Physical Security

Administrative Access Controls

Restricting Work Areas

Visitor Control

Site Selection

  • Visibility — No sign
  • Locale considerations — check the neighborhood
  • Natural disasters
  • Transportation — Airport

Physical Security Controls — principle of defense in depth

  • perimeter of the data center
    • prevent unauthorized access to the facility
      • might allow controlled access during the day but be locked or closed at night
    • Mantraps
  • employee and visitor badging, 
  • guard dogs when deemed appropriate,
  • building lighting.

Technical Controls

The next group of physical security controls involves using computer hardware and software to protect facilities. The following are prominent technical controls:

  • Smart/dumb cards
    • payment (credit) card
    • the smart card has many purposes, including value for consumer purchases, medical identification, travel ticketing and identification, and building access control
  • Audit trails/access logs
    • In financial settings such as banks, audit trails enable examiners to trace or follow the history of a transaction through the institution
    • The user ID or name of the individual who performed the transaction
    • Where the transaction was performed (hopefully using a fixed terminal ID)
    • The time and date of the transaction
    • A description of the transaction—that is, what function the user performed and on what device
  • Intrusion detection — alarms alert security for unutilized attempts
    • Perimeter intrusion detectors
    • Motion detectors
    • Alarm Systems — ADT
  • Biometric access controls
    • standard forms of authentication such as fixed passwords and PINs
    • Fingerprints
      • Multiple images of the individual’s fingerprint are taken
      • images are computed as coordinate (XY) points and are catalogued in a database.
      • Each sample is scored based on the number and quality of coordinate values. The image with the highest (best sample) score becomes the “template” for the individual. When a user wants to authenticate, an algorithm is used to process the template stored in the database against the minutiae of the sample fingerprint. 
  • Environmental/Life Safety Controls
    • Power (electrical, diesel)
      • DRP
      • Power Backup
    • Fire detection and suppression
      • Fire types
        • common combustibles, wood, paper, …
        • liquids, petroleum products, …
        • Electrical
        • combustible metal (fuel, such as magnesium).
      • Fire detectors
        • Heat-sensing
        • Flame detectors — infrared energy or the pulsation of the flame
        • Smoke detectors — photoelectric sensors
      • Fire-extinguishing systems
    • Heating, ventilation, and air conditioning (HVAC)
      • (HVAC) must be stopped immediately to prevent the flow of oxygen
      • water-sprinkler system
        • wet pipe — hold water in the pipe
        • dry pipe — just ready, not holding
        • Deluge — Dry with a tanker
        • Preaction — combine both dry and wet with tanker
        • Gas-discharge