those. My Kona ice truck has lithium batteries in it. What ends up happening? If those things start burning, what do you do? There's a specific fire department with a specific fire equipment that will take that out. And that is your class D for those specifically. Now, fire detection. This is fixed. It's been in many cases, fire detection is based on fixed temperatures, rate of rise, flame actuated, or smoke actuated. So, in the case of your different types of water suppression systems that are there, which we'll get into in just a minute, as let's just say, for example, you'll see these little tubes that are sitting down in a building. And then there's like a little plastic filament of some kind. This filament is designed specifically around if there is a flame. If it gets hot enough that this little plastic, and I'm I'm doing it injustice, it could be wax, I'm not real sure, but it's a little filament piece that will melt. And when that thing melts, what will actually happen is then the water will then there's the water is under pressure in the tube, it will then release and is designed to basically deluge the area. Okay, so there's flame actuated and there's also smoke actuated. Where you have a fire detector that will go off because it has smoke, it will pick that up as well. Now you got water suppression systems. Let's go. We have two, we have many different types, but there's four main types that we're going to get into. One is the wet pipe. This is your closed system, right? I just talked about it. Water's under pressure, sitting in the pipe, it's closed. You also have a dry pipe where there's compressed air that is in there as well. And that compressed air will keep there, there's no water in the pipe so that you don't have to worry about it bursting. So they have different checks and balances along that. Then you have the deluge system, you have the pre-action system, which is also a combination of wet and dry. So lots of different water suppression systems that are out there. It just depends on which one you may want to put within your organization or your location based on the needs you have. Now, gas jars just systems, these are much more effective than water. And the reason being in many cases is because they are the ability for you to save the equipment. Moment you start throwing water on electronics, just throw the stuff away. You don't need it, you can't use it anymore. There's no way you're gonna get the water out of all of it to actually be able to use it. So gas works wonderful in this regard. The downside is yeah, people like oxygen, and gas tends to really kind of deprive the area of oxygen, which in turn makes it bad for people. Yeah, so so therefore, you you want to consider when you're gonna use gas. So just kind of consider that. Halon as an example will starve oxygen out within your company or within that area, and so it's important for you to kind of have a plan around that. Power, redundant, and backup power. So power is not always consistent and clean. We kind of talked about that briefly. Again, most electronic power demands a clean source. So we have surge protectors, we have power conditioners. Now, a surge protector, this offers only protection against power surges. And you'll see these out there. You can buy them at Walmart for whatever, like dirt cheap in many cases. That in many cases, though, they're not a true surge protector. If you're gonna get a surge protector that is dealing with the typical power that's coming up, you're gonna have to spend some money on it. You really will. These things that are out there, they're more, all they are is just a power strip. That's the extent of it. They say they're a power surge protector, but in most cases they will not meet the needs to save your equipment. Power conditioners, these are high-end protectors with the ability to filter out line noise, and the line noise makes it so the power is not effective and efficient. So you also put in an uninterrupted power supply or UPS. This is a self-charging battery which provides backup power. Now there's two types. You have a double conversion UPS and you have a line interactive UPS. The double conversion is the battery is in line and then being charged. The line interactive UPS is where the battery is not in line and is charged separately. So it just depends on how you have the system in place. A UPS should be used even if a generator exists. Again, like I said, between the time that the power goes down and the generator kicks on, there is a time and there's a spike that can occur. Unless a generator is running all the time, you should have a UPS that is set up to help you go through this power in a graceful manner. UPS is to only provide enough power for a controlled shutdown, which I mentioned before. You it's all about maintaining it has a graceful shutdown period. So some key power issue, key terms that you need to be aware. So, what are some power issues that are out there that you can deal with? One is fault, momentary loss of power. It's a quick fault and it just kind of blip, it's a little blip. Blackout is a complete loss of power, gone. Okay, don't have any power whatsoever. Sag is you have low voltage. So it went from 115, 120 volts down to 110 voltage. That would be considered a sag. A brownout is where you have prolonged low voltage. So you've heard about pro brownouts in the west coast United States a lot, especially within Los Angeles, especially when there's a lot of usage on the system. Middle of summer, they can get brownouts pretty quickly. Spike is a momentary high voltage, goes from 120 to maybe 130, right? It goes up, just real quick pop. Um, that causes a lot of problems, right? Then your prolonged high voltage is your surge. So I talked about the power strips. Many of them will be like a spike. They they will help pick up a spike that goes, but in most cases, they are if you're dealing with a surge where it's a long voltage, they will not be able to deal with that. In rush, this is where you have initial rush of power when connecting to a power source, and then ground. This is alternate pathway for electricity to flow to the earth. And you need to have grounds in everything you do. It's an important part. I have a house, uh, a little tiny little cabin that we use as a verbo down in a little on a lake, and it has no grounds. It is old and it's very interesting to wire it. Yeah, when you put wire in it, it's it probably just needs completely all new wiring, which will probably happen someday. I don't know. But anyway, grounds are an important part of any sort of electrical plan. Okay, that's all I have for you today. I hope you guys got a lot out of this. It's an amazing process. Uh the CISSP is amazing. There's lots of great things for you to be able to do with the CISSP, so you need to consider getting it. If you're having listening to this podcast, obviously you are considering it. Check out my CISSP cyber training. Go check out my uh boot camp that's available through our cohort that's gonna be kicking off in July. I mean it's gonna be awesome. You will enjoy it. It's gonna help you get the CISSP within eight weeks. All right, thank you. Have a great day, and we'll catch you on the flip side.

SPEAKER_00 33:21

See ya.

SPEAKER_01 33:22

Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube and just head to my channel at CISSP Cyber Training, and you will find a plethora or a conocopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.