Story 16 — Securing the Building · Gary's Security Stories

Reading Progress

00 / 22

Story 16 · Domain 2 · Physical Security

Securing the Building.

Gary decides to physically secure his coffee shop. Starting from the street and working inward — each layer stops a different threat.

By The Editors Photography: Cipher Lane Observer 2 min read

The insurance inspector arrives. "Show me what stops someone from driving a van through the front." Gary points at the concrete pillars along the pavement — thick, low, immovable. That's a bollard.

First, the street. Bollards along the pavement stop a car from ramming through the shopfront. Can't hack a bollard. Pure physics.

Next, the perimeter. A fence around the back, tall enough to deter, with angled barbed wire on top. Well-maintained — a broken fence is worse than no fence (gives false confidence). Bright lighting everywhere — no dark corners. Criminals prefer shadows. Motion-activated floodlights on the back alley.

A "24/7 CCTV IN OPERATION" sign on the door. Even before any camera, the sign itself discourages. That's signage — a deterrent control. The sign does the work; the camera records.

At the front door: a security guard checks IDs. A CCTV camera records everyone who enters. A motion sensor detects movement after hours. An infrared sensor detects body heat — catches someone hiding behind a shelf.

For the server room: an access control vestibule — two doors, one after the other. The first door must close before the second opens. You're stuck in a small room between them while your ID is verified. Old name: mantrap. Prevents tailgating — only one person at a time.

Four lock types on different doors: cipher lock (front door — type a PIN code), biometric lock (office — fingerprint scanner), electronic lock (stock room — swipe card), cable lock (laptop — physical wire to the desk). The safe in the corner — fireproof, bolted to the floor.

Gary also installs Faraday caging around the server room — a wire mesh in the walls that blocks electromagnetic signals from leaking out. Stops an attacker with an antenna from picking up screen emissions. That's a TEMPEST attack — intercepting electromagnetic radiation from displays and keyboards.

The access control vestibule stops tailgating because physics forces one-at-a-time. The first door must close before the second opens. No software required. No credentials required. Just geometry. — Story 16 · Physical Security

// GARY'S WHITEBOARD

Outside in.

Street Bollards (anti-vehicle)

Perimeter Fencing · Lighting

Deterrent Signage ("CCTV in operation")

Door Guard · Camera · Motion · IR

Server room Mantrap (vestibule)

Server room Faraday cage

// Lock Types

Cipher — PIN code

Biometric — fingerprint

Electronic — swipe card

Cable — physical wire

// Exam Q&A

"Prevents vehicle?" → Bollards

"Prevents tailgating?" → Vestibule

"Blocks EM signals?" → Faraday cage

// Terms Introduced

Bollards, Fencing, Lighting, Signage
CCTV, Motion sensor, IR sensor
Access control vestibule (mantrap)
Cipher, Biometric, Electronic, Cable lock
Faraday cage, TEMPEST

// THE LOCK-IN

The access control vestibule (mantrap) prevents tailgating through physical geometry — one person at a time, no override possible. The Faraday cage blocks electromagnetic signal leakage. Both are physical controls. Neither requires software. Neither can be socially engineered.

Check Yourself · Question 16

Gary's server room is vulnerable to TEMPEST attacks — someone is picking up electromagnetic radiation from the monitors. Which physical control prevents this?

Faraday cage. A Faraday cage is a wire mesh enclosure that blocks electromagnetic signals from entering or leaving. It prevents TEMPEST attacks where an attacker intercepts EM radiation from display screens, keyboards, and other electronics. Gary installs it in the server room walls.

Terminology · Story 16

Physical Controls.

// Term · 01 / 04

Bollards

Tap to reveal

// Definition

Short, thick posts embedded in the pavement to stop vehicle ramming attacks. Anti-vehicle barrier. Physical, not electronic. Cannot be socially engineered.

Domain 02

// Term · 02 / 04

Vestibule / Mantrap

Tap to reveal

// Definition

Two sequential doors — first must close before second opens. Traps one person at a time for identity verification. Prevents tailgating. Modern term: access control vestibule.

Domain 02

// Term · 03 / 04

Faraday Cage

Tap to reveal

// Definition

Wire mesh enclosure that blocks electromagnetic signals. Prevents TEMPEST attacks (intercepting EM emissions from screens and keyboards). Used to shield server rooms.

Domain 02

// Term · 04 / 04

Lock Types

Tap to reveal

// Definition

Cipher — PIN. Biometric — fingerprint/face. Electronic — swipe card/key fob. Cable — physical wire securing hardware. Each for a different use case.

Domain 02

In the wild

A facilities security manager audits a data centre before renewal.

A facilities security manager at a colocation provider conducts the annual physical security audit ahead of a Tier III certification renewal. She works through the site from the perimeter inward, the same order every time.

At the site boundary: hostile vehicle mitigation bollards rated to IWA 14-1 are inspected for corrosion and foundation integrity. The fence line is checked for gaps and for sections where the anti-climb topping has been displaced. Perimeter lighting coverage is mapped against the CCTV fields of view — any dead angle between a camera arc and a lighting pool is logged as a finding. Two are found at the north-east corner of the loading bay.

At the main entrance: visitor management logs are reviewed. The access control vestibule — two interlocked doors, one-person capacity — is tested for anti-tailgating function. Door one must fully close and register a badge read before door two releases. The mantrap logic is tested with two staff members. It holds correctly.

The server hall itself has a Faraday-shielded perimeter integrated into the wall structure. The shielding is tested with a spectrum analyser. No signal leakage is detected above the threshold. The RF shielding exists specifically to prevent TEMPEST-class attacks — where an adversary with sensitive equipment outside the building could potentially reconstruct screen content or keystrokes from electromagnetic emanations.

The audit produces fourteen findings, ranked by severity. The lighting gap at the loading bay is rated High. The manager raises two facilities tickets in ServiceNow before she leaves the building. Certification audits do not wait for quarterly review cycles.

SECURINGTHE BUILDING.

Securing the Building.

Gary's server room is vulnerable to TEMPEST attacks — someone is picking up electromagnetic radiation from the monitors. Which physical control prevents this?

Physical Controls.