2.7 Explain the importance of physical security controls

Question 1

Explain BOLLARDS/BARRICADES

Answer 1

Barricades can be made out of various materials, including concrete and metal. They are usually constructed to delay a determined intruder long enough for security and other response personnel to neutralize any threats posed by the intruder. Bollards—concrete or metal posts—are examples of barricades that might be placed outside of a facility around drive-through areas, parking lots, and even sidewalks. Bollards impede vehicular traffic but do not deter foot traffic.

Question 2

Explain ACCESS CONTROL VESTIBULES

Answer 2

Mantraps guide and control individuals physically as they enter or exit a facility. A mantrap is a small room or compartment, with two doors that are individually locked, usually electronically. One individual at a time enters the mantrap, and the entry door is locked. Mantraps are normally used in highly secure facilities, such as data centers, where positive authentication of personnel is of critical importance.

Question 3

Explain ALARMS

Answer 3

Physical alarm systems and intrusion detection systems are a must in any physical security program. Alarm systems can be loud and obnoxious, such as fire or tornado alarms, but they can also be silent alarms that sound or activate only at a guard station. Silent alarms alert security personnel without alerting an intruder that he or she has been discovered, giving security personnel time to reach and subdue the intruder.

Question 4

Explain SIGNAGE

Answer 4

Signage—words on plates of metal, wood, or plastic—helps deter unwanted visitors. Signs can warn intruders away from restricted areas and instruct authorized personnel to follow the proper security and safety procedures. Signs can direct personnel during an evacuation to the correct exit points, warn personnel about potential safety hazards in the facility, or help them find proper safety or fire suppression equipment.

Question 5

Explain MOTION RECOGNITION CAMERAS

Answer 5

Recording systems should automatically kick in with motion recognition hardware detecting movement, thus capturing anything larger than a squirrel that enters a camera’s field of view.

Question 6

Explain OBJECT DETECTION CAMERAS

Answer 6

Speaking of squirrels . . . some security camera software employs object detection algorithms, meaning the software can provide an alert when detecting something out of the ordinary. The movement of a squirrel or bird wouldn’t trigger anything, for example, but an unauthorized drone would.

Question 7

Explain CLOSED-CIRCUIT TELEVISION(CCTV)

Answer 7

Closed-circuit television systems (CCTVs) can be placed throughout a facility. CCTVs use cameras to record surveillance video and transmit it to a central monitoring station, which enables guards to extend their view of the facility. CCTV systems detect and watch intruders in areas where guards can’t be all the time.

Question 8

Explain INDUSTRIAL CAMOUFLAGE

Answer 8

Hiding or obscuring CCTV cameras helps enhance the security of a network. This industrial camouflage potentially causes attackers to miss the fact that cameras are rolling, thus minimizing the attackers’ ability to avoid visual or auditory capture.

Question 9

Explain GUARDS

Answer 9

Security guards have specific training and skills to monitor and maintain facility security. Most facilities that have any type of physical security have guards, and despite all of the new advances in technologies that might one day eliminate them, human guards will likely be a cornerstone of facility security for years to come.

Question 10

Explain ROBOT SENTRIES

Answer 10

The increasingly sophisticated artificial intelligence features of computer systems combined with brilliantly engineered mechanical systems will usher in the use of robot sentries.

Question 11

Explain RECEPTION PERSONNEL

Answer 11

Guards in the reception area of a building manage people in real time. They can actively review people who step up to the entryway and, again, actively allow or deny access to the facility. They can and should log in and out every single visitor on a visitor log.

Question 12

Explain TWO-PERSON INTEGRITY/CONTROL

Answer 12

In a general sense, two-person integrity (TPI) simply means that you have two guards in the same space at all times, so one guard can’t mess up (inadvertently or on purpose) without the other guard catching the problem. Specifically, TPI refers to the nuclear weapons controls in the United States; again, so one person can’t make a catastrophic mistake. It’s a failsafe mechanism.

Question 13

Explain BIOMETRIC LOCKS

Answer 13

They also may be tied to other security measures, such as smart cards or badges—physical authentication devices—and biometric mechanisms—such as fingerprint readers.

Question 14

Explain ELECTRONIC LOCKS

Answer 14

Electronic locks are more sophisticated and may use various protection mechanisms. Usually, an electronic lock uses a PIN code and may be known as a cipher lock. Electronic locks usually have their mechanisms protected by metal containers or embedded into walls. They may be programmable, offering configurable options, such as the ability to program in separate PINs for different people, a lockout threshold for the number of incorrect PIN entries, a lockout delay, and so on.

Question 15

Explain PHYSICAL LOCKS

Answer 15

Some physical locks, called device locks, are used to lock down items that are easily stolen, such as laptops. Some mobile devices have a special slot to facilitate this type of lock. Most physical locks use ordinary keys and can be purchased from a hardware store. Combination locks, which require a numerical combination or PIN code to unlock them, and locks built into the door or other type of entrance (such as a gate, vault, or safe) are also popular hardware locks.

Question 16

Explain CABLE LOCKS

Answer 16

Second, get a cable lock, particularly if you place a laptop in a tempting location for thieves. All laptops come with a reinforced cable lock port.

Question 17

Explain USB DATA BLOCKER

Answer 17

USB data blockers, devices that you insert into a USB port that deny any data flow into the port, while still providing power for charging smartphones and such.

Question 18

Explain LIGHTING

Answer 18

Lighting is another critical aspect of perimeter security. During evening or dark hours, lighting can help ensure that trespassers, attackers, and thieves are deterred from venturing out into open areas when trying to approach a facility or harm its personnel. Lighting can be placed at various points along the perimeter fence, at least at distances that allow the outer edges of the areas of light projected from poles to overlap with each other (usually no more than about 20 or 25 feet apart for tall poles, or about 8 to 10 feet apart for shorter ones).

Question 19

Explain FENCING

Answer 19

Fencing—a straight-up physical barrier—deters unwanted and unauthorized visitors (Figure 10-1). Fencing is often used at facilities that require higher security than a simple lock on the door. Fencing can intimidate trespassers or attackers, particularly tall fencing with barbed wire strung across the top. Fencing can cost a lot, but it serves several purposes.

Question 20

Explain FIRE SUPPRESSION

Answer 20

To protect against fires, you first should know how to prevent them, then how to detect them, and finally how to suppress them when they do occur. Prevention is your best insurance policy against fire damage; make sure that the workspace is free of combustible materials and that all hazards that could cause a fire are minimized as much as possible. Prevention also means educating people on the different causes of fires and how they can help prevent them.

Question 21

Explain NOISE DETECTION SENSORS

Answer 21

Noise detection sensors pick up unusual sound levels and are used in very specific security settings, such as hospitals. The systems are calibrated or baselined for a typical night, for example, and then can detect when an unusual noise happens. Staff can be alerted and sent to investigate. Noise detection sensors used to be more common as part of regular intrusion detection systems, but now fill very specialized niches.

Question 22

Explain PROXIMITY DETECTION

Answer 22

A proximity reader device is used to help authenticate personnel entering or exiting a facility. The person places a smart card or other access device near the sensor so it can be read via RFID or another passive wireless technology.

Question 23

Explain MOISTURE DETECTION SENSORS

Answer 23

Humidity, the amount of moisture in the air, is also an issue in data centers, regardless of the season. If the weather or climate is dry, the air contains less moisture, and this can cause a lot of static electricity.

Question 24

Explain TEMPERATURE SENSORS

Answer 24

To that end, temperature controls are designed to keep room temperatures cool. In addition to breaking down and simply not operating properly, overheated equipment can also be permanently damaged and can occasionally start fires.

Question 25

Explain VISITOR LOGS

Answer 25

It keeps logs of who enters or exits a building to be used checked against for verification and integrity.

Question 26

Explain FARADAY CAGES

Answer 26

Better data centers offer Faraday cages for sensitive equipment, which are devices that prevent RFI or EMI from damaging contents stored. Faraday cages are named for the English scientist—Michael Faraday—who created the design way back in the 19th century.

Question 27

Explain AIR GAP

Answer 27

Air Gap Passive security methods also include network design, such as providing physical separation between secure and nonsecure networks, an air gap. A highly secure facility, for example, would have interconnected internal systems to enable people to get work done, but have an Internet-connected system in a reception area for visitors to use. That system would in no way connect with any of the secure systems.

Question 28

Explain SCREENED SUBNET( PREVIOUSLY KNOWN AS DEMILITARIZED ZONE)

Answer 28

To do this, create a screened subnet—also known as a demilitarized zone (DMZ)—a LAN, separate from the internal LANs that contain workstations and private servers. The DMZ connects to the Internet via a lightly firewalled router, and an internal network connects to the DMZ via a much more aggressively firewalled router.

Question 29

Explain PROTECTED CABLE DISTRIBUTION

Answer 29

Physical security also involves protecting equipment and systems, but it wouldn’t be very effective if the cables that connected the systems were damaged or cut. The systems wouldn’t be able to communicate, rendering them as ineffective as if someone had destroyed or damaged them.

Question 30

Explain VAULTS AND SAFES

Answer 30

A vault you’ve likely seen in every cops and robbers movie. A giant metal door with a super-complicated lock protects the contents of a thick-walled room. (That’s where we store our gold bullion, by the way.) More commonly, most organizations have a designated safe, a smaller version of a vault for storing valuables, such as secure passwords and important papers .

Question 31

Explain HOT AND COLD AISLES

Answer 31

The concept of hot and cold aisles relates to designing the layout of data centers intelligently and efficiently. In this type of setup, aisles of equipment racks are set up such that there are alternating hot and cold aisles, enabling cooler air to be blown into equipment as hotter air is pulled away from them. This involves not only arranging equipment in certain ways by aisle (usually with the different pieces of equipment in the different aisles facing each other) but also using ventilation and air ducts appropriately within these hot and cold aisles, both in the floors and ceiling.

Question 32

Explain SECURE DATA DESTRUCTION

BURNING SHREDDING
PULPING
PULVERIZING
DEGAUSSING
THIRD-PARTY SOLUTIONS

Answer 32

When it’s time to get rid of storage media, you should also destroy the data stored on that media. But how do you destroy media in such a way to ensure the data is gone? Let’s take a moment to talk about secure data destruction/media sanitization.