Physical Security

Physical Security Controls

Functional Order of Security Controls

Stage	Purpose	Example
⬇️ Deterrence	Discourage unwanted behavior. Not designed to block, just deter	Security warning signs
⬇️ Denial	Block unwanted behavior or access	Locked doors
⬇️ Detection	Identify breaches that activate when denial measures fail	Motion sensors
⏳ Delay	Slow down intruders, allowing for response	20-minute drill safe.

Three Groups of Physical Security

Control Type	Examples
Administrative: Focused on policies and procedures.	Facility construction and selection; Site management; Personnel controls; Awareness training; Emergency response and procedure
Logical (Technical): Deals with technological methods to enforce security.	Access controls; Intrusion detection systems; Alarms
Physical: Tangible methods to prevent unauthorized access.	Fencing; Lighting; Locks; Construction materials; Mantraps; Guard dogs; Bollards; Security guards

There is no security without physical security. Without control over the physical environment, no state-of-the-art detection prevention can protect itself from the $10 hammer attack.

Fencing Specifications

Objective	Imperial	Metric
Deter casual trespasser	3-4 feet	0.9-1.2 m
Challenging to climb	6-7 feet	1.8-2.1 m
Deter dedicated intruders	8 feet + barbed wire	2.4 m + barbed wire

PIDAS (Perimeter Intrusion Detection and Assessment System) can detect fence-climbers, but it is expensive and may detect false positives. A fence is a Deterrent & Denial, PIDAS would be Detection.

Temperature & Humidity

Specification	Value
Ideal Temperature	60-75°F (15-23°C)
Damage Threshold	175°F (general devices) / 100°F (storage devices)
Ideal Humidity	40-60%

Extremely low humidity, even on non-static carpets, can generate a massive 20,000-volt static discharge.

Electrical Impacts

Term	Description	Example
~~Blackout~~Spike	~~Extended~~Short-duration ~~loss of power~~	~~Power outage during a storm~~
~~Brownout~~	~~Sustained low~~high voltage	~~Voltage~~Lightning ~~drops due to grid overload~~
~~Fault~~	~~Brief loss of power~~	~~Disruption due to tripped breaker~~strike
Surge	Extended high voltage	Malfunctioning transformer
~~Spike~~	~~Brief high voltage~~	~~Lightning strike~~
Sag	Short-duration low voltage	Heavy equipment startup
Brownout	Extended low voltage	Voltage drops due to grid overload
Fault	Short-duration loss of power	Disruption due to tripped breaker
Blackout	Extended loss of power	Power outage during a storm

Power may not always be clean or consistent. Electronic devices require consistent, clean power to function & avoid damage. A UPS (Uninterruptible Power Supply) can ensure clean power, and provide backup during power outages.

Power loss that happen inside the power meter is our responsibility, not the power company's. As a Manager, it's always an option to call in an expert, especially when human safety could be a factor such as high-voltage electricity.

Lighting Specifications

While

youdon'twanttheyoursecuritypersonnelyoutheilluminationshould

to ~~Specification~~ highlight	position ~~Value~~ of
or ~~Height~~ animals,	do want to clearly illuminate the boundaries of your secured area, like fences or walls. By doing this, you reduce hiding spots for potential intruders and make any breach attempts more noticeable. A foot-candle is a measure of light intensity and represents the amount of light thrown onto a surface. At minimum, implement a height of 8 feet ,
be ~~Illumination~~	2 foot-candles. This ensures that there's a consistent, sufficiently bright level of lighting to identify potential threats, recognize faces, or detect movement, without being overly bright to the point of causing glare or other visual problems for security personnel.

Fire Classification and Suppression Agents

~~Fire~~ Class	Type	Description	Suppression Material	Additional Notes
A	ASH	Fires involving common combustibles such as wood, paper, etc.	Water or soda acid	Most common ~~type of~~ fire. Soda acid: a mixture of sodium bicarbonate and sulfuric acid.
B	BOIL	Fires involving alcohol, oil, and other petroleum products.	Gas or soda acid	Never use water; it can spread the flammable liquid and worsen the fire.
C	CONDUCTIVE	Electrical fires fed by electricity, possibly occurring in equipment or wiring.	Non-conductive gases	Fire can transition to another class if electricity source is shut off.
D	DILITHIUM	Fires involving burning metals.	Dry powder	Less commonly known and can be hazardous if not properly addressed.
K	KITCHEN	Fires in kitchens, often involving burning oil or grease.	Wet chemicals	Not everyone knows that water will make the fire worse.

Fire extinguishers are categorized based on the types of fires they are designed to extinguish. Using the wrong type of extinguisher can be ineffective or even dangerous!

Fire Detection Systems

Detection Type	Description
Smoke Sensing	Detects the presence of smoke.
Flame Sensing	Recognizes the characteristics of flames.
Heat Sensing	Detects unusual increases in temperature.

Electromagnetic Interference (EMI):

Hot Wire (or Live Wire): This is the wire that carries the current from the power source to the device or appliance. It's usually at a voltage higher than ground, often designated by black or red insulation in North America.

Neutral Wire: This wire carries the current back from the device or appliance to the power source. It is at a potential close to the ground, so it provides a return path for the current. It is often designated by white or light gray insulation in North America.

Ground Wire (or Earth Wire): This is a safety wire that provides a direct path back to the ground in case of a fault, such as a short circuit. It helps protect users from electric shock and can prevent damage to appliances. It's usually designated by green or green-yellow insulation.

Electromagnetic Interference (EMI): It's the disruption of operation of an electronic device when it's in the vicinity of an electromagnetic field (EMF) in the radio frequency spectrum. It is caused by other electronic devices, equipment, and even the power lines themselves.

Common Mode Noise:Noise

This noise occurs when there are voltage fluctuations that appear simultaneously and in-phase on both the hot and neutral wires relative to the ground. This kind of noise can affect the performance of sensitive electronic equipment and even damage them if not managed.

When

there's

~~Generated by the~~a difference in power between the hot and ground wires ~~of a power source operating electrical equipment.~~

~~Also generated by the difference between~~or the hot and neutral ~~wires~~wires, ofit acan ~~power~~generate ~~source~~common ~~operating~~mode ~~electrical~~noise. ~~equipment.~~
This

why

grounding

systems and proper wiring are crucial. If grounding is not done properly, the potential for EMI increases.

Radio Frequency Interference (RFI):

subtype

of
~~This~~EMI, RFI specifically deals with interference in the radio frequency spectrum. As the name suggests, RFI is ~~generated~~caused by ~~electrical~~devices ~~appliances,~~emitting ~~light~~radio ~~sources,~~frequencies, ~~electrical~~which ~~cables,~~can ~~circuits,~~interfere with other devices operating on the same or adjacent frequencies.

Physical security pertains to this discussion because uncontrolled EMI or RFI can lead to malfunctions in security systems or other electronic devices. For instance, if a security system is experiencing interference, it may not function correctly, leading to potential vulnerabilities. Proper grounding, shielding, and sowiring ~~on.~~
practices

are

essential in minimizing EMI and ensuring the reliable operation of electronic systems, especially in critical applications like physical security.

Static Voltage and Possible Damages:

Static Voltage (V)	Possible Damage
40	Destruction of sensitive circuits and other components
1000	Scrambling of monitor displays
1500	Destruction of hard drive data
2000	Abrupt system shutdown
4000	Printer jam or component damage
17000	Permanent circuit damage

Damage from Fire and Fire Suppression:

Descriptive Elements of a Fire: Components of a fire are not just limited to the visually evident smoke and heat. The medium used for suppressing the fire, like water or soda acid, also plays a role in post-fire assessments and damage control.
Smoke: Particularly detrimental to storage devices. The residue can interfere with device operations and contaminate sensitive components.
Heat: Has the potential to damage any electronic or computer component, causing them to malfunction or fail altogether.
Suppression Mediums: While essential for dousing flames, these can have unintended consequences. Water can cause short circuits, while other mediums might instigate corrosion or render equipment inoperative.

We should address all the potential damage, but remember that the number one concern should always be human safety.

Water Suppression Systems

System Type	Key Features	Description	Ideal For
Preaction	- Closed sprinkler heads - Pipes with compressed air - Electrically operated valve	The system awaits two triggers: one for the detection system and another to activate the sprinkler.	Areas with both humans and computers
Wet Pipe	- Pipes filled with water - Activates at a predefined temperature	A traditional system where water is always ready to discharge.	Standard indoor environments
Dry Pipe	- Closed sprinkler heads - Pipes with compressed air - Valve controlled by air pressure	Water is released when the compressed air pressure drops.	Areas where water might freeze, e.g., parking garages
Deluge	- Open and large sprinkler heads - Empty pipes at normal air pressure - Controlled by a deluge valve	Designed to deliver a large quantity of water over a large area quickly.	High-hazard areas with rapid fire spread concerns

Water and electricity are a dangerous combination. Ensure power is cut off in the event of using water-based suppression systems near electrical equipment.

Gas Discharge Systems:

Effectiveness: Generally, gas discharge systems are more effective than water discharge systems for extinguishing fires.

Safety Concern: These systems function by removing oxygen from the environment. Hence, they should not be used in areas where people are present due to asphyxiation risks.

Halon:

Pros: Highly effective in suppressing fires.
Cons: Detrimental to the environment as it's ozone-depleting. Also, it becomes a toxic gas when heated to 900°F.

Given the environmental and health concerns of Halon, several replacements have been introduced:

FM-200 (HFC-227ea)	CEA-410 or CEA-308	NAF-S-III (HCFC Blend A)
FE-13 (HCFC-23)	Argon (IG55)	Argonite (IG01)
Inergen (IG421)	Aero-K

Lock Types

Remember what locks can be picked and which need to be bumped for the exam

Lock Type	Authentication Type	Details	Picking Vulnerability	Bumping Vulnerability	Photo
Electronic Combination Locks (Cipher Locks)	Something you know	Requires a known combination	Not applicable	Not applicable	[Insert Photo]
Key Card Systems	Something you have	Requires a physical card	Not applicable	Not applicable	[Insert Photo]
Biometric Systems	Something you are	Uses unique human characteristics	Not applicable	Not applicable	[Insert Photo]
Conventional Locks (Pin Tumbler)	Traditional lock and key	Easily picked/~~bumped~~bumped. World's most popular lock.	Vulnerable	Vulnerable	[Insert Photo]
Pick and Bump Resistant Locks	Enhanced traditional lock	Harder to pick	More resistant	Some are bump-resistant	[Insert Photo]
Tubular Locks	Traditional lock and key	Requires specialized pick	Vulnerable	Less common	[Insert Photo]
Wafer Locks	Traditional lock and key	Similar to pin tumblers	Vulnerable	Less common but possible	[Insert Photo]
Disc-detainer Locks	Traditional lock and key	Requires specialized disc-picking tools	Vulnerable	Not typically susceptible	[Insert Photo]
Sidebar & High-Security (e.g., Medeco)	Enhanced traditional lock	Complex designs	More resistant	Some are bump-resistant	[Insert Photo]
Electronic and Smart Locks	Electronic authentication	Might be vulnerable to electronic hacking	Not applicable	Not applicable	[Insert Photo]

"Picking" and "bumping" are both methods to compromise locks. ~~Picking involves using tools to manipulate the pins inside a lock, while bumping~~Bumping involves inserting a specially-cut key into the lock and tapping it to force the pins to jump, allowing the lock to turn. Not all locks are vulnerable to both methods.

For the exam:

Know the different physical controls related to entry

Mantrap, Bollard, list others as a table that will come up on CISSP as a table if necessary

Site Selection and Facility Design Steps

Site selection Generally you want to

Site ~~Selection:~~
Selection
- Should be based on the security needs of the organization, with cost scaled appropriately.

Location
- What types of natural disasters are around the area?
- Visibility matters: assess the surrounding area, businesses and types of traffic they attract, accessibility, and natural disaster risks.

Visibility
- Assess the surrounding area, accessibility, and natural disaster risks.
- Be cautious about potential hazards: e.g., flooding orthe ~~bad~~basement ~~neighborhood~~server ~~locations.~~room if we are near a valley.
- What is around the area? Scoping out other businesses around and people around the area and attention it might draw.
Facility ~~Design:~~Design
- Prioritize security requirements over cost and location.
- Determine security needs before construction.
  - Know how to design and configure secure work areas
    - Unequal access: High-value areas should have restricted access.
    - Confidential assets: at the heart or center of protection.
    - Central servers/computers don't need to be human compatible for but should still be safe.
    - Possible considerations: using bollards if ram raiding is a concern.
    - ~~Design~~
    ~~secure workspaces.~~
  - ~~Unequal~~
  ~~access: High-value areas should have restricted access.~~
- ~~Place valuable and confidential assets at the heart or center of protection.~~
- ~~Central servers/computers should prioritize security. Although human-compatible, prioritize safety measures, especially for fire suppression.~~

Physical Access Control Threats

Access controls should be complemented with security guards or monitoring systems.
Beware of abuses such as:
- Propping open secured doors.
- Bypassing locks or controls.
- ~~Masquerading:~~Masquerading: using someone else's ID for access (e.g., contractors).
- ~~Piggybacking:~~Piggybacking: following someone through secured access without proper authorization.

Wiring Closet Security

Central connection point for networking cables to equipment like patch panels, switches, and routers.
Main focus: Prevent unauthorized physical access.
Risks include theft, damage, or introducing eavesdropping devices. Software protections won't deter physical threats.

Visitor Protocols

For restricted areas, establish clear visitor protocols.
Typically assign an escort and monitor visitors closely.
Track visitor actions to prevent malicious activity.

Media Storage

Purpose: securely store blank, reusable, and installation media.
Concerns: theft, data corruption, unintended data recovery.
Protections:
- Locked cabinets/safes.
- Designated librarian or custodian.
- Check-in/out processes.
- Media sanitization.

Evidence Storage

Use for retaining logs, drive images, snapshots for recovery, and investigations.
Concerns: theft, unauthorized access.
Protections:
- Locked storage.
- Isolated storage facilities.
- Offline storage.
- Access restrictions & activity tracking.
- Data hashing & encryption.

Audit Trails & Access Logs

Tools for overseeing physical access control.
Can be created manually (security guards) or automatically (smartcards/readers).
CCTV can verify access logs; e.g., matching sign-in logs with visual records.
Critical for post-incident reconstruction to understand the event sequence.