Usually when we hear the term “cybersecurity” we think of things like passwords and firewalls. We seldom think of physical security. Yet physical security is just as critical or perhaps more than passwords or firewalls: A bad actor could likely compromise a system more easily if he or she had physical access. It is far easier to connect a tap or sniffing device to a network, for example, if one has physical access.
Many sites have network hardware, servers and storage devices in what we often call “machine rooms.” These areas are protected by some sort of access control. It could be a pushbutton lock, a key card of some type or even biometric authentication. These areas are generally pretty secure and protect hardware well. I did work in one, though, where the ceiling was a traditional suspended ceiling and the walls surrounding the room did not go all the way to the actual concrete ceiling of the building. That meant that one could remove a ceiling tile outside the room, climb up and over a small part of a wall, remove another tile and access the computer room. It is therefore clearly important to design such rooms to block all such access, whether easily visible and accessible or not.
Sometimes it is necessary to put equipment outside of locked computer rooms or equipment closets. Routers and switches are often placed closer to where they are needed than an equipment closet would allow. This saves cabling and is often more convenient. But it means the equipment should be in a locked “cage”. If the cage is small, that cage is generally affixed to the wall or floor to make it more difficult for a thief to walk away with it. And the cage must be locked. I worked in a site where there were a few such cages and all were locked – but the keys were left in the locks! To be fair, the building was very secure, and the areas were well-traveled, but it still seemed incongruous.
It should be obvious that access to a company’s building, floor or suite should also be secured. Even if hardware is secured within a building, adding ingress security provides yet another layer of defense. Some government and high security sites even go further by placing vehicle barriers in front of the buildings. That’s what those beautiful tree planters really are! They make it difficult to drive a vehicle into the front of the building. Clever disguise, huh?
One thing I haven’t addressed here is the security of the cables in a building. I’m saving that for later. (Or you can take Learning Tree’s System and Network Security: A Comprehensive Introduction, where we discuss these issues in more detail.)
What are your favorite or most annoying physical security implementations (outside of those used for airline passengers)?