Physical Security – CompTIA Security+ SY0-401: 2.7

A proper security strategy includes both technical and physical security methods. In this video, you’ll learn about some common physical security techniques.

<< Previous Video: Environmental MonitoringNext: Physical Security Control Types >>

Let’s begin our discussion of physical security with a type of security that we’re very familiar with, which is a hardware lock. It can be something like a conventional lock and key that’s on a door. It can also be a deadbolt, which is a little bit more of a physical restraint, a much broader lock that you might put onto a door. Many of our doors in our enterprises, though, don’t have these keys. They use electronic means to be able to unlock the door.

These are usually associated with some type of central database that only allows the right people into the room based on the card or the identification information they provide to the electronic locking mechanism. Many of these electronic locks are token-based. You need some type of physical token to be able to get into that particular area.

This can be a magnetic swipe with a card reader, or it might have an RFID tag inside of it. And you just simply get close and it will unlock the door for you. These are sometimes combined with a biometric reader. So it may take your hand or a fingerprint or look at the retina of your eye. These are multi-factor ways to authenticate or unlock a door.

This might also include something like a smart card and you have to input a pin number and then provide biometrics, and then finally you gain access to the room. A mantrap takes this idea of a locked door to the next level. With a mantrap, there are usually at least two doors involved. And if you open one door, the other doors automatically lock.

If you close that door, the other door can open. This means that only one person can possibly go through at one time. So it’s very common for someone to see that all the doors are locked. You authenticate yourself with your card or some other type of access to unlock the first door. You walk inside, and then you have to close the door behind you before the next door will open.

This will ensure that only one person can go through at a time and you won’t have multiple people using one person’s pass card to get into a facility. Another type of widespread physical security is video surveillance. This is usually done with CCTVs, or closed circuit televisions. These are cameras that only provide video to internal sources. They’re not broadcast to other places. Therefore, it runs on a closed circuit.

And in some cases, you can put a camera in place and you won’t need to have somebody physically sitting at that location. It’s common to see these outside of doors or entry gates. You push a button and a live person comes on the intercom and asks information about whether you can enter or not. And of course, they can see you, because this closed circuit television camera is right there watching your every move.

If you’re planning to purchase some cameras, you need to look at the specifications of what you might be buying. One consideration is the focal length. You want to see how wide angle or narrow angle a video stream might be. So you want to be sure to get a camera that fits with the needs that you have. Depth of field is another important consideration.

You want to be sure that everything you need to see is going to be in focus. A very narrow depth of field might only focus on a certain area, but a very broad depth of field could view things very closely in focus and very far away in focus as well. You should also consider how much of this camera needs to be able to see even in a dark environment.

You can get cameras these days with infrared capabilities that allow you to effectively see in the dark, although you may need a camera that only needs to be able to record things during the day. So you want to choose the right camera for your needs.

You also might use many cameras throughout the property. You might have them in different locations. And it’s very common to network them all back to a central recording unit that also allows you to send signals back out to the camera to be able to control the pan, tilt, and zoom capabilities. Building a fence creates a perimeter around for physical security.

And this is a very obvious form of physical security. And that may not be exactly what you want to do. When you put up a fence, everyone knows there might be something inside that they want. Many fences might be chain link fences like these, which are very transparent. You can see right through them. But of course, you may have a good reason to put up a fence that is more opaque that prevents people from seeing exactly what’s going on on the other side of that fence.

Fences make for very good physical borders, because it’s difficult to get through the fence, especially if you’re using some very heavy steel or you have concrete fences, it would be almost impossible to get through those. And if you build the fence high enough, it’s very difficult for somebody to get over that fence. Of course, you could even add on other things like razor wire at the top to help prevent anyone from climbing over or getting through that physical security.

When it gets dark, your physical security becomes even more important. The bad guys love to go places where they cannot be seen. And when it’s dark, they can really move around without anybody knowing that they’re there. If you were able to use a lot of light, you can prevent this and in some cases, take advantage of the dark by using infrared cameras to be able to see what’s going on.

When you’re combining lights with cameras, you may also want to think about how you’re planning out and designing this light system. You want to be sure that the angles of the lights are important, especially if you’re going to be using this video later on to try to recognize someone. If the light is at too sharp of an angle, there may be too many shadows on the face. You may not be able to recognize someone that way.

You also want to make sure that the cameras are positioned so the light is not shining directly into the camera or creating glare. Warning signs can be helpful, especially if your organization deals with chemicals, it’s a manufacturing facility, or something like a hospital. These signs will not only help the people that are working in that facility, but will be especially helpful for visitors or people that don’t often visit that location.

These signs should consider the personal safety of everyone who’s in the building. Your fire exit should be very clearly marked. Or if somebody’s coming near a location where there is a lot of chemicals, this would be a great place to have some warning signs. And of course, you should have signs that mark where medical resources might be. If you need some type of first aid kit, it should be clearly marked so that everybody in the building knows where that is.

And even in small organizations, it’s good to have contact information or phone numbers right on the sign so people know who to contact in case of emergency. Nothing says physical security more than a physical security guard sitting between you and the inside of the organization. This is truly providing physical protection for the people that are coming into the building and the building resources and people who are already there.

This is going to validate that only the proper people are allowed in, such as existing employees, and the security guard can check and validate that the guest access is provided to the proper people and they are escorted properly throughout the facility. It’ll be difficult to look at everybody up in a single list every day. So usually people wear ID badges when they’re on site.

And these usually will have a picture and the name of the person and other pertinent details that are important for that organization. These usually must be worn at all times. It’s very common to train your users that if anybody is walking around without a badge on, you should start asking them exactly why they’re there. Occasionally, you’ll have people visit your facility who don’t have an ID badge.

And the security guard to be responsible for checking through this list of names and providing access to those individuals. Barricades can also be used to keep people from going into or out of a particular location. There are limits to what a barricade can actually do. But it would certainly make people aware that that is a section they should not be going. This will channel people and anything else through a very particular point.

This might also be able to keep cars or trucks out of a particular area but still allow people to pass through. It’s very common to see barriers around industrial equipment, the air conditioning systems, or water systems. And you could avoid having people go near that very dangerous equipment.

You might also see barriers used as another type of physical security. It’s not uncommon, for instance, to see concrete barriers that can stop trucks or cars from coming into a building. Or you may even see in very large data centers that they will surround it with water and have a physical moat that separates the data center from a single road in and out of the facility.

If you’ve ever walked around a home improvement store or any place that’s a warehouse type store, you can see the physical network cables being run up in the ceiling. It’s wide open.

Well, if your environment is very, very secure, you may not allow your physical cabling to have that level of access. And instead, you may want to have a Protected Distribution System, or PDS. With a PDS, all of your tables and all of your fibers run through special conduit that will protect and keep all of the data secure that’s inside of those systems.

As it’s running throughout the building, it’s difficult to secure every inch of every cable. So these PDS’s will allow you to provide additional security. This is helpful if somebody’s trying to tap into the fiber or the copper connections and be able to gather traffic directly from your network from a place that would not be obvious, if you were trying to do this inside of the data center.

This might also prevent somebody from creating a denial of service condition, where they’re physically cutting cables or cutting fibers because there’s no way to prevent that without some type of protection around those fiber or cable connections. A hardened protected distribution system would even be one step further, where everything is inside of a metal conduit, everything is sealed. And there are periodic inspections to make sure that everything is exactly the way it should be.

If something’s ever out of the ordinary, we want to get an alarm that something has happened. Sometimes these alarms are circuit-based, which means that a circuit is either opened or closed, and then we’re notified when that happens. That’s something you might usually have on a door or window. And if that door is opened or the window is opened, the circuit closes and a notice is made or an alarm is made at a central location.

It’s very useful to have on the perimeter, where you want to find out the instance somebody walks into a door or comes in through a window. You can also have motion detection alarms. They’re looking for a radio reflection or even infrared reflections going back into the alarm unit. And then they can then notify a central location.

This is usually put somewhere where you don’t expect anyone to be. And if there’s any motion, you want to know exactly where that is. A duress alarm is one that’s triggered by you. It might be a big red button. And if there’s a fire or a panic situation, you can push that alarm and notify a third party. You would commonly use all of these physical security techniques to be sure that the resources and the people in your organization stay safe.