2.2.5. Physical Security Controls

💡 First Principle: Physical security is the layer all other security rests on. The most sophisticated encryption is worthless if an attacker can physically walk out with your server.

Barrier controls: Bollards prevent vehicle ramming attacks. Access control vestibules (mantraps) prevent tailgating by allowing only one person through at a time — a second door won't open until the first closes. Fencing defines perimeters with escalating security (chain-link deters casually; razor wire deters determinedly).

Monitoring controls: Video surveillance provides both detective and deterrent functions. Security guards provide human judgment that automated systems lack — recognizing suspicious behavior that doesn't trigger electronic alarms.

Access controls: Access badges (proximity cards, smart cards) authenticate at physical entry points. Biometric readers (fingerprint, retinal scan) add a second factor for high-security areas. Lighting is one of the cheapest and most effective deterrents — attackers prefer darkness. Two-person integrity (dual control) requires two authorized individuals to access critical areas simultaneously, preventing a single insider from acting alone.

Environmental controls protect against non-human threats: fire suppression (clean agent systems like FM-200 protect electronics; wet pipe sprinklers are cheaper but damage equipment), HVAC systems maintain temperature and humidity (overheating causes hardware failure; excess humidity causes condensation), and hot/cold aisle containment in data centers improves cooling efficiency.

Sensors detect unauthorized activity through different technologies:

⚠️ Exam Trap: Know sensor types and their detection methods. The exam may describe a scenario (detect intruders through walls, in darkness, on a rooftop) and ask which sensor is most appropriate.