Physical Security Countermeasures

Go back to Tutorial

The security counter measures can be classified as

  • Physical measures to prevent access to systems and includes security guards, lighting, fences, locks, and alarms. Monitoring by closed-circuit television (CCTV) cameras and alarms should be present. Computers with sensitive data should be protected in an enclosed and locked area.
  • Technical security measures includes firewalls, IDS, access control and use of authentication, passwords, and file and folder permissions.
  • Operational security refers to controls like usage policies, hiring policies and security policies.

Locks

They are an inexpensive theft deterrent which don’t prevent theft completely but, they slow thieves down. Locks can be used to control access to sensitive areas and to protect documents, procedures, and trade secrets from prying eyes or even secure supplies and consumables.

  • There are also a number of different types of keypad or combination locks. These require the user to enter a preset or programmed sequence of numbers.
  • Master key locks – They are used in hotels and allow a supervisor or housekeeper to bypass the normal lock and gain entry.
  • Device locks – They may need a key or combination type. They secure laptops and have a vinyl coated steel cable that secure the device to a table or cabinet.

Closed Circuit TV (CCTV) cameras

Closed-circuit television (CCTV), also known as video surveillance, is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. It differs from broadcast television in that the signal is not openly transmitted, though it may employ point to point (P2P), point to multipoint, or mesh wireless links. Though almost all video cameras fit this definition, the term is most often applied to those used for surveillance in areas that may need monitoring such as banks, casinos, airports, military installations, and convenience stores. Videotelephony is seldom called “CCTV” but the use of video in distance education, where it is an important tool, is often so called.

They are great for surveillance. Although they are not highly effective at preventing access to a facility or controlled area, they are useful as a detective control. Detective controls are those that can be referenced to try and verify what went wrong. If CCTV is used to record activity, the tapes can be audited later to determine who accessed the facility or area at a specific time. CCTV can help deter attacks because if they are easily visible, an attacker might think twice about any activity that they know is going to be captured.

Fences

They are a great boundary control. Fences clearly signal which areas are under higher levels of security control. Fencing can include a wide range of components, materials, and construction methods. Typically, the more secure the fence, the larger the gauge. As an example, normal security fences usually feature a two inch mesh and average 9 gauge. A high security fence will have

a smaller mesh, usually around one inch and the width of the wire will increase to 11 gauge.

Other than the fence, proper gate and proper lighting can also increase perimeter security.

Mantrap

A mantrap, air lock, sally port or access control vestibule is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens. In a manual mantrap, a guard locks and unlocks each door in sequence. An intercom and/or video camera are often used to allow the guard to control the trap from a remote location.

In aquatic situations and in space, mantraps are known as airlocks. This is counterintuitive, because exactly the same design is used for the opposite purpose. A mantrap is used to keep an individual in, whereas an airlock is used to facilitate ingress or egress.

In an automatic mantrap, identification may be required for each door, sometimes even possibly different measures for each door. For example, a key may open the first door, but a personal identification number entered on a number pad opens the second. Other methods of opening doors include proximity cards or biometric devices such as fingerprint readers or iris recognition scans.

Metal detectors are often built in, in order to prevent entrance of people carrying weapons. This use is particularly frequent in banks and jewelry shops.

Some mantraps lock both the inner and outer door if authentication falls so that the individual cannot leave until a guard arrives to verify that person’s identity. Piggybacking is when someone attempts to walk in behind an employee without authorization.

Bollards

It is a short post designed to identify or segment a location, guide traffic or protect sensitive areas. It provides an effective visual barrier for vehicles and pedestrians and can offer significant impact protection where effective security is required.

Bollards are another means of perimeter control. It prevents a vehicle from breaching an organization’s exterior wall and driving in. Insurance companies are making them mandatory for electronic stores. Some places even use very large flower pots or cement picnic tables as a perimeter control or disguised bollard.

Guards

Guards can monitor activities and actually intervene and prevent attacks. Guards have the ability to make a decision and judgment call in situations that require discernment. If guards are stationed inside a facility, they can serve dual roles as a receptionist while monitoring, signing in, and escorting visitors to their proper location. However, guards are people, so this means that they are not perfect. They can make poor decisions, sleep on the job, steal company property, or maybe even injure someone.

Fire

Fire prevention should be performed to make sure that employees are trained and know how to prevent fires from occurring, as well as how to respond when they do. Fire detection systems are used to signal employees that there might be a problem. The two primary types of fire detection systems are

  • Heat A heat-activated sensor is triggered when a predetermined temperature is reached or when the temperature rises quickly.
  • Smoke A smoke-activated sensor can be powered by a photoelectric optical detector or by a radioactive smoke detection device. These work well as early warning devices.

Fire suppression addresses the means of extinguishing a fire. Not all fires are composed of the same combustible components. Fires are rated as to the types of materials that are burning. Details of types of fire and their suppression is listed below

Class Suppression Type
Class A Paper or wood fires should be suppressed with water or soda acid.
Class B Gasoline or oil fires should be suppressed by using CO2, soda acid, or Halon.
Class C Electronic or computer fires should be suppressed CO2 or Halon.
Class D Fires caused by combustible metals should be suppressed by applying dry powder or using special techniques.

Authentication Controls

Various authentication controls for physical access are

  • Passwords and pin numbers – Employee need to enter a pin number on a server room door to enter.
  • Tokens, smart cards, and magnetic strip cards to access controlled areas.
  • Biometrics – They scan fingerprint, retina or voice for providing access.

Measures that can be applied on a computer to restrict access are –

Computer Locks

Many modern PC cases include a “locking” feature. Usually this will be a socket on the front of the case that allows you to turn an included key to a locked or unlocked position. Case locks can help prevent someone from stealing your PC, or opening up the case and directly manipulating/stealing your hardware. They can also sometimes prevent someone from rebooting your computer from their own floppy or other hardware.

These case locks do different things according to the support in the motherboard and how the case is constructed. On many PC’s they make it so you have to break the case to get the case open. On some others, they will not let you plug in new keyboards or mice. Check your motherboard or case instructions for more information. This can sometimes be a very useful feature, even though the locks are usually very low-quality and can easily be defeated by attackers with locksmithing.

BIOS Security

The BIOS is the lowest level of software that configures or manipulates your x86-based hardware. LILO and other Linux boot methods access the BIOS to determine how to boot up your Linux machine. Other hardware that Linux runs on has similar software (Open Firmware on Macs and new Suns, Sun boot PROM, etc…). You can use your BIOS to prevent attackers from rebooting your machine and manipulating your Linux system.

Many PC BIOSs let you set a boot password. This doesn’t provide all that much security (the BIOS can be reset, or removed if someone can get into the case), but might be a good deterrent (i.e. it will take time and leave traces of tampering). Similarly, on S/Linux (Linux for SPARC(tm) processor machines), your EEPROM can be set to require a boot-up password. This might slow attackers down.

Boot Loader Security

The various Linux boot loaders also can have a boot password set. LILO, for example, has password and restricted settings; password requires password at boot time, whereas restricted requires a boot-time password only if you specify options

Go back to Tutorial

Basics and Need
Network Scanning and Enumeration

Get industry recognized certification – Contact us

keyboard_arrow_up
Open chat
Need help?
Hello 👋
Can we help you?