You're reading from CompTIA Security+: SY0-601 Certification Guide Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781800564244

Length 550 pages

Edition 2nd Edition

Languages

Python

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Ian Neil

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Security Aims and Objectives

2. Chapter 1: Understanding Security Fundamentals FREE CHAPTER

3. Chapter 2: Implementing Public Key Infrastructure

4. Chapter 3: Investigating Identity and Access Management

5. Chapter 4: Exploring Virtualization and Cloud Concepts

6. Section 2: Monitoring the Security Infrastructure

7. Chapter 5: Monitoring, Scanning, and Penetration Testing

8. Chapter 6: Understanding Secure and Insecure Protocols

9. Chapter 7: Delving into Network and Security Concepts

10. Chapter 8: Securing Wireless and Mobile Solutions

11. Section 3: Protecting the Security Environment

12. Chapter 9: Identifying Threats, Attacks, and Vulnerabilities

13. Chapter 10: Governance, Risk, and Compliance

14. Chapter 11: Managing Application Security

15. Chapter 12: Dealing with Incident Response Procedures

16. Section 4: Mock Tests

17. Chapter 13: Mock Exam 1

18. Mock Exam 1 Assessment

19. Chapter 14: Mock Exam 2

20. Mock Exam 2 Assessment

21. Assessment

22. Other Books You May Enjoy

Leave a review - let other readers know what you think

Physical Security Controls

Physical security controls are put in place to stop unauthorized access to the company or accessing the data. Physical security controls are easily identifiable as you can touch them. Let's look at each of them in turn.

Perimeter Security

In this section, we will look at different types of perimeter security systems:

Signage: Before anyone reaches your main entrance, there should be highly visible signs warning them that they are entering a secure area with armed guards and dogs. This is used as a deterrent to prevent possible intruders.
Fences/Gates: The first line of defense should be a perimeter fence as the openness of many sites renders them highly vulnerable to intruders. Access to the site can be controlled by using a gate either manned by a security guard or with a proximity reader. You could place bollards in front of a building to stop a car driving through the entrance. You may even have different zones, such as a research and development department, with their own perimeter security.
Access Control: Armed guards at the gates should be checking the identity of those entering. There should be an access control list for visitors who are sponsored by an internal department. The guards checking identities should be behind one-way toughened glass so that visitors cannot see inside the gatehouse.
Lighting: Lighting is installed for two main reasons: the first reason is so that anyone trying to enter your site at night can be seen and the second reason is for safety.
Cameras: Cameras can be set up at areas around the perimeter and on doorways to detect motion. They can be set up to detect objects in both day and night to alert the security team by raising an alarm.
Robot Sentries: These can be set up to patrol the perimeter and can shout out warnings to deter any intruders. These sentries patrol the DMZ between North and South Korea and they can be armed:

Figure 1.5 – Robot sentry

Tip

Robot sentries can shout out warnings to deter intruders. They could also be armed.

Industrial Camouflage: When you are trying to protect a highly secure area, you would design the building so that it is obscured from aerial photographs by making some of the building look like residential housing. You would disguise the entrances as well. This would make it difficult for surveillance operatives to spot it.

Building Security

In this section, we will look at different types of building security systems:

Security Guards: They work at the entrance reception desk to check the identity cards of people entering the building to stop unauthorized access. These guards should be armed and one of the guards should be a dog handler. An access control list is provided to them to ensure that unauthorized personnel is denied access.
Two-Person Integrity/Control: This increases the security level at the entrance to a building, ensuring that someone is available to deal with visitors even when the other person is on the phone. This would also reduce the risk of a malicious insider attack.
Badges: Visitors sign the visitor book and are allocated a badge that is a different color to that of employees. These badges should have a photograph, name, and signature of the holder. These badges should be visible at all times and anyone that isn't displaying a badge should be challenged.
Key Management: This is where departmental keys are signed out and signed back in daily to prevent someone from taking the keys away and cutting copies of them.
Mantraps: These are turnstile devices that only allow one person in at a time. They maintain a safe and secure environment, mainly for a data center. A data center hosts many servers for different companies.
Proximity Cards: These are contactless devices where a smart card is put near the proximity card device to gain access to a door or building.
Tokens: Tokens are small physical devices where you touch the proximity card to enter a restricted area of a building. Some tokens allow you to open and lock doors by pressing the middle of the token itself; others display a code for a number of seconds before it expires.
Biometric Locks: Biometrics are unique to each person; examples would be using their fingerprint, retina, palm, voice, an iris scanner, or facial recognition.
Electronic Locks: With electronic locks, you no longer need a key to access a building; you only need a PIN. They can be set to fail open, where the door opens when a power cut is detected, or fail safe, where the door remains locked.
Burglar Alarms: These are set when the premises are not occupied, so when someone tries to break into your premises, it will trigger the alarm and notify the monitoring company or local police.
Fire Alarms/Smoke Detectors: In a company building, there will be fire alarms or smoke detectors in every room so that when a fire breaks out and the alarms go off, the people inside the premises are given the opportunity to escape.
Internal Protection: You could have safe areas and secure enclosures; the first example would be a toughened glass container or a sturdy mesh, both with locks to reduce access. You could also have protected distribution for cabling; this looks like metal poles that would have network cables inside. Screen filters used on a desktop could prevent someone from reading the screen.
Conduits: Conduits or cable distribution have cables placed inside. This protects the cables from tampering or being chewed by rodents.
Tip
Conduits and cable distribution protect the Ethernet cable between the wall jack and the patch panel.
Environmental Controls: HVAC and fire suppression systems are also security controls. In a data center or a server room, the temperature needs to be kept cool or the servers inside will overheat and fail. They use a technique called hot and cold aisles to regulate the temperature.

Device Protection

In this section, we will look at different device protection systems:

Cable Locks: These are attached to laptops or tablets to secure them so that nobody can steal them.
Air Gap: A computer is taken off the network and has no cable or wireless connection to ensure that the data is not stolen. An example of this would be a computer in the research and development department, as we want to prevent access to it via a network cable.
Tip
An air gap is an isolated computer; the only way to extract data is by using a USB or CD ROM.
Laptop Safe: Laptops and tablets are expensive, but the data they hold could be priceless, therefore there are safes for the storage of laptops and tablets.
USB Data Blocker: This device blocks the data pins on the USB device, which prevents a hacker from juice jacking, where data is stolen when you are charging your USB device.
Vault: This is where data can be encrypted and stored in the cloud, giving you an extra-secure storage area.
Faraday Cage: This is a metal structure, like a metal mesh used to house chickens. The cage prevents wireless or cellular phones from working inside the company. This could be built into the structure of a room used as a secure area. They would also prevent any kind of emissions from escaping from your company.