# Sec+ preparation #10 (physical security) ## Intro Let’s jump into next day of preparing for SEC+. Before beginning I just want to give credit to Master OTW at [Hackers-Arise](https://www.hackers-arise.com/). I really enjoy how he describes concepts of various topics. Real professional. You can purchase Security+ SY0-701 boot camp [here](https://hackersarise.thinkific.com/courses/security-training) ## Resilience and Physical Security **If a hacker can physically access to the physical site. It is game over. This part is really important.** ### Physical security ways: * Hardware locks * Conventional Locks * Easily picked locks and keys easily duplicated * Control and distribution of keys can be a problem * Pick-resistant locks * Higher cost * Harder to pick and keys not as easily duplicated * Distribution and control still a problem * Electronic Combination Lock * A keypad for a combination * Also called a cipher lock (**can be in exam)** * Electronic key systems * Cards encoded with access code * Magnetic cards can be duplicated or compromised * Smart Card would be a better choice * RFID cards * Video Surveillance * Analyze your requirement * Estimate width of area to be monitored * Is there a need for zooming * What are the weather conditions if used outside? * How do you maintain capability? * Many building shuts all light off at the end of the day. So maybe you need night vision? * You need to protect the cameras so that it cannot be easily hacked. Intruders may see passwords entered in keypads through cameras if they are easily hackable. * Fencing and walls * Bollard - it prevents attack with moving object. Such as vehicle loaded with explosives Illustration of bollard: ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1748864617681/b570cdd7-7058-4aa0-8a60-6b8a00e1038c.jpeg align="center") * Fences must be a proper height * 1.5 meter height fence will deter casual trespasser * Secure areas uses 2.5+ meters height of the fence * Perimeter Intrusion Detection and Assessment System (known as PIDAS fencing) ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1748864926866/53ff12ff-3a1f-4df5-b5f3-922305c1355d.jpeg align="center") * Fences must be regularly inspected * Proximity Readers * Access List * Security guard * Most efficient physical security control, but also the most expensive * Guard can enforce security policy * Can prevent Piggybacking or Tailgating attacks * **Guard must be well trained** * Can do patrols at random intervals * Passive monitoring #### Physical access logs * Fortress mentality * Check to see everybody who comes and leaves * Good method is that there is only one door through which you can come and leave * Use logging features (check when people come and go) * Ensure guards are well trained #### ID Badges * Great for authenticating users * Sometimes combines with smart cards * They are very cheap and very efficient #### Door Access Systems * Use to control access to sensitive areas * Can be biometric or Smart Card * Based around the [Electronic Access Control (EAC)](https://www.getkisi.com/guides/electronic-access-control) #### Physical Tokens * Type II authentication factor Could be: * Metal Keys * Smart Card * Magnetic Card * Photo ID * Synchronous or Asynchronous tokens * Biometrics #### Site selection * Select your data center location carefully * Get familiar with the building code * Investigate who are your neighbors * What is the crime rate in the area * Talk to you insurance company * What about logistics for ambulance, firefighters and stuff like that.