Physical Security Measures | CompTIA A+ 220-1002 | 2.1

In this video you will learn about physical security measures to help protect information systems and data.

Physical Security

Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm. Physical security involves the use of multiple layers of interdependent systems that can include CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to protect persons and property. Physical security of IT equipment is a fundamental first factor in a secure network.

Mantrap

A mantrap is a physical security access control system comprising of small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. In a manual mantrap, a guard locks and unlocks each door in sequence. An intercom and/or video camera are often used to allow the guard to control the trap from a remote location. In an automatic mantrap, identification may be required for each door, sometimes even possibly different measures for each door. For example, a key may open the first door, but a personal identification number entered on a number pad opens the second door. Other methods of opening doors include proximity cards or biometric devices such as fingerprint readers or iris recognitions scans. Overall, mantraps basically slows down a person’s entry process to prevent unauthorized entry into an area.

Mantrap

Badge Reader

A badge reader is a device designed to read information encoded into a small plastic card. It is often part of a data collection system in which each operator can be identified by the badge they present to the machine. It can also be used to control access to areas associated with electrically operated door locks, and when built into keyboards and other parts of information systems it can control access to information. The badge is usually of plastic, or paper laminated between plastic, and may contain a photograph and other information in addition to what is encoded. The encoding takes many forms, some of which are proprietary and complex to achieve greater security.

Badge Reader

Smart Card

A smart card is a physical electronic authorization device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless (proximity cards), and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. To further enhance security, smart card security systems can also be multifactor, requiring the user to input a PIN or security password as well as provide the smart card at secured checkpoints.

Smart Card

Security Guard

A security guard is a person employed by a government or private party to protect the employing party’s assets (property, people, equipment, money, etc) from a variety of hazards (such as waste, damaged property, unsafe worker behavior, criminal activity, etc.) by enforcing preventative measures. Security guards do this by maintaining a high-visibility presence to deter illegal and inappropriate actions, looking for signs of crime (patrols or monitoring systems) or other hazards, taking action to minimize damage, and reporting any incidents to their clients and emergency services as appropriate.

Security Guards

Door Lock

A lock is a mechanical or electronic fastening device that is released by a physical object (key, keycard, fingerprint, RFID card, security token, etc) by supplying secret information or by a combination thereof or only being able to be opened from one side. Although this seems obvious, surprisingly it is common for people to get into unauthorized areas by just wandering in. The easiest way to secure an area is to simply lock the doors with some organizations providing written policies explaining how, when, and where to lock doors. Aside from main entrances, always lock server rooms, wiring closets, labs, and other technical rooms when not in use. Other precautions to take include documenting who has keys to server rooms and wiring closets and periodically changing locks and keys.

Biometric Locks

Biometric locks (smart locks) are devices that allow for you to unlock doors with the combination of a person’s biological information (fingerprint, retina/eye scan, facial/voice recognition) and a PIN.

Biometric Lock

Tokens

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples are smart cards, RFID cards, USB tokens, and key fobs.

Security Token

Laptop & Cable Locks

Most laptops in addition to mobile devices such as projectors & docking stations feature security slots.  The slot is normally located near the rear corner of a laptop.  This slot is used with a laptop cable lock.  These locks work just as a bicycle chain lock works.  You find a large, immovable object such as your desk and wrap the metal cable around it.  Insert the lock into your laptop’s lock slot, and your computer becomes virtually theft-proof.  Laptop locks come as either combination locks or keyed locks.

Laptop Cable Lock

Server Locks

Server locks involves locking down equipment in a server rack by way of cabinets or cages with secure biometric locks or keycards that can be changed often.  Some rack cabinets are very sophisticated with alarms that indicate access and improperly closed doors.

Server Locks

USB Locks

USB locks are used to secure USB cables into a computer & to securely plug empty USB ports.

USB Lock

Privacy Screen

A privacy screen (sometimes called a privacy filter) is a thin piece of plastic that is placed over your monitor or display panel in order to prevent wandering eyes from absorbing confidential information. Privacy screens reduce the field of vision to about 30 degrees so that only the person directly in front of the screen can see the content. Many privacy screens also provide anti-glare capabilities to help reduce eye strain.

Privacy Screen

Key Fobs

A key fob (also known as a hardware token), is an electronic lock that controls access to a building or vehicle without using a traditional mechanical key. They can contain RFID chips and may be used as part of a two-step authentication protocol the works as follows:

  • The key fob generates a code every 30 to 60 seconds.  Every time the code changes on the fob, it is also matched in an authentication server.
  • The user logs into the system or restricted area, using the generated access code displayed on the key fob’s LCD display.  The authentication server matches the current code and allows access.
Key Fob

Entry Control Roster

An entry control roster is a list of personnel who have been granted access based on verified and authenticated credentials (such as PINs, etc) to enter a secured area. Along with being granted access, logs are typically maintained to track who has entered and exited a secure area at all times.