Objectives:
- 1.2 - Summarize fundamental security concepts
- 2.4 - Analyze indicators of malicious activity
- Physical Security
- Security Controls
- Brute Force Attacks
- Surveillance Systems
- Security Guards
- Lighting
- Fencing and Bollards
- Attacking with Brute Force
- Surveillance Systems
- Access Control Vestibules
- Door Locks
- Access Badge Cloning
Measures to protect tangible assets (buildings, equipment, people) from harm or unauthorized access.
Measures to protect tangible assets (buildings, equipment, people) from harm or unauthorized access.
Barriers made of posts and wire or boards to enclose or separate areas.
- Bollards: Short, sturdy vertical posts controlling or preventing vehicle access.
- Fences: Barriers made of posts and wire or boards to enclose or separate areas.
Forcible entry, tampering with security devices, confronting security personnel, ramming a barrier with a vehicle.
An organized strategy to observe and report activities. Components: Video surveillance.
- Sensors
- Access Control Vestibules
- Double-door system electronically controlled to allow only one door open at a time.
- Prevents piggybacking and tailgating.
- Door Locks: Padlocks, Pin and tumbler locks, Numeric locks, Wireless locks, Biometric locks, Cipher locks, Electronic access control systems
- Access Badges
- Use of Radio Frequency Identification (RFID) or Near Field Communication (NFC) for access.
Primitive tools employed to safeguard assets and people.
Structure that encloses an area using interconnected panels or posts.
- Provides a visual deterrent by defining a boundary that should not be violated by unauthorized personnel.
- Establishes a physical barrier against unauthorized entry.
- Effectively delays intruders, providing security personnel with a longer reaction time.
Robust, short vertical posts, typically made of steel or concrete, designed to manage or redirect vehicular traffic.
- Fencing is adaptable and suited for safeguarding large perimeters.
- Bollards counter vehicular threats in a specific area.
Brute Force: Type of attack where access to a system is gained by simply trying all of the possibilities until you break through. In terms of physical security, brute force focuses on the following:
Forcible Entry: Act of gaining unauthorized access to a space by physically breaking or bypassing its barriers, such as windows, doors, or fences. Use high-strength doors with deadbolt locks, metal frames, or a solid core.
Tampering with security devices: Involves manipulating security devices to create new vulnerabilities that can be exploited. To protect against tampering with security devices, have redundancy in physical security measures.
Confronting security personnel: Involves the direct confrontation or attack of your organization's security personnel. Security personnel should undergo rigorous conflict resolution and self-defense training to mitigate risks.
Ramming barriers with vehicles: Uses a car, truck, or other motorized vehicle to ram into the organization's physical security barriers, such as a fence, a gate, or even the side of your building. Install bollards or reinforced barriers to prevent vehicles from driving into your facilities.
Surveillance System: Organized strategy or setup designed to observe and report activities in a given area. Surveillance is often comprised of four main categories:
Video Surveillance: Can include motion detection, night vision, and facial recognition. Provides real-time visual feedback. A wired solution security camera is physically cabled from the device back to the central monitoring station. A wireless solution relies on Wi-Fi to send its signal back to the central monitoring station.
Pan-Tilt-Zoom (PTZ) System: Can move the camera or its angle to better detect issues during an intrusion. Best places to have cameras: data center, telecommunications closets, entrance or exit areas. Cameras should be configured to record what they’re observing.
Security Guards: Flexible and adaptable forms of surveillance that organizations use. Helps to reassure your staff or your customers that they are safe.
Lighting: Proper lighting is crucial for conducting effective surveillance using both video and security guards. If you create well-lit areas, this can deter criminals, reduce shadows and hiding spots, and enhance the quality of your video recordings.
Sensors: Devices that detect and respond to external stimuli or changes in the environment. There are four categories of sensors:
Infrared Sensors: Detect changes in infrared radiation that is often emitted by warm bodies like humans or animals.
Pressure Sensors: Activated whenever a specified minimum amount of weight is detected on the sensor that is embedded into the floor or a mat.
Microwave Sensors: Detect movement in an area by emitting microwave pulses and measuring their reflection off moving objects.
Ultrasonic Sensors: Measure the reflection of ultrasonic waves off moving objects.
Different methods used by attackers to bypass your organization's surveillance systems.
Blocking the camera’s line of sight.
- Spraying paint or foam onto the camera lens.
- Placing a sticker or tape over the lens.
- Positioning objects like balloons or umbrellas in front of the camera to block its view.
Overwhelming the sensor or camera with a sudden burst of light to render it ineffective for a limited period of time.
Jamming or playing loud music to disrupt the microphone’s functionality.
Involves jamming the signals that surveillance system relies on to monitor the environment.
Exploit the environment around the surveillance equipment to compromise their functionality.
- Physical tampering, like cutting wires or physically disabling devices, is an effective strategy to bypass surveillance systems.
- Modern systems are equipped with countermeasures to help protect surveillance systems.
Double-door system that is designed with two doors that are electronically controlled to ensure that only one door can be open at a given time. These access control vestibules can also help prevent piggybacking and tailgating.
Involves two people working together with one person who has legitimate access intentionally allows another person who doesn't have proper authorization to enter a secure area with them.
Occurs whenever an unauthorized person closely follows someone through the access control vestibule who has legitimate access into the secure space without their knowledge or consent. The key difference between Piggybacking and Tailgating:
- Piggybacking uses social engineering to gain consent of the person with legitimate access.
- Tailgating doesn’t use or obtain the consent of the person with legitimate access.
- Access control vestibules are usually integrated with electronic badges and operated by a security guard at the entrance to a secure facility or office building.
- Badges contain RFID (Radio-Frequency Identification), NFC (Near-field Communication), Magnetic strips.
- Security guards are often at access control vestibules because they provide visual deterrent, assistance, check identity, and response.
Door Locks: Critical physical security control measure designed to restrict and regulate access to specific spaces or properties, preventing unauthorized intrusions and safeguarding sensitive data and individuals.
- Types of Door Locks:
- Traditional Padlocks: Easily defeated and offer minimal protection.
- Basic Door Locks: Vulnerable to simple techniques like lock picking.
- Modern Electronic Door Locks:
- Utilize various authentication methods for enhanced security.
- Authentication Methods:
- Identification Numbers: Require entry of a unique code, providing a balance of security and convenience.
- Wireless Signals: Utilize technologies like NFC, Wi-Fi, Bluetooth, or RFID for unlocking.
- Biometrics: Rely on physical characteristics like fingerprints, retinal scans, or facial recognition for authentication.
- Biometric Challenges:
- False Acceptance Rate (FAR): Occurs when the system erroneously authenticates an unauthorized user. Lower FAR by increasing scanner sensitivity.
- False Rejection Rate (FRR): Denies access to an authorized user. Adjusting sensitivity can increase FRR.
- Crossover Error Rate (CER): A balance between FAR and FRR for optimal authentication effectiveness.
- Authentication Methods:
- Some electronic door locks use multiple factors, such as an identification number and fingerprint, to increase security.
- Cipher Locks:
- Mechanical locks with numbered push buttons, requiring a correct combination to open. Commonly used in high-security areas like server rooms.
- Secure entry areas in office buildings, often using electronic access systems with badges and PINs for authentication.
- Radio Frequency Identification (RFID) and Near Field Communication (NFC) are popular technologies used for contactless authentication in various applications.
- Access Badge Cloning: Copying the data from an RFID or NFC card or badge onto another card or device.
- How does an attacker clone an access badge?
- Step 1: Scanning: Scanning or reading the targeted individual’s access badge.
- Step 2: Data Extraction: Attackers extract the relevant authentication credentials from the card, such as a unique identifier or a set of encrypted data.
- Step 3: Writing to a new card or device: Attacker will then transfer the extracted data onto a blank RFID or NFC card or another compatible device.
- Step 4: Using the cloned access badge: Attackers gain unauthorized access to buildings, computer systems, or even make payments using a cloned NFC-enabled credit card.
- Access badge cloning is common because of its:
- Ease of execution.
- Ability to be stealthy when conducting the attack.
- Potentially widespread use in compromising physical security.
- How can you stop access badge cloning?
- Implement advanced encryption in your card-based authentication systems.
- Implement Multi-Factor Authentication (MFA).
- Regularly update your security protocols.
- Educate your users.
- Implement the use of shielded wallets or sleeves with your RFID access badges.
- Monitor and audit your access logs.