Access Abuses No matter what form of physical access control is used, a security guard or other monitoring system must be deployed to prevent abuse, masquerading, and piggybacking. Examples of abuses of physical access controls are propping open secured doors and bypassing locks or access controls. Masquerading is using someone else’s security ID to gain entry into a facility. Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally. Audit trails and access logs are useful tools even for physical access control. They may need to be created manually by security guards. Or they can be generated automatically if sufficient automated access control mechanisms such as smart cards and certain proximity readers are in place. The time a subject requests entry, the result of the authentication process, and the length of time the secured gate remains open are important elements to include in audit trails and access logs. In addition to the electronic or paper trail, you should consider monitoring entry points with CCTV. CCTV enables you to compare the audit trails and access logs with a visually recorded history of the events. Such information is critical for reconstructing the events of an intrusion, breach, or attack. Intrusion Detection Systems Intrusion detection systems are systems—automated or manual—that are designed to detect the attempted intrusion, breach, or attack of an authorized individual; the use of an unauthorized entry point; or the committal of the event at an unauthorized or abnormal time. Intrusion detec- tion systems used to monitor physical activity may include security guards, automated access con- trols, and motion detectors, as well as other specialty monitoring techniques. Physical intrusion detection systems, also called burglar alarms, detect unauthorized activities and notify the author- ities internal security or external law enforcement. Physical intrusion detection systems can mon- itor for vibrations, movement, temperature changes, sound, changes in electromagnetic fields, and much more. The most common type of system uses a simple circuit a.k.a. dry contact switches comprising foil tape in entrance points to detect when a door or window has been opened. An intrusion detection mechanism is useful only if it is connected to an intrusion alarm. An intrusion alarm notifies authorities about a breach of physical security. There are four types of alarms: Local alarm system An alarm sounds locally and can be heard up to 400 feet away. Central station system The alarm is silent locally, but offsite monitoring agents are notified so they can respond to the security breach. Most residential security systems are of this type. Most central station systems are well-known or national security companies, such as Brinks and ADT. Proprietary system This is the same thing as a central station system; however, the host orga- nization has its own onsite security staff waiting to respond to security breaches. Auxiliary station When the security perimeter is breached, emergency services are notified to respond to the incident and arrive at the location. This could include fire, police, and medical services. Two or more of these types of intrusion and alarm systems can be incorporated in a single solution. However, there are two aspects of any intrusion detection and alarm system that can cause it to fail: how it gets its power and how it communicates. If the system loses power, it will not function. Thus, a reliable detection and alarm system has a battery backup with enough stored power for 24 hours of operation. If the communication lines are cut, the alarm may not function and security personnel and emergency services will not be notified. Thus, a reliable detection and alarm system has a heartbeat sensor for line supervision. A heartbeat sensor is a mechanism by which the communication pathway is either constantly or periodically checked with a test signal. If the receiving station ever detects a failed heartbeat signal, the alarm is trig- gered automatically. Both of these measures are designed to prevent an intruder from circum- venting the detection and alarm system. Emanation Security Many electrical devices emanate electrical signals or radiation that can be intercepted by unau- thorized individuals. These signals may contain confidential, sensitive, or private data. Obvious examples of emanation devices are wireless networking equipment and mobile phones, but there are many other devices that that are vulnerable to interception. Some possible examples could be monitors, modems, and internal and external media drives hard drives, floppy drives, CDs, etc.. With the right equipment, unauthorized users could intercept the electromagnetic or radio frequency signals collectively known as emanations and extract confidential data. TEMPEST Clearly, if a device is sending out a signal that can be intercepted by someone outside of your orga- nization, a security precaution is needed. The types of countermeasures and safeguards used to pro- tect against emanation attacks are known as Transient Electromagnetic Pulse Equipment Shielding Techniques TEMPEST devices. TEMPEST was originally a government research study aimed at protecting electronic equipment from damage from the electromagnetic pulse EMP from nuclear explosions. It has since expanded to a general study of monitoring emanations and preventing ema- nation interception. Thus TEMPEST is now a formal name referencing a broad category of activities rather than an acronym for a specific purpose. TEMPEST Countermeasures Some TEMPEST countermeasures are Faraday cages, white noise, and control zones. A Faraday cage is a box, mobile room, or entire building that is designed with an external metal skin, often a wire mesh, that fully surrounds an area on all six sides i.e., front, back, left, right, top, and bottom. This metal skin is slightly electrified to produce a capacitor-like effect hence the name Faraday that prevents all electromagnetic signals emanations from exiting or entering the area enclosed by the Faraday cage. Faraday cages are very effective in blocking EM signals. In fact, inside of an active Faraday cage, mobile phones do not work and neither can you pick up broadcast radio or television stations. White noise is simply the broadcasting of false traffic at all times to mask and hide the pres- ence of real emanations. White noise can consist of a real signal of another source that is not