More Physical Security Controls | CompTIA Security+ SY0-601 | 2.7b

In this video you will learn about more physical security controls such as: USB data blockers, lighting, fencing, fire suppression, sensors, drones, visitor logs, Faraday cages, screened subnets, secure areas, & secure data destruction.

USB Data Blocker

A USB data blocker is a device that stops an attacker from connecting a USB drive to a computer and stealing data. 

There are two types of USB data blockers that you need to be concerned about for the CompTIA Security+ SY0-601 certification exam:

  • Software:  Organizations are utilizing security device lockdown software that can detect the emulation of USB devices that have been placed in the device & can promptly disable usage, in addition to reporting the exploit to the security operations center (SOC).  Software USB data blockers can ensure people & attackers are unable to steal data with a USB thumb drive from an organization’s computer by disabling the USB function.[1]
  • Hardware:  a device that plugs into the charging port on your phone, acting as a shield between the public charging station’s cord & your phone.  USB data blockers, also known as USB condoms, restrict hackers from accessing your phone’s data.[2]

Lighting

Interior & exterior lighting can provide various levels of protection & safety for employees and a facility.  Knowing there is lighting everywhere can also serve as a deterrent for potential attackers because it’s possible for cameras to pick up any movement.  Building lighting & auto-sensing light switches can provide safety and visibility as well as reduce power requirements.[1]

Fencing

Physical access controls consist of the systems & techniques used to restrict access to a security perimeter & provide boundary protection.  One of the major defenses includes fencing and fence-monitoring systems.  Fencing is usually the first line of defense at the perimeter of a property.  Therefore, deploying the right fence for the right level of protection is important.[1]

Fire Suppression

Fire suppression systems are used to extinguish, control, or in some cases, entirely prevent fires from spreading or occurring.  Fire suppression systems have an incredibly large variety of applications, and as such, there are many different types of suppression systems for different applications being used today.  When fire suppression systems are triggered, they are usually tied to power cutoff processes, which turn down power at the same time.  This reduces chances of the fire continuing to burn while sourced by a device with power, and of someone inadvertently getting electrocuted.  Types of fire suppression systems are as follows:[1]

  • Class A Fire:  (trash, wood, & paper) require water extinguishing systems which decrease the fire’s temperature & extinguishes the flames
  • Class B Fire:  (flammable liquids, gasses, & greases) require foam extinguishing systems
  • Class C Fire:  (energized electrical equipment, electrical fires, & burning wires) require a carbon dioxide extinguishing system
  • Class D Fire:  (combustible metals such as magnesium, titanium, & sodium) requires sodium chloride & copper-based dry powder

Sensors

The various types of sensors you need to know for the CompTIA Security+ SY0-601 certification exam are:

  • Motion Detection:  an electronic device that is designed to detect & measure movement.[3]  These sensors use passive infrared to detect motion & then send an alert to the alarm system.
  • Noise Detection:  electronic devices that can detect sound where sound is not expected and then convert the sound into an electronic signal to which that signal is then sent to an alarm or alerting system.[1]
  • Proximity Reader & Cards:  proximity card readers are data capture devices used to extract information stored on access control cards, contactless smart cards, and/or key tags.  While primarily used for access control, proximity card readers can also be used to enhance site security, track time & attendance, manage site visitors, and more.[4]
  • Moisture Detection:  an instrument used in many industries to detect moisture & humidity.  They can provide warnings for leaks, floods, or other issues that could cause substantial damage to life and property.
  • Temperature:  a device used to measure temperature such as air temperature, liquid temperature or the temperature of solid matter.[5]  Temperature sensors often work with HVAC systems to ensure an environment is not too cold or too hot.[1]

Drones

Drones are unmanned air devices or underwater vehicles that can use embedded computer platforms.  Drone operate by using software or firmware, and drone operators use computers & mobile devices to run drone applications that control the drones.  Drones communicate via wireless connections to ground stations and operators.  Hackers are already exploiting drone software & firmware vulnerabilities to take over drones to gain access to connected systems & networks.  Malware is often embedded in drone software and can compromise not only the data collected on drones, but also the systems that the drones, software, or connected devices are linked to.[1]

Visitor Logs

A visitor log is a tool that helps capture who is coming & going at a facility.  It is a record book that keeps track of the visitors on site, their identity, what company they may represent, who they came to visit, the purpose for the visit, contact details, and time in & out.  Visitor log books can be both paper based & digital.  A paper-based visitor log book at the front desk reception is a traditional one that requires the guests to fill out a form with their contact details, time in and the person the reason for the visit.  A digital visitor log book is an automated & streamlined version where information is inserted with the help of technology.  It can capture static pictures of visitors, QR codes powered check-ins, ID card scanning, biometric fingerprints and more to aid to make the workplace more secure.[6]

Faraday Cage

A Faraday cage is an enclosure used to block electromagnetic fields.  A Faraday cage may be formed by a continuous covering of conductive material.  A Faraday cage operates because an external electrical field causes the electric charges within the cage’s conducting material to be distributed so that they cancel the field’s effect in the cage’s interior.  This phenomenon is used to protect sensitive electronic equipment (such as RFreceivers) from external RF interference often during testing or alignment of the device.  They are also used to protect people & equipment against actual electric currents such as lightning strikes and electrostatic discharges, since the enclosing cage conducts current around the outside of the enclosed space and none passes through the interior.

Screened Subnet (DMZ or Demilitarized Zone)

A demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the internet. The purpose of a DMZ is to add an additional layer of security to an organization’s LAN to where an external node can access only what is exposed in the DMZ, while the rest of the organization’s network is firewalled. The DMZ functions as a small, isolated network positioned between the internet and the private network and, if its design is effective, allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks.

Secure Areas

A secure area is an area to which only authorized representatives of the entity possessing the confidential information have access, & access is controlled through the use of a key, card, lock, or comparable mechanism.  Secure areas may include buildings, rooms or locked storage containers within a room, as long as access to the confidential information is not available to unauthorized personnel.[8]  The types of secure areas you need to be concerned about for the CompTIA Security+ SY0-601 certification exam are:

  • Air Gap:  An air gap is a network security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured LAN.[7]  It means a computer or network has no network interface controllers connected to other networks.  Because the computer isn’t directly connected to the network, it can’t be attacked through the network.  So to compromise this type of computer, a hacker would have to “cross the air gap”, which means they would need to be physically sitting down in front of the computer to access the device.[1]
  • Vaults & Safes:  a secure space to store money, valuables, records, & documents.  It is intended to protect contents from theft, unauthorized use, fire, natural disasters, & other threats.[1]
  • Hot Aisle/Cold Aisle:  refers to a layout design especially for data warehouses where huge servers & computing equipment are kept and data is stored.  The purpose of the hot aisle/cold aisle scheme is to manage air flow in data centers, consequently lowering the energy, cooling & management cost inside data centers.[9]

Secure Data Destruction

Here are some various secure data destruction methods you need to be concerned about for the CompTIA Security+ SY0-601 certification exam:

  • Burning:  melting or burning data involves dipping the data into acid to destroy its contents. This is one of the most effective ways to destroy data, but it is also one of the most dangerous due to the process involving the use of hydrochloric and nitric acids which are very dangerous to the environment and human skin.
  • Shredding:  shredding is another effective way to destroy data. It involves running papers or harddrives through a heavy duty shredder which cuts the paper or drive into tiny bits.
  • Pulping:  data on paper can also be shredded & reduced to pulp.  After the paper has been broken down into pulp, the fibers are separated, washed, and screened to remove fiber bundles.  Then the water is pressed out.  After the pulp is dried, it can be made into recycled paper.[1]
  • Pulverizing:  grinds and/or reshreds paper to make it impossible to recover.  Documents and storage media are fed into a pulverizer that uses hydraulic or pneumatic action to reduce the materials to loose fibers and shards.[1]
  • Degaussing:  involves using a powerful device known as an electromagnetic degausser (or permanent magnet degausser) which is used to scramble the hard drive platter so that it cannot be read by anyone. Although the drive is still physically intact, all of the data and the control track data are missing. This method is preferred if you want to keep a hard drive simply for display purposes.
  • Third-Party Solutions:  if you choose to send your hard drives off to a recycling company to handle data destruction, ensure you get a Certificate of Destruction (COD). A Certificate of Destruction is an important document that includes all the pertinent details regarding your shredding service. Following every paper shredding or media destruction service, you will receive a COD confirming that your material has been securely destroyed. Beyond simply providing a peace of mind, the COD is proof that the information stored on the media is no longer at risk and that your business is compliant with relevant privacy laws.

References

  1. Santos, O.; Taylor, R.; Mlodziannowski, J. CompTIA Security+ SY0-601 Cert Guide.
  2. (2020, Sep 14). What Is a USB Data Blocker and Why Do You Need One? BMA.
  3. Jost, D. (2019, Oct 14). What is a Motion Sensor? Fierce Electronics.
  4. Shop Proximity & HID Badge Readers. ID Wholesaler.
  5. What is a Temperature Sensor? Variohm.
  6. Rivett, N. (2020, Dec 1). What is a Visitor Log Book, and Why Do You Need One? Sine.
  7. Air Gapping (Air Gap Attack). WhatIs.com.
  8. Secure Area Definition. Law Insider.
  9. (2018, Jan 2). Hot Aisle/Cold Aisle. Techopedia.