Page 713 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 713

intrusion. Specific controlled points along that fence or wall should

                  be points for entry or exit. These should have gates, turnstiles, or
                  mantraps all monitored by CCTV and security guards. Also
                  bollards can be used to prevent ramming of access points with
                  vehicles. Identification and authentication should be required at all
                  entry points before entrance is granted.

                  Within the facility, areas of different sensitivity or confidentiality
                  levels should be distinctly separated and compartmentalized. This

                  is especially true for public areas and areas accessible to visitors.
                  An additional identification/authentication process to validate the
                  need to enter should be required when anyone moves from one
                  area to another. The most sensitive resources and systems should
                  be isolated from all but the most privileged personnel and located
                  at the center or core of the facility.




               Internal Security Controls


               If a facility employs restricted areas to control physical security, a
               mechanism to handle visitors is required. Often an escort is assigned
               to visitors, and their access and activities are monitored closely.
               Failing to track the actions of outsiders when they are allowed into a
               protected area can result in malicious activity against the most
               protected assets. Visitor control can also benefit from the use of keys,
               combination locks, badges, motion detectors, intrusion alarms, and

               more.


               Keys and Combination Locks

               Locks keep closed doors closed. They are designed and deployed to
               prevent access to everyone without proper authorization. A lock is a
               crude form of an identification and authorization mechanism. If you
               possess the correct key or combination, you are considered authorized
               and permitted entry. Key-based locks are the most common and
               inexpensive forms of physical access control devices. These are often

               known as preset locks. These types of locks are subject to picking,
               which is often categorized under a class of lock mechanism attacks
               called shimming.
   708   709   710   711   712   713   714   715   716   717   718