Locks
A door lock controls entry and exit through portals without needing a guard.
- Preventative physical controls are ones that stop an intruder from gaining unauthorized access.
- entry points can be controlled by an electronic lock
- has risk of tailgating and piggybacking
Types
Key-operated Lock
- A conventional lock prevents the door handle from being operated without the use of a key
- aka preset locks
- use physical keys
- lock is preset to open for the correct key
Cipher Lock
- Cipher locks require the user to enter the correct combination
- have a physical or electronic keypad
Electronic Lock
- Lock is operated by entering a PIN on an electronic keypad
Badge Reader
Badge reader is an authentication mechanism that allows a user to present a smartcard to operate an entry system.
- Badge/card reader
- ID badge shows name and access level
- kinds:
- physical stripe card
- uses a magnetic stripe
- proximity card
- uses an electromagnetic coil inside
- smart card
- Smart badge has an integrated chip and data interface
- stores user’s key pair and digital certificate
- user presents card and enters PIN
- card uses cryptographic keys to authenticate via badge reader
- Smart badge can be either:
- contact based
- it must be physically inserted into a reader
- contactless
- data is transferred using a tiny antenna embedded in the card
- contact based
- ISO has various ID card standards for interoperability
- ISO 7816 for contact
- ISO 14443 for contactless
- Smart badge has an integrated chip and data interface
- physical stripe card
Biometric Locks
- electronic lock that contains biometric scanner
- activated by human physical feature
- e.g., fingerprint, retina scan, voice pattern
- each biometric is recorded as a template and stored on an authentication server
- to gain access, the scan is compared to the template scan
Types
-
Fingerprint reader
- implemented as a small capacitive cell that can detect the unique pattern of ridges making up the fingerprint
- nonintrusive and simple to use
- moisture and dirt can prevent readings
- hygiene issues at shared gateways
-
Palmprint scanner
- is a contactless type of biometric camera-based scanner uses visible and/or infrared light to record and validate the unique pattern of veins and other features in a person’s hand.
- user must make an intentional gesture to authenticate
-
Retina scanner
- Biometric scanner based on analysis of the unique pattern of blood vessels at the back of the eye
- An infrared light is shone into the eye to identify the pattern of blood vessels
- arrangement of these blood vessels is highly complex and typically does not change from birth to death
- except in the event of certain diseases or injuries
- one of the most accurate forms of biometrics
- Retinal patterns are very secure
- equipment required is expensive
- process is relatively intrusive and complex
- False negatives can be produced by diseases such as cataracts
Equipment Locks
An equipment lock is a physical security device that restricts access to ports and internal components to key holders.
- prevent unauthorized physical access to servers and network appliances or prevent theft
- types:
- Kensington locks
- used with a cable tie to secure a laptop or other device to a desk or pillar and prevent its theft
- Chassis locks and faceplates
- prevent the covers of server equipment from being opened
- Rack system locks
- Lockable rack cabinets control access to servers, switches, and routers installed in standard network racks
- protects against
- insider attacks
- attacks that have broken through perimeter security mechanisms
- can have
- key-operated locks
- electronic locks
- can use individual lockable brackets and drawers to protect individual equipment in a rack
- some datacenters contain equipment from multiple companies
- so racks can be installed inside cages to protect physical access
- Kensington locks