Securing Devices and Data
The goal of the security policy is to ensure a safe network environment and to protect assets. As shown in the figure, an organization’s assets include their data, employees, and physical devices such as computers and network equipment.
The security policy should identify hardware and equipment that can be used to prevent theft, vandalism, and data loss.
The image depicts a pie chart divided into 3 equal parts: Data, Employees, and Equipment (Hardware)
Physical security is as important as data security. For example, if a computer is taken from an organization, the data is also stolen or worse, lost.
Physical security involves securing:
- Access to an organization’s premise
- Access to restricted areas
- The computing and network infrastructure
The level of physical security implemented depends on the organization as some have higher physical security requirements than others.
For example, consider how data centers, airports, or even military installations are secured. These organizations use perimeter security including fences, gates, and checkpoints posted with security guards.
Entrance to a building premise and restricted areas is secured using one or more locking mechanism. Building doors typically use self-closing and self-locking mechanisms. The type of locking mechanism required varies based on the level of security required.
A visitor accessing a secure building may have to pass through a security checkpoint manned by security guards. They may scan you and your belongings, and have you sign in an entry control roster when you enter the building and sign out when you leave.
Higher security organizations have all employees wear identification badges with photographs. These badges could be smart cards containing the user information and security clearance to access restricted areas. For additional security requirements, RFID badges can also be used with proximity badge readers to monitor the location of an individual.
The image shows a man holding up a security smart card RFID badge to a proximity badge reader to enter the door’s security entrance.
In high-security environments, mantraps are often used to limit access to restricted areas and to prevent tailgating. A mantrap is a small room with two doors, one of which must be closed before the other can be opened.
Typically, a person enters the mantrap by unlocking one door. Once inside the mantrap, the first door closes and then the user must unlock the second door to enter the restricted area.
The figure illustrates how a mantrap is used to secure access to a restricted area.
The image is of a Mantrap Floorplan which consists of an insecure (public) area, there is a locked door with a smart card scanner to enter the mantrap, inside there is a locked door with a biometric scanner to a secure internal area. The user must enter the building using a smart card to open the locked door to the mantrap. Once the user successfully enters the mantrap, the first door locks and they must now unlock the next door using the biometric reader. The user must have their thumbprint scanned to unlock the locked door to the secure internal area.