All security initiatives must start with the physical as it provides the foundation upon which other more “lofty” measures are designed, built, implemented and maintained. Thus; physical security should always be your number one priority as controlling physical access to such elements as: locks, bolts, keys, network resources, communications and networking infrastructure and infrastructure devices such as Wireless Access Points (WAPs) will greatly reduce security breaches arising out of moments of opportunity.
Other elements worthy of consideration when planning network security from the physical perspective include:
Site Access and Flow Controls
Limiting and regulating the flow of people to and from a site is well tried and proven strategy to deterring and increasing the degree of difficulty that many would-be intruders are faced with. They will generally move on to far easier targets and so leave you unscathed.
Guard Posts – The use of manned guard posts has long been used by the military and civilian bodies alike to regulate and exert control over physical site access.
Bottlenecks – Bottlenecks are one of the more commonly employed strategies aimed at physical access control. Simply by forcing all traffic through a single point such as the perimeter manned guard post allows for greater scrutinizing of those coming and going. Check sheets and registers both paper and electronic can be used to record details such as time of entry, personal identification collation, time of departure, whether or not the visit is scheduled, rapid response or otherwise and don’t forget the purpose of the visit.
Physical Barriers – Others include the use of fences of one sort or another to limit the frequency of accidental public incursions into restricted and regulated access zones. Others include the use of no eliminating all forms of ready external physical access.
No Windows – For instance many data centers have no windows. Computers don’t appreciate the view outside the window so there is no real need to have windows. This also helps reduce security penetration into restricted areas via said windows as well as making climate control a much more readily controlled element.
Countermeasure – Unfortunately this is a dead give-away to the knowledgeable villain. The corporate response has been to disguise their data centers location by installing “dummy” windows of deeply smoked glass to make data center location identification somewhat harder.
Camouflage and Concealment
The subtle use of camouflage techniques to disguise network components and hardware (out of sight out of mind) will contribute considerably to a facility’s overall level of physical security.
Suspended Ceilings – Placing devices and infrastructure beyond easy reach such as concealing them in suspended ceilings are easy strategies to implement that have over time proven time and again worth any fiscal outlay entailed many fold.
Ladder Access – Don’t forget that if a ladder is required to reach the device then it is far less vulnerable to tampering than would otherwise be the case. People generally don’t walk around with extension ladders or at least do not go unnoticed when doing so.
Wiring Closets – Locating infrastructure and infrastructure devices such as cabling and access layer switches and routers in lockable wiring closets also helps to decrease the likelihood that these assets may be tampered with.
Fixings – Such fixings as tie-downs, cable ties, duct tape and conduit can all greatly reduce the ease with which those with malicious intent gain access to your network infrastructure and other network assets and resources.
Location and Placement – Simply by locating communications and networking infrastructure and infrastructure devices such as Wireless Access Points (WAPs) out of reach of one and all adds considerably to their overall physical security status rating. This includes casual guests and any other individuals that have not been formerly authenticated.
Limited Access Zones – Limited access zones are yet another option to take into consideration when planning and implementing security initiatives and be deployed both physically and logically (Demilitarized Zones (DMZs for example). Personal can be authenticated as they come and go while logical access to such services as a web server can be placed in a DMZ with very limited physical and logical access capabilities and features.
Deterrents – Using deterrents such as security guards, surveillance technologies (video cameras etc.) will provide an obvious presence that will make most would-be attackers think twice. In all likelihood they will simply move on to the next target which is probably less well protected.
Surveillance – Both manned and electronic surveillance systems when used in conjunction with logging and secure authentication technologies also have a role to play in physical security.
Individuals are less likely to perpetrate malicious acts when they believe that they are being constantly watched and that their every action is being faithfully recorded future review in the eventuality of a security breach taking place. We are all too well aware of the CCTV monitoring systems now functioning in most cities. Many businesses have similar “in-house” systems for exactly the same reasons.
Safety – One often overlooked aspect of physical security is that it not only involves protecting devices and infrastructure of all types but it also includes ensuring the physical safety and well-being of humans (staff, customers, business partners etc.). This may in certain circumstances mean the safe evacuation of personal to ensure that all are afforded the best possible protections against physical injury or worse.