In the second part of this post I am going to point out a top ten list of ideas and concepts that should be used to ensure the safety and security of your environment. Remember that we aren’t just concerned with strangers or outsiders perpetrating crimes against our organization we must also be vigilant about how we keep our own employees from turning against us. (get part 1 here)
Top Ten Interior Physical Security Measures
- Funneling People – Entry ways should funnel people. If you walk into a building you should be directed a single point of authorization. This means no open doors, offices or hallways. Any access into or out of the building at this point should be locked.
- Receptionists – Use a receptionist or security guard. The physical presence of someone greeting you upon entry establishes control.
- Limit Network Access – Remove all network jacks, computers, and networking equipment. If the security guard or receptionist uses a computer is should be behind the desk with no physical access to it from visitors. Network jacks should
not be present at all. It will only take one time that you forget to disable it. The easiest method is to eliminate it.
- Clear the Area – The lobby areas should be free and the furniture should be minimal and simple. Lobbies are for people waiting brief periods to be seen.
- Logs – Use a sign in book. The receptionist or guard should check a picture ID before assigning a visitor pass over to a person. No one should ever be granted access without an escort.
- Visitor Badges – Badges should expire. And be clearly displayed. It should be easy for an employee to quickly identify a visitor. The easiest way to do this is with a brightly colored visitor badge. Although I personally dislike wearing badges around my neck that is exactly where a visitor should wear it, if a visitor badge has a clip most males will attach it to a belt loop.
Just eliminate that option all together and place visitor badges on a string or lanyard to be worn around the neck.
- Employee Badges – Employees should have badges as well and should have a picture of them on it. Too often employee badges, if present, only have a name. Also the idea of not having employee badges and only having visitor badges is a mistake. This uses the idea that everyone without a badge is an employee. So a visitor could throw their badge away and then be accepted as an employee.
- CCTV – Again the use of a visible CCTV system should be used. As we move on to the heart of operations just as we would use VLANS and ACLS within our LAN we should use restrictions within the environment.
- Segment Access – Areas with sensitive data should be locked at all times and only those employees that need access be granted keys. These areas should have sign in logs as well.
- Server Access – Server rooms should be kept in the center of a building with no windows. Exterior walls of the server room should carry all the way from the floor to the true ceiling and never stop short at drop ceilings. Entry and exit should be scrutinized and logged and should have some type of CCTV monitoring.
Although this is not by any means an exhaustive physical security plan it is one that as IT professionals we should work on and develop. Physical security is becoming more and more IP enabled. That means that we are going to become more and more
involved in the physical security planning and architecting of our environment. I intentionally avoided a fair amount of physically securing computers and network equipment as I am going to post an entire blog entry just on that premise in the near
Be Sociable, Share!