QUESTION 3 CYBER

Physical Access Control

August 11, 2020 byAdrian Stolarski
Share:
How many managers think that it makes no sense to spend money protecting
information that can be reconstructed? What can really happen?

Theoretically, anything and everything from the abuse of workers (through natural
disasters and industrial espionage) to terrorist attacks. Is our company is prepared
for this? Imagine the scenario, 2am, nobody is around to hear the sound of breaking
glass and quick steps. The next day, the first employee appears at work and calls the
police after spotting the mess. According to police, it was a random act of
vandalism. Two weeks later the president convenes a meeting; it turns out that the
local newspaper is running a story about your product, and has just revealed that the
project has gone millions of dollars over budget. It turned out that a random act of
vandalism was really an act of industrial espionage. The intruder had attacked a
bootable distribution of Linux operating system and copied the files that belong to
the victim company.

Of course, this situation could have been prevented if there were appropriate
procedures in place. In practice, anyone who has physical access to a computer can
take over your system in seconds. Therefore we will discuss some physical security
procedures to try and minimize the risk of attack by introducing appropriate access
controls. Each access control has three aspects: physical, administrative, and
technological development.

Physical Security Schema

Work on physical security mainly focuses on the physical protection of information,

buildings, personnel, installations, and other material resources. Additionally,
physical security covers issues related to processes prior criminal activities,
espionage, and terrorism. What factors can develop into the biggest direct threats?

  Staff – dismissal, strikes, illness.

 Sabotage and vandalism.

 Hardware failures.

 Natural disasters – tornadoes, earthquakes, floods, and tsunamis.

 Man-made disaster – terrorism, arson, bombings.

 Loss of access to electricity, air, and water.

    Once we know what threatens us personally, we can begin to consider the best
methods of protection. For example, in the case of a power outage, you should have
a backup generator to maintain the critical elements of the system, and lighting for
employees as well as a backup phone system. If there is a hardware failure, having
certain spare parts on hand can be incredibly useful, as can having a well-designed
service contract. In addition, it is a good idea to familiarize yourself with the
industrial-safety laws of the country in which you’re operating.

    Physical access controls are mechanisms that are designed to minimize the risk
of injury. A simple example is a good fit on the door lock, which will discourage
many potential thieves. The installation of biometric sensors, such as iris scanning
or fingerprint recognition, can make even the most determined intruder falter while
trying to gain access to a guarded place. Sometimes all that is needed to resolve the
issue is a mechanism to provide enough time to contact the appropriate authorities.
But the door is not the only object that should be closed.

We should consider closing off access to laptops, desktops, and servers. Like many
employees, I just do not know when an intruder enters the building, and then runs
away unrecognized with a laptop under his arm. Such situations happen very often.
 More and more companies are taking the precaution of removing all drives from
individual computers to prevent the use of USB, COM, LPT theft, and instituting
additional BIOS password protection just to prevent employees from installing
personal software, gaining unauthorized access, and ultimately, participating in
theft. One possible scenario to tighten security is to use the terminal server and a
bootable Linux distribution. Also excluded are DHCP, preventing problems with
spyware, malware, or viruses usual.
    Another security challenge is to protect sensitive data from systems interceptors
using electromagnetic waves that allow hackers to decode data and recreate it in a
safe place. You can protect yourself by using special construction materials and
absorbing materials for shielded computer enclosures. Another important element is
to protect the building itself. The ideal solution is to create a front desk staffed by
individuals who have had appropriate training in security and protection. After the
September 11 attacks, I think everyone is concerned about the appropriate level of
training for his or her own staff security guards. I will not elaborate here any further
on building construction, but it is important to mount biometric sensors, motion
detectors, and alarms that will active when walls are breached. In addition, it seems
like a good option, to install high-powered moving lighting systems that will
respond to any attempt to breach the walls. If a thief tries to break through a fence
or wall, a sharp beam of light will target the intruder’s eyes and create a perfect
silhouette of the person,.

Unfortunately, in every company there are people whom we trust, that might one
day endanger other employees. Employees’ safety should always be a priority. At
the same time, we must remember that the human factor is able to break down
almost anything, even the most intelligently designed security system. In addition,
research shows that the most common types of attack are internal attacks, caused by
disgruntled, or even angry employees. That is why we also need to make an effort
to properly train staff to be able to react in any emergency—not only in the case of
natural disasters, but also when technology is attacked through a mechanism that
was socially engineered. Training of this type should never be a one-time event, but
should be repeated at regular intervals, i.e. every quarter.

Apart from purely theoretical knowledge, training should also include practical
knowledge. Role-playing scenarios that illustrate a specific situation can be a good
idea. Personnel inspections should be treated as a preventive measure in every
company. Before hiring a person, it is a good idea to check references and other
important information—such as whether a person has a police records or is wanted
by the government for any reason. Surely this will allow you to determine whether a
worker can become a potential threat in the future.

In addition, from time to time, individual interviews with staff may occur, and
during these talks, we can be informed of planned changes or job rotations. Most
certainly regular interviews will prevent unethical actions from both sides and any
accidental damage.
If an employee leaves the company, he or she should be literally escorted out of the
company, shortly after returning the any and all company equipment. This will
prevent the sabotage attempt made by a former employee. 

    Above all else, it is critical to have alternate power sources and access to
television security systems. If unauthorized individuals try to access the company,
television systems will certainly allow individual intruders to be recognized and to
have his or her actions recorded. Some systems also have built-in motion sensors
and heat detectors. Once activated, an alarm signal is sent from these detectors.
Installing a good CCTV system also provides many other benefits. I met with
companies in the insurance industry and leaned that premiums could be reduced if a
similar system monitoring was installed.

Another factor to consider is equipment failure. This is an inevitable scenario.

Therefore, do not ask if a component will go down, ask when it will go down.

Many component manufacturers only consider an estimated time of repair and an

estimated time between failures. However, another crucial element is the system
backup. It is a necessity—any backup data should be stored in at least two different
places to offer protection in the event of a disaster or failure.

Most companies currently use a method called data vaulting, which consists
consisting of data compression, encryption, and storage of a remote, secure
location. This technique is required in all safety planning, as well as in many forms
of insurance. Companies also use RAID technology, which increases fault tolerance
and limits downtime.

Now for the power. In addition to the electrical wires hidden from prying human
eyes, we should also ensure access to a stabilized energy source. In this way we
prevent the risks associated with excess energy (breakdown, voltage spikes) or
deficient (low voltage or current, no power). This can be done using the UPS
devices. Unregulated energy sources can also cause damage to electronic
components, data loss, and faulty network connections.

Of course, we do not focus only on the energy supplied from the power plant. In
addition to the standard cable from the power plant, you can also install windmills,
solar panels, backup generators to collect excess energy, and additional power
generators such as diesel generators. Nor should we forget that the computer
network also operates on the basis of power law: 0 means that there is no pulse, and
1 that the pulse is generated. Thus, a combination of interconnected computers
results in an electric circuit.

The number 0 represents the voltage to 0 volts, and a voltage of 3 to 5 volts, so the
information in the format 111 001, means the following tension – 3,3,3,0,0,3. Under
ideal conditions, the signal flow should proceed without interruption.  Hence the
importance of proper grounding, which allows the dissipation of excess energy.
Without proper grounding voltage spikes will occur, resulting in frequent failures.
Thus, properly installed ground wire provides a sufficiently low resistance and a
sufficient capacity to protect the system before the emergence of a dangerously high
voltage level. Sometimes even a single outlet with a damaged cord or bulb screwed
in badly can cause the grounding wires not to work.

Sometimes it is the entire buildings that need multiple grounds, which often is a
huge problem, because the potential of the various electrical circuits will never be
equal. There is another important issue: If you have a separate computer system
with a grounded network, you will witness the rise of an electric circuit. And
remember that the current always runs from the negative charge of the positively
charged system. This situation could, of course, effectively disrupt the digital signal
and cause network failure, damage to the transmitted data, and even damage
computer components