3.2 Summarize physical security concepts.
📘CompTIA Server+ (SK0-005)
1. Bollards
- What they are: Strong, short vertical posts placed around a building or parking area.
- Purpose in IT: Prevent vehicles from ramming into a data center or server facility, protecting both people and equipment.
- Example in IT: A data center might place bollards in front of main entrances to stop delivery trucks from accidentally or intentionally driving into sensitive areas.
2. Architectural Reinforcements
These are design choices in buildings to improve security:
a) Signal Blocking
- Uses materials in walls or enclosures to block wireless signals like Wi-Fi, Bluetooth, or RFID.
- Purpose: Prevent attackers from intercepting wireless communications or using remote devices to hack systems.
b) Reflective Glass
- Special glass that prevents people outside from seeing inside the data center.
- Purpose: Protects sensitive equipment from prying eyes, reducing visual reconnaissance risks.
c) Datacenter Camouflage
- Design techniques to make server rooms less obvious.
- Purpose: Reduces the likelihood of unauthorized targeting by hiding the facility’s true purpose.
3. Fencing
- Purpose: Physical barrier around the building or equipment area.
- Types: Chain-link fences, steel fences, or electrified fences in high-security environments.
- Use in IT: Server farms often have perimeter fencing to prevent intruders from approaching racks or cooling units.
4. Security Guards
- Role: Personnel who monitor and control access.
- Tasks: Verify identities, watch surveillance feeds, respond to alarms, and patrol the premises.
- Example in IT: Guards stationed at a corporate data center entrance check ID badges before anyone enters the server room.
5. Security Cameras (CCTV)
- Purpose: Record and monitor activity in and around IT facilities.
- Benefits:
- Deters unauthorized access.
- Provides evidence in case of security incidents.
- Helps monitor employee behavior in server rooms.
- IT Example: Cameras covering server racks and access points to detect tampering or accidental damage.
6. Locks
Locks are a primary way to control who can physically access IT equipment. Types include:
a) Biometric Locks
- Uses fingerprints, iris scans, or facial recognition.
- Purpose: Ensures only authorized personnel enter sensitive areas.
- Example: A server room requires fingerprint scanning for entry.
b) Radio Frequency Identification (RFID)
- Uses cards or fobs with embedded chips.
- Purpose: Access is controlled digitally; logs can track who entered and when.
- Example: Employees swipe RFID cards to access a network operations center.
c) Card Readers
- Similar to RFID, often part of a building’s access system.
- Can be magnetic stripe, smart cards, or keycards.
- Example: A card reader on a server closet door ensures only IT staff can enter.
7. Access Control Vestibules (Mantraps)
- What they are: Small rooms with two doors, one leading outside and one leading inside.
- How they work: Only one door can open at a time. The first door must close before the second opens.
- Purpose: Prevents tailgating (unauthorized person following an authorized person inside).
- Example: A high-security data center may use a mantrap to ensure only authenticated employees access the main server room.
8. Safes
- Purpose: Protect small, critical items such as backup tapes, encryption keys, or removable storage devices.
- Features: Fireproof, tamper-resistant, or even time-locked.
- Example: A data center stores weekly backup tapes in a fireproof safe to prevent loss from fire or theft.
✅ Key Takeaways for the Exam
- Physical access controls protect IT assets before an attacker can even reach the server.
- They include barriers (bollards, fencing), building designs (reinforcements, camouflage), people (guards), technology (locks, cameras, vestibules), and storage security (safes).
- Always think of layered security—using multiple methods together (e.g., fencing + cameras + card readers) makes a system much more secure.
