Questions tagged [physical]

The use of physical measures (such as locks and tamper-proofing) or policies (such as Clean Desk) in order to protect sensitive information from unauthorized access.

In concept, Physical Security covers everything from paper shredders to bullet-proof glass. Since this site is focused on information security, we are mostly interested in physical means of protecting sensitive information.

On-topic questions include the technology or policies around:

Safe disposal of documents and devices.
Physical access to secure areas, including locks, fingerprint / iris scans, key-cards, etc.
Secure cabinets for sensitive or critical servers.
Tamper-proof or tamper-evident device casings.
Physical means to prevent side-channel attacks on computer hardware; cold boots, power analysis, access to diagnostic ports, etc.
Policies for incident response.
and more.

Things that are sometimes on-topic, depending on the focus of the question, include:

Closed-circuit camera systems.
Alarm systems.

394 questions

180

votes

12 answers

How is an ATM secure?

I'm curious why an ATM computer is considered secure. The general adage of "If an attacker has physical access to my machine, all bets are off," seems to not apply in this circumstance (since everyone has physical access to the machine). Why is…

attack-prevention physical atm

asked Mar 20 '13 at 13:49

asteri

1,885
3
15
22

157

votes

12 answers

4-dial combination padlock: Is it more secure to zero it out or to blindly spin the dials after locking?

I am partially responsible for some resources protected by a 4-dial combination lock like this one: There are two things that people will usually do after they've locked it: reset all the digits to 0, so that the combination reads 0000, or mash…

physical locks padlocks

asked Apr 13 '18 at 14:05

Peter Schilling

1,419
2
7
8

147

votes

8 answers

How should I set up emergency access to business-critical secrets in case I am "hit by a bus"?

I work as the primary developer and IT administrator for a small business. I want to ensure that business can continue even if I suddenly become unavailable for some reason. Much of what I do requires access to a number of servers, (through…

physical credentials business-risk secret-sharing

asked Nov 30 '15 at 16:55

AndrewSwerlick

1,489
2
10
7

133

votes

5 answers

Is momentary physical access dangerous?

I’m asking the question with these conditions: The device (computer or mobile phone) is in a running state. “Momentary” refers to a reasonably short period of time, such as 5 to 10 seconds. The system may not be in a “locked” state (e.g. showing a…

physical

asked Jun 11 '18 at 05:17

tonychow0929

2,247
3
13
14

132

votes

2 answers

What to do if caught in a physical pentest?

I've seen a lot of people talk about how to pentest and how NOT to get caught during engagements but have a hard time finding "How to behave when caught during a Red Team engagement". Red Teams are to simulate adversaries attacking systems. Many…

penetration-test physical

asked Nov 11 '19 at 11:45

ChocolateOverflow

3,452
4
17
34

120

votes

11 answers

What's to stop someone from 3D print cloning a key?

My friend just posted a picture of her key to instagram and it occurred to me that with such a high res photo, the dimensions of the key could easily be worked out. Therefore the key could be duplicated. What's to stop someone malicious from abusing…

physical locks

asked May 18 '14 at 19:07

personjerry

1,236
4
11
13

109

votes

8 answers

My school wants to keep the details of our door authentication system a secret. Is that a good idea?

So, I am designing a door authentication system (can't really go into more detail) for our school, so that only authenticated persons can go through a certain internal door. They hold that its inner working should be kept a secret, so that no one…

physical obscurity

asked Feb 02 '16 at 20:28

PyRulez

2,937
4
15
29

107

votes

19 answers

Defence methods against tailgating

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let…

physical social-engineering physical-access

asked Nov 16 '18 at 15:12

Lithilion

1,669
2
7
16

votes

13 answers

Why do we lock our computers?

It's common knowledge that if somebody has physical access to your machine they can do whatever they want with it1. So why do we always lock our computers? If somebody has physical access to my computer, it doesn't really matter if it's locked or…

operating-systems physical

asked Oct 22 '12 at 00:07

Tom Marthenal

3,272
4
22
26

votes

3 answers

What is the purpose of the rotating plate in front of the lock?

I am now in Poland and see these everywhere: The plate can rotate freely,when you insert the key, matching the groove, you rotate the key so it is aligned with the lock and then insert the key. What is the purpose of this?

physical physical-access locks

asked Sep 05 '19 at 10:52

Thomas

votes

9 answers

Secure USB cable for charging in untrusted environments

On a long haul flight, I imagine that charging a phone (in flight mode) with the inbuilt USB port on the head rest would be a security risk. Could I mitigate that risk by taking a regular USB cable and cutting the data (but not the power) cables? Or…

physical usb physical-access

asked May 25 '16 at 04:12

DarcyThomas

1,298
1
10
15

votes

5 answers

Somebody bumped into me, next day my storage unit was burglarized

While I was walking in the street, somebody carrying a laptop bag bumped into me, and the next day I found out that my storage unit was burglarized and some important items were stolen. My storage unit door uses a magnetic-stripe card without a PIN,…

physical

asked Jun 10 '13 at 16:52

Green Fly

1,957
1
16
21

votes

14 answers

How can I protect myself from false accusations when our company practices password escrow?

During an internship for a small company, my boss created an account for me, so I generated a password and I used it. The next day, my boss told me to write down the password of my account on a piece of paper, put it in a letter and to sign the…

password-management physical

asked Jan 31 '16 at 17:28

malloc

votes

6 answers

Can a lock picker slowly undermine the security of a deadbolt door?

I have a space for computers secured with a simple deadbolt. Someone keeps coming to pick the lock. While working there, I have scared them away three times. There are cameras, but not in useful places or all exits and the building manager won't let…

physical locks doors

asked Nov 25 '14 at 03:55

Village

votes

8 answers

How is 'Removing RAM' a security risk?

Today I was watching a video on 'Ethical Hacking' where, while discussing hardware attacks, the narrator said: Removing RAM or components from a desktop or a laptop Here's a screenshot: I understand that removing stuff like storage drives is a…

vulnerability hardware physical physical-access

asked May 19 '16 at 11:37

undo

2,075
2
12
18

2 3

…

26 27 Next