Physical Intrusion Detection, Prevention and Deterrents

• Man the Premises

  Armed guards do provide a strong deterrent but as with most human reliant systems has its flaws. The guard goes to the toilet, falls asleep, is corrupted and the cost to name but a few. This is a costly exercise for after-hours security when nobody is on site. It is not uncommon for business to employ armed guards during normal working hours and then only a skeleton night-shift of guards for the after-hours period.

• Guard Dogs

  Guard dogs do provide a very good deterrent. Most of us do have in innate fear of being eaten alive. Still using guard dogs does have its flaws. Although; cheaper than human, guards guard dogs do not come cheap. So the extra cost as opposed to doing nothing, the continued on-going cost and inconvenience are the three that rate highest as the disadvantages of this system.

• Security Patrols 

  Intermittent visits by security guards can be a helpful deterrent. Obvious flaws here include the simple fact that the guard is not present 100% of the time. If the security company uses a schedule to inspect customer's premises then villains can observe and identify the pattern and exploit any weaknesses. Although; cheaper than in situ guards, there are still additional and on-going cost imposed on business.

• Alarms

  This category of devices act in cohesion with numerous electronic detection devices and upon an event triggering one or more of these electronic detection and monitoring devices the alarm will begin its wailing complaint. Alarms that are perceived to be perpetually triggering or are false alarms become ignored by monitoring staff over time.

The main costs associated with alarm systems are the initial outlay for the equipment and its installation. If you want to use an alarm monitoring and response service such as those provided by the likes of Amourguard®, Brinks®, Wormalds® and the like there will be continuing on-going cost that will be incurred.

Auto-Dialers 

Expand the alarm to the next level in that rather than just an alarm making a lot of noise upon the occurrence of a trigger event they will dial a preset number; usually to the police and/or a private security company.

The notified parties will then endeavour to attend the physical location as promptly as possible. Most thieves know this and deliberately limit their activities to as short a time span as possible. They don't want to be caught in the act so as to speak and they need time to make a clear get-away.

Once again the main costs associated with auto-dial alarm systems are the initial outlay for the equipment and its installation. If you want to use a third party alarm monitoring, call/incident taking and response service such as those provided by the likes of Amourguard®, Brinks®, Wormalds® and the like there will be continuing on-going cost that will be incurred. I must say that these services become very attractive if you are the one that must respond to a trigger event at 2 AM. Don't forget the telephony charges either.

Silent Alarms 

The idea here is that upon the occurrence of a trigger event the auto-dialer will do its thing but because there is no loud alarm the would-be thieves may think that there is no alarm system at all. The result is that they; the thieves, may prolong their stay longer than normal and so get “caught in the act”.

Costs for this type of service include the initial outlay for the equipment and its installation, the call-out response fee charged by the contracted incident responder or their agent and the on-going service and maintenance fees along with the charges incurred by the telephone company.

Motion Detectors 

At one time this class of intrusion detectors was mainly comprised of microwave enabled devices and worked on the same basic localized radar-like functionality as their bigger brothers do. Once motion is detected in an area where no motion should currently be taking place an alarm process is triggered. Ultra-Sound devices were and still are used as motion detectors.

Computerized Motion Detectors 

Today however; with the advances in computer technologies, we have systems for detecting motion that are comprised of video cameras and computer pattern matching software. Web cameras are being used in this role more and more.

Basically the camera records its field of view and transmits this information to a computer which stores the image on both the hard drive and into memory. At specified intervals; or in the event of a trigger event taking place, the video camera sends more pictures to the computer. The computer then compares the new image against the reference image and if it finds that the two pictures are not identical it initiates an alarm sequence.

• Pressure Pads 

  Most commonly found where ever the public has limited free access to an area containing valuable assets. An example would be a counter top display or some of the exhibits in museums and art galleries around the world. The asset is placed upon a pressure pad. If the asset is removed from the pressure pad an alarm event is triggered.

• Micro-Chips

  A micro-chip is embedded into the asset and if it is misplaced or stolen it can be readily identified. Micro-chips are even planted into the ears of thorough-bred animals as a strong deterrent and as a means of identifying the asset in the future.

• Security Coatings

  Many different superficial materials can be applied to an asset in very much the same way as you would apply a coat of paint. The coating may be magnetically polarised.

Other security coatings will absorb Electro-Magnetic Radiation (EMR). This property has the effect of reducing the leakage of radio frequency signals and hence the capacity for would be intruders located outside your premises from eavesdropping your Wireless Local Area Network (WLAN). They also help in reducing the number of external free-loaders from accessing your wireless network and using it as a means for Internet connectivity. This can have dramatic effects upon the bandwidth and data through-put available for authorised personal.

Wireless Access Point (WAP) 

A WAP acts pretty much like a hub in that the total bandwidth capacity of the WAP is divided among the users currently using it. So if your WAP has a maximum available bandwidth of say 11Mbit/sec and two users are concurrently accessing it each user would have about 5½Mbit/sec of transmission bandwidth. If three additional users begin to access the WAP making a total of five concurrent users the WAP will be able to devote only 2.2Mbit/sec to each user.

Now consider an external free-loader playing an online game and consuming 3Mbit/sec in the process. In this case each of your five legitimate users would at best be able to access 1.8333Mbit/sec. If the freeloader is able to dedicate the entire 3Mbit/sec that they are using only 8Mbit/sec will be available to your wireless network's legitimate users. This works out to be 1.6Mbit/sec to each of the legitimate users.

Preventing this scenario from occurring; through the use of coatings that absorb radio frequency and microwave EMR is truly beneficial to the owner of the bandwidth. It also helps to address the issues of maintaining the confidentiality of any data that is transmitted over the wireless network.

Impact Resistant Film for Glass

Applying a transparent or smoked impact resistant film sheet to the inside of external glass panels means that would be intruders are going to have to do more than throwing a brick at the window. They will generally be required to strike the glass a good many times before they will be able to force the pane in and so gain access. It is also a good idea to do the same with display cases in which the transparent variety is more attractive.

Lighting 

Night lights play an important role in allowing window shoppers to view those products which you have on display. Night lights also serve to give security a clear view of the premises. If an observer (guard) knows that nobody should be inside and they catch a glimpse of somebody the guard can take the appropriate action.

Being clearly observable by passers-by is a very strong deterrent to thieves particularly when another nearby target does not have night lights. Good planned lighting used in conjunction with video surveillance systems also serve to ensure that pictures of the perpetrators are able to produce quality images that clearly identify said perpetrators.

Red Eye Detectors 

This category of devices is set to determine threshold crossing. It is basically a source of infrared or more commonly today a laser source and a detector. Both devices are installed where there is a completely unobstructed line of sight between the devices as they work in conjunction with each other and never individually. This line of sight is typically across a human access point.

Whenever the line of sight becomes obstructed; by somebody passing through the line of sight from one side to the other such as when entering or leaving a building the detector recognises the interruption in its receipt of the signal from the transmitter and sounds an alarm (typically a bell or chime).

This indicates to staff that somebody has entered into the space isolated by the line of sight detection system and they should put down the coffee cup and attend to the customer. In the case of securing your server room this system works best when the access point line of sight occurs prior to the actual door to the server room.

For example: the system could be installed at some point in the server room access path or a hallway leading to the server room's entrance.

These devices are often used in conjunction with video surveillance equipment (which I shall discuss a little later). In this case when the line of sight system is triggered video cameras aimed at a spot a bit further down the server room's access way start to record. In this way all those entering the proximity of the server room facility are video-taped coming and going.

Break-Glass Detectors 

These devices are used to detect incidents where glass is broken. They work best when impact resistant materials have not been fixed to the glass.

Pin Droppers

This group of devices works on the simple principle of current flow/current flow interrupted and are typically installed to windows and doors.

A metal pin is placed into the top of the door frame so as that when the door is closed the pin is pushed up into a recess. Here a current is passed from one side of the recess to the other using the metal pin as its transmission medium. Whenever the door is opened the pin will drop and the circuit will be broken and the alarm sounded or any other preferred action will be initiated.

Mercury-Magneto Devices

Similar to pin droppers but are usually located on the floor. A plate across the bottom of the door is used to complete an electrical circuit or in the newer models a magnetic field. Once again whenever the door is opened the circuit is broken or the magnetic field is altered and the alarm or other desired actions are initiated. Once again these devices can be teamed up with video camera recording systems.

Passive Infrared 

These devices are commonly referred to as heat detectors; which in a sense they are, because infrared Electro-Magnetic Radiation (EMR) is what we call heat.

The twist here however; is that these devices simply monitor variations in the levels of infrared energy in their immediate local environment that they are being exposed to. Any dramatic increase in the “normal” range of fluctuating infrared levels is assumed to be due to the presence of an infrared source coming into close proximity of the device.

Generally speaking the assumption is made that increases above a certain threshold in an area that is meant to be devoid of humans should be attributed to the presence of an intruder and so the trigger sequence is initiated.

Proximity Detectors 

Function using the same types of assumptions that the passive infrared detectors use.

Particle Detectors

Based primarily upon the properties of light transmission through a sample medium which in this case is a sample of the air from the detectors immediate environment. The presence of particles usually attributed to smoke which is assumed to be the resultant by-product of a fire. Smoke detectors are a classic example of particle detectors currently in use today.

Remote Controlled Locking Systems

Such as those currently used in detention centers, prisons, holding areas or bank vaults are also used by larger organisations.

Time Locks

Automated locking and releasing mechanisms that all who have watched a few movies; particularly ones about bank robberies, will undoubtedly be familiar. The basic principle involved is that a timing mechanism external to the lock controls the functional state of the lock.

These locks are deemed to have only two states - open or closed. This is a bit like the thermionic gates that are at the heart of modern computers. Whenever the timer reaches a programmable threshold it causes the state of the lock to change. This type of access control mechanism is very resistant to tampering and so it is commonly used whenever and wherever quantities of valuables are housed.

Door Bells and Noise-Makers

Entry-way noise makers are a very cheap and cost effective solution for the smaller enterprise or individual. They can be self-installed and are very cheap to purchase. If all you require is notification of the entry or exit of persons then you may do well to consider this option as a viable alternative to high-tech solutions.

Many smaller stores; particularly convenience stores and those operated by the Chinese community, make liberal use of door-chimes in this way. Most customers think that they are just "lucky-charms" and hanging door chimes; which in a way they are, since you won't be able to sneak in and remove items unheard.

Biometrics

Numerous biological factors that are unique to an individual can also be used to control and regulate the passage of humans.

Costs 

In general you will need to pay for the actual detectors and possibly their installation. In cases where the detectors are part of a more expansive monitoring and alarm system particularly when trigger event monitoring, notification and or response services are involved you may have no option but to use a licensed installer. In fact in many areas this is a regulatory requirement. As always research your options thoroughly.

Part 4 of the IT Security Guide will continue with Part 3 of the Physical Security Guide series and will cover the following topics:

• Honor Systems
• Manned Surveillance Systems
• Video Surveillance Systems
• Monitoring and Recording Systems

 

Physical Security

From the IT, computer and networking perspectives physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guard both patrolling and stationary at predefined established sentry posts such as points of entry.

Familiarity

We are all too familiar and accustomed to these aspects of security and the multitude of other more recent and sophisticated measures such as metal detectors, x-ray scanners, electronic sensors and magnetic security features that are commonly used in retail stores.

Even sniffer dogs with their highly educated noses poised should the faintest whiff of explosives be carried their way on the prevailing winds as you finally proceed; all be it delayed as a direct result of implementing these security measures, in an ecstatic and gleefully euphoric state through the airport boarding processes and onto the jet that will whisk you away to some sunny tropical paradise.

Information Technology Related Security

Those of us involved in IT and IT related security are also well aware of the extremes that a perceived “need” for greater security has invaded our daily working lives and yet as we hear only all too often on the news it is not enough.

Some security related scandal or other seems to be occurring every other hour and yet if we are to believe many analysts this is but the froth on the tidal wave of incidents that actually occur. Business is only too well aware of the negative effects a security breach and any subsequent media publicity that ensues can bring.

So Where Do We Begin?

The answer to this is surprisingly simple and maybe so obvious that it is often overlooked and the answer to which I refer is the physical security of our systems and the data contained within or stored as a result of the activities of our systems (sales, backups, records etc.).

I will begin by discussing locks, keys and locking device authentication systems from both the human physical access perspective and the device(s) perspective.

Locks

Lock and key is one of the oldest security systems known to human-kind. The ancient Egyptians, Greeks, Romans, Chinese and many more civilizations have used various forms of the lock and key system to secure physical assets. One of the more notable and legendary of this class of security devices is the chastity belt which we will not be discussing any further; rather we will explore how the lock and key system is used today to secure IT assets.

The first set of lock and key systems pertains to access-ways such as doors by which humans gain access to restricted areas.

• Lock-Up

  Physically secure your Server Room(s) including the Network Communication(s) & the Administration Facility as well as the datacenter and on-site storage facilities.

• Quality

  Ensure that all locks; not just those to your server room are of high quality and reliability.

• Security In-Depth

  The principles of security-in-depth are of particular relevance here. Multiple layers of security are far harder to penetrate than those exhibiting a single-point-of-failure. This is why banks, armored security services (Chubb®, Wormalds®, Amourguard® and Brinks® etc.) use these strategies.

• Change Frequently

  Design, implement and maintain a system whereby all locks are changed-out frequently and regularly at irregular intervals. Pattern avoidance is one of the most crucial elements in maintaining the integrity of all locking systems. This includes the physical locks and their associated keys as well as the electronic varieties. For reasons of economy you may consider implementing a rotation policy to be appropriate here.

• Key Code Access Locks

  Many organisations have gone down the electronically keyed physical locks pathway. This type of mechanism teams a number of different technologies all targeting the regulation and flow of physical access.

• Lock Unattended/Vacant Facilities

  Always lock currently unoccupied offices. This is in fact considered by most organisations to be the responsibility of the regular occupant of that office. The usual occupant may be on vacation and so the network administration and security teams should know this and take the appropriate actions.

Keys to all locks in this situation should reside with the organisation's designated general key holder and not go on holiday with the worker. You never know it may become necessary to enter the office while its regular occupant is away.

The designated general key holder and no less than one other individual; preferably from a different department (security would be ideal). In this case both will be the other's witness concerning their actions inside this office.

Workstation Power-Down

If an employee is known to be away for a given period of time it is wise to power-down their workstations. We live in an ever greening world so do your part and save money to boot. Unattended workstations always pose a very real threat to the overall security of an organisation.

Lock Cases

We now move on to lock and key from the PC perspective. All of the above conditions relating to lock and key in general are also applicable here.

• Case Locks

  Case locks help to prevent unauthorised access to internal components

• Lock-Down Kits

  There are many specialty and general purpose computer lock-down kits available on the market today

• Lock-Down Anchors

  When it comes to mobile devices that are on display then some means of physical restraint to a permanent fixture is a good way to go as this permits you to use and demonstrate the device and its capabilities with a greater degree of freedom.

By using anchors which are longer than the bare minimum necessary to fix the device firmly you have the freedom; albeit limited, to adjust the device as you see fit. This is usually done for reasons of comfort.

Locking Device Authentication Systems

• Authentication Systems - can be built into the locking devices, so that a smart card, token, or biometric scan is required to unlock the doors, and a record is made of the identity of each person who enters.
• Automated Security -We are now beginning to move towards transitioning to more automated type of security systems
• Multiple Points - of authenticity can be implemented here. We may use physical electronic identification systems such as smart cards in conjunction with biometrics and standard authentications such as complex passphrases for entry rather than passwords or pass sequences.

Physical Lock and Key Policies

Developing policies that define how it should be done, where it should be done, when it should be done, by whom it should be done and why it should be done as well as policies that detail why it shouldn't be done are all very important elements in any comprehensive security regime and physical security policies are no different.

Here are some of the policies that should be developed, implemented and maintained with regards to locks. Note all of these sub-categories will generally in the real small business world be wrapped into a single expansive policy detailing all of these sub-policies and much more.

• Locks Policy

  Develop a Policy that ensures that all rooms are securely locked-down whenever the facility or the room is unattended

• Key Holder(s)

  Include in your policy provisions for a “key holder”. This is essential because in the event of some calamity such as fire outside access to open doors locked from the inside in order to facilitate the rescue of personal that may be trapped inside is a statutory regulation almost everywhere in the Western world.

• Secondary Key Holder(s)

  Provide for a secondary key holder in case the primary key holder is unavailable

• Rotate Responsibility

  Rotate key holder responsibilities

• Key Code Access Policies

  Define and implement additional Key and Key Code Access and Key Code Holder(s) Policies as required