Monday, August 14, 2006

Creating Good Physical Security

Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts.

The field of security engineering has identified three elements to physical security:

obstacles, to frustrate trivial attackers and delay serious ones;

alarms, security lighting, security guard patrols or closed-circuit television cameras, to make it likely that attacks will be noticed;

and security response, to repel, catch or frustrate attackers when an attack is detected.

In a well designed system, these features must complement each other. For example, the response force must be able to arrive on site in less time than it is expected that the attacker will require to breach the barriers; and persuading them that the likely costs of attack exceed the value of making the attack.

For example, ATMs (cash dispensers) are protected, not by making them invulnerable, but by spoiling the money inside when they are attacked. Attackers quickly learned that it was futile to steal or break into an ATM if all they got was worthless money covered in dye.

Conversely, safes are rated in terms of the time in minutes which a skilled, well equipped safe-breaker is expected to require to open the safe. (These ratings are developed by highly skilled safe breakers employed by insurance agencies, such as Underwriters Laboratories.) In a properly designed system, either the time between inspections by a patrolling guard should be less than that time, or an alarm response force should be able to reach it in less than that time.

Hiding the resources, or hiding the fact that resources are valuable, is also often a good idea as it will reduce the exposure to opponents and will cause further delays during an attack, but should not be relied upon as a principal means of ensuring security.

1 comment:

Anonymous said...

This is an utterly cheap copy of the wikipedia page:

And a piece of spam junk.