ISC2 CISSP

CISSP: Perimeter defenses

Graeme Messina
April 18, 2018 by
Graeme Messina

This article is part of our CISSP certification prep series. For more CISSP-related resources, see our CISSP certification hub.

What do I need to know about perimeter defenses for the CISSP exam?

Perimeter defenses are important for secure facilities because they are the first line of protection against unauthorized access, trespassing, and intrusion. If you are to keep your staff and property working correctly and safely, you will need to understand the risks and safety measures that have been outlined in the CISSP certification exam.

Perimeter security controls are covered in CISSP domain 7: Security operations under objective 7.14, implement and manage physical security

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

External boundary protection

Perimeter defenses are employed in scenarios where a facility is deemed to be a high-security risk and, in these cases, external boundaries may be considered an additional layer of protection. Fencing is a common deterrent that is usually deployed on the perimeter of a property; it has the following characteristics:

  • It controls the entrance access.
  • Used as a perimeter.
  • Can be ugly to look at and expensive.
  • Many different types and styles.
  • Keep a monitored buffer zone – this is an area that when breached, provides security personnel with an audio or visual alert like an alarm.

Different heights provide varying degrees of protection

  • 3-4 feet deters casual trespassers.
  • 6-7 feet too high to climb — may block vision.
  • 8 feet with 3 strands of barbed wire will deter determined intruders and is generally considered as the standard height and configuration.
  • Critical areas should have at least 8-foot fence around them.

Remember that a determined intruder will find a way under or over a fence, so it is not a foolproof way to keep intruders out and does not guarantee the safety of your facility.

PIDAS fencing as detective control

  • PIDAS stands for perimeter intrusion detection and assessment system.
  • Detects if someone is trying to climb a fence or damage it.
  • Mesh wire fence with a vibration sensor that alerts security when any movement is detected on the fence.
  • These systems are very expensive and can generate false alarms.

Perimeter walls

  • Blocks the view into the property.
  • Is made from reinforced concrete or solid bricks.
  • At least 10 feet tall.
  • Can have barbed wire or spikes on top to further deter individuals from going over the wall.

Walls and fences are both considered deterrents and cannot guarantee your facility’s safety; however, they do offer these additional benefits:

  • Crowd control, trespasser deterrent, access control.
  • Important areas to watch along these borders are gates, transitions and areas that can conceal an intruder or allow them to gain access to the facility.
  • These walls must be built on top of a proper foundation.
  • Standard building guidelines apply, meaning that water drainage and other factors must be considered when building such a wall.

Bollards

Bollards are another form of deterrent used at secure facilities. They are vehicle obstructers that are either static or retractable, depending on the road layout and traffic flow. Some features of bollards that are important within your CISSP exam are:

  • Bollards are strong enough to stop vehicles.
  • Bollards offer buildings protection from being damaged by vehicles.
  • They can be fixed or retractable, and some are even lit up for increased visibility.
  • Concrete barriers and planters can be used if a permanent solution is required.

Gates

Gates can be thought of as restricted access points. Whenever gates are installed, they should have strong hinges and locking mechanisms that cannot be tampered with.

  • Gates perform the same function as a fence or wall.
  • They must be strong enough to resist tampering.
  • They must be accompanied by security personnel and/or be monitored by CCTV cameras.
  • Access control via biometric readers or access cards must be implemented.
  • Remote locking an unlocking, as well as motorized operation is recommended.

Exterior lighting

Lighting must also be installed at your facility because trespassers and intruders are far less likely to enter a property if it is well lighted. This will protect the property and personnel at the site at night, when visibility is usually very poor. The main reasons for employing proper lighting are:

  • Discourages trespassers.
  • Protects assets, staff and property at night.
  • Provides detection.
  • Acts as a deterrent.

Entrances and parking lots must be well lighted, and the NIST recommendation is that lighting must be at least 8ft high, and provide at least 2ft candles of light.

Mantraps

This is a security measure to prevent piggy-backing and tail-gating, which is the process by which non-authorized personnel follow closely behind authorized personnel and gain access to a facility without having to verify their identity or authorization status to security staff. A mantrap avoids this issue by allowing only one person into a closed-off area at a time, and only unlocking one of the two doors at a time. If more than one person enters the room at a time, the second door will not open. This is controlled by a sensor or by security personnel.

Defense in depth outside

These can be real or psychological deterrents. Defenses must enable you to see intruders as they are approaching your facility. You will need adequate exterior lighting in order to achieve this and the additional benefit is that proper lighting can help your staff to feel safe. When setting up your outside defenses, you must consider:

Exterior lighting

  • You avoid blind spots in lighting and motion sensing.
  • Don’t blind or silhouette your security staff.
  • Video camera surveillance must have infrared for no-light situations such as a broken light, but cameras must have well-lighted areas to record in.
  • Outdoor vapor lights, battery backup, and portable lighting are also advisable for your security staff to have access to.

Exterior sensors and alarms

  • Proximity, seismic, motion, pressure, etc.
  • Must be integrated into barriers, fences and walls.
  • Must be integrated into landscape features .

Security guards

  • Roaming security guards offer excellent visual monitoring and reporting.
  • Able to discern and analyze security situations.
  • Adds extra psychological element to your defenses and intruders fear being caught or apprehended by security.
  • Can provide an armed response if required.
  • Are very expensive when compared to other measures as security guards must be paid a salary.
  • Can be liability if staff or guests are injured by security.

Watch dogs

  • These are used to detect and deter intruders from entering your property.
  • Barking dogs act as an audio alert.
  • Dog bites are a deterrent.
  • Dogs can detect explosives, drugs, or any other contraband that should not be at your facility.

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Conclusion

The perimeter defenses that we have outlined here are just basic factors that you need to be familiar with for your CISSP exam. Being able to lock down and secure your property will allow your operation to continue to run more effectively without intruders and trespassers and will provide your staff with much-needed reassurance that they will be kept safe while working at your facility.

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.