Abstract image of a woman sitting on books and studying on a laptop

access control systems.pdf Physical Security Domains

M
mishrayashi690

Physical Security Domains There are a number of ways to subdivide physical security  Part I: Perimeter protection and outer structure  Part II: Access Control & Closed Circuit Television (CCTV)

Education
Related topics:
Access Control Overview
1 of 51
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Access Control Systems I C Vidya Sagar
Physical Security Domains There are a number of ways to subdivide physical security  Part I: Perimeter protection and outer structure  Part II: Access Control & Closed Circuit Television (CCTV)
Part II: Security Access Control and Closed Circuit Television Access control systems are typically a scalable management solution encompassing- complete access control, advanced event monitoring and administration auditing. Access control systems typically involve a central server or host for control and monitoring.
Basic Access Control:  Remote capability to lock and unlock doors  Audit log of who and when personnel utilized a door  Audit log when a door has been forced or help open  Capability to restrict or remove access to specific person or group  Monitoring of room occupancy by intrusion-detection systems
Access Control Selection Criteria:  What manufacture of system to purchase  How many facilities attached to the access control system  How do you communicate with the access control system  How many card holders will you have  Who will administrate the system  What type of card technology to use
Access Control System  Security Access Control System : • Software • Infinite facilities as required world wide • TCP/IP preferred and main communication utilized, Modem and cellular • 250,000 cardholders (Expandable to 5000,000) • Facility based administration or global administration • Card technology is proximity
Access System  AS is a scalable security management solution encompassing advanced access control and high scale event monitoring  Access System’s main hub or server is a Software which provides users with scalable access control solution that allows functionality and increased capacity as the system needs grow  Software is a complete integration solution with unlimited application, that reaches beyond traditional security, it provides integration with critical business applications including: Closed Circuit Television (CCTV) and Digital Video Management systems (DVMS) other integration applications include: Fire Alarms, Intercoms, Burglar alarms, Environmental building controls, Crystal reporting, Time management or time tracking software
Benefits of the Access System Benefits of the Access System:  Access control, audit, and convenience through the use of one access control card  Computer workstations, technical systems and door locks will have access control with audit capabilities, and convenience with a single access control card or state issued identification card. This approach eliminates the need for quantities of mechanical keys and a reduction of passwords an individual has to carry or memorize  Standardizing of employee identification, recognition and verification statewide
Access Control Overview • Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system. • In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems. • In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects. Subjects and objects should both be considered as software entities and as human users
Identification, Authentication, Authorization • Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where: • identification and authentication determine who can access in to a system, and the association of users with the subjects that they are able to control as a result of accessing in; • authorization determines what a subject can do; • accountability identifies what a subject (or all subjects associated with a user) did.
Identification, Authentication, Authorization • Authenticators are commonly based on at least one of the following four factors: • Something you know, such as a password or a personal identification number (PIN). This assumes that only the owner of the account knows the password or PIN needed to access the account. • Something you have, such as a smart card or security token. This assumes that only the owner of the account has the necessary smart card or token needed to unlock the account. • Something you are, such as fingerprint, voice, retina, or iris characteristics. • Where you are, for example inside or outside a campus, or proximity of login location to a personal GPS device.
Authentication • Authentication is the process by which a user proves that she is who she says she is. • Authentication is performed to allow or deny a person access to a physical space. • The heart of any access control system is to allow access to authorized users and to make sure access is denied to unauthorized people.
Access Tokens • Access tokens are defined as “something you have.” An access token is a physical object that identifies specific access rights. Your house key, for example, is a basic physical access token that allows you access into your home. • The primary drawback of token-based authentication is that only the token is being authenticated. Therefore, the theft of the token could grant anyone who possessed the token access to what the system protects.
Access Controls and Monitoring • Access control means having control of doors and entry points. • Locks • Layered access systems • Electronic door control systems • Closed circuit television (CCTV)
Layered Access • To help prevent an attacker from gaining access to important assets, these assets should be placed inside multiple perimeters. • Access to the asset room should be limited to staff with a legitimate need to work. • Area surrounding the asset room should also be limited to people who need to work in that area.
Access Controls There are a number of physical access controls that are uniquely suited to the physical entry and exit of people to and from the organization’s facilities, including • biometrics • smart cards • wireless enabled keycards
Physical Access Control • Cards • Photo-ID cards • Wireless Proximity readers • Magnetic Strip cards • Smart Cards • Often Require Use of PIN Number with Card • Readers: Card Insertion, Card Swipe & Proximity
ID Cards and Badges • Ties physical security with information access control • ID card is typically concealed • Name badge is visible • Serve as simple form of biometrics (facial recognition) • Should not be only means of control as cards can be easily duplicated, stolen, and modified • Tailgating occurs when unauthorized individual follows authorized user through the control
Physical Access Control • DOD Smart Cards (Common Access Cards)
Physical Access Control • Biometric Devices • Fingerprint/Thumbprint Scan • Retina Scan • Hand Geometry • Facial Recognition • Voice Verification • Signature dynamics • Problems • Cost • Speed • Accuracy
Physical Access Control • Typical verification times for entry-control devices
Physical Access Control • Visitor identification and control • Visitors, Cleaning teams, Civilians in work areas after normal work hours, Government contractors • Personnel • Position Sensitivity Designation • Management Review of Access Lists • Background Screening/Re-Screening • Termination/Transfer Controls • Disgruntled Employees
Physical Access Control • Movement Control • Escorts • Two-person rule
access control systems.pdf Physical Security Domains
• Control the flow of people in the building • Employee and visitor badges • Access restricitions to visitors and maintenance • Any unscheduled dropoffs or deliveries should be verified with vendors • You don’t want the wrong people getting in
Mantraps • An enclosure that has an entry point and a different exit point • The individual enters the mantrap, requests access, and if verified, is allowed to exit the mantrap into the facility • If the individual is denied entry, they are not allowed to exit until a security official overrides the automatic locks of the enclosure
Figure 9-2 Mantraps
Compartmentalized Area • Location Where Sensitive Equipment is Stored and Where Sensitive Information is Processed • Must Have a Higher Level of Security Controls
Walls and Guards • The primary defense against a majority of physical attacks are the barriers between the assets and a potential attacker—walls, fences, gates, and doors. • Some employ private security staff to attempt to protect their assets. • To protect the physical assets, you must look in all directions: Doors and windows should be safeguarded. Is there a drop ceiling? Is there a raised floor?
Designing a Secure Site • WALLS • All walls MUST have an acceptable Fire Rating. • Be Floor to Ceiling • Any Closets or Rooms that Store Media must also have Fire Rating • CEILINGS • Be aware if they are WEIGHT BEARING and their Fire Rating
Designing a Secure Site (2) • FLOORS • Slab or Raised? • SLAB – • If concrete then concerns are Weight Bearing (aka Loading) – Usually 150 pounds per square foot. • RAISED • Concerned with Fire Rating, Electrical Conductivity (Grounding against static electricity) • Must employ non-conducting surface material in data center
Designing a Secure Site (3) • DOORS • Must resist Forced Entry • Solid or Hollow • Hinges Hidden, Internal or “Fixed” • Fire Rating Equal to Walls • Emergency Exits Must Be Clearly Marked, Monitored, or Alarmed • Electrical Doors on Emergency Exits Should Revert to Disabled State if Power Outage Occurs For Safe Evacuation • TIP!! Personnel Safety ALWAYS Takes Precedence! Doors Can Be Guarded During an Emergency
access control systems.pdf Physical Security Domains
34 Lock picking /security measures • Lock picking • Basic picking tolls are tension wrench and pick • Locks are “pick-resistant”, not “pickproof” • Lock and key control system • Key control procedures • Who has access to keys? • To whom are the keys issued? • Key inventory • Combination locks must be changed • Every twelve months and when possibly compromised, etc • Fail-soft vs. Fail-secure
access control systems.pdf Physical Security Domains
Physical Access Control • Locks • Preset Locks and Keys • Typical door looks • Programmable Locks • Mechanical (Cipher Locks) • Electronic (Keypad Systems): Digital Keyboard • Number of Combinations • Number of Digits in Code • Frequency of Code Change
Locks (2) • Types of Locks • Key Locks • Combination Locks • Key Locks • Key-in-Knob or Key-in-Lever (Cylindrical Lockset) – Only for Low Security Apps • Dead Bolt Locks or Tubular Dead Bolts – Good for Storerooms, Houses (Bolt is “Thrown”) • Mortise Locks (Lock Case is Recessed or Mortised into the Edge of Door) – Low Security Apps • Padlocks • Combination Locks • Combinations Must Be Changed at Specific Times and Under Specific Circumstances Prepared by Ernie Hayden, CISSP CEH 37
Locks and Keys • There are two types of locks • mechanical Keyless (Cipher) Locks (Push-button locks) and electro-mechanical Smart Locks - Permit Only Authorized People Into Certain Doors at Certain Times E.g., Magnetic Stripe Card that is Time Sensitive • Locks can also be divided into four categories • manual, programmable, electronic, and biometric • Locks fail and facilities need alternative procedures for access • Locks fail in one of two ways: • when the lock of a door fails and the door becomes unlocked, that is a fail-safe lock • when the lock of a door fails and the door remains locked, this is a fail- secure lock
Classification of security systems –  Wireless security systems –  this has become a populer system with better technology, greater reliability and lower cost.  The wireless alternative uses small radio transmitters to communicate between the control panel, sensors and cameras. these are designed to transmit an identifications code to the controller.  The limitations in term of distance between devices and rf interference. Therefore, these devices should not be installed near other electronic appliances.
 Advantages- 1. Faster and easier to install. 2. Easier to make changes and expansion, 3. Can be remove easily.
 wired security systems- 1. These requires basic electrical wiring that extends from the control panel and keypad to door and window sensors, motion detectores, and cameras. 2. These systems are installed in either in an open or a closed-loop configuration.most residential systems used a closed loop design. For example, when the door is opened, the magnate saperates from the magnetic switch, the circuit is interupted, and the alarm sounds.
Cctv- cctv (closed circuit television) is a television system in which signals are not publicly circulated; cameras are linked to television monitors in a restricted region such as a store, an office building, or on a collage campus.
 Digital video monitoring system – digital monitoring systems are video security system that can be used with a vcr, dvr, or personal computer.
 it is the science and technology of measuring and analysing biological data.  It refers to the use human body characteristics, such as finger prints, eye retinas, and irises, voice patterns, facial patterns and measurements for authentication.  It is divided into two main classes-  Physiological characteristics,  Behavioral characteristics.
 Physiological characteristics- these are related to the shapes of the body, the oldest traits that have been used for more than 100 years are fingerprints. other examples are face recognition, hand geometry and iris recognition.  Behavioral characteristics - these are related to the behavior of a person. The first characteristics to be used is the signature. more modern approaches are the study of keystroke dynamics and of voice.
 Types of biometric security devices – there are quite a few biometric devices available in the market, such as; 1. Fingerprint security- these systems captures and records the patterns, ridge and valleys found on the finger of an individual, and than match it during a live scan to grant or deny access. these devices do not cost much, do not occupy much space and are easy to use.
 Hand geometry- these systems analyze and measure the shape of a hand. These are used in workplace where employees do not adopt a desiccated approach to other biometric security systems where some training is required.
 Retina scanners –  these scan the pattern formed by blood vessels at the back of the eye. Although retina-scan security systems are considered the best in biometric security systems.  retina scanners are used mostly in govt. offices because their cost is prihibitive for small business.
 Iris scanners –  Iris is the forefront of the retina.  Iris security systems are considered quite efficient.  These are considered better than fingerprint, hand geometry, face voice, or signature scanners.
 face recognition –  the analysis and recognition of facial features is a tool used in the detection of criminals and undesirables.  It is based on cross matching the face of the person with that recorded in their database.  A face scanner analyses and matches facial characteristics.  These scanners requires a camera to be hocked to the scanning device.
 Signature scanner –  A signature scanner analyses the characteristics of the way a person is signing in order to get access.  Characteristics such as speed, stroke order and pressure are analysed.

More Related Content

PPT
Chapter008
Jeanie Delos Arcos
 
PDF
PHYSICAL ACCESS CONTROL - AN UNDERSTANDING.pdf
Boney Maundu Slim
 
PDF
WP82 Physical Security in Mission Critical Facilities
SE_NAM_Training
 
PDF
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
International Journal of Technical Research & Application
 
PPTX
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
PPT
Chapter006
Jeanie Delos Arcos
 
PDF
Access Control Presentation
Wajahat Rajab
 
DOCX
Access control
Rickyadhikari
 
Chapter008
Jeanie Delos Arcos
 
PHYSICAL ACCESS CONTROL - AN UNDERSTANDING.pdf
Boney Maundu Slim
 
WP82 Physical Security in Mission Critical Facilities
SE_NAM_Training
 
THE THREE DIMENSION-BASED PHYSICAL ACCESS CONTROL DETECTION SYSTEM, THE NATUR...
International Journal of Technical Research & Application
 
Domain 5 - Identity and Access Management
Maganathin Veeraragaloo
 
Chapter006
Jeanie Delos Arcos
 
Access Control Presentation
Wajahat Rajab
 
Access control
Rickyadhikari
 

Similar to access control systems.pdf Physical Security Domains (20)

PDF
Curb to core White Paper
Ryan Hadden
 
PPTX
Example of access control
Hafiza Abas
 
PPTX
Access Control Systems
arnoldpeter01
 
PDF
Whitman_Ch09.pdf information security slide
39961370
 
PDF
Remote Access Policy Is A Normal Thing
Karen Oliver
 
PPT
managingyouraccesscontrolsystems-130223182036-phpapp01
Walter Sinchak,
 
PDF
Cybersecurity_&_Physical_Security_Final_Paper_.pdf
georgeterekhov
 
PPTX
Access Control Segment in Madrid 2022.pptx
MarcelPitelli1
 
PPTX
Security Intrusion Detection & Electronic Surveillance
PLN9 Security Services Pvt. Ltd.
 
PPTX
Intrusion Detection & Electronic Surveillance For Security
PLN9 Security Services Pvt. Ltd.
 
PPTX
Access-control-system
Techera Consultants
 
PDF
Physical/Network Access Control
jwpiccininni
 
PDF
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
PPT
7. physical sec
7wounders
 
DOCX
Physical security.docx
MVNVKUMAR
 
PPT
Information Security Principles - Access Control
idingolay
 
PPTX
BLE 1213 MUST (SESSION 2).pptx-Student learning Guide
Major K. Subramaniam Kmaravehlu
 
PPTX
Types_of_Access_Controlsggggggggggggggggg
Saurabh846965
 
PPT
educational content,educational content,educational content,
Olajide Kuku
 
PDF
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
gregtap1
 
Curb to core White Paper
Ryan Hadden
 
Example of access control
Hafiza Abas
 
Access Control Systems
arnoldpeter01
 
Whitman_Ch09.pdf information security slide
39961370
 
Remote Access Policy Is A Normal Thing
Karen Oliver
 
managingyouraccesscontrolsystems-130223182036-phpapp01
Walter Sinchak,
 
Cybersecurity_&_Physical_Security_Final_Paper_.pdf
georgeterekhov
 
Access Control Segment in Madrid 2022.pptx
MarcelPitelli1
 
Security Intrusion Detection & Electronic Surveillance
PLN9 Security Services Pvt. Ltd.
 
Intrusion Detection & Electronic Surveillance For Security
PLN9 Security Services Pvt. Ltd.
 
Access-control-system
Techera Consultants
 
Physical/Network Access Control
jwpiccininni
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
7. physical sec
7wounders
 
Physical security.docx
MVNVKUMAR
 
Information Security Principles - Access Control
idingolay
 
BLE 1213 MUST (SESSION 2).pptx-Student learning Guide
Major K. Subramaniam Kmaravehlu
 
Types_of_Access_Controlsggggggggggggggggg
Saurabh846965
 
educational content,educational content,educational content,
Olajide Kuku
 
CISA-Exam-Prep-Domain-5-2019.pdf. CISA exam
gregtap1
 
Ad

Recently uploaded (20)

PPTX
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
PPTX
Approach to a child with acute kidney injury
SukantaMandal26
 
PDF
IS1343_2012...........................pdf
RahuldevJana2
 
PDF
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
PDF
Kalaari-SaaS-Founder-Playbook-2024-Edition-.pdf
savannetflix
 
PDF
Diabetes Mellitus , types , clinical picture, investigation and managment
AreenAManasrah
 
PDF
HSE 2022-2023.pdf الصحه والسلامه هندسه نفط
ttsjyu
 
PPTX
CHROMIUM & Glucose Tolerance Factor.pptx
V.V.V College for Women, Virudhunagar
 
DOCX
THEORY AND PRACTICE ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
PDF
BSc-Zoology-02Sem-DrVijay-Comparative anatomy of vertebrates.pdf
ps6013234
 
PPTX
Neurological complocations of systemic disease
BisratAlex2
 
PPTX
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
Laparoscopic Imaging Systems at World Laparoscopy Hospital
mohitsuren827
 
PPTX
Math 2 Quarter 2 Week 1 Matatag Curriculum
ChescaMEChannel
 
PDF
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
PDF
GSA-Past-Papers-2010-2024-2.pdf CSS examination
AsraAli6
 
PPTX
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
PPTX
climate change of delhi impacts on climate and there effects
19107MVikramchawan
 
DOCX
EDUCATIONAL ASSESSMENT ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
PPTX
MMW-CHAPTER-1-final.pptx major Elementary Education
kimberlydespair4
 
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
Approach to a child with acute kidney injury
SukantaMandal26
 
IS1343_2012...........................pdf
RahuldevJana2
 
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
Kalaari-SaaS-Founder-Playbook-2024-Edition-.pdf
savannetflix
 
Diabetes Mellitus , types , clinical picture, investigation and managment
AreenAManasrah
 
HSE 2022-2023.pdf الصحه والسلامه هندسه نفط
ttsjyu
 
CHROMIUM & Glucose Tolerance Factor.pptx
V.V.V College for Women, Virudhunagar
 
THEORY AND PRACTICE ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
BSc-Zoology-02Sem-DrVijay-Comparative anatomy of vertebrates.pdf
ps6013234
 
Neurological complocations of systemic disease
BisratAlex2
 
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
Laparoscopic Imaging Systems at World Laparoscopy Hospital
mohitsuren827
 
Math 2 Quarter 2 Week 1 Matatag Curriculum
ChescaMEChannel
 
FYJC - Chemistry textbook - standard 11.
nhunhuq968
 
GSA-Past-Papers-2010-2024-2.pdf CSS examination
AsraAli6
 
Power Point PR B.Inggris 12 Ed. 2019.pptx
FirdaFauziah14
 
climate change of delhi impacts on climate and there effects
19107MVikramchawan
 
EDUCATIONAL ASSESSMENT ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
MMW-CHAPTER-1-final.pptx major Elementary Education
kimberlydespair4
 
Ad

access control systems.pdf Physical Security Domains

  • 1. Access Control Systems I C Vidya Sagar
  • 2. Physical Security Domains There are a number of ways to subdivide physical security  Part I: Perimeter protection and outer structure  Part II: Access Control & Closed Circuit Television (CCTV)
  • 3. Part II: Security Access Control and Closed Circuit Television Access control systems are typically a scalable management solution encompassing- complete access control, advanced event monitoring and administration auditing. Access control systems typically involve a central server or host for control and monitoring.
  • 4. Basic Access Control:  Remote capability to lock and unlock doors  Audit log of who and when personnel utilized a door  Audit log when a door has been forced or help open  Capability to restrict or remove access to specific person or group  Monitoring of room occupancy by intrusion-detection systems
  • 5. Access Control Selection Criteria:  What manufacture of system to purchase  How many facilities attached to the access control system  How do you communicate with the access control system  How many card holders will you have  Who will administrate the system  What type of card technology to use
  • 6. Access Control System  Security Access Control System : • Software • Infinite facilities as required world wide • TCP/IP preferred and main communication utilized, Modem and cellular • 250,000 cardholders (Expandable to 5000,000) • Facility based administration or global administration • Card technology is proximity
  • 7. Access System  AS is a scalable security management solution encompassing advanced access control and high scale event monitoring  Access System’s main hub or server is a Software which provides users with scalable access control solution that allows functionality and increased capacity as the system needs grow  Software is a complete integration solution with unlimited application, that reaches beyond traditional security, it provides integration with critical business applications including: Closed Circuit Television (CCTV) and Digital Video Management systems (DVMS) other integration applications include: Fire Alarms, Intercoms, Burglar alarms, Environmental building controls, Crystal reporting, Time management or time tracking software
  • 8. Benefits of the Access System Benefits of the Access System:  Access control, audit, and convenience through the use of one access control card  Computer workstations, technical systems and door locks will have access control with audit capabilities, and convenience with a single access control card or state issued identification card. This approach eliminates the need for quantities of mechanical keys and a reduction of passwords an individual has to carry or memorize  Standardizing of employee identification, recognition and verification statewide
  • 9. Access Control Overview • Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system. • In computer security, access control includes authentication, authorization and audit. It also includes measures such as physical devices, including biometric scans and metal locks, hidden paths, digital signatures, encryption, social barriers, and monitoring by humans and automated systems. • In any access control model, the entities that can perform actions in the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects. Subjects and objects should both be considered as software entities and as human users
  • 10. Identification, Authentication, Authorization • Access control systems provide the essential services of identification and authentication (I&A), authorization, and accountability where: • identification and authentication determine who can access in to a system, and the association of users with the subjects that they are able to control as a result of accessing in; • authorization determines what a subject can do; • accountability identifies what a subject (or all subjects associated with a user) did.
  • 11. Identification, Authentication, Authorization • Authenticators are commonly based on at least one of the following four factors: • Something you know, such as a password or a personal identification number (PIN). This assumes that only the owner of the account knows the password or PIN needed to access the account. • Something you have, such as a smart card or security token. This assumes that only the owner of the account has the necessary smart card or token needed to unlock the account. • Something you are, such as fingerprint, voice, retina, or iris characteristics. • Where you are, for example inside or outside a campus, or proximity of login location to a personal GPS device.
  • 12. Authentication • Authentication is the process by which a user proves that she is who she says she is. • Authentication is performed to allow or deny a person access to a physical space. • The heart of any access control system is to allow access to authorized users and to make sure access is denied to unauthorized people.
  • 13. Access Tokens • Access tokens are defined as “something you have.” An access token is a physical object that identifies specific access rights. Your house key, for example, is a basic physical access token that allows you access into your home. • The primary drawback of token-based authentication is that only the token is being authenticated. Therefore, the theft of the token could grant anyone who possessed the token access to what the system protects.
  • 14. Access Controls and Monitoring • Access control means having control of doors and entry points. • Locks • Layered access systems • Electronic door control systems • Closed circuit television (CCTV)
  • 15. Layered Access • To help prevent an attacker from gaining access to important assets, these assets should be placed inside multiple perimeters. • Access to the asset room should be limited to staff with a legitimate need to work. • Area surrounding the asset room should also be limited to people who need to work in that area.
  • 16. Access Controls There are a number of physical access controls that are uniquely suited to the physical entry and exit of people to and from the organization’s facilities, including • biometrics • smart cards • wireless enabled keycards
  • 17. Physical Access Control • Cards • Photo-ID cards • Wireless Proximity readers • Magnetic Strip cards • Smart Cards • Often Require Use of PIN Number with Card • Readers: Card Insertion, Card Swipe & Proximity
  • 18. ID Cards and Badges • Ties physical security with information access control • ID card is typically concealed • Name badge is visible • Serve as simple form of biometrics (facial recognition) • Should not be only means of control as cards can be easily duplicated, stolen, and modified • Tailgating occurs when unauthorized individual follows authorized user through the control
  • 19. Physical Access Control • DOD Smart Cards (Common Access Cards)
  • 20. Physical Access Control • Biometric Devices • Fingerprint/Thumbprint Scan • Retina Scan • Hand Geometry • Facial Recognition • Voice Verification • Signature dynamics • Problems • Cost • Speed • Accuracy
  • 21. Physical Access Control • Typical verification times for entry-control devices
  • 22. Physical Access Control • Visitor identification and control • Visitors, Cleaning teams, Civilians in work areas after normal work hours, Government contractors • Personnel • Position Sensitivity Designation • Management Review of Access Lists • Background Screening/Re-Screening • Termination/Transfer Controls • Disgruntled Employees
  • 23. Physical Access Control • Movement Control • Escorts • Two-person rule
  • 25. • Control the flow of people in the building • Employee and visitor badges • Access restricitions to visitors and maintenance • Any unscheduled dropoffs or deliveries should be verified with vendors • You don’t want the wrong people getting in
  • 26. Mantraps • An enclosure that has an entry point and a different exit point • The individual enters the mantrap, requests access, and if verified, is allowed to exit the mantrap into the facility • If the individual is denied entry, they are not allowed to exit until a security official overrides the automatic locks of the enclosure
  • 28. Compartmentalized Area • Location Where Sensitive Equipment is Stored and Where Sensitive Information is Processed • Must Have a Higher Level of Security Controls
  • 29. Walls and Guards • The primary defense against a majority of physical attacks are the barriers between the assets and a potential attacker—walls, fences, gates, and doors. • Some employ private security staff to attempt to protect their assets. • To protect the physical assets, you must look in all directions: Doors and windows should be safeguarded. Is there a drop ceiling? Is there a raised floor?
  • 30. Designing a Secure Site • WALLS • All walls MUST have an acceptable Fire Rating. • Be Floor to Ceiling • Any Closets or Rooms that Store Media must also have Fire Rating • CEILINGS • Be aware if they are WEIGHT BEARING and their Fire Rating
  • 31. Designing a Secure Site (2) • FLOORS • Slab or Raised? • SLAB – • If concrete then concerns are Weight Bearing (aka Loading) – Usually 150 pounds per square foot. • RAISED • Concerned with Fire Rating, Electrical Conductivity (Grounding against static electricity) • Must employ non-conducting surface material in data center
  • 32. Designing a Secure Site (3) • DOORS • Must resist Forced Entry • Solid or Hollow • Hinges Hidden, Internal or “Fixed” • Fire Rating Equal to Walls • Emergency Exits Must Be Clearly Marked, Monitored, or Alarmed • Electrical Doors on Emergency Exits Should Revert to Disabled State if Power Outage Occurs For Safe Evacuation • TIP!! Personnel Safety ALWAYS Takes Precedence! Doors Can Be Guarded During an Emergency
  • 34. 34 Lock picking /security measures • Lock picking • Basic picking tolls are tension wrench and pick • Locks are “pick-resistant”, not “pickproof” • Lock and key control system • Key control procedures • Who has access to keys? • To whom are the keys issued? • Key inventory • Combination locks must be changed • Every twelve months and when possibly compromised, etc • Fail-soft vs. Fail-secure
  • 36. Physical Access Control • Locks • Preset Locks and Keys • Typical door looks • Programmable Locks • Mechanical (Cipher Locks) • Electronic (Keypad Systems): Digital Keyboard • Number of Combinations • Number of Digits in Code • Frequency of Code Change
  • 37. Locks (2) • Types of Locks • Key Locks • Combination Locks • Key Locks • Key-in-Knob or Key-in-Lever (Cylindrical Lockset) – Only for Low Security Apps • Dead Bolt Locks or Tubular Dead Bolts – Good for Storerooms, Houses (Bolt is “Thrown”) • Mortise Locks (Lock Case is Recessed or Mortised into the Edge of Door) – Low Security Apps • Padlocks • Combination Locks • Combinations Must Be Changed at Specific Times and Under Specific Circumstances Prepared by Ernie Hayden, CISSP CEH 37
  • 38. Locks and Keys • There are two types of locks • mechanical Keyless (Cipher) Locks (Push-button locks) and electro-mechanical Smart Locks - Permit Only Authorized People Into Certain Doors at Certain Times E.g., Magnetic Stripe Card that is Time Sensitive • Locks can also be divided into four categories • manual, programmable, electronic, and biometric • Locks fail and facilities need alternative procedures for access • Locks fail in one of two ways: • when the lock of a door fails and the door becomes unlocked, that is a fail-safe lock • when the lock of a door fails and the door remains locked, this is a fail- secure lock
  • 39. Classification of security systems –  Wireless security systems –  this has become a populer system with better technology, greater reliability and lower cost.  The wireless alternative uses small radio transmitters to communicate between the control panel, sensors and cameras. these are designed to transmit an identifications code to the controller.  The limitations in term of distance between devices and rf interference. Therefore, these devices should not be installed near other electronic appliances.
  • 40.  Advantages- 1. Faster and easier to install. 2. Easier to make changes and expansion, 3. Can be remove easily.
  • 41.  wired security systems- 1. These requires basic electrical wiring that extends from the control panel and keypad to door and window sensors, motion detectores, and cameras. 2. These systems are installed in either in an open or a closed-loop configuration.most residential systems used a closed loop design. For example, when the door is opened, the magnate saperates from the magnetic switch, the circuit is interupted, and the alarm sounds.
  • 42. Cctv- cctv (closed circuit television) is a television system in which signals are not publicly circulated; cameras are linked to television monitors in a restricted region such as a store, an office building, or on a collage campus.
  • 43.  Digital video monitoring system – digital monitoring systems are video security system that can be used with a vcr, dvr, or personal computer.
  • 44.  it is the science and technology of measuring and analysing biological data.  It refers to the use human body characteristics, such as finger prints, eye retinas, and irises, voice patterns, facial patterns and measurements for authentication.  It is divided into two main classes-  Physiological characteristics,  Behavioral characteristics.
  • 45.  Physiological characteristics- these are related to the shapes of the body, the oldest traits that have been used for more than 100 years are fingerprints. other examples are face recognition, hand geometry and iris recognition.  Behavioral characteristics - these are related to the behavior of a person. The first characteristics to be used is the signature. more modern approaches are the study of keystroke dynamics and of voice.
  • 46.  Types of biometric security devices – there are quite a few biometric devices available in the market, such as; 1. Fingerprint security- these systems captures and records the patterns, ridge and valleys found on the finger of an individual, and than match it during a live scan to grant or deny access. these devices do not cost much, do not occupy much space and are easy to use.
  • 47.  Hand geometry- these systems analyze and measure the shape of a hand. These are used in workplace where employees do not adopt a desiccated approach to other biometric security systems where some training is required.
  • 48.  Retina scanners –  these scan the pattern formed by blood vessels at the back of the eye. Although retina-scan security systems are considered the best in biometric security systems.  retina scanners are used mostly in govt. offices because their cost is prihibitive for small business.
  • 49.  Iris scanners –  Iris is the forefront of the retina.  Iris security systems are considered quite efficient.  These are considered better than fingerprint, hand geometry, face voice, or signature scanners.
  • 50.  face recognition –  the analysis and recognition of facial features is a tool used in the detection of criminals and undesirables.  It is based on cross matching the face of the person with that recorded in their database.  A face scanner analyses and matches facial characteristics.  These scanners requires a camera to be hocked to the scanning device.
  • 51.  Signature scanner –  A signature scanner analyses the characteristics of the way a person is signing in order to get access.  Characteristics such as speed, stroke order and pressure are analysed.