1
00:00:00,840 --> 00:00:02,838
<v ->Now, all of your perimeter defenses</v>

2
00:00:02,838 --> 00:00:05,056
will become useless at some point.

3
00:00:05,056 --> 00:00:06,129
When is that point?

4
00:00:06,129 --> 00:00:08,089
It's when somebody enters your building.

5
00:00:08,089 --> 00:00:08,922
That's right.

6
00:00:08,922 --> 00:00:10,559
If we have big high fences.

7
00:00:10,559 --> 00:00:11,855
And we have guards with guns.

8
00:00:11,855 --> 00:00:13,345
And we have security cameras

9
00:00:13,345 --> 00:00:14,275
monitoring the parking lot.

10
00:00:14,275 --> 00:00:15,357
All of that is useless to us

11
00:00:15,357 --> 00:00:17,459
once the person gets into our lobby.

12
00:00:17,459 --> 00:00:18,785
And, even if we have a mantrap

13
00:00:18,785 --> 00:00:19,618
or something that's keeping them

14
00:00:19,618 --> 00:00:21,002
out of our secure spaces,

15
00:00:21,002 --> 00:00:22,228
once they get past that,

16
00:00:22,228 --> 00:00:23,967
we now have them roaming our halls

17
00:00:23,967 --> 00:00:25,799
and being able to get to things.

18
00:00:25,799 --> 00:00:27,302
How do we keep people out of those spaces

19
00:00:27,302 --> 00:00:28,604
that we want them to be out of?

20
00:00:28,604 --> 00:00:29,928
We use locks.

21
00:00:29,928 --> 00:00:32,606
And door locks come in many different varieties.

22
00:00:32,606 --> 00:00:34,487
They're going to be placed on the outside of the building.

23
00:00:34,487 --> 00:00:36,060
And they'll be placed inside the building

24
00:00:36,060 --> 00:00:37,933
on server rooms, network closets,

25
00:00:37,933 --> 00:00:40,514
and other places we want to keep people out of.

26
00:00:40,514 --> 00:00:43,129
Now, not all locks are created equal, though.

27
00:00:43,129 --> 00:00:46,108
I've seen people try and use padlocks to keep a door secure.

28
00:00:46,108 --> 00:00:48,348
In the next video, I'm going to show you how easy it is

29
00:00:48,348 --> 00:00:50,380
to break through the security that a basic

30
00:00:50,380 --> 00:00:52,190
padlock tries to afford you.

31
00:00:52,190 --> 00:00:53,287
And suffice it to say,

32
00:00:53,287 --> 00:00:55,586
it takes a skilled attacker only about 30 seconds

33
00:00:55,586 --> 00:00:56,691
to open a padlock.

34
00:00:56,691 --> 00:00:58,673
So, they're not very good for security.

35
00:00:58,673 --> 00:01:00,751
Other door locks that are pretty easy to break

36
00:01:00,751 --> 00:01:02,727
are the ones you'll see in a traditional office

37
00:01:02,727 --> 00:01:04,060
or in your home.

38
00:01:04,060 --> 00:01:06,367
Those that use a key are fairly easy to break

39
00:01:06,367 --> 00:01:07,911
if you have a trained locksmith

40
00:01:07,911 --> 00:01:09,564
or a trained attacker.

41
00:01:09,564 --> 00:01:11,467
So, instead of a padlock, we're going to use

42
00:01:11,467 --> 00:01:13,076
something like a door lock.

43
00:01:13,076 --> 00:01:15,531
Now, door locks, again, come in many different varieties.

44
00:01:15,531 --> 00:01:16,652
Some use a key.

45
00:01:16,652 --> 00:01:17,943
Some use a PIN number.

46
00:01:17,943 --> 00:01:19,441
Some use wireless signals.

47
00:01:19,441 --> 00:01:20,817
And some even use biometrics,

48
00:01:20,817 --> 00:01:23,453
like a thumbprint, to open and shut the lock.

49
00:01:23,453 --> 00:01:24,811
Now, better security does exist

50
00:01:24,811 --> 00:01:27,361
as you move up the ladder, but so does cost.

51
00:01:27,361 --> 00:01:28,835
At the bottom of the ladder,

52
00:01:28,835 --> 00:01:30,394
we have a basic office door lock.

53
00:01:30,394 --> 00:01:31,833
And it might be very inexpensive,

54
00:01:31,833 --> 00:01:33,619
but it also lacks good security.

55
00:01:33,619 --> 00:01:35,956
This is one that will be found on your house

56
00:01:35,956 --> 00:01:37,548
or in a simple office building where it

57
00:01:37,548 --> 00:01:40,038
uses a standard key to open and shut the lock.

58
00:01:40,038 --> 00:01:42,566
These use a pin and tumbler system that can be picked

59
00:01:42,566 --> 00:01:45,285
by a trained locksmith fairly easily.

60
00:01:45,285 --> 00:01:47,987
Another type of door lock is known as a cipher lock.

61
00:01:47,987 --> 00:01:50,256
Now, a cipher lock provides excellent protection

62
00:01:50,256 --> 00:01:53,295
using a mechanical locking mechanism with push buttons

63
00:01:53,295 --> 00:01:55,028
that are numbered that require a person

64
00:01:55,028 --> 00:01:58,343
to enter the correct combination in order to open that door.

65
00:01:58,343 --> 00:02:00,794
These are often used on server rooms, network closets,

66
00:02:00,794 --> 00:02:02,857
and other high security locations.

67
00:02:02,857 --> 00:02:04,914
They do cost more than a traditional office lock,

68
00:02:04,914 --> 00:02:06,697
but they do have the ability

69
00:02:06,697 --> 00:02:08,910
to give you a higher level of protection.

70
00:02:08,910 --> 00:02:11,123
Next, we have electronic access systems.

71
00:02:11,123 --> 00:02:12,782
These electronic access control systems

72
00:02:12,782 --> 00:02:14,698
have become quite popular in recent years

73
00:02:14,698 --> 00:02:16,583
as the price has been falling.

74
00:02:16,583 --> 00:02:18,222
These can use an RFID reader

75
00:02:18,222 --> 00:02:19,883
to scan an employee's badge and

76
00:02:19,883 --> 00:02:22,225
grant them access based on those credentials.

77
00:02:22,225 --> 00:02:23,707
Some of these will actually be combined

78
00:02:23,707 --> 00:02:25,394
with a badge and a PIN number,

79
00:02:25,394 --> 00:02:26,963
to create multi-factor authentication

80
00:02:26,963 --> 00:02:29,529
that allows for logging and auditing, as well.

81
00:02:29,529 --> 00:02:31,401
This is a great thing about these type of systems.

82
00:02:31,401 --> 00:02:33,131
Because, now, you know who's entered

83
00:02:33,131 --> 00:02:35,018
and exited the room and at what time.

84
00:02:35,018 --> 00:02:36,756
So, if there was some kind of insider threat

85
00:02:36,756 --> 00:02:38,532
where somebody stole something, you can go back

86
00:02:38,532 --> 00:02:40,006
and figure out who was the last person

87
00:02:40,006 --> 00:02:41,438
who went in and out of that room.

88
00:02:41,438 --> 00:02:44,143
And figure out if they're the ones that did it.

89
00:02:44,143 --> 00:02:45,660
In addition to these door locks,

90
00:02:45,660 --> 00:02:48,297
we also might use something called a mantrap.

91
00:02:48,297 --> 00:02:51,047
Now, a mantrap is an area between two doorways

92
00:02:51,047 --> 00:02:52,346
that holds people until

93
00:02:52,346 --> 00:02:54,382
they're identified and authenticated.

94
00:02:54,382 --> 00:02:56,198
Sometimes, these are automated,

95
00:02:56,198 --> 00:02:57,782
like using that electronic badge

96
00:02:57,782 --> 00:02:58,844
and PIN system we talked about.

97
00:02:58,844 --> 00:03:01,139
And sometimes, they are manned by security personnel

98
00:03:01,139 --> 00:03:02,807
who actually look at your ID badge

99
00:03:02,807 --> 00:03:05,435
to verify that you are who you claim to be.

100
00:03:05,435 --> 00:03:07,208
The most common placement of a mantrap

101
00:03:07,208 --> 00:03:09,190
is actually at the entrance of the building.

102
00:03:09,190 --> 00:03:11,235
So, as you enter into an office building,

103
00:03:11,235 --> 00:03:13,632
there is an open lobby that anyone can access.

104
00:03:13,632 --> 00:03:15,466
But, then there's a set of turnstiles.

105
00:03:15,466 --> 00:03:17,787
And you'll have to scan your badge and input your PIN number

106
00:03:17,787 --> 00:03:19,953
to be able to go past those turnstiles.

107
00:03:19,953 --> 00:03:22,133
That area between the front door and the turnstiles,

108
00:03:22,133 --> 00:03:24,064
that's considered the mantrap.

109
00:03:24,064 --> 00:03:25,496
Once you get past that turnstile,

110
00:03:25,496 --> 00:03:26,594
you're now in a secure area

111
00:03:26,594 --> 00:03:28,330
because you have been authenticated.

112
00:03:28,330 --> 00:03:31,656
Now, some places have open security on the main floor

113
00:03:31,656 --> 00:03:33,587
and, as you go into certain parts of the building,

114
00:03:33,587 --> 00:03:35,749
they would then go into a higher security area.

115
00:03:35,749 --> 00:03:38,500
Those areas may also have a mantrap installed.

116
00:03:38,500 --> 00:03:40,044
And sometimes, you'll have both.

117
00:03:40,044 --> 00:03:42,005
Where there is a mantrap into the main entrance

118
00:03:42,005 --> 00:03:44,076
of the building, that gives you general security,

119
00:03:44,076 --> 00:03:46,076
but then, if you need to go into a super secret area,

120
00:03:46,076 --> 00:03:48,743
you go through a second mantrap.