CS406: Information Security

Physical controls support and work with administrative and technical (logical) controls to supply the right degree of access control.

Physical Control Components

Network Segregation

• Network segregation can be carried out through physical and logical means. A section of the network may contain web servers, routers, and switches, and yet another network portion may have employee workstations.
• Each area would have the necessary physical controls to ensure that only the permitted individuals have access into and out of those sections.

Perimeter Security

• The implementation of perimeter security depends upon the company and the security requirements of that environment.
• One environment may require employees to be authorized by a security guard by showing a security badge that contains picture identification before being allowed to enter a section. Another environment may require no authentication process and let anyone and everyone into different sections.
• Perimeter security can also encompass closed-circuit TVs that scan the parking lots and waiting areas, fences surrounding a building, lighting of walkways and parking areas, motion detectors, sensors, alarms, and the location and visual appearance of a building. These are examples of perimeter security mechanisms that provide physical access control by providing protection for individuals, facilities, and the components within facilities.

Computer Controls

• Each computer can have physical controls installed and configured, such as locks on the cover so that the internal parts cannot be stolen, the removal of the floppy and CD-ROM drives to prevent copying of confidential information, or implementation of a protection device that reduces the electrical emissions to thwart attempts to gather information through airwaves.

Work Area Separation

• Some environments might dictate that only particular individuals can access certain areas of the facility.

Data Backups

• Backing up data is a physical control to ensure that information can still be accessed after an emergency or a disruption of the network or a system.

Cabling

• There are different types of cabling that can be used to carry information throughout a network.
• Some cable types have sheaths that protect the data from being affected by the electrical interference of other devices that emit electrical signals.
• Some types of cable have protection material around each individual wire to ensure that there is no crosstalk between the different wires.
• All cables need to be routed throughout the facility in a manner that is not in people’s way or that could be exposed to any danger of being cut, burnt, crimped, or eavesdropped upon.

Control Zone

• It is a specific area that surrounds and protects network devices that emit electrical signals. These electrical signals can travel a certain distance and can be contained by a specially made material, which is used to construct the control zone.
• The control zone is used to resist penetration attempts and disallow sensitive information to “escape” through the airwaves.
• A control zone is used to ensure that confidential information is contained and to hinder intruders from accessing information through the airwaves.
• Companies that have very sensitive information would likely protect that information by creating control zones around the systems that are processing that information

Examples of Physical Control

• Fences
• Locks
• Badge system
• Security guard
• Biometric system
• Mantrap doors
• Lighting
• Motion detectors
• Closed-circuit TVs
• Alarms
• Backups
• safe storage area of backups