Exam Essentials 409
opening 18 feet or less above the ground should be considered a potential point of easy
access and should be secured if greater than 96 square inches.
Our third layer of physical defense is the interior controls. Examples of interior controls
include locks, safes, containers, cabinets, interior lighting, and even policies and procedures
that cover what controls are placed on computers, laptops, equipment, and storage media.
This third layer of defense is important when you consider items such as the datacenter or
any servers kept on site. Well-placed datacenters should not be above the second floor of
a facility because a fire might make them inaccessible. Likewise, you wouldn’t want the
datacenter located in the basement because it could be subject to flooding. A well-placed
datacenter should have limited accessibility—typically no more than two doors.
Summary
In this chapter you learned that there are other items that must be protected other than
technical and administrative components, namely the physical component. Not everything
you do will be focused only on the technical, so you must learn how to protect your assets
from physical threats.
We discussed how those who perform malicious actions will often attempt to attack the
physical component, as either a primary or a secondary means of attack. With the physical
component sometimes overlooked or not properly considered, it is more than possible that
a physical attack may be successful where other attacks may not have been. Indeed, there
have been numerous cases over the last two decades alone where attackers got what they
wanted simply by entering a facility and retrieving it themselves.
Exam Essentials
Remember the basic concept of physical security. Be familiar with what physical security
covers and what it does not. Also understand how physical security plays a part in thwart-
ing attacks that may not be technical or administrative in nature.
Understand the targets. Know what resources can, and usually do, get targeted. This
applies also to the focus of the physical attack, which can be devices, storage media, lap-
tops, and other devices.
Understand the issues with construction. Understand that construction varies dramati-
cally with many different options and configurations that vary by location, industry, and
intended use of a facility. If you are not familiar with how to evaluate physical components
of a building or location, consider enlisting the help of experts in this area.
Be familiar with preventive measures. Know the preventive measures available as well as
the actions each one uses to prevent the attack.