Skip to content

Page155

Doors and Windows

Always consider the relative strengths and weaknesses of doors, windows, walls, floors, ceilings, etc. All should be equally strong from a defensive standpoint: attackers will target the “weakest link in the chain” and should not find a weak spot to expose. Examples of “weakest link” design include a concrete wall with a hollow-core door, or a gypsum wall with a steel door.

Door hinges should face inward or be otherwise protected. Externally facing hinges that are not secured pose a security risk: attackers can remove the hinge pins with a hammer and screwdriver, allowing the door to be opened from the hinge side.

Doors with electronic locks typically require a smart card or magnetic swipe card to unlock. Egress must be unimpeded in case of emergency, so a simple push button or motion detectors are frequently used to allow egress. In the latter case, there should be no gaps in the door and the internal motion sensor should be bolted securely to a fixed sturdy ceiling or wall. External attackers can attempt to trigger internal motion sensors by slipping paper through the door (trying to provide motion for the detector) or shaking the door violently (which will shake the surrounding wall or ceiling), causing a poorly mounted sensor to move and sense motion. For this reason, doors with internal motion sensors should never include mail slots.

Externally facing emergency doors should be marked for emergency use only and equipped with panic bars. The use of a panic bar should trigger an alarm.

Glass windows are structurally weak and can be dangerous when shattered. Bulletproof or explosive-resistant glass can be used for secured areas. Wire mesh or security film can lower the danger of shattered glass and provide additional strength. Use of simple glass windows in a secure perimeter requires a compensating control such as window burglar alarms.

Alternatives to glass windows include polycarbonate such as Lexan and acrylic such as Plexiglas. Lexan is used in racecars and airplanes for its strength and shatter resistance.

Walls, Floors, and Ceilings

Walls around any internal secure perimeter such as a data center should be “slab to slab,” meaning they should start at the floor slab, and run to the ceiling slab. Raised floors and drop ceilings can obscure where the walls truly start and stop. An attacker should not be able to crawl under a wall that stops at the top of the raised floor, or climb over a wall that stops at the drop ceiling.

Any wall protecting a secure perimeter (whether internal or external) should be strong enough to resist cutting by an attacker attempting to create an ingress point. Simple gypsum “sheetrock” walls can be cut open with a sharp tool such as a carpet knife, and should not be used for secure perimeters.

Walls should have an appropriate fire rating (the amount of time required to fail due to a fire). The National Fire Protection Agency (NFPA) 75: Standard for the Protection of Information Technology Equipment states, “The computer room shall be separated from other occupancies within the building by fire-resistant rated walls, floor, and ceiling constructed of noncombustible or limited combustible materials. The fire resistant rating shall be commensurate with the exposure, but not less than one hour” [50].