Chapter 11. Physical Protection

For if a man watch too long, it is odds he will fall asleepe.

— Francis Bacon

The greatest of faults, I should say, is to be conscious of none.

— Thomas Carlyle


Most security engineers nowadays are largely concerned with electronic systems, but there are several reasons why physical protection cannot be entirely neglected. First, if you're advising on a company's overall risk management strategy, then walls and locks are a factor. Second, as it's easier to teach someone with an electrical engineering/computer science background the basics of physical security than the other way round, interactions between physical and logical protection will be up to the systems person to manage. Third, you will often be asked for your opinion on your client's installations — which will often have been installed by local contractors who are well known to your client but have rather narrow horizons as far as system issues are concerned. You'll need to be able to give informed, but diplomatic, answers. Fourth, many security mechanisms can be defeated if a bad man has physical access to them, whether at the factory, or during shipment, or before installation. Fifth, many locks have recently been completely compromised by 'bumping', an easy covert-entry technique; their manufacturers (even those selling 'high-security' devices) seemed to be unaware of vulnerabilities that enable their products to be quickly bypassed. Finally, your client's hosting centres will ...

Get Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.