Security Week Part 2: Physical Security & The Art of Deception

From studying i have learned that within the Network+ Curriculum, security is “layered.” If a hacker can physically touch your server, it’s no longer your server. It is theirs. Today, we’re looking at how we protect the hardware and how we train ourselves to spot Social Engineering

1. Physical Security: The “Outer Shell”

As a Support Associate, you are the eyes and ears of the building. Physical security is about delaying an intruder long enough for them to be caught.

• Access Control: Badges, smart cards, and biometrics. At modern offices, this is usually your HID badge that lets you into the building.
• Man-traps / Interlocking Doors: A small room with two doors. the second door won’t open until the first one is closed and the person is identified.
• Video Surveillance (IP Cameras): Not just for recording crimes, but for deterrence.
• Environmental Security: Locking cabinets, rack-level locks, and “tamper-evident” tape on expensive gear.

2. Social Engineering: Hacking the Human

Social engineering is the act of manipulating people into giving up confidential information. Hackers use these techniques because it’s much easier to ask for a password than it is to crack one.

• Phishing: The classic fake email.
• Tailgating: Following an authorized person through a secure door before it closes. (Think of the “person holding a heavy box” trick).
• Pharming: Redirecting a user from a legitimate website to a fake one by poisoning DNS.
• Shoulder Surfing: Simply watching someone type their PIN or password.
• Dumpster Diving: Finding old hard drives, sticky notes with passwords, or network diagrams in the trash.

3. The “Support Associate” Reality: The “Vending Machine” Test

In any business environment, we often have vendors coming in to fix our devices, vending machines, or HVAC systems.

• The Scenario: A person in a high-visibility vest walks up to you and says, “I’m here to fix the copier in your copy room, can you let me into the back hallway?”
• The Security Response: Verify. Check their ID, check the schedule, and never leave them unattended in a room with an open network jack. A “USB Rubber Ducky” can be plugged into a computer in seconds, giving a hacker remote access to your entire business’ network.

What’s Next?

We’ve secured the doors; now let’s secure the “ports.” Tomorrow, we move back into the hardware to discuss Network Hardening. We’ll talk about Port Security, DHCP Snooping, and how to stop a “Rogue Router” from taking down your entire network.