Physical Security Controls – CompTIA Network+ N10-006 – 3.4

We spend a lot of time talking about our security technologies, but you can’t have a true security without physical components. In this video, you’ll learn about mantraps, network closets, video surveillance, door access controls, security guards, and access lists.
<< Previous: HashingNext: Firewalls >>

We don’t just rely on technology to control access to information. We also rely on physical controls for our security as well. A physical security control that you might see in a larger environment is something like a mantrap. A mantrap is designed as a small area or breezeway where once you enter, you have to close the door behind you before you can open the door to proceed on your way. It is effectively trapping you in the middle.

And we tend to use a mantrap as a way to control the number of people walking through an area or as an entry point where you can ask questions, fill in sign in forms, and then proceed on your way. One type of mantrap might have all of the doors unlocked so you can enter from either side, but once you open a door, the other side will be locked. So as long as that other door is open, all of the other doors in the mantrap are going to be closed and locked up.

Some mantraps start up with all of the doors locked and when you unlock a door, it prevents any of the other doors from being unlocked, which is effectively performing the same function. Some mantraps work by opening one door and having all of the other doors unable to be unlocked. All of these types of mantraps are effectively doing the same thing. They are stopping someone in the middle of the room, having you close the door behind you before you can proceed through the other door.

The man trap is designed to limit the number of people that can pass through a particular area at one time. Sometimes the mantraps are very small and only one person can go through at a time. Other times it’s a larger room and you might stop in the middle, check in with security, leave an identification, and only then are you granted access through the mantrap. If you work in an office, then you’ve probably noticed that the network equipment and the file servers are not out in the open.

They’re not sitting on someone’s desk and they’re not accessible by anybody. They’re usually locked up in a network closet. And that’s because if you can gain physical access to a particular device, you can then gain access to the workings of that device. You can gain access to the operating system or gain access to log into the router or the switch or the firewall. That’s why we lock everything away for security so that nobody can gain unauthorized access to those devices.

A network closet also maximizes the uptime of these devices because you can have complete control over the power, the environmental controls, everything associated with the surrounding environment that keeps that device running. This also allows you to secure network connections. Nobody can walk up to a switch, plug into a connection, and gain access to the network. A network closet also gives you a way to do more auditing. You can control who gains access to that particular room.

Maybe it’s an automated process, so you can look at logs of exactly who was logged into the room. You can provide sign in sheets, you can get more detail on what was happening. That way if anything was to happen with the network or the files that are on a file server, you know exactly who had access to the room during that time.

Another type of physical security control is a camera. This video surveillance will allow us to put cameras in very critical locations and then be able to record this information over time. This way you don’t have to have a physical person sitting and watching a particular area, you can have the entire thing automated through the video surveillance. Not all cameras are the same. You need to find a camera that fits what you’re trying to accomplish.

You need to look at the focal length of the camera. A shorter focal length gives you a wider angle and you can, of course, see more with the camera. Of course, the depth of field is going to be important. This determines how far you can see into the distance so that everything is in focus. You might need infrared capabilities in the camera so that you can effectively see in the dark even if there is no visible illumination.

Most organizations have many different kinds of cameras and they’re all networked back to one central point. Usually the cameras are connected to a digital video recorder, a DVR, and that DVR is recording every camera all the time to some type of very large amount of storage. That way if there’s a question about what happened yesterday or last week, you can simply rewind to that particular date and time and see what every camera was able to capture during that time frame.

When you think of physical controls, you often think of a door lock, but there are many different kinds of door locks that you can use. There’s, of course, the traditional door lock where you have a lock and a key that you would turn. Some folks will need a deadbolt as well, so you need additional security in that particular doorway. There are, of course, electronic locks that don’t require a key. Some types of electronic locks might be token-based where you need to swipe a magnetic card or have a proximity reader so that it then allows you access through that door.

Might also require biometrics. Maybe you have to use a finger or a handprint or, in some cases, even a retina scan for that door lock to operate. And sometimes you’re even adding additional factors on top of that. Things like smart cards or PIN numbers along with a key or a biometric would then provide much more security and really confirm that you have access through that particular door.

A very visible form of physical security is a security guard. It is a person that is posted at a particular area and that person is providing the physical security for your building. This is someone who’s generally validating who gets to come and go. They may be also checking in guests and making sure the guests have all of the proper credentials to enter the building.

In most organizations, employees are required to carry an ID badge so that you know exactly who they are, if they’re supposed to be in the building or not, and this can be used also by your security guards to give people access to particular areas. There might also be an access list. Maybe guests or names of people that are allowed access to a particular area and the security guard is responsible for accessing the list and either allowing or disallowing access to an area.