Physical Security Flashcards
Physical security
Measures to protect, tangible assets (buildings, equipment, people) from harm or unauthorized access
Physical Security Controls
- fencing and bollards
- brute force attacks
- surveillance systems
- access control vestibules
- access badges
Fencing and Bollards
Fences - barriers made of posts and wire or boards to enclose or separate areas
Bollards - short, sturdy vertical posts controlling or preventing vehicle access
Brute force attacks
- Forcible entry
- Tampering with security personnel
- Confronting security personnel
- Ramming a barrier with a vehicle
Surveillance Systems
- An organized strategy to observe and report activities
components:
- Video surveillance
- security guards
- lighting
- sensors
Access Control Vestibules
Double door system electronically controlled to allow only one door open at a time
- prevents piggybacking and tailgating
- usually integrated with electronic badges and operated by security guard at the entrance to a secure facility
Piggybacking
Involves two people working together - one person has legit access intentionally allowing another person who doesn’t have proper authorization to enter a secure area
Tailgaiting
Occurs when an unauthorized person closely follows someone through the access control vestibule who has legit access to the secure space without their knowledge or consent
Door Locks
- Padlocks
- Pin and tumbler locks
- Numeric locks
- Wireless locks
- Biometric locks
- Cipher locks
- Electronics access control systems
Access Badges
Use of Radio Frequency Identification (RFID) or Near Field Communication (NFC) or magnetic strips
Security guards
after at access control vestibules because they provide
- visual detterent
- assistance
- check identity
- response
Biometric challenges
False Acceptance Rates (FAR) - occurs when the system erroneously authenticates an unauthorized user; can be lowered by increasing scanner sensitivity
False Rejection Rate (FRR) - Denies access to an authorized user; adjusting sensitivity can increase FRR
Crossover Error Rate (CER) - A balance between FAR AND FRR for optimal authentication effectiveness
Cipher Locks
Mechanical locks with numbered push buttons, requiring a correct combination to open
- commonly used in high security area like sever rooms
- secure entry areas in office buildings, often using electronic access systems with badges and PINs for authentication
Access Badge Cloning
Copying the data from an RFID or NFC card badge onto another card or device
Step 1: Scanning - scan or read the targeted individual’s access badge
Step 2: Data Extraction - attacker extract the relevant authentication credentials from the card like unique id or set of encrypted data
Step 3: Writing to a new card or device - transfer the info to a new card or compatible device
Step 4: Attackers gain unauthorized access to buildings, computer systems, or make payments using a cloned NFC- enabled card
How to stop access badge cloning
- Implement advanced encryption in you card-based authentication system
- MFA
- Regularly update your security protocols
- Educate users
- implement the use of sheilded wallets or sleeves with your RFID access badges
- Monitor and audit your access logs