Physical Security – CompTIA A+ 220-1102 – 2.1

There are many ways to keep attackers from physically accessing your company assets. In this video, you’ll learn about access control vestibules, badge readers, video surveillance, alarm systems, and more.

If you’ve ever had to enter a data center, you probably found yourself in the middle of an access control vestibule. This is usually a small room that allows an organization to control access through a particular area. This gives them a chance to check to see who may be coming into the data center, perhaps check your credentials, allow you access, and then bring in the next group of people to perform the same process.

They’re usually two or more doors in this small room, one that allows you access into the room, and then the door of course, that allows you access to the data center. In some implementations, all of the doors in the access control vestibule are unlocked. And the first person that opens the door will cause all of the other doors to automatically lock. That means the person walking into the room can be the only one walking into the room at that time.

Or this may be a very secure environment and you have to badge in to unlock a door. In this scenario as soon as you unlock this door, all of the other doors remain locked and cannot be unlocked until this door is back in a locked position. Or it may be that opening the door is the process that prevents any of the other doors from being unlocked. In any of these cases, the person going into the room would then have to close the door, go through the normal processing to see if they have access to continue through to the data center, and then open the door to the data center to then have access.

While that’s happening, only one person is able to move through the room at any particular time, allowing the organization to control exactly who moves in and out of that facility. Here’s another common access control vestibule. You would provide a personal identification number, or a badge, or a fingerprint to unlock the door. Once inside you can talk to the guard, provide your credentials, make sure that you’re allowed to go into the data center.

And at that point he can open the door and allow you access through the room. This is a common way to provide access control to a highly secure environment. But it’s also a way to make sure that someone doesn’t find their way into the room without first going through the proper authentication. If you work in an office building, you probably gain access into that building using a badge reader. This can be a magnetic badge reader that you see here. You would scan it through a reader that’s on the wall, or it might be a proximity reader that allows you to use a badge that has an RFID or NFC tag inside of it.

Although it’s common to use these badge readers for access to a particular room or area of a building, you can also use this for time clocks or to mark that a security guard has patrolled at a particular time. Here’s what’s inside one of those proximity cards. You can see there’s an antenna around the outside that receives the signal and is able to send the signal back to the proximity reader. And the very middle is the RFID chip that sends that signal that identifies that this is your card that allows you access through the store.

Another common security feature is a video surveillance system. Sometimes you’ll hear this referred to as a CCTV, or closed circuit television. This allows you to get a lot of views of what may be going on in a particular area, and have all of that shown on a single screen. Many of these cameras have additional capabilities inside of them than just capturing video. Some of them can find a license plate and immediately do an optical character recognition to know what numbers and letters are on that license plate.

Or they may be able to identify that a person is walking by rather than an animal because they’re able to identify what a person’s face looks like. Most organizations will put many different cameras in their facility and have all of those cameras brought back to a central monitoring facility. This might be recording information all the time, 24 hours a day and 7 days a week. Or it may only record information when motion is detected by the camera.

This allows someone to sit-in a single room and monitor all of the different video feeds that may be coming from all of the cameras in their facility. It’s also common to have alarm systems that may be protecting against any changes to your environment. For example, you might have a monitor that’s on a door or window. And when that door window is opened, the circuit is broken and it sends a signal back to the monitoring system that someone has moved or changed that window or door.

You can also combine this with motion detection. So we can wait for someone to walk through a particular area before sending an alarm that there may be motion. Or the alarm might be triggered by duress there would be a person that would need to push a red button to be able to signify that there is an event occurring that needs additional security. All of us are familiar with door locks, but there are many different ways to lock a door.

If you have a door lock at home it’s probably a conventional door lock that has a lock with a key that you would insert to be able to lock and unlock that door. Or you may have a deadbolt that slides a piece of metal between the door and the door frame to prevent anyone from opening that door. These could also be electronic locks. So you might put in a personal identification number to unlock the door or it might be keyless where you might use a badge to be able to gain access.

These are the types of door locks you would commonly see in very large environments or where you have a lot of people going through a particular door because it’s a very fast way to unlock a door, and allows many people to gain access to an area in a very short period of time. This can also be combined with biometrics to ensure that you’re the one who’s carrying the card or using the personal identification number. So you would use your fingerprint, a handprint, or a retina scan to gain access through that door.

It’s not unusual to see many of these different types of access controls used simultaneously. So you might first have to add a fingerprint, put in a personal identification number, and then use a badge to finally open the door. In our data centers, we might have locks on our racks so that we can protect the equipment that we’ve installed inside. Sometimes these racks are self-contained so when you lock the door no one has access to anything that’s on the inside.

Or you might have to put racks together side by side, and sometimes there are protections that prevent somebody from going through one rack to gain access to the other rack. Once you close the door, of course, you need to be sure that you have plenty of ventilation and that all of the equipment inside of the rack is being properly cooled. Here’s a very typical data center view. You can see there are 19 inch racks all lined up side by side.

Each one of the racks has a door on the front. And although you can see in and see what is on the inside, you also notice that there are locks on every single one of these doors. So if you need to gain access to the equipment that’s on the inside, you’ll need the key to be able to unlock this rack to finally open the door and gain access.

In some of these environments, we have an individual who’s providing security in the form of a security guard. They may be posted in a reception area and they can ensure that everyone’s providing the right identification and gains the proper access to the facility. They might also be ensuring that the people walking through with their existing employee badges are using a valid badge and the badge matches the person who’s walking in.

If you’re walking into a building you’re probably have to provide the guard with some type of identification, they’ll check their access list, and then provide you with a guest badge to wear while you’re inside the building. This means that everyone inside the building has this badge around their neck that shows exactly who they are and where they should be inside of the building. This is also a quick way for someone to determine if you’re an employee of the company or if you’re there as a guest.

The security guard is responsible for looking through the access list and making sure that you do have rights and permissions to be here at that particular time. Some organizations require you to be registered with their organization well before you arrive at the building. This allows the company to confirm that you’re allowed into the building, they can add you to the access list, and the security guard can confirm that you’re allowed in once you arrive at the building.

There’s usually an access list that documents everyone who’s allowed access to the building, and usually it’s the security guard who handles the maintenance of that access list. If you look outside your office building, you might see brightly colored bars or concrete posts. These are barricades or bollards and they may prevent all access to a particular area, or allow certain types of access to an area.

For example, you might have barricades like this one that allows people to walk through but prevents any type of vehicle from going through that particular area. This could also be used as a safety measure because anyone behind the bollard would be protected from any type of moving vehicle. There are many different ways to implement these barriers. If you visit some retailers or buildings in the United States, you might see very large planters.

In reality, those planters are concrete and go into the ground to prevent anyone from driving through that planter. And I have visited some data centers that are literally surrounded by water, which is effectively creating a moat that has one way in and one way out. This greatly limits who’s able to gain access to the data center and ensures that everyone has to check in at the guardhouse before they gain access to the rest of the facility.

And whether you’re at home or at work, a very common physical control is a fence. This is a type of control that is very obvious everybody can see that a fence is in place, which may or may not be the type of security you’re looking for. However, there’s lots of different options for fences. You can get them in different heights, and you can use different materials, some that you might be able to see through like this fence. Or it may be opaque where you have no idea what’s on the other side of the fence.

These are usually very well built and it’s very difficult to find a way through the fence without using some type of heavy machinery to be able to gain access. If it’s a fence like this, you may find that someone’s able to climb over the fence. Which is why you’ll find in very secure environments there may be razor wire at the top and the fence may be much higher than the one you see here.