Internal Access Controls
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
2 hours 33 minutes
Hello, everyone. And welcome back to Sai Berries and user Physical Security. Course I'm your instructor. Corey holds ER, and this is less than 3.5 internal access controls.
I have three learning objectives for this lesson. First, we're going to discuss internal access controls.
Basically, what tools are available to us? Then we'll get into talking about sensitive and restricted access to those
really sensitive portions of the building.
And then we'll also talk about after our security.
So now we've gotten from the front gate all the way through the turnstiles, and security doesn't stop here. It's defense in depth, ladies and gentlemen.
So we're gonna look at tools like closed circuit TVs again, keeping eyes on watching who's coming and going will use electronic locks and will combine them with biometrics
as well as using for really sensitive materials. It might be safe volt doors to certain portions of the building, and I'll give you more detail as I get into the lesson.
So multi factor authentication is something we can use everywhere, but I'm touching on it here.
We have talked a lot about badging and swiping. That's great. That's something you have.
But to get things really secure to make sure that the person who's swiping that card is really the person who is supposed to be using it. We use second and third factors of authentication to make sure we are authenticating the right person.
It could be something, you know, like the pin code that you need for that pushpin lock on this on the slide.
It could be something you do. Handwriting analysis that's that's actually a bigger technology and has been improving recently
for accuracy because that's a big part of. And then the last thing is something you are, and that's biometrics. You see that a lot in the movies, whether it's an iris scan, a thumbprint, maybe it's your speech Patterns can also be something like that,
because each of us has a different timber in our voice.
a sensitive microphone can pick up those differences and identify you as being you versus someone else.
Now we get into sensitive and restricted areas. Now
most businesses aren't going to have these, with the exception of
possibly your finance department that deals with a lot of money or bank records and things like that.
outside of that the ones where you'll see this commonly is if you work for a contractor that has a government contract or you work at some level of local, state or federal government where
you're talking about there being information within that building that could cause the country great harm if it were to be leaked,
so these areas will will be
we'll have extra restrictions on top of whatever normal restrictions exist within your organization
getting into them you might have a man catcher. Now, what a man catcher is is basically, um,
a set up of two doors where neither both doors cannot be opened. At the same time, both could be closed. But
in order to actually get through the man catcher, you you basically get through the first door, wait for it to close, and then you have to give
authenticate yourself again, have the
other door open to let you continue on.
Uh, other things will be certain rules that will be set up, particularly things like no recording devices allowed. No cameras, no, no personal digital devices, no phones. They might not even let you have watch in there because that watch has a WiFi connection and someone could hijack that WiFi connection.
Uh, and use it to potentially listen in on conversations. Or maybe use it like use connecting to your phone and basically have your phone take pictures without you even realizing it.
So these are the reasons that we place higher
levels of authentication for those areas. You'll also use things like having everything put away locked in a safe or some kind of secure device, particularly when there is no one around and taking it out on Lee while it's being used and put away when it's once it's done.
Now I've said it before. I know we talked about it when we talked about exterior security.
Security doesn't stop work 9 to 5. It works 20 hassle work 24 7
So the security measures that we will look at for overnight or things like checklist sign in and sign out sheets, making sure that we're tracking who's coming into either the building or a certain part of the building at night when they come in and when they leave so that if something happens, let's say
some file goes missing. It's nice. Simple one,
uh, knowing who signed in and out of an area we know. Well, they were here from 1 a.m. to 1 30 Well, what were they doing in there? We can go look at the cameras and see and toe learn that way if they possibly hid the file under their coat. Or maybe they just, um
you know, destroyed. T made a photocopy of it.
You might that that's a big thing, you know, way always look at our own business tools is being there for our benefit, But they can also be used for harm as well.
We also want Oh,
other restrictions we might consider for overnight security Is time restricted access to facilities in the building. Maybe certain sections of building cannot be gotten into after six PM without some right off from ah C suite level executive who says Yes, they could be in there after hours.
And then, of course, again, storage is sensitive materials I talked about previously.
Another big thing we need to do is look at the night crew that we have in there. We don't want
cleaning crews going through the building during the day. Things are too busy and they could be a distraction or they can also get into, you know, be disruptive.
So we want to look it usually using clean cruise at night. Well, if they're in there at night and no one else around, how can we trust? Well, we do things like vetting these firms, that air cleaning these buildings. We can also give them special swipe access and annotate which purse which individual has which card each night. So
we can then go back to the logs and look at the logs and determine,
when they were in that area where they in there when when the item disappeared. Or when the, uh, when the fire started to damage the damage he servers would have you,
um, and simp simply put, we might actually identify security guards that will actually escort them through certain the building or through through certain sections of the building where security is needed again. It's trust, but verify concept. Here. We we want to challenge them. When something looks out of place
and we want to make sure we want them to feel uncomfortable,
let them know that security is there. There's nothing wrong with that.
So let's do a quick check on learning
all of the following our methods of multi factor authentication except
something. You have something you're named something you know, or something you are. I'll give you a few seconds, then we'll discuss the answers.
The answer is
something. Your name? Well, that that's clearly not it. I mean, how is that a security measure? Anybody can know your name so something. You have the swipe card, Something you know, the pin code for that swipe card or something. You are biometrics, Which we discussed earlier
in this. On this lesson, we discussed internal access control measures. We looked at
the reality of the importance of sensitive and restricted access to certain parts of the building. And we also talked about the importance of after our security.
I thank you for taking time to join me This lesson. I look forward to seeing you in the next one