IDCPBI CISSP- Physical and Environmental Security

PIDAS Fencing

(Perimeter Intrusion Detection and Assessment System) a type of fencing that has sensors located on the wire mesh and at the base of the fence; it is used to detect if someone attempts to cut or climb the fence... it has a passive cable vibration sensor that sets off an alarm if an intrusion is detected; it is very sensitive and can cause many false alarms

System Sensing Access Control Readers

(also called proximity devices or transponders) they recognize the presence of an approaching object within a specific area

What are standard fence heights and their levels of security?

- 2-4 feet high: deters casual trespassers - 6-7 feet high: too high to climb easily - 8 feet high (with strands of barbed or razor wire on top): you're serious about protecting your property; this will often deter a more determined intruder

What are the different types of Proximity Protection?

- Access Control Mechanisms: locks and keys, an electronic card access system, personnel awareness - Physical Barriers: fences, gates, walls, doors, windows, protected vents, vehicular barriers - Intrusion Detection: perimeter sensors, interior sensors, annunciation mechanisms - Assessment: guards, CCTV cameras - Response: guards, local law enforcement agencies - Deterrents: signs, lighting, environmental design

What can IDSs be used to detect changes in?

- Beams of light - Sounds and vibrations - Motion - Different types of fields (microwave, ultrasonic, electrostatic) - Electrical circuit

What are the 5 parts of a CCTV system?

- Cameras - Transmitters - Receivers - Recording system - Monitor

What are the 4 classifications of gates?

- Class I: Residential usage - Class II: Commercial, where general public access is expected (ex: public parking lot entrance, gated community) - Class III: Industrial, where limited access is expected (ex: warehouse property entrance not for general public) - Class IV: Restricted access; monitored in person or via CCTV (ex: prison)

Why would you want to use Proximity Protection?

- Control pedestrian and vehicle traffic flows - Create various levels of potection - Make buffers and delaying mechanisms to protect against forced entry attempts - Limit and control entry points

What are the different security zone levels?

- Controlled - Restricted - Public - Sensitive

What are the goals of a physical security program?

- Crime and disruption prevention through DETERRENCE - Reduction of damage through the use of DELAYING mechanisms - Crime or disruption DETECTION - Incident ASSESSMENT - RESPONSE procedures

What info should be logged and reviewed in a physical security system?

- Date and time of the access attempt - Entry point at which access was attempted - User ID employed when access was attempted - Unsuccessful access attempts, especially if during unauthorized hours

What are some of the functionalities available to cipher locks?

- Door Delay: if it's held open too long, a siren will go off - Key Override: a specific combination can be programmed to be used in emergency situations to override normal procedures or supervisory overrides - Master Keying: enables supervisory personnel to change access codes and other features of the cipher lock - Hostage Alarm: a combination that is entered can communicate a hostage situation to the guard station and/or police station

What are some things you can do to protect the security of laptops and the data they hold? (Part 2)

- Engrave the laptop with a symbol or number for proper identification - Use a slot lock with a cable to connect a laptop to a stationary object - Back up the data and store it on a stationary PC or backup media - Use specialized safes if storing laptops in vehicles - Encrypt all sensitive data - Install tracing software so your laptop can "phone home" if it's taken

What are characteristics of IDSs?

- Expensive and require human intervention to respond to the alarms - a redundant power supply and emergency backup power are necessary - they can be linked to a centralized security system - they should have a fail-safe configuration, which defaults to "activated" - they should detect, and be resistant to, tampering

What are the two main types of lenses used in CCTV?

- Fixed Focal Length - Zoom (varifocal)

What are the different strength grades for locks?

- Grade 1: Commercial and Industrial use - Grade 2: Heavy-duty residential/light-duty commercial - Grade 3: Residential/consumer expendable (throwaway)

What are examples of inside and outside threats?

- Inside: misbehaving devices, fire hazards, employees who damage the company - Outside: political revenge, activists, organized crime members

What are some things you can do to protect the security of laptops and the data they hold? (Part 1)

- Inventory all laptops (including serial numbers) - Harden the OS - Password protect the BIOS - Register all laptops with the vendor, and file a report if one is stolen - Do not check a laptop as luggage when flying - Never leave a laptop unattended, and carry it in a nondescript carrying case

How should a data center be constructed?

- It should be one room - Away from the buildings water pipes - With vents and ducts that are too small for people and covered by bars - It should have positive air pressure so contaminants can't be sucked into the room and into computer fans

What are the four types of construction material that you can look into when designing a facility that has some protection against fire?

- Light frame construction material - Heavy timber construction material - Incombustible material - Fire-resistant material

What are some tips for implementing physical access controls in an organization?

- Limit the number of entry points - Force all guests to go to a front desk and sign in before entering the environment - Reduce the number of entry points even futher when employees aren't around as much - Have a security guard validate a picture ID before allowing entrance - Require guests to sign in and be escorted - Encourage employees to question strangers

What are the different cylinder strength grades?

- Low Security: no pick or drill resistance provided (can fall within any of the 3 grades of locks) - Medium Security: a degree of pick resistance protection provided (uses tighter and more complex keyways [notch combination]) - High Security: pick resistance protection through many different mechanisms

What are ways you can provide "urban camoflage" to an organization's facility and make it unnoticeable so it does not attract the attention of would-be attackers?

- Make the building hard to see from surrounding roads - Make the company signs and logos small and not easily noticeable - Ensure the markings on the building don't give away any info that pertains to what is going on inside the building

What are the 3 main stategies CPTED uses to increase overall protection?

- Natural Access Control - Natural Surveillance - Natural Territorial Reinforcement

Where should a data center be located?

- Not on top floors, because it'd be difficult for an emergency crew to access in a fire - Not in a basement where there may be flooding - Not at ground level or at the level of a nearby hill - It should be at the core of the building, to provide protection from natural disasters or bombs and to provide easier access for emergency crews

What are performance metrics for a physical security program?

- Number of successful crimes - Number of successful disruptions - Number of unsuccessful crimes or disruptions - Time between detection, assessment, and recovery steps - Business impact of disruptions - Number of false-positive detection alerts - Time it took for a criminal to defeat a control - Time it took to restore the operational environment

What is physical security a combination of?

- People - Processes - Procedures - Equipment

What are the types of Volumetric Systems?

- Photoelectric - Passive Infrared System (PIR) - Acoustical-Seismic - Ultrasonic - Microwave

What are the 3 types of tumbler locks?

- Pin Tumbler - Wafer Tumbler - Lever Tumbler

What are the four general types of voltage fluctuations that can damage devices and people?

- Power excess: spikes and surges - Power loss: faults and blackouts - Power degradation: sags/dips and brownouts - In-rush current

Things to consider when thinking about purchasing a CCTV ssytem

- Purpose: to detect, assess, and/or identify intruders - Environment: internal or external areas - Field of view required: large or small area to monitor - Amount of illumination in the environment: lit, unlit, affected by sunlight - Integration with other security controls: guards, IDSs, alarm systems

What are some of the regulations that need to be followed that can affect physical security?

- Safety and health regulations - Fire codes - State and local building codes - Department of Defense, Energy, or Labor requirements - Occupational Safety and Health Administration (OSHA) and Environmental Protection Agency (EPA) requirements

What are the different types of window material that you can use and what are their main characteristics?

- Standard Glass: used for homes; easy to break - Tempered Glass: 5 to 7 times stronger than standard - Acrylic Glass: stronger than standard but produces toxic fumes if burned - Glass-Clad Polycarbonate: resistant to fire, chemical, and breakage; more expensive - Glass w/Embedded Wire: reduces likelihood of the window being broken or shattering - Laminated Glass: added plastic so difficult to break

What are ways you can prevent theft of devices?

- Switch Controls to cover on/off power switches - Slot locks to secure the system to a stationary component - Port Controls to block access to disk drives or unused serial or parallel ports - Peripheral Switch Controls to secure a keyboard by insterting an on/off switch between the system unit and theyboard input slot - Cable Traps to prevent the removal of I/O devices by passing their cables through a lockable unit

What are the three ways you can protect power for a device?

- UPSs - Power line conditioners - Backup sources

What are the different types of safes an organization can choose from?

- Wall Safe: embedded into the wall; easily hidden - Floor Safe: embedded into the floor; easily hidden - Chest: stand-alone safe - Depository: safe with slots, which allow the valuables to be easily slipped in - Vault: safe large enough to provide walk-in access

What are the four types of water sprinkler systems that are available?

- Wet Pipe: always contain water in the pipes, so they can freeze in the winter or break and cause damage - Dry Pipe: the water is in a holding tank until released... the pipes hold pressurized air (best used in colder climates) - Preaction: more expensive systems that are like dry pipe systems, only there is a thermal-fusible link on the sprinkler head that has to melt before it works (it gives you time to fight the fire manually first) - Deluge: large volume of water released in a shorter period

What are 2 things you should have for a cipher lock?

- a Backup Battery System if the power is taken down - a Visibility Shield to prevent shoulder-surfing

What are two best practices for maintaining cipher locks?

- clean the keypads so people can't see which keys have been entered in the past - change the combination occasionally

What are some good practices for power security (part 1)?

- plug in every device to a surge protector to protect from excessive current - shut down devices in an orderly fashion to help avoid data loss or damage to devices due to voltage changes - employ power line monitors to detect frequency and voltage amplitude changes - use regulators to keep voltage steady and the power clean - protect distribution panels, master circuit breakers, and transformer cables with access controls

What are ways you can reduce your ability to shock your computer using static electricity?

- use an antistatic armband - ensure proper humidity - have proper grounding for wiring and outlets - don't have carpeting in data centers, or have static-free carpets if necessary

What are some good practices for power security (part 2)?

- use shielded lines to protect from magnetic induction - use shiedled cabling for long cable runs - do not run data or power lines directly over fluorescent lights - use 3-prong connections or adapters if using 2-prong connections - do not plug outlet strips and extension cords into each other

At what temperature in Fahrenheit do magnetic storage devices become damaged?

100 degrees

At what temperature in Fahrenheit do computer systems and peripheral devices get damaged?

175 degrees

How far away should you have a fire extinguisher from electronic equipment?

50 feet

How do smoke detectors detect smoke?

A photoelectric device (or optical detector) detects the variation in light intensity by shining a beam of light across a protected area... or another one will draw air into a pipe and check the light source for obscurity

What's the difference between an access door and a fire door?

Access doors should allow you to go in and out of an area... fire doors should just allow you out if you use the panic bar

When it comes to physical security (even overall security really) what is one of the most important things you have to remember?

Attackers go after weak points, so you have to make your system homogeneously strong. Ex: if you spend a ton of money on a strong door but have weak hinges, you just wasted a ton of money on a heavy door

What is the difference between Surveillance Techniques and Intrusion Detection Techniques?

Both are monitoring methods, but Surveillance Techniquesare used to watch for unusual behaviors, whereas Intrusion Detection devices are used to sense changes that take place in an environment... IDSs are used to detect unauthorized entries and to alert a responsible entity to respond

What is the best way to balance CPTED and Target Hardening?

Build an environment from a CPTED approach and then apply the target-hardening components on top of the design where needed.

What fire suppresion methods are dangerous to humans?

CO2 and gas because they replace the oxygen

How do you calculate the savings you get by implementing backup power?

Calculate the total cost of anticipated downtime and its effects, and then subtract the cost of the backup power devices

Collusion

Collusion is when two or more people work together to carry out a fraudulent activity. More than one person would need to work together to cause some type of destruction or fraud; this drastically reduces its probability.

CPTED

Crime Prevention Through Environmental Design: a discipine that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. It addresses landscaping, entrances, facility and neighborhood layouts, lighting, road placement, and traffic circulation patterns.The crux of CPTED is that the physical environment can be manipulated to create behaviora effects that will reduce crime and the fear of crime.

How do you calculate the total cost per hour for backup power?

Divide the annual expenditures by the annual standard hours of use

Plenum Areas

Dropped ceiling areas, spaces in wall cavities, and spaces under raised floors... these areas are used to put wiring and cables... only plenum-rated cabling should be used in these areas so the cabling doesn't give off hazardous gases if burnt

Although most disk drives are hermetically sealed, other storage devices can be affected be airborne contaminants: why would this happen?

Dust can affect a device's functionality by clogging up the fan that is supposted to be cooling a device; excess concentrations of certain gases can accelerate corrosion and cause performance issues or failure of electronic devices

What is one of the best ways to provide safety for personnel when it comes to designing a facility?

Evaluate how close the facility would be to a police station, fire station, and medical facilities

Who is the Facility Safety Officer?

Every organization should have a Facility Safety Officer, whose main job is to understand all the components that make up the facility and what the company needs to do to protect its assets and stay within compliance... this person should oversee facility management duties day in and day out, but should also be heavily involved with the team that has been organized to evaluate the organization's physical security program

Since halon is illegal now, what would you want to use instead?

FM-200, NAG-S-III, CEA-410, FE-13, Water, Inergen, Argon, Argonite

True or False: it is a bad idea to have the data processing center and devices on a different electrical wiring segment from that of the rest of the facility.

False, it's a good idea to design your power setup this way

True or False: locks are considered detective devices?

False, locks are considered Delaying devices because they delay intruders

What is one of the main causes of Radio Frequency Interference (RFI) in buildings today?

Fluorescent lighting

Electromechanical Systems

IDSs that work by detecting a change or break in a circuit (ex: strips of foil embedded or connected to windows or doors... if moved, the foil strip breaks and sounds an alarm, pressure pads do the same)

What do you need to use along with a CCTV system?

IDSs to wake people up if they are asleep behind the monitors

What are interchangeable cores for locks used for?

If you want one key to open several locks, you would just replace all locks with the same core

What does tinted glass do for you security-wise?

It prevents attackers from peeking in, and it can also be more efficient for heating and cooling a building

What is a Class A fire and what do you use to combat it?

It's made by common combustibles like wood products, paper, laminates... use water or foam to kill it

What is a Class B fire and what do you use to combat it?

It's made by liquid like petroleum products and coolants... use gas, CO2, foam, or dry powders to kill it

Fault

Momentary power outage

Is an outlet strip the same thing as a surge protector?

NO!

What does it mean to have a physical security program based on a Layered Defense Model?

Physical controls should work together in a tiered architecture. The concept is that if one layer fails, other layers will protect the valuable asset.

True or False? "Security needs to protect all the assets of the organization and enhance productivity by providing a secure and predictable environment"

TRUE

Target Hardening

Target Hardening focuses on denying access through physical and artificial barriers (alarms, locks, fences, etc). Traditional target hardening can lead to restrictions on the use, enjoyment, and aesthetics of an environment. It's more granular than CPTED

What do you need to know about gauges and mesh sizes for fences and their security levels?

The lower the gauge number, the larger the wire diameter and the tougher it is to cut. The smaller the mesh size, the tougher it is to climb

What is the primary consideration when it comes to physical and environmental security?

The primary consideration, above all else, is that nothing should impede life safety goals

What are Mantraps and Turnstiles used for?

They are used so unauthorized individuals entering a facility cannot get in or out if it is activated. It also controls piggybacking

What are guard dogs helpful for?

They're good at detecting intruders and can protect humans... although they're not fantastic at picking out who is authorized and who is not

In the information security world, we ask NIST for best practices and standards... who do we ask in the physical security world?

Underwriters Laboratory (UL)

What kind of ventilation system should you use in a business environment?

Use closed-loop, where the air within the building is reused after it has been properly filtered, instead of bringing outside air in... positive pressurization and ventilation should also be implemented to control contamination

Vibration Sensors

Volumetric system implemented to detect forced entry

Photoelectric (photometric) System

Volumetric system that detects a change in a light beam; the beams by the photoelectric cell can be cross-sectional (one area can have several different light beams extending across it, usually using hidden mirrorsto bounce the beam) and can be invisible or visible beams

Proximity (Capacitance) Detector

Volumetric system that emits a measurable magnetic field... the detector monitors this magnetic fieldandan alarm sounds if the field is disrupted... it's usually used to protect specific objects (artwork, cabinets, or a safe)... it is veeeerrrrry hard to fool because itmonitors changes in subatomic particles

Passive Infrared System (PIR)

Volumetric system that identifies the changes of heat waves in an area it is configured to monitor

Wave-Pattern Motion Detectors

Volumetric system that monitors microwave, ultrasonic, and low frequency waves by generating a wave pattern to be sent over a sensitive area and reflected back to a receiver... if the wave comes back altered, an alarm sounds

Acoustical Detection System

Volumetric system that uses microphones installed on floors, walls, or ceilings to detect any sound made during a forced entry (very sensitive and not good for areas open to storm sounds or traffic)

Thermal Relocking

When a certain temperature is met (possibly from drilling), an extra lock is implemented to ensure the valuables are properly protected

Brownout

When power companies are experiencing high demand, they frequently reduce the voltage in an electrical grid, which is referred to as a brownout. Constant voltage transformers can be used to regulate this fluctuation of power. They can use different ranges of voltage and only release the expected 120 volts of AC to devices

Passive Relocking

When someone attempts to tamper with the safe, a safe can detect it, in which case extra internal bolts will fall into place to ensure it cannot be compromised

What is a Physical Security Program?

a collection of controls that are implemented and maintained to provide the protection levels necessary to be in compliance with the Physical Security Policy (ex on page 415)

Electronic Access Control (EAC) Tokens

a generic term used to describe proximity authentication devices, such as proximity readers, programmable locks, or biometric systems, which identify and authenticate users before allowing them entrance into physically controlled areas

Charged Coupled Devices (CCDs)

a light-sensitive chip that most CCTV cameras use that receives input light and converts it into an electronic signal, which is then displayed on the monitor... it gives you a lot of detail and precision because it has sensors that work in the infrared range

Surge

a prolonged rise in voltage from a power source; surges can cause a lot of damage very quickly; a surge is one of the most common power problems and is controlled with surge protectors; they can come from a strong lightning strike, a power plant going online or offline, a shift in the commercial utility power grid, and electrical equipment within a business starting and stopping

Manual Iris Lenses

a ring around the CCTV lens can be manually turned and controlled to control the amount of light that enters the lens (used for areas with fixed lighting)

Transient Noise

a short duration of power line disruption

Mantrap

a small room with two doors... the first door is locked, a person is identified and authenticated (by a security guard, biometric system, smart card reader, etc)... once the person is authenticated and access is authorized, the first door opens and allows the person into the mantrap... the first door locks and the person is trapped... the person must be authenticated again before the second door unlocks and allows him into the facility

Lock Bumping

a tactic that intruders can use to force the pins in a tumbler lock to their open position by using a special key called a bump key... the stronger the material that makes up the lock, the smaller the chance that this type of lock attack would be successful

Where should you provide lighting?

all areas where individuals may walk... it is important that lumination coverage overlaps

Continuous Lighting

an array of lights that provides an even amount of illumination across an area

How can an attacker avoid picking tricks and just brute force a locked door?

an attacker can drill the lock, use bolt cutters, attempt to break through the doors or the doorframe, or remove the hinges

What is the most likely reason that a fire would start in a computer room?

an electrical fire caused by overheating of wire insulation or by overheating components that ignite surrounding plastics... prolonged smoke normally occurs before combustion, so you will notice it

What percentage of humidity should you keep computer areas at?

between 40% and 60%

What temperature in Fahrenheit should computer areas be kept at?

between 70 and 74 degrees

Annunciator System

can "listen" for noise and activate electrical devices, such as lights, sirens, or CCTV cameras, or detect movement... the guard can carry out other activities and be alerted by an annunciator if movement is detected on a screen

What are padlocks used on?

chained fences

Territorial Reinforcement

creates physical designs that emphasize or extend the company's physical sphere of influence so legitimate users feel a sense of ownership of that space (ex: use of walls, fences, landscaping, light fixtures, flags, clearly marked addresses, and decorative sidewalks) the goal is to create a sense of a dedicated community where workers feel proud of their environment, have a sense of belonging, and have a impulse to defend if necessary

Uninterruptable Power Supply (UPS)

devices that use battery packs to pick up the load of power failures for other devices that require continuous electricity

What are preset locks used on?

doors

What are programmable locks used on?

doors or vaults

Solid-Core doors

doors that are made up of various materials to provide different fire ratings and protection from forced entry

Hollow-Core doors

doors that are usually used internally because they can be easily penetrated by kicking or cutting them

What are potential entry points for an attacker?

doors, windows, roof access, fire escapes, chimneys, service delivery access points

Electromagnetic Interference (EMI)

electromagnetic disturbance in a line caused by the difference between the hot, neutral, and ground wires and the magnetic field they create

Which electricity-providing system sustains power for longer: UPSs or generators?

generators

AC (Alternating Current) Power

good for transmitting long distances with little loss of power; the flow of charge periodically changes directions; it is used almost entirely now

What is the best preventative measures against Piggybacking?

have security guards at access points and educate employees about good security practices

Lux

illumination strength metric (it is most effectively measured where the light source is implemented

Where should physical access control be placed?

in between security zones and at all facility entrances and exits

What does a multiplexer do for a CCTV system?

it allows you to monitor several different areas at one time... you can place video feed from from all the cameras onto the central monitor

What does an Iris do for a CCTV lens?

it controls the amount of light that enters the lens

What is a Tumbler Lock and what features does it have?

it has more pieces and parts than a ward lock; the key fits into a cylinder, which raises the lock metal pieces to the correct height so the bolt can slide to the locked or unlocked position... once all the metal pieces are at the correct level, the internal bolt can be turned

What is a Warded Lock and what features does it have?

it has wards in it (metal projections around the keyhole); the correct key has notches in it that fit in these projections and a notch to slide the bolt back and forth; they are the cheapest locks and they are the easiest to pick

What is Heavy timber construction material and what is it used for?

it is commonly used for office buildings. it must be at least four inches in thickness of dense wood with metal bolts and plates fastened to it (1 hour fire survival rate)

What are advantages and disadvantages to having security guards or patrol forces?

it is more flexible than other security mechanisms, provides good response to suspicious activites, and works as a great deterrent... they can be costly though; they can also be tricked using social engineering; they should have clear and decisive tasks they are expected to fulfill and should also have the training to do them

What is Incombustible material and what is it used for?

it is something like steel that provides a high level of fire protection, but it loses its strength under extreme temperatures

What does a PTZ camera do?

it pans, tilts, and zooms

What is Light frame construction material and what is it used for?

it provides the least amount of protection against fire and forcible entry attempts; it is composed of untreated lumber that would be combustible during a fire (30 minute fire survival rate); it is usually used to build homes, primarily because it is cheap, but also because homes typically are not under the same types of fire and instrusion threats that office buildings are

What is a Class D fire and what do you use to combat it?

it's made by combustible metals like magnesium, sodium, or potassium... use dry powder to kill it

What is a Class C fire and what do you use to combat it?

it's made by electricity like electrical equipment and wires... use gas, CO2, or dry powders to kill it

What is a Ground Connector?

it's the big prong on an outlet power cable that is supposed to act as a conduit for any excess current to ensure that people and devices are not negatively affected by a spike in electrical current... in the wiring of the building, the Ground Connector is physically connected to the ground

Standby Lighting

lighting that is present during off times... the security personnel can configure the times that different lights turn on and off, so potential intruders think different areas of the facility are populated

What is very important when it comes to perimeter security with regards to keys or authentication?

make sure each level of security comes with its own unique key or authentication combination

Spike

momentary high voltage

Volumetric Systems

more sensitive than standard electromechanical systems (magnetic switches, metallic foil in windows, pressure mats) because they detect changes in subtle environmental characteristics, such as vibration, microwaves, ultrasonic frequencies, infrared values, and photoelectric changes

What is a Pin Tumbler Lock and what features does it have?

most commonly used tumbler lock; the key has to have just the right grooves to put all the spring-loaded pins in the right position so the lock can be locked or unlocked

What are the different modes you should have for a perimeter security defense model?

one mode for normal daytime facility operations and another for nighttime, when the facility is closed

Master Key

opens all the locks within the facility

Submaster Key

opens one or more locks in the facility

What is Activity Support?

planning activities for the areas to be protected (ex: if you want to protect a nieghborhood, make neighborhood watch groups, company barbeques, block parties or civic meetings. Activity Support is encouraged by CPTED because increased activity will hopefully keep the bad guys from milling around doing things the community does not welcome

How often should fire extinguishers be inspected?

quarterly

What are manual fire detection response systems?

red pull boxes that are on building walls

How does focal length affect the viewing angle that can be achieved on a CCTV camera?

short focal length lenses provide wider-angle views, while long focal length lenses provide a narrower view

Bollards

short posts commonly used to prevent vehicular access and to protect a building or people walking on a sidewalk from vehicles; they can also be used to direct foot traffic

Bollards

small concrete pillars outside a building to prevent people from driving a vehicle through the exterior wall

What is a Wafer Tumbler Lock and what features does it have?

small round locks you normally see on file cabinets; they use flat disks (wafers) instead of pins inside the locks... these locks are easily circumvented

Smart Locks

sophisticated cipher locks that permit specific codes to be assigned to unique individuals... it provides more accountability

Standby UPS System

stays inactive until a power line fails; has sensors that detect a power failure, and the load is switched to the battery pack... this switch causes a small delay in electricity being provided (cheaper than Online UPS)

Rebar

steel rods encased in concrete

Responsive Area Illumination

takes place when an IDS detects suspicious activites and turns on the lights within a specific area... it might be a good idea to have a CCTV camera there to check on false alarms

What organization creates the standards for rating different building components in terms of their fire resistance?

the American Society for Testing and Materials (ASTM)

What is Fire-resistant material and what is it used for?

the construction material is fire-retardant and has steel rods encased inside of concrete walls and support beams... this provides the most protection against fire and forced entry attempts. It is used for government organizations that may be under threat by domestic and foreign terrorists

Real Loss

the cost to replace stolen items, the negative effect on productivity, the negative effect on reputation and customer confidence, fees for consultants that may need to be brough in, and the cost to restore lost data and production levels

Panic Bar

the crossbars that release an internal lock to allow a locked door to open... they can be used on regular entry doors and on emergency exit doors

What is important about the time it takes to break a lock?

the delay time provided by the lock should match the penetration resistance of the surrounding components (door, door frame, hinges)... a smart thief takes the path of least resistance

What does a door configured to be Fail-Secure do when a power disruption occurs?

the door defaults to being locked

What does a door configured to be Fail-Safe do when a power disruption occurs?

the door defaults to being unlocked... its goal is to protect people

Natural Access Control

the guidance of people entering and leaving a space by the placement of doors, fences, lighting, and even landscaping

Depth of Field

the portion of the environment that is in focus when shown on the monitor... it varies based on the size of the lens opening, the distance of the object being focused on, and the focal length of the lens

Clean Power

the power supply contains no interference or voltage fluctuation

Natural Surveillance

the use and placement of physical environment features, personnel walkways, and activity areas in ways that maximize visibility; the goal is to make criminals feel uncomfortable by providing many ways observers could potentially see them and to make all other people feel safe and comfortable, by providing an open and well-designed environment

User-Activated Readers

the user has to do something like swipe a card or enter a PIN

What do companies do to automatically call the local fire station when a fire is detected?

there's an automatic dialup with a prerecorded message that goes off when the fire detection systems detect fire

What is a Cipher Lock and what features does it have?

these are keyless locks that use keypads to control access into an area or facility; the lock requires a specific combination to be entered into the keypad and possibly a swipe card; they cost more, but combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time

What is a Combination Lock and what features does it have?

these locks require the correct combination of numbers to unlock them; they have internal wheels that have to line up properly before being unlocked; a user spins the lock interface left and right by so many clicks, which lines up the internal wheels. once the correct turns have taken place, all the wheels are in the right position for the lock to release and open the door... the more wheels within the locks, the more protection provided

How are Bulletproof doors designed?

they are constructed in a manner that involves sandwiching bullet-resistant and bulletproof material between wood or steel veneers

What do Voltage Regulators and Line Conditioners do?

they can be used to ensure a clean and smooth distribution of power... the primary power runs through a regulator or conditioner. They have the capability to absorb extra current if there is a spike, and to store energy to add current to the line if there is a sag (so they are like rechargeable batteries)

How do heat-activated fire detectors work?

they detect rate-of-rise or they sound off when a certain temperature is reached

What are Internal Partitions used for?

they're used to create barriers between one area and another, but they shouldn't be used for security

Raking

to circumvent a pin tumbler lock, a lock pick is pushed to the back of the lock and quickly slid out while providing upward pressure... this movement makes many of the pins fall into place... a tension wrench is then used to hold the pins that are in the right place

What humidity factors do you have to consider with a data center?

too high a humidity can cause corrosion of the computer parts and it can cause particles of silver to move away from connectors onto copper circuts, cementing the connectors into their sockets (and reducing electrical efficiency); too low a humidity can allow for static electricity, and a shock from your finger can release several thousand volts... which can cause damage to internal computer components

What temperature factors do you have to consider with a data center?

too high a temperature can cause components to overheat and turn off; too low a temperature can cause the components to work more slowly

What are the two main types of locks that are available?

tumbler locks and warded locks

What can you do to limit the amount of RFI on power and data lines?

use shielded cable or avoid running power and data lines over, or on top of the fluorescent lights

DC (Direct Current) Power

used in batteries or solar panels; flow of charge goes one way

Auto Iris Lens

used in environments where the light changes (outdoors)... as the environment brightens, this is sensed by the iris, which automatically adjusts itself

Online UPS System

uses AC line voltage to charge a bank of batteries; when in use, the UPS has an inverter that changes the DC output from the batteries into the required AC form and that regulates the voltage as it powers computer devices; this system has the normal primary power passing through it day in and day out... it constantly provides power from its own inverters, even when the electric power is in proper use... so it is able to quickly detect when a power failure takes place and pick up the load (costs more than Standby UPS)

Surge Protector

uses a device called a metal oxide varistor, which moves the excess voltage to ground when a surge occurs; most computers have built-in surge protectors in their power supplies, but they cannot protect against damage from surges resulting from storms

Positive Drains

water, steam, and gas lines that make the contents flow out instead of in

In-Rush Current

when a large amount of current is drawn into an electrical device that is just turned on... if the device sucks up enough current, it can cause a sag in the available power for surrounding devices

Positive Pressurization

when an employee opens a door, the air goes out, and outside air does not come in

Piggybacking

when an individual gains unauthorized access by using someone else's legitimate credentials or access rights (usually an individual just follows another person closely through a door without providing any credentials

Glare Protection

when lighting is installed, it should be directed toward areas where potential intruders would most likely be coming from and away from the security force posts (always direct light from your security perimeter outward)

Blackout

when the voltage drops to zero... this can be caused by a car taking out a power line, storms, or failure to pay the power bill... it can last for seconds or days. This is when a backup power source is required for business continuity

If not using a zoom lense, what do you need to do if you need a wider or narrower field of view?

you have to actually change the lens