Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
For this particular TomCast we are going to be discussing physical security and logical security. Basically, security measures that organizations can employ to make their respective networks or facilities more secure.
Starting with physical security, think of organizations you may have worked for or been involved with somehow. Were there any security mechanisms in place? Outside of a specific security person or security team of people, think of other ways the physical security of the facility or facilities was maintained.
Does the facility being thought about have some sort of fencing, wall, or manned access gate? How about surveillance equipment like cameras or motion detection devices? This is all part of physical security.
Next, think of door locks. Unless you are a 24hour convenience store (which, ironically, still has door locks), your facility will have some sort of locking mechanism on all entry ways. Whether these are push-bar style locks, revolving-door-style locks, or plain old deadbolts, those are typically the first physical security measures that facilities have in place. With locks come keys or access codes, so the organization has to keep close track of who has what to ensure that access is only granted to those that require it.
Next security mechanism could be man-traps, turnstiles, internal bio-metric scanning devices for retinal or fingerprint scanning, and RFID systems for access control to internal areas. Each one of these provides levels of physical security to controlled areas. The ability to access these areas through these mechanisms must also be tightly controlled to ensure that only those that require access are able to gain access. Not all of these mechanisms are used in all organizations; a company would not utilize a perimeter wall, security cameras, mantraps, and retinal scanners to secure access to the local Walmart, for example. The mechanisms CAN be used in conjunction with each other for a more comprehensive security solution, however.
So, having access to the secured facility gets the individual in, but what now? It is at this point we start the discussion on logical security, or security within the network (electronic security measures used within the networked systems to secure access to resources). There are many different methods used to achieve logical security. We will touch on some of the more common ones here.
One of the most basic methods of logical security is the username and password. While often overlooked as a nuisance and an irritation of many, this method is still one of the prevailing methods of logical security even today. These are attributes that are (usually) specific to the person using them. As we have seen over the evolution of technology (or, rather, as SOME have seen), the simple username and password doesn’t really do logical security justice with regards to the protection of systems and networks due to the various tools that can be used to “guess” the credentials and break in. This leads us to multi-factor authentication.
Multi-factor authentication utilizes multiple identifiers to prove a person’s identity. If any of these are false or inputted incorrectly, access is denied. Usually multi-factor authentication, or MFA for short, uses something the person has, knows, and is (for example, a person HAS an access badge, KNOWS a personal identification number or PIN, and uses a fingerprint reader to show who the person IS).
Ok, so everyone has entered the requisite information to gain access into the network. Does everyone get to see all resources in the environment now? That would be a (hopeful) no; this is where another logical security mechanism is put into place. Some organizations utilize discretionary access controls, some use mandatory access controls, and some others use role-based access controls. These types of access control can also be used together to enhance an organizations security posture. We are not diving into each one of those here; just pay attention to the “access control” portion and google them for more knowledge later.
So, as a brief recap, physical security surrounds the security of the physical structure (perimeter, doors, rooms, etc.) while logical security surrounds the security of the logical environment (networked systems, online resources, and data). This is obviously not an all-encompassing outline of everything that is out there, but more of a helpful tool that will assist in the delineation of the two topics.
We here at GuardSight thank you for taking the time to listen to this TomCast. Please share this if you believe it would be of assistance to anyone in your contact list, and please provide us some feedback in the comments so we can continue to improve. Thanks!