Physical security is the foundationâwithout it, an attacker can simply walk in and plug a rogue device into your network. Physical controls protect people, hardware, and facilities. This lesson covers the layered approach: deterrents, barriers, surveillance, and access management.
The militaryâderived â4 Dâsâ model applies perfectly: deterrents (signage, bollards) discourage attempts; detection (CCTV, motion sensors) identifies a breach; delay mechanisms (locks, mantraps) slow the attacker; response (guards, alarms) neutralises the threat. The goal is to buy time until human intervention arrives.
A layered physical security design means an intruder must defeat multiple controls in sequence, drastically increasing the chance of detection.
From simple key locks to biometric scanners, access control ensures only authorised personnel enter sensitive areas. Badge readers with PIN or multiâfactor physical access (card + fingerprint) are common in data centers. Visitor logs and escort policies are essential administrative companions.
Physical controls include fire suppression (inert gas, not water near servers), climate monitoring, and uninterruptible power supplies (UPS). A server room that overheats is just as âdownâ as one thatâs been hacked.
| Control | Category | Example |
|---|---|---|
| Bollards | Deterrent / Barrier | Prevent vehicle ramming |
| CCTV with analytics | Detective | Motionâactivated recording |
| Mantrap | Delay / Preventive | Twoâdoor interlock |
| Biometric scanner | Preventive | Fingerprint + iris scan |
| Fire suppression (FMâ200) | Corrective | Gas discharge without damaging electronics |
â ïž Biometrics are not passwordsâyou canât reset a fingerprint after a breach. Use them as one factor, never alone.
Verify exercises to earn â 130 XP and unlock next lab level.