Subdomain 2.7

Explain the importance of physical security controls.

Terms: 50

Bollards/Barricades

Short vertical posts placed in front of entrances.
Allow people, prevent cars and trucks.

Access Control Vestibules

A small entrance hall or passage using a mantrap.
One at a time, controls groups of managed control through an area.

Badges

A sign or mark to show that a person belongs to a certain group.
Can contain an RFID chip and act as a keycard to access restricted areas or entrances.

Alarms

Could be circuit based, motion detection, or duress types usually posted on the perimeter.

Signage

Clear and specific instructions to keep people away from restricted areas - consideration for visitors.
Consideration for personal safety - used to mark exits, warning signs for chemicals and construction, and medical resources (first aid).
Can be informational - in case of emergency, call this number.

Cameras

A type of surveillance device that can be used to monitor and record activities in a particular area.

Motion Recognition

Determining an object’s positioning in relation to its surroundings. • Useful in areas not often in use.

Object Detection

Thermal infrared used to show objects that are hot/living.

Closed-Circuit Television (CCTV)

Can replace physical guards at times.
Camera features are important (motion recognition, object detection).
Often many different cameras working in unison.

Industrial Camouflage

Methods of disguising the nature and purpose of buildings or parts of buildings.
No business signs or visual cues, planters out front are bollards, etc.

Personnel

Can be effective and prevent tailgating, check individual’s identification against a preapproved access list.

Guards

Physical protection at the reception area of a building.
Validates ID of existing employees and provides guest access.
Maintains a visitors log.

Robot Sentries

Used for monitoring.
Can perform rounds/periodic checks.
A relatively new technology

Reception

Area where clients, vendors can check in.
Receptionist/guards available to ID.
Make sure people have a legitimate reason for being on premises.

Two-person Integrity/Control

Minimize exposure to an attack.
No single person has access to a physical asset (opening a safe, accessing sensitive information).

Locks

Hardware security control that is used to restrict access to a particular area or asset.

Biometrics

Fingerprint, iris, voiceprint scan.

Electronic

Use smart cards and/or PIN codes to control access

Physical

Physical locks that are used to secure laptops and other devices to a fixed object.

Cable Locks

Temp security - connect hardware to something solid.
Cable can work almost everywhere, and devices routinely have a connector for this.
Not designed for long term protection since the cables tend to be fairly thin.

USB Data Blocker

Allows voltage, restricts data.
Don’t connect to unknown USB interfaces to prevent “juice jacking”.

Lighting

More light, more/better security; attackers avoid light, and it is easier to see when lit.
Consider overall light levels, avoid shadows and glare to cameras used for surveillance.

Fencing

The first line of defense.
Build a perimeter and prevent climbing (can add razor wire).
Transparent or opaque (see through the fence, or not).

Fire Suppression

May be used by hand, or may be a system designed to detect and extinguish fires automatically.
Can include sprinklers, fire alarms, and smoke detectors.
Halon is no longer (destroys the ozone) - commonly replaced by Dupont FM-200.

Sensors

Used to detect movement or changes in the environment. Can include motion detectors, temperature sensors, and humidity sensors. Can be used to trigger alarms or other security measures when they detect suspicious activity.

Motion Detection

Identify movement in an area.
Commonly used in security systems to detect intruders.

Noise Detection

Recognize an increase in sound.
Commonly used in security systems to detect broken glass or other loud sounds.

Proximity Reader

Commonly used with electronic door locks, combined with an access card.
Sensor can read RFID tags or other types of ID cards and can grant access to a secure area when the card is presented.
Commonly used in access control systems.

Moisture Detection

Useful to detect water leaks.
Commonly used in areas where water damage is a concern, such as basements, bathrooms, etc.

Cards

Used as a form of physical tokens to grant access to a particular area - can be equipped with a magnetic stripe or RFID tag.
Card reader detects presence of card and unlocks the door for authorized personnel.

Temperature

Monitor changes over time.
Commonly used in areas where temperature control is important (server rooms, labs, museums).

Drones

Can be used to patrol large areas and provide real-time surveillance footage.
Can be used when making damage assessments and site surveys.
Can be equipped with onboard sensors such as motion detection or thermal detection.

Visitor Logs

Used to keep track of visitors who enter and exit a facility.
Can be used to identify who was present in the facility at a given time and can be helpful with investigations.

Faraday Cages

Shielded enclosure made of conductive materials or mesh that blocks electromagnetic fields (EMFs) (think a window on a microwave) and radio frequency signals.
Used to protect devices from electromagnetic interference (EMI), solar flares, Carrington events, and other types of radiation.
Not a comprehensive solution - not all signals can be blocked, and some signal types are not blocked at all.
Can restrict access to mobile phones - some specific contingencies would need to be in place for situations like emergency calls.

Air Gap

Physical separation between two or more networks.
Used to prevent unauthorized access to sensitive data by isolating it from other networks.
For example, if you want to avoid anybody on the internet from gaining access to a server, then you would physically separate that server from the internet.

Screened Subnet (Previously Known as Demilitarized Zone (DMZ))

Additional layer of security between the internet and you.
Public access to public resources.
Logical screening of routers as a firewall to separate subnets: an external router that separates the external network from a perimeter network, and an internal router that separates the perimeter network from the internal network.

Protected Cable Distribution

Schemes may include the use of locks, secure conduits, tamper-evident seals, or pressure sensors to detect and prevent abnormalities or threats.
Prevent cable and fire taps.
Prevent cable and fiber cuts (Dos).

Secure Areas

Physical space that is designed to store high-value assets as securely as possible through the use of physical security methods.

Air Gap

Physical separation between networks; secure network and insecure network, separate customer infrastructures.
Specialized networks require air gaps: stock market networks, power systems/SCADA, airplanes, nuclear power plant operations.

Vault

Secure reinforced room, usually onsite, that can store backup media, protect assets from disaster or theft, etc.

Safe

Similar to a vault but in a smaller form factor.
Less expensive to implement then a vault.

Hot Aisle

Is the space between two rows of server racks where the equipment exhausts hot air into the aisle.
The hot air is then directed back into the cooling units where it is cooled and recirculated back into the cold aisle.

Cold Aisle

The space between two rows of server racks where cool air is supplied to the equipment.
The cool air is then drawn through the equipment and exhausted into the hot aisle.

Secure Data Destruction

Disposal can become a legal issue. You don’t want critical information in the trash. Reuse, shred, burn, obtain third-party solutions, and more to make sure that data is securely disposed of.

Burning

Destroy data through heat and fire.
Less environmentally friendly.

Shredding

Involves cutting the device into small pieces

Pulping

Method involves removing the ink from paper by breaking down its fibers and recycling it (large tank washing).
Not a common method for destroying digital data.

Pulverizing

Involves grinding into smaller pieces which make it unrecoverable.
Drill/hammer.

Degaussing

Method involves using a strong electromagnetic field to erase the data on a storage device.
Typically used for magnetic media such as hard drives and tapes.

Third-Party Solutions

Can be used for all manner of methods for secure data destruction (how many degaussers do you have?)
These solutions are often more efficient and effective than in-house solutions.

Demonstrate Your Understanding

Click or tap on ‘Choose a Study Mode’ to switch between flash cards, match, learn, test and more.