Physical Security for Staff – CompTIA A+ 220-1102 – 2.1

Many organizations will provide their users with important security devices. In this video, you’ll learn about key fobs, smart cards, biometrics, magnetometers, and mobile device managers.

It can sometimes be challenging to keep up with an access card that would get you through a door. So a lot of organizations will get key fobs like this one that can fit on a key chain. They’re very small, but you can still use them as an RFID device that allows you access through a locked door. This has the same proximity functionality that an access card might have, but it’s in a much smaller form factor and one that fits very well on a key chain.

If you’re in an organization where you need to go through a lot of locked doors, this is a very convenient way to always have your electronic key with you. These come in many different form factors, but they’re usually one that is relatively small, at least small enough that you can easily fit on a key chain and have all of those keys in your pocket. This allows you to always have access to the key fob wherever you might be.

In some organizations, your ID card also doubles as a smart card. This is a card that has a certificate inside of it. And when you connect it to a reader, you’re able to confirm that is your card that you’re using to provide access to this device. We sometimes refer to this as something you have. Of course it’s usually a bad idea to have this as your only authentication method.

So we usually combine a smart card with other types of authentication, such as something you know which might be a passphrase or a personal identification number. To be able to read the certificate that’s on the smart card, we need some type of card reader. Sometimes these are built into the device that we’re using or it might be an external reader like this one that connects via USB. Here’s a smart card slot that’s on the side of a laptop.

You would then take your smart card slide it into the laptop provide any additional authentication that might be required, and now you have access to this system. There’s obviously a cost associated with implementing an electronic lock on a door. That’s why some organizations may prefer more of a mechanical lock, where you simply have keys that would open that door.

If it’s an environment that has a lot of mechanical locks where you have a lot of individuals that need access to those particular locks, you may want to install a key cabinet. This ensures that you can manage and maintain all of the keys that are used by your organization, and it makes it very easy to see who may have checked out a set of keys or who may not have returned a set of keys.

To ensure that the organization gets the key back after checking it out, they often require some type of collateral. So you may have to leave an ID card or your mobile phone to ensure that you will bring back that key and be able to retrieve your personal items. We’ve talked about using cards and pass phrases to be able to gain access but what if you use a piece of yourself to gain access. You would do that by using biometrics.

There’s usually a reader that’s able to read a handprint, a fingerprint, or even a retina scan to be able to confirm that you are the person who would like access. These usually aren’t storing a picture of your fingerprint. Instead it’s creating a mathematical representation of your fingerprint. So once that information is stored, you can use the fingerprint reader to perform the same reading again and compare that to what has been stored previously.

This is a type of authentication that rarely changes . You may be able to change your password every 30 days. But it’s very difficult to change a fingerprint or a handprint. So once we’ve saved that representation of your fingerprint, we know that every time you use that reader, it will always be exactly the same every time. Although these aren’t foolproof, they are a very good way to provide authentication, especially if you combine it with other authentication factors.

So we might use this fingerprint as a biometric authentication factor, which is something you are, and then use the personal identification number to confirm something you know. Because the capillaries in your eye are different for each individual, a retina scanner is able to differentiate between one user and another. Usually we combine this with a reader that’s on the retina scanner and a personal identification number that you would type in immediately afterwards.

We commonly use a similar process for a fingerprint scanner where we would place our fingerprint on a reader, and then provide some other factor of authentication. And we can perform a similar biometric function by using a handprint or palm print reader which uses the entire hand for access. You may also notice at night that your office building is probably very well lit. This is, of course, a security feature that keeps you safe as you’re moving from your car into the building.

But it’s also useful from a security perspective because the cameras are able to see better if everything is lit. We could, of course, use infrared cameras to be able to see very dark areas, but we can see much more detail if the camera’s using regular light. There are many different ways to light a particular area and different lights provide different functions. We also have to be concerned about how much light and the angle of light so that we’re able to see details of faces and vehicles as they’re moving around our facility.

If you’ve ever been to an airport, you probably have gone through a magnetometer. This is commonly referred to as a metal detector because it identifies anything metal that you might have on your person. You might also have this at your place of work, especially very large buildings or government facilities. These devices are very good at finding any metal that you might have on you, but they’re not very good for identifying other types of materials, such as ceramic or plastic.

In many organizations, we’re walking around with our mobile phones wherever we happen to go. These are often our personal phone that we’re bringing to work, and our work is using part of that phone to be able to store some of the company’s data. We refer to this as BYOD, or bring your own device. This means we would only need to carry around one device, whether we’re at home or at work.

This creates a challenge for IT security professionals who want to be sure that the company data on your private phone is protected. One of the ways that they can manage this device is through an MDM, or a mobile device manager. Through the MDM, they can set policies on how and when certain features of your phone might be used. For example, they might install company apps on your phone automatically without you having to manually download and install those apps. Or they might control whether wireless or camera features are available on your phone depending on where you happen to be.

These MDMs can often create a logical partition on your phone so that your private information stays on one part of your phone and the company data is on another. This way if you leave the organization, they can delete all the company data but leave all your private data intact. This is also a good way to ensure that certain security policies are in place. From the MDM, a security administrator could require that everyone you screen locks and have a personal ID number that must be used to unlock this device.