Physical Access Controls: Badges, Locks, and Mantraps
Design layered access control using smart badges, PIN locks, biometric readers, and mantraps that prevent tailgating into sensitive areas.
Why Physical Security Matters
Physical access to hardware defeats almost every logical control. An attacker with physical access to a server can boot from external media, bypass disk encryption without the key (cold-boot attack), install hardware keyloggers, remove hard drives, or simply walk out with equipment. No amount of firewalls, encryption, or authentication protects data if an unauthorized person can physically touch the hardware. Physical security is the foundation that all other controls rest upon.
Defense-in-Depth: Physical Zones
Effective physical security uses layered zones with increasing access restrictions. The outermost zone is the building perimeter (fencing, security guards, parking lot cameras). The next layer is the building entrance (badge readers, reception desk). Interior zones include office areas (badge access per department), server rooms (high-security access), and the data center core (most restricted). Each layer has its own controls — compromising the outermost does not grant access to the innermost.
# Physical security zone model:
# Zone 1: Building perimeter
# Controls: perimeter fence, guard booth, CCTV, lighting
# Zone 2: Building entrance
# Controls: badge reader, visitor reception, turnstile
# Zone 3: Office floor
# Controls: card + PIN reader, escort required for visitors
# Zone 4: Server room
# Controls: smart card + biometric, camera inside, logging
# Zone 5: Data center cage/vault
# Controls: two-person rule, mantrap, video monitoringAll lessons in this course
- Physical Access Controls: Badges, Locks, and Mantraps
- Surveillance: CCTV, Motion Sensors, and Logging
- Data Center Environmental Controls
- Hardware Security: TPM, Secure Boot, and Drive Encryption