Physical access security prevents people from coming into direct contact with computer systems and components. It is an important security concern, as all the technical access controls in the world cannot eliminate some problems, like someone walking into an office and taking a hard drive, for example. There are a number of measures security professionals can use to limit physical access and keep systems safe. These can include the use of locks, biometric identification, and security guards in facilities with sensitive equipment.
If someone can gain physical access to a location with secure computer components, that person may be able to crack the security and obtain information. Sometimes this can be as simple as checking a desk drawer for a password someone may have written down. The hacker could also install keystroke loggers and use various cracking attempts on the computer system to get to the data. If these measures fail, hackers can simply take the computer itself and work on it in another location.
One basic measure of physical access is a locking door, with access limited to authorized personnel only. Server rooms and similar facilities can be kept locked at all times to secure them. People may be able to enter with a key or a card. Some facilities use biometrics to make sure that people don’t gain access by stealing cards or faking the credentials used to open a lock. This simple access control can be highly effective in some facilities.
Cameras may be used to monitor sensitive areas where physical access is a concern. Guards can watch for signs of suspicious activity remotely, and the cameras can also be reviewed after a break in to collect information. Additionally, facilities can post guards near a room with sensitive computer equipment, or around the building in general, to make it impossible for anyone without the right credentials to enter. Other external security measures can include fencing, alarms on windows, and guard dogs, depending on the facility and its needs.
It is possible for physical access and computer security to interface. Many access control systems use a network to communicate information, as seen with biometrics and electronics credentials. These systems themselves can be vulnerable to hacking as well as need to be appropriately secured. Human guards are not infallible for a different reason; they might be bribed, blackmailed, or overpowered by someone who wants to enter a facility. Layers of security can reduce the risk of a breach by creating automatic fail-safes.