CompTIA Security+ SYO-401

Certification Training
9051 Learners
View Course Now!
33 Chapters +

Compare and Contrast Physical Security and Environmental Controls Tutorial

1 Compare and Contrast Physical Security and Environmental Controls

Every day we deal with large amounts of data, in our office and outside. But, the data is at constant risk in the form of virus attacks, hackers, and so on. This necessitates for data protection. In this lesson, we will see different security measures or controls to protect your data, and other essentials. Now, let’s move to the next screen to know the objectives covered in this lesson. After completing this lesson, you will be able to: • Comprehend Environmental Controls • Describe Recovery and Reconstitution Procedures • Describe Physical Security • Define the types of Physical Security Locks • Outline the general security measures • Differentiate different Control Types Before you compare and contrast physical security and environmental controls, you need to understand them thoroughly. Physical security is a primary form of protecting your environment. A parameter breach is as bad as a firewall breach. Hence, it is important to constantly review physical security controls, and compare and implement it as part of the IT infrastructure. Some of the physical security controls are also environmental controls. You must control or at least react to known environmental issues and situations to keep your system from going into down state.

2 Environmental Controls

In this topic, you will learn about the Environmental Controls. Environmental controls are a form of physical security. They are usually implemented while designing a network. The factors to be considered when deciding different environmental controls are: • Temperature and humidity • Airborne dust and debris • Vibrations • Food and drink near sensitive equipment • Strong magnetic fields • Electromagnetic fields and Radio Frequency Interference or RFI • Conditioning the power supply • Static electricity • Accurate fire detection and suppression We will highlight different technologies and techniques to secure the environment and physical space of your infrastructure. Heating, Ventilating, and Air Conditioning or HVAC management is extremely important in an electronic environment like IT. The most important factors are temperature and humidity. In a task-oriented server room, temperature should be maintained at a chosen point to support optimal system operation. In an organization, the preferred optimal temperature level is always in the mid-60s. High humidity may lead to corrosion, and low humidity leads to static discharge. Ideally, humidity levels should always be in the range of 40 to 60 percent. This means, when the temperature is as low as 55 degrees Fahrenheit, the humidity is 40 percent, and when the temperature shoots up to low 80s, the humidity percentage is less than 65. There are several standards to be met to ensure security of equipment in case of a fire. Overheating equipment or poor electrical wiring can cause fire. Facilities need to install an appropriate fire suppression technique that starts sprinkling water when it detects smoke or fire. This would prevent the damage of equipment in the facility. Another form of fire suppression are the gas-discharge systems that remove oxygen from the air. These should be used in confined environments such as server rooms to protect the equipment from damage. Additionally, there are other chemical extinguishers implemented to prevent any harm to electronic items. It is always advisable to use gas-discharge based fire suppression, but they can be harmful to people. In such cases, you use water suppression systems, which should be equipped with safety measures to turn-off water sprinklers in the event of a false alarm. EMI shielding is an electromagnetic interference shielding that is important for network communication and power distribution cables. These cables should run in separate conduits, and remain isolated and shielded from each other. Because, magnetic fields produced by power generating devices such as motors or engines can hinder data transmissions. To avoid this problem, use shielded network cables or run them through shielding pipes. This helps in preventing physical tapping of electrical signals distributed over the wire. Hot and Cold Aisles are used to maintain optimal temperatures in larger server farms. The rack servers are arranged in rows, and in this system, the airflow system is created to pull-out the hot and rising air using air-intake vents on the ceiling, and the cold air is pushed into alternate aisles through vents in the ceiling or floor. This results in an air circulation pattern that improves the cooling process. This is the process of monitoring and measuring the quality of environment within the facility. As an Administrator, you need to set thresholds for temperature and humidity. If these thresholds are broken, the system should send warning alerts. Such systems also possess the capability to measure dust, smoke, and other particles in the air. Some of the advanced monitoring systems include radiological, biological, chemical, and microbiological detectors.

3 Physical Security

In this topic, you will learn about Physical Security. Physical security is the ignored aspect of security, but a vital one considering the security measures. As a Security Administrator, you need to focus on reducing unauthorized access to data and devices within your network. Also, secure these sensitive resources in all possible ways. This can be accomplished using various mechanisms including prevention, deterrence, and detection. If you want to confirm the accurate physical security, you need to design the layout of your physical environment. This would help you allocate equipment to secured locations, which can be controlled and thoroughly monitored. With strong physical security, you can identify some computers and networks that are important or mission-critical. Physical security includes things like fences and cameras. Servers and mission-critical equipment should be separated and positioned in dedicated equipment rooms with additional security. While managing such equipment rooms, it is important to adhere to the following physical fundamental rules. • No Windows • No Drop Ceiling • Should remain locked at all times • Authorization is mandatory for anyone entering the room • Should be monitored at all times • Regular audit of entries and access is mandatory Physical barriers or separation should be placed in each part of the building to avoid attack on sensitive information. This should start with the building with fences. Also concrete barriers should be installed in the parking lot. Next install cameras and position security guards with an access control list to restrict unauthorized entry, or lay a mantrap to prevent piggybacking. Then, install a biometrics authentication system or any other access solution to enter secured rooms and devices with physical locks. We will discuss further how to accurately secure your infrastructure, and the key aspects and elements, including used technologies.

4 Types of Physical Security Locks

In this topic, you will learn the different types of Physical Security Locks. Till now we focused on the barriers used to protect your environment. Now, how would an authorized user pass these security measures? The answer is: You can use secured unlock pattern that allows only authorized people to access the premises. Doors and gates should always have some unlock pattern that would help people gain access to the desired environment. The common example of this security measure is lock and key, where only authorized users possess the keys. When you choose locks, first ensure they are resistant to lock picking and other forms of criminal entry. The doors are often linked to retinal or biometric scan, which unlocks the door only to an authorized user. Some locks have token or card keys that scan to authenticate the user. These cards come with Electronic Access Controls or EAC system, which is a door locking and access system that uses an electromagnet to open and close the door. It accepts access credentials and sensor to ensure the door re-closes within a reasonable timeframe. A mantrap is a form of high-security entrance device. There are some high security environments that employ mantraps to secure the most sensitive, dangerous, or valuable areas of the facility. Mantraps consists of two doors. The first door opens from outside, and the second with an access lock. Let’s now see the functioning of Mantraps: • As soon as a user enters the mantrap, both doors are locked. • Now the user must authenticate to unlock the inner door to gain entry. • In case the authentication fails, the system alerts and notifies the security officers. • In such case, the intruder is detained in the mantrap. How often have you observed an employee opening the door for someone unauthorized to enter the room? Or as you enter the room, and before the electromagnetic door automatically shuts, someone enters the room without swiping the access card. This action is referred as piggybacking. Piggybacking is when one person authenticates, or opens a door, and lets another person enter without being subject to any system authentication. You need to take care of two important things while letting others in. First, the other person is authenticated by the installed system. Second, no unauthorized person takes advantage of your kind act. This can be prevented by training all employees on the security aspect of this action. Some systems use Electronic Access Controls such as card keys or biometric devices to authenticate users. Alternately, security guards with actual access lists determine who can pass or who cannot. Even this will help prevent piggybacking. Additionally, mantraps often have scales and other technologies to prevent piggy backing. Video surveillance is often known as closed circuit television or CCTV. Security cameras are meant to prevent criminal or malicious acts by recording activities for auditing purposes. Thus, they fall under the category of detective and limiting control types. CCTVs should be positioned to keep an eye on entrances of buildings or secure area. Video cameras can be combined with security guards for live monitoring. Moreover, these cameras are used to monitor activities, and other valuable assets and resources. Modern surveillance enables you to save the recordings in a DVD located in a remote location, so they cannot be compromised or tampered at the site. Moreover, you can place dummy cameras that may act as a deterrent for the attackers, but this is definitely not a recommended security measure.

5 Fencing

The term fence means a limitation or boundary within the given area. Fences are used to differentiate the areas under a specific level of security or protection, and the ones that are out of it. For example, we see line of control or borders between two countries. Fences can be of different types. Stripes painted on the ground, chain-link fences, barbed wire, concrete walls, invisible perimeters that use laser, motion, and heat detectors. While implementing fencing as a physical security measure, it is recommended to consider the following information. • 3 to 4 feet high fences deter casual trespassers. • 6 to 7 feet high fences are too hard to climb, and easily deter most intruders except the determined ones. • Fences that are beyond 8 feet height possess three strands of barbed wire that can deter almost anyone. Moreover, a fence also has a gate. It is termed as a controlled access point to the limited facility within a fence. The number of gates should be kept to exactly what is needed to sustain the effectiveness of the fence. Gates should be additionally reinforced with guards, dogs, or electronic monitoring systems for additional protection. Proximity readers can be used to control ones’ physical access to the building or a device. For example, in a mobile store, the displayed mobiles are attached to a holder connected by a wire. If you remove a device from its holder, and try to take the mobile out, a siren starts. This is a perfect example of proximity reader. Some proximity readers consist of transponders to send information to facilitate access. For instance, when you try and authenticate access to a building, a proximity reader may give information to the security system to allow entry to the building or to deny access. A security guard at the entry gate serves as a preventive measure to intruders, and provides a form of physical barrier. Another thing to avoid trespassing is to permit the security guard to cross check the allowed people with an access list. Once the security guard authenticates a user or individual based on the credentials in the list, they are allowed to enter the facility. Access lists are also built into biometrics and other devices. A list of people who are authorized can be compared against the credentials, and the device or system will determine whether or not to facilitate access. Access lists are connected to various other technologies to improve security. They can be tied to proximity readers and smart cards, or devices that allow users to authenticate electronically. If the access list is not followed strictly, it becomes useless. This is the major disadvantage of using security guards. If the guard misses to authenticate a user, the access list no longer acts as a security control. Lighting may be used as a security control. Darker areas that are harder to see or are located far away from the main activity such as, deep parking lots, or an empty football ground should have appropriate lighting. This enables at least to keep an eye on an activity taking place in such areas. Lighting can also be used as a deterrent to malicious people who would not want to take risk by being easily seen. But, this should not be the only security measure or physical control, and should be used with cameras, security guards, and other forms of intrusion controls.

6 General Security Measures

In this topic, you will learn the general security measures. Signs are used to openly display areas that are prohibited or not authorized. They can be used to indicate that security cameras are in use, and disclose safety warnings necessary for the environment. Guards combined with other security controls can be used to strengthen security, act as deterrents, detect intrusion, and stop unauthorized or malicious activity. Moreover, guards should be positioned to effectively monitor the sensitive areas, and quickly reach to secure those areas. However, security guards have limitations as they rely on the human abilities. Guards cannot be a perfect solution, as they are sometimes ill, can go on a vacation, may get distracted, and are vulnerable to social engineering. Additionally, security guards usually offer protection only up to the point at which their life is safe. Hiring guards should involve screening, intensive training, and bonding to ensure and secure their role as a security control. Security guards are often expensive. Barricades are used to control crowds and vehicles, and can be cone-shaped or K-Rails. These are seen on the street to stop traffic from passing through to the opposite side. Other examples include large planters, zigzag queues, bollards, and tire shredders. These should only serve as a deterrent, and should not be used as an ultimate security solution. Protective Distribution Systems or PDS are the means by which cables are protected against unauthorized access or harmful attacks. These include sealing cables in channels or ducts, and regularly reviewing the state of cables and wires within the network. Moreover, cabling can be combined with the interruption and compromise detection systems within your network.

7 Alarms

Alarms come in varieties. IDS and IPS are systems designed to detect intrusions and raise an alarm. These are digital alarms that notify the administrator of a network intrusion. Any sort of intrusion detection system is only effective when it works along with an intrusion alarm. An alarm notifies the authorities about a breach in physical security. Two things causes intrusion detection and alarms to fail: Power and Communications. If the device that communicates with the administrator or authorities does not function, the alarm cannot be triggered. Also, if there is no power for the device to detect intrusion, the alarm can’t be triggered. Thus, a reliable detection and alarm system includes a heartbeat sensor for line supervision. It is a device by which the communication pathway is either constantly or periodically checked using a test signal. Now let’s see some commonly used alarm types. • Deterrent Alarms: These alarms assist deterrents, and increase security by adding additional locks, or automatically shutting doors. Anything that makes a detected intrusion difficult can be referred to as deterrent alarms. • Repellant Alarms: These are usually the ones that trigger a siren or an audible bell, or turn the lights on, or otherwise draw attention to the intrusion activity. Such alarms intend to create panic among the attackers, and to prevent their progress. • Notification Alarms: These alarms silently notify the authorities of an existing intrusion. Moreover, you can attach recording devices or systems that create and manage log files to notification alarms. • Local Alarm Systems: These alarm systems broadcast an audible alarm signal that can easily be heard up to 400 feet away. It is recommended to couple these systems with failovers and safety measures to avoid tampering. • Central Station Systems: These alarms operate silently, and are used to notify authorities or an offsite agency or group that can respond to the incident. • Auxiliary Station Systems: An organization’s alarm systems can be added to either local or centralized alarm systems. When the security perimeter is breached, emergency personnel or agencies are notified to respond. This includes fire, police, and medical services. Motion detectors react in one way or other to unexpected motion during particular times. There are many types of motion detectors that include infrared, heat wave pattern, capacitance, photoelectric, and passive audio. A brief working pattern of motion detectors is given below. • An infrared motion detector will look for a difference in the infrared lighting in specific area. • A heat-based system will check for changes in the heat levels. • A wave-pattern system transmits a consistent ultrasonic high-frequency wave signal. If there are changes in this pattern, it will sound an alarm. • A capacitance motion detector senses changes in the electrical or magnetic field surrounding a monitored object. • In a monitored area, a photo-electric motion detects changes in senses in the visible light levels. This is usually deployed in dark rooms. • Passive audio detectors listen for abnormal sounds. A suitable motion detector for your environment may not work with someone else. So, it is essential for you to compare the needs of your environment, and accordingly set up the motion detectors within your network.

8 Different Control Types

In this topic, you will learn about the different Control Types. Controls are used to spot risks of all nature. An ideal method of prevention is to stop the risk or its possibility right at the beginning. However, this is not always possible. So, controls can be set to mitigate and minimize risk, its impact, and the overall damage or interruption to the systems or network. In this topic, we will review the different control types, and compare their importance with respect to physical and network security. The deterrent access control is discourages the violation of security, and this control type is similar to the preventative type. Deterrents depend on the individual deciding not to perform a malicious act, rather than the implemented preventative control. For Example: Policies, Awareness Training, Locks, Fences, Security badges, Guards, Mantraps, and Security Cameras. The preventative access controls are deployed to stop unwanted activity. These react to unauthorized access or users to stop the attempted intrusion or incident. Common examples of physical preventative access controls include: Security Cameras, Penetration Testing, Biometrics, Locks, Fences, Mantraps, Lighting, Alarm Systems, Encryption, Auditing, Smart Cards, Policies, Awareness Training, AV Software, Firewalls, and IPS. The detective access control is deployed to discover or detect an unauthorized activity, usually after occurrence. This is a reactive control type, and some of the key examples include, CCTV, Job Rotation, Mandatory Vacation, Audits, Honeypots, IDS, Supervision and User Reviews, and Incident Investigations. This type of control is generally deployed to provide additional security options to the existing controls. An example for this is protection of data in transit. Further, Corrective, Recovery, and Directive, are the other categories of this control type. Corrective access controls are used to modify the environment, and ensure that systems return to normal after an unwanted or an unauthorized activity. As the name suggests, it is a control that corrects any issues that has been occurred because of the unwanted activity. Moreover, it helps in terminating malicious act, and rebooting the system. The Corrective Access Control provides solutions such as removing or quarantining viruses, and creating a backup plan to restore lost data. Recovery controls are an extension of corrective controls, but have more advanced or complex abilities. Some of the systems or devices that fall under this type include: backups and restoration devices, fault-tolerant drive systems, system imaging, server clustering, antivirus software, database, and shadowing virtual machines. The directive access control is implemented to direct, confine, or control actions of users to force or encourage agreement with security policies. The examples of this type include: security policy requirements or criteria, posted notifications, escape route exit signs, monitoring, supervision, and procedures. Technical or logical access control involves the hardware or software mechanism to provide protection for resources. It uses technology to implement these controls. Some of the examples of this type include: Encryption, ACL, Protocols, Firewalls, Routers, IDS, Biometrics, Smartcards, and Passwords. Administrative access controls are the policies and procedures defined by an organization’s security policy or the agreement regulations. They are sometimes referred to as management controls. Some of its key examples include: policies, procedures, hiring practices, background checks, data classifications and labeling, security awareness, training efforts, vacation history, reports and reviews, work supervision, personnel controls, and testing. Physical access controls are items you can physically touch. Most of the mentioned controls are physical mechanisms. However, administrative controls are not usually physical controls. Some of its key examples include: guards, fences, motion detectors, locked doors, sealed windows, lights, cable protection, laptop locks, badges, swipe cards, guard dogs, video cameras, mantraps, and alarms.

10 Summary

Let’s summarize the topics covered in this lesson. • Environmental controls are a form of physical security, and they are usually implemented while designing a network. • Humidity levels in the office should always be between 40 to 60 percent. • Hot and Cold Aisles are used to maintain optimal temperatures in larger server farms. • Confidential security environments generally employ mantraps as means to secure the most sensitive, dangerous, or valuable areas of a facility. • Piggybacking means when a person authenticates or opens a door, and lets another person enter without any system authentication. • Deterrent, Repellant, Notification, Local Alarm Systems, Central Station Systems, and Auxiliary Station Systems are some of the key alarm types. • Controls can be set to mitigate and minimize risk, its impact, and overall damage or interruption to the systems or network. With this, we conclude the lesson, ‘Compare and Contrast Physical Security and Environmental Controls.’

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Phone Number*
Job Title*