Physical Security – CompTIA Network+ N10-007 – 4.1

We rely on physical security systems to keep our servers and networks safe. In this video, you’ll learn about some of the most common physical security systems.

<< Previous Video: Policies and Best Practices Next: Authorization, Authentication, and Accounting >>

Many organizations will add physical security in the form of video surveillance. You may see these referred to as CCTV cameras, which are Closed Circuit Television. These are often coax-connected devices. These days, it’s more common to use IP-based cameras that can communicate across the network over Ethernet connections. These cameras can replace multiple people that may be stationed in different locations. So instead of having multiple guards set up looking at a particular area, you can have all of those cameras come back to a single screen where one person can be monitoring all of those different areas.

You also want to get cameras with the proper specifications. For example, you may need cameras with a shorter focal length so that there is a wider angle that can be viewed from a single camera. Depth of field is also important, especially if your camera is looking at a very long distance. You want to be sure that that entire distance is in focus. And if you’re going to be using these cameras in a dark location or at night, then it’s useful to have cameras with infrared features that are able to see even when it’s dark outside.

It’s very common to have cameras posted on the inside and outside of your buildings or around your campus, and then you can have all of those cameras reporting back to a central video recording device. These cameras can also alert if someone happens to go into an area by using motion detection. That way if a particular room is off limits, you would be notified immediately if anybody goes into that particular area.

Another physical security technique used by many organizations is to put the company’s own asset tag on the different components. So if you have routers, switches, servers, CSU/DSUs, or any other component, you can associate that particular component with an internal tracking number that’s specific to your organization.

This asset tag will then be associated with that particular device. So you’ll now have a database of the exact make and models of the devices in your organization, how they’re configured, perhaps purchase data information, and where they might be located. The tag that you use might have a number on it that anybody can reference over the phone. There could be a barcode, which makes it easy to check in or check out a particular asset, or you might have RFID built into the tag itself so that you can easily track exactly where this particular device is going.

As your organization gets larger, it becomes impossible for any single person to be able to keep track of all of the different assets in your organization. So you need some way for these devices to monitor themselves. And if anybody tampers that equipment, you’ll be immediately notified. For example, many servers and other type of desktop components have case sensors built into the device.

If anyone removes the cover from that device, an alarm is immediately sent from the BIOS. This way, you’re able to know exactly when a particular component may have been altered or modified by someone else. And if you have identification tags or asset tags associated with a device, you may want to get a tag that provides tamper notification. If someone removes that tag, there will be a message left behind on the device.

One way to keep track of who may be authorized to be in a particular area is to require the use of an ID badge. The ID badge will probably have a picture and the name of a person and other details about that person’s employment. This ID badge may also be integrated with your door access. So not only is it a way to identify yourself, it also allows you to gain access through locked doors in your facility.

This could also be a smart card. So you could slide it into a computer to provide as additional form of authentication. These ID badges commonly use a standard format in your organization. So you can very quickly identify people who may be employees and who may not be employees. And you should train all of your employees that if they see anyone without an ID badge, they should immediately start asking questions.

Biometrics is a way to provide authentication that is tied specifically to you as an individual. This might be your fingerprint, it could be an iris, or it could be a mathematical representation of your voice print. Most biometric systems are not storing your actual fingerprint or an actual picture of your iris. Instead, it’s storing a mathematical representation of that. So it may be sampling different areas of your fingerprint and storing that information to identify as you.

You can see that these biometrics are a very good way for you to authenticate that you are really who you say you are. It’s very easy to change your password, but it’s extremely difficult for you to change a fingerprint or some other physical part of yourself. We commonly use biometrics in very specific situations. Biometrics aren’t foolproof, but they are a very good factor to use in conjunction with other authentication methods.

Some types of physical security require that you have something with you. For example, you may have a smart card. You can slide the smart card into a computer, provide your personal identification number, and that might gain you access to that resource. Another type of component you would have with you is a USB token. A certificate is usually stored on the USB drive, and you would plug that into a device to use as another authentication method.

You might also see hardware tokens or key fobs. Sometimes, these are built into software that’s on a mobile device, and these create a pseudo-random code that you would provide along with other authentication methods. And your phone itself can be a good way to have a physical device used during authentication. You can have a code text messaged to your phone during authentication, and you can provide that along with your username and password as something you might have physically with you to use during authentication.

And one of the oldest types of physical security is a door lock. This could be a conventional lock that uses a key to open and lock the door. This might include a deadbolt to provide even more physical security. In many organizations, we’re now using electronic locks. So we might put a code into a door that would then unlock that particular room.

Many organizations are also using token-based locks like this one. This may be a magnetic swipe card or proximity card, and the particular ID on that card is what’s going to determine whether that door is unlocked or whether it remains closed. And in some organizations, you can also use the same smart card you use to authenticate to your computers as a way to authenticate through a locked door.