Physical Security Controls 3.9 Part 2 Flashcards
Man Traps
There are different kinds of mantraps. If one door opens, the other door remains locked until the first door closes and locks. Opening one door locks the other doors. Sometimes you have to authenticated to open the door, authenticate through a guard, and then go through another door.
Faraday Cage
Blocks magnetic fields. It’s a mesh conductive material. This is the mesh you see inside a microwave preventing the electromagnetic fields from coming out. This is not a comprehensive solution, not all signals are blocked, and some signal types are not blocked at all. These can restrict access to mobile networks. You need to have a contingency if you need to make an emergency call from within a faraday cage.
Door Access Controls
Lock and key, physical bolt, electronic lock (pin code), token based (card swipe), or multi-factor (smart card and pin).
Biometrics
Fingerprint, iris scan, voiceprint. usually stores a mathematic representation of your biometric. Advantage is that these are difficult to change, you cant change your fingerprint, however, you can change you password.
Barricades / Bollards
These channel people through access points. They also prevent things like cars and trucks out, but still allow people. Can be used to the extreme, such as building an actual moat with water.
Tokens and Cards
Smart card, USB tokens, or even an authenticator. SMS messages can also be used.
HVAC
These have to be integrated with your fire system. Data center should be separate from the rest of your building because of temperature controls. Overheating is a huge issue so the temperature needs to be specifically managed along with specialized air controls. Remember hot isle’s and cold isles.
Fire Suppression
Electronics require unique responses to fire because you don’t want to use water. These are generally detected by a smoke/flame/heat detector. Modern data centers suppress fires with chemicals. We use Dupont FM-200. It protects electronics and suppresses fires.
Cable Locks
Good to temporary lock items to something. Good with laptops. The cables are easily cut, but this is a good temporary deterrent, similar to a bike lock.
Screen Filters
Be aware of your surroundings. These block eyes from being able to see what’s on your screen unless are are sitting right in front. Commonly known as privacy filters.
Video Surveillance
Closed Circuit Television (CCTV) can replace physical guards. You need to use the right cameras for the right situations/angles etc. Often you will have many of these that record to a centralized video surveillance device.
Logs
You can track where someone is by logging access via badges. You can then correlate physical location with digital access. They can only log into a console when they are physically in the room. You need to know the laws regarding these security method depending on the area you are residing in.
Key Management
Physical or digital keys. There needs to be a formal process to generate the keys that involves checks and balances. You need to have a policy to handle if a key is compromised or lost.