If you’re planning to take the SY0-501 version of the Security+ exam, you should understand the importance of physical security controls. Physical security access controls attempt to control entry and exits, and organizations commonly implement different controls at different boundaries
Here’s a Security+ practice test question:
Q. A security expert is identifying and implementing several different physical deterrent controls to protect an organization’s server room. Which of the following choices would BEST meet this objective?
A. Using hardware locks
B. Utilizing data encryption
C. Performing a vulnerability assessment
D. Training users
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
You can implement simple physical security measures to prevent access to secure areas. For example, you can use hardware locks—similar to what you use to secure your home—to secure buildings as well as rooms within buildings. Companies that don’t have the resources to employ advanced security systems often use these types of hardware locks.
Instead of allowing free access to wiring closets or small server rooms, small organizations use these types of locks to restrict access. Although these locks aren’t as sophisticated as the ones used by large organizations, they are much better than leaving the rooms open and the equipment exposed.
Key management is an important concept to consider when using hardware locks. Proper key management ensures that only authorized personnel can access the physical keys. This might be done by locking keys within a safe or locking cabinet.
Securing Mobile Computers with Cable Locks
Cable locks are a great theft deterrent for mobile computers, and even many desktop computers at work. Computer cable locks work similar to how a bicycle cable lock works. However, instead of securing a bicycle to a bike rack or post, a computer cable lock secures a computer to a piece of furniture.
The user wraps the cable around a desk, table, or something heavy, and then plugs it into an opening in the laptop specifically created for this purpose. Most cable locks have a four-digit combo. If you (or anyone) remove the cable lock without the combo, it will likely destroy the laptop.
Another common use of cable locks is for computers in unsupervised labs. For example, you can secure laptop or desktop computers with cable locks in a training lab. This allows you to leave the room open so that students can use the equipment, but the cable locks prevent thieves from stealing the equipment.
Securing Servers with Locking Cabinets
Larger companies often have large server rooms with advanced security to restrict access. Additionally, within the server room, administrators use locking cabinets or enclosures to secure equipment mounted within the bays. An equipment bay is about the size of a large refrigerator and can hold servers, routers, and other IT equipment. These bays have doors in the back and many have doors in the front, too. Administrators lock these doors to prevent unauthorized personnel from accessing the equipment.
Offices often have file cabinets that lock, too, so it’s important to pay attention to the context when referring to locking cabinets. For example, if you want to secure equipment within a server room, a locking cabinet is one of many physical security controls you can use. If you want to secure unattended smartphones in an office space, you can also use a locking cabinet, but this is an office file cabinet that locks.
Securing Small Devices with a Safe
Locking file cabinets or safes used in many offices help prevent the theft of smaller devices. For example, you can store smaller devices such as external USB drives or USB flash drives in an office safe or locking cabinet when they aren’t in use. Depending on the size of the office safe and office cabinet, you might also be able to secure laptops within them.
Q. A security expert is identifying and implementing several different physical deterrent controls to protect an organization’s server room. Which of the following choices would BEST meet this objective?
A. Using hardware locks
B. Utilizing data encryption
C. Performing a vulnerability assessment
D. Training users
Answer is A. hardware lock is a physical security control. It’s also a deterrent control because it would deter someone from entering.
Data encryption is a technical control designed to protect data and is not a physical security control.
A vulnerability assessment is a management control designed to discover vulnerabilities, but it is not a physical control. Training users is an effective preventive control, but it is not a physical control.
See Chapter 9 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on physical security controls.