so on. The goal of such an alarm is to make further intrusion or attack more difficult. Alarms that trigger repellants usually sound an audio siren or bell and turn on lights. These kinds of alarms are used to discourage the intruder or attacker from continuing their malicious or tres- passing activities and get them to leave the premises. Alarms that trigger notification are often silent from the perspective of an intruderattacker, but they record data about the incident and notify administrators, security guards, and law enforcement. The recording of an incident can take the form of log files andor CCTV tapes. The purpose of a silent alarm is to bring autho- rized security personnel to the location of the intrusion or attack in hopes of catching the person committing the unwanted acts. Local alarm systems must broadcast an audible alarm signal that can be easily heard up to 400 feet away. Additionally, they must be protected, usually by security guards, from tampering and disablement. For a local alarm system to be effective, there must be a security team or guards positioned nearby who can respond when the alarm is triggered. A centralized alarm sys- tem may not have a local alarm; a remote or centralized monitoring station is signaled when the alarm is triggered. Auxiliary alarm systems can be added to either local or centralized alarm sys- tems. The purpose of an auxiliary alarm system is to notify local police or fire services when an alarm is triggered. Secondary Verification Mechanisms When motion detectors, sensors, and alarms are used, secondary verification mechanisms should be in place. As the sensitivity of these devices is increased, a false trigger will occur more often. Innocuous events such as the presence of animals, birds, bugs, and authorized personnel can trigger false alarms. Deploying two or more detection and sensor systems and requiring two or more triggers in quick succession to occur before an alarm is triggered may significantly reduce false alarms and increase the certainty of sensing actual intrusions or attacks. CCTV closed-circuit television via security cameras is a security mechanism related to motion detectors, sensors, and alarms. However, CCTV is not an automated detection-and- response system. CCTV requires personnel to watch the captured video to detect suspicious and malicious activities and to trigger alarms. Security cameras can expand the effective visible range of a security guard, therefore increasing the scope of his oversight. In many cases, CCTV is not used as a primary detection tool due to the high cost of paying a person to sit and watch the video screens. Instead, it is used as a secondary or follow-up mechanism that is reviewed after a trigger by an automated system occurs. In fact, the same logic used on auditing and audit trails is used for CCTV and recorded events. A CCTV is a preventative measure, while review- ing recorded events is a detective measure. Technical Controls The technical controls most often found employed as an access control mechanism to manage physical access include smartdumb cards and biometrics. In addition to access control, physical security mechanisms include audit trails, access logs, and intrusion detection systems IDSs. Smart Cards Smart cards are credit-card-sized IDs, badges, or security passes that have a magnetic strip, bar code, or integrated circuit chip embedded in them. They can contain information about the authorized bearer that can be used for identification andor authentication purposes. Some smart cards are even capable of processing information or can be used to store reasonable amounts of data in a memory chip. A smart card can be referred to by several phrases or terms: An identity token containing integrated circuits ICs A processor IC card An IC card with an ISO 7816 interface Smart cards are often viewed as a complete security solution, but they should not be consid- ered a complete solution. As with any single security mechanism, such a solution has weakness and vulnerabilities. Smart cards can be subjected to physical attacks, logical attacks, Trojan horse attacks, and social engineering attacks. Memory cards are machine-readable ID cards with a magnetic strip. Like a credit card, debit card, or ATM card, memory cards are capable of retaining a small amount of data but are unable to process data like a smart card. Memory cards often function as a type of two-factor control in that they usually require that the user have physical possession of the card Type 2 factor as well as know the PIN code for the card Type 1 factor. However, memory cards are easy to copy or duplicate and are considered insufficient for authentication purposes in a secure environment. Dumb cards are human-readable card IDs that usually have a photo and written information about the authorized bearer. Dumb cards are for use in environments in which automated con- trols are infeasible or unavailable but security guards are practical. Proximity Readers In addition to smart and dumb cards, proximity readers can be used to control physical access. A proximity reader can be a passive device, a field-powered device, or a transponder. The prox- imity device is worn or held by the authorized bearer. When they pass a proximity reader, the reader is able to determine who the bearer is and whether they have authorized access. A passive device reflects or otherwise alters the electromagnetic field generated by the reader. This alter- ation is detected by the reader. The passive device has no active electronics; it is just a small mag- net with specific properties like the antitheft devices commonly found on DVDs. A field- powered device has electronics that are activated when it enters the electromagnetic field gen- erated by the reader. Such devices actually generate electricity from the EM field to power them- selves like card readers that only require that the access card be waved within inches of the reader to unlock doors. A transponder device is self-powered and transmits a signal received by the reader. This can occur consistently or only at the press of a button like a toll road pass or a garage door opener. In addition to smartdumb cards and proximity readers, physical access can be managed with biometric access control devices. See Chapter 1, “Accountability and Access Control,” for a description of biometric devices.