CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [143]
Physical Barriers
A key aspect of access control involves physical barriers. The objective of a physical barrier is to prevent access to computers and network systems. The most effective physical barrier implementations require that more than one physical barrier be crossed to gain access. This type of approach is called a multiple barrier system.
Ideally, your systems should have a minimum of three physical barriers. The first barrier is the external entrance to the building, referred to as a perimeter, which is protected by burglar alarms, external walls, surveillance, and so on. The second barrier is the entrance to the computer center, which is behind a locked door, and could rely upon such items as ID badges, fobs, or keys to gain access. The third barrier is the entrance to the computer room itself. Each of these entrances can be individually secured, monitored, and protected with alarm systems. Figure 6.1 illustrates this concept.
FIGURE 6.1 The three-layer security model
Although these three barriers won’t always stop intruders, they will potentially slow them down enough that law enforcement can respond before an intrusion is fully developed. Once inside, a truly secure site should be dependent upon a physical token for access to the actual network resources.
Physical tokens are anything that a user must have on them to access network resources and are often associated with devices that enable the user to generate a one-time password authenticating their identity. SecurID, from RSA, is one of the best known examples of a physical token, and information on it can be found at http://www.rsa.com/node.aspx?id=1156.
No matter how secure you think your system is, you’ll never be able to stop everyone. But your goal is to stop those who are less than fanatic and slow down the ones who are. As an analogy, the front door of your home may contain a lock and a deadbolt. This minimal security is enough to convince most burglars to try somewhere less secure. A fanatic who is bent on entering your home, however, could always take a chain saw or similar tool to the door.
High-security installations use a type of intermediate access-control mechanism called a mantrap (also occasionally written as man-trap). Mantraps require visual identification, as well as authentication, to gain access. A mantrap makes it difficult for a facility to be accessed in number because it allows only one or two people into the facility at a time. It’s usually designed to physically contain an unauthorized, potentially hostile person until authorities arrive. Figure 6.2 illustrates a mantrap. Notice in this case that the visual verification is accomplished using a security guard. A properly developed mantrap includes bulletproof glass, high-strength doors, and locks. In high-security and military environments, an armed guard, as well as video surveillance, would be placed at the mantrap. After you’re inside the facility, additional security and authentication may be required for further entrance.
FIGURE 6.2 A mantrap in action
Some mantraps even include scales to weigh the person. While the weight can be used to help identify a person, often the scales are used to make certain no one is sneaking in. If the weight of the scale appears too high, an officer can check to make sure two people haven’t crowded in and are attempting to quickly bypass security.
The following sections discuss perimeter security, the establishment of security zones, and partitioning.
Perimeter Security
Perimeter security, whether physical or technological, is the first line of defense in your security model. In the case of a physical security issue, the intent is to prevent unauthorized access to resources inside a building or facility.
The network equivalent of physical perimeter