ITPro.TV: CompTIA Security+ (SY0-601)

author: Nathan Acks
date: 2022-03-16

CompTIA Security+ Exam Cram

Today it’s chapter 15 of the Security+ Exam Cram, “Physical Security Controls”.

A recurring theme here is to consider security measures based on whether you’re trying to monitor access or prevent theft (or both).

Signs, Fencing, and Gates

6’ - 7’ in most situations, 8’ topped with barbed wire or razor wire for particularly high security areas.

“Hybrid gates” include both a card reader or keypad and staff who can further verify visitor identity before opening the gate.

Lighting

Use lighting with a high “color rendering index” - a measure of how faithfully lighting mimics the colors perceived in daylight (clear sunlight is defined as having a color rendering index of 100, the highest value). Light sources with more continuous spectra and that more accurately mimic blackbody radiation have higher color rendering indexes.

Twice-yearly inspection of exterior lighting.

Barricades and Bollards

A “bollard” is one of those short posts designed to prevent vehicle access while allowing pedestrian access.

Internal Security

Role-based access control is commonly used for granting internal access.

Motion and Infrared Detection

Infrared detection systems come in two varieties: Active (“trip” beams) and passive (heat source detection).

Access Control Vestibules

Mantraps!

Locks and Lock Types

Types of locks:

This section gets very “Sneakers”.

Equipment Security

Interesting stat: Laptop theft is about as common as car theft.

Cable Locks

The most annoying anti-theft mechanism…

Locking Cabinets and Enclosures

Apparently those built-in desk cabinets where computers are sometimes stored are called… “security computer cabinets”.

“Locking cabinets” refers specifically to filing cabinets and the like.

Protected Cabling, Protected Distribution, and Faraday Cages

HVAC

Fire Suppression

Sprinkler systems come in two varieties: “Wet pipe” (which contain pressurized water from the get go) and “dry pipe” (which are connected to a pressurized water source, but stopped with pressurized gas in the actual sprinkler area). The reason to use a “dry pipe” system is to guard against possible pipe freezes and create a delay between when a fire is detected and when the actual water starts flowing (such a delay might allow for a chemical system to take care of the fire first, so that the sprinklers can be shut off before the water reaches them, thus preventing equipment damage).

Fire classes:

Hot and Cold Aisles

The idea here is to arrange server racks front-to-front and back-to-back, so that cold air can be delivered to one aisle (and pulled into the servers) and hot air is exhausted to the other (and immediately pulled into exhaust ducts).

Humidity should be kept in the 40% - 50% range.

Remember the importance of running sensors on a separate network than the rest of the building and/or to use cellular connectivity. Sensors are no use if they are subject to the same forces that can degrade “normal” equipment!

Secure Data Destruction

Media sanitization methods:

Exam Cram notes that data classification, security, and disposal guidelines are formally defined in a “sensitive information policy”.

Paper document disposal methods:

ITPro.TV: CompTIA Security+ (SY0-601)

Physical Security

Guards, gates, and guns.

  • Wes Brian

From the outside-in:

Camera systems can be “normal” continuous feeds, motion recognition camera (which are triggered by motion), and object detection cameras (which may automatically move or focus on objects of interest).

It’s a good idea to make sure that wall jacks are locked down, especially in common areas!

Sensors are useful not just for monitoring people, but monitoring environmental conditions.

Two-person control is useful for any highly sensitive or irreversible high-impact operations.

Key areas: