8.7.1. Perimeter and Internal Physical Controls
💡 First Principle: Physical security operates in concentric rings — the outermost perimeter provides the most warning time; the innermost protected zone (data center floor, server cage) requires the strongest controls because it is closest to the highest-value assets. Controls at each ring must assume the outer ring can be breached and provide independent protection.
Physical security control categories:
| Category | Examples | Function |
|---|---|---|
| Deterrence | Security cameras (visible), guards, warning signs, fencing | Discourage attacks before they occur |
| Detection | Motion sensors, door contact alarms, CCTV recording, glass break detectors | Identify intrusion in progress |
| Delay | Reinforced doors, mantrap/airlock, multiple authentication layers | Slow attacker; create response time |
| Response | Guards, law enforcement, lockdown procedures | React to detected intrusion |
Perimeter controls (outermost ring):
- Fencing: 3–4 feet deters casual trespassing; 6–7 feet with barbed wire deters determined intruders; 8+ feet with razor wire indicates high-security facility. Fencing alone is delay and deterrence — it must be paired with detection (cameras, motion sensors) and response (guards).
- Lighting: Minimum 2 foot-candles at perimeter, 8 foot-candles at entry points. Continuous lighting is standard; standby lighting activates on alarm; responsive lighting activates on motion detection. Well-lit areas deter and enable camera capture.
- Bollards: Physical barriers preventing vehicle-borne attacks against building entrances. Increasingly common for critical infrastructure and government facilities.
Internal controls (inner rings):
- Badge access systems: Each badge is associated with permissions defining which doors can be accessed at which times. Logs every access attempt (successful and failed).
- Badge access reviews: Periodic review of which employees have access to which areas — analogous to logical access reviews. Identify departed employees with active badges, over-provisioned access.
- Visitor management: All visitors should be escorted, badged, and logged. Visitor badges should be visually distinct and expire.
- Mantraps/airlocks: Two-door entry requiring authentication at each door; prevents tailgating because the second door will not open until the first is secure.
Physical security monitoring:
- CCTV (Closed Circuit TV): Covers all entry/exit points, server room floors, parking areas. Digital video recorders must be in secured locations — an attacker who can access the DVR can delete footage.
- Security guard patrols: Random, documented patrols — predictable schedules can be exploited. Guards should use patrol logging systems (electronic wand checkpoints) to create audit trails.
- Environmental monitoring: Temperature, humidity, water leak, and power anomaly sensors in data centers — environmental failures can be more destructive than physical intrusion.
⚠️ Exam Trap: A common physical security exam scenario involves an employee who holds the door open for someone who doesn't badge in ("tailgating" or "piggybacking"). This is a social engineering attack that bypasses all electronic access controls. The correct response from the observing employee is to politely challenge the person and require them to use their own credential. Security culture — where employees feel empowered to challenge unknown individuals — is as important as technical controls.
Reflection Question: A security camera review after a data breach reveals that an unknown individual entered the data center by tailgating behind an authorized employee on three separate occasions over two weeks. The authorized employee claims they didn't notice. What physical security control failures does this reveal, what technical control would have detected or prevented the tailgating, and what cultural control must also be addressed?
