Redesigning Entryways to mitigate violent offenders or unauthorized entries

Simply put, time A straight line to an entryway will allow an offender a faster time to get from point A to point B. By using the design of the environment along with symbolic barriers, the time from both points can be expanded. Greatening the time allows for the adversary to be exposed more and more emotional responses to possibly affect their choice.


Redesigning Entryways to mitigate violent offenders or unauthorized entries

Physical security is a necessity throughout the world. Everyone experiences it, some people experience it almost daily. The entire industry of physical security is rapidly growing with new technology; however, with technology, security professionals lose touch with the essential human function of people. Adversaries or human threats are just individuals who want to harm other people or a facility. Technology can be a lifesaver in some locations, and it can even be great for support, however, when dealing with humans, most of us are the same.

All humans bleed, most think the same, and most human beings have cognitive and emotional factors that allow each other to operate. Cognitive functions enable humans to be analytical and makes decisions, among other things (Van Gelder and De Vries 2014). Think about cognitive in the way deciding if someone wanted to ask their boss for a raise; people typically will weigh the cost and benefits to determine if they will proceed. Emotional responses, commonly known as feelings, would make someone nervous about asking their boss for that raise, maybe even scared. It is arousal of an emotion such as fear, sadness or any other sense (Van Gelder and De Vries 2014).

In the 1970’s several researchers were working on crime prevention programs and two particular researchers working on environmental design theories for crime prevention(Reynald 2014). One was an architect, and the other was a sociologist (Reynald 2014). However, they started the foundation of modern-day Crime Prevention Through Environmental Design or CPTED, which does work off of a person’s cognitive and emotional states like choice and fear (Tseng, Duane, and Hadipriono 2004). From the 1970’s on forward, there has been active and negative research on environmental design for security.

However, we live in a new era of security; threats are more dangerous and more abundant. There is terrorism happening all over the world with “soft targets” and designing safe and secure spaces that are controlled, doesn’t seem like it is getting a lot of research attention compared to other areas such as terrorism. The threats today aren’t to only mitigate risk against small local crime, threats today are to stop suicide bombers and terrorist from driving a massive truck through the front of a business plaza or building.

This paper is going to discuss the mixing of symbolic and manmade obstacles, layered security, together with the arousal of cognitive and emotional responses of humans. To ultimately manipulate and mitigate threats to all assets.

Part 1. Environment Design

Thinking about decision-making from perceived risk point of view

The process of delay and detection has its roots in the designing of a physical protection system from the American Society for Industry Security or ASIS as it’s better known as (ASIS International 2017). This paper draws parallels to risk perception, and a risk vs. reward type of mentality as the overwhelming amount of human beings perceive risk and react to this understanding (Pleskac and Hertwig 2014). As arousal of emotions like fear can make offenders perceive risk differently delaying an offender and causing detection for example.

When researchers think of crime, they can visualize three main elements that incorporate the offenders needs to commit these crimes (Brunet 2002). These items were broken down into three categories, motivation, target, and an opportunity (Cohen and Felson 1979). This came to be known as the Routine Activities Theory, RAT, of 1979 (Brunet 2002). Since then, there has been much more research on RAT, and it has developed into the triangle of crime.

If you notice in the elements of the underlying theory is an opportunity, or as Brunet put it “absence of capable guardians against a violation.” (Brunet 2002, 69) And if any one of these three elements is fractured the crime doesn’t occur (Cohen and Felson 1979).

Every human deal with risks every day, from getting into one’s car and driving; to asking their childhood crush on their very first date, they both have a risk and a reward. Whether the reward is getting to work on time without having to walk or the risk is getting your heart broken for the first time, humans do both.

The difference is how do risk differentiate between choice? One is set on a risk vs. reward analysis, and the other is a cost vs. benefit analysis, which almost appears the same. Humans are required to make decisions about these risk and reward options. Therefore decision theories come into play and cost to benefit analysis have more of a factor after an initial risk vs. reward analysis has processed. However, even though it might seem very confusing, it all can be done in seconds and sometimes it must be done in seconds. This is done with cognitive parts of a humans brain that analyze risk, rewards, cost, and benefits, and then decides (Van Gelder and De Vries 2014).

It also plays a part in the crime triangle as criminals tend to choose the offense based on cost vs. benefit (Steele 2015). Other factors may impede later decisions and raise the risk factors causing this cycle to repeat, and re-evaluation would need to be done (Van Gelder and De Vries 2014).  A decision must be made on all elements of the crime triangle, or the triangle shatters, and the crime is not committed (Cohen and Felson 1979). These decisions are generally ‘rational’ in criminals except for crimes of passion or crimes of “right now” where processing information quickly may be confusing (Steele 2015).

Environmental Design Research

Fear is one of the foundations of the original environmental design theory by Oscar Newman in 1972 (Reynald 2014). Newman’s original theory of ‘Defensible Spaces’ based on his research of housing projects (Reynald 2014) did have the mindset of the residents in the community’s fear involved.

Newman, who was an architect and not a criminologist, but did set the groundwork for environmental design and crime prevention along with a sociologist named C. Ray Jeffrey (Clarke 1989). Newman’s research focused more on the design of the housing projects that created crime and Jeffrey’s study focused more on biological aspects to crime and environmental elements to preventing the opportunity for crime (Clarke 1989). This is where opportunity is first related to the environment during the research for this paper, as mentioned prior, the opportunity is a foundational piece in the triangle of crime (Cohen and Felson 1979).

This era, 1971-1972, is what ultimately pushed other researchers to further the development of new adaptations of environmental design. One of those adjustments is still widely in use today which is called Crime Prevention Through Environmental Design or CPTED as it is commonly referred to (Reynald 2014). It is loosely set on Newman’s Defensible Space theory along with adaptations from other researchers such as Time Crowe who had by 1991 an entire set of guidelines based on environmental factors (Clarke 1989) and other researchers that have been involved since (Reynald 2014).

For instance, the original Defensible Space Theory had only three different phases, “Territoriality, natural surveillance, and image/milieu” (Reynald 2014, 74). These different stages or categories were used when Newman was studying housing projects for crime in the early 1970’s (Reynald 2014). By the early 1990’s, CPTED had developed splitting up the category of territoriality into two categories, one being access control and the other being territoriality and image being changed to maintenance (Reynald 2014).  At this point, there were now four different categories in a basic CPTED design instead of the three in defensible space theory (Reynald 2014). As more research was being conducted, they added a subcategory to make sure it was even better called “activities and support” (Reynald 2014).

The primary functions of CPTED are to limit the access criminals have to an area, facility, etc. (Tseng, Duane, and Hadipriono 2004) and to create “an environment that is unattractive to criminals” (Tseng, Duane, and Hadipriono 2004, 22). CPTED is also meant to make the offender’s anxiety rise and the guest or resident fear of crime lower (Tseng, Duane, and Hadipriono 2004) along with “an environment that evokes a perception of risk in offenders” (Tseng, Duane, and Hadipriono 2004, 22).

Other formations of environmental security theories formed such as Situational Crime Prevention was developed which is a theory that is widely based on the environment and more man-made security utilities (Hayward 2007). CPTED is based more on symbolic or natural measures and is more of a guideline for builders; Situational Crime Prevention is more for immediate action and more as a reaction to business (Hayward 2007).

Both theories have measures that can be taken from them and both play on the cognitive and emotional states of offenders. To say either one is better than the other is a personal preference and an opinion. It is possible to learn from both and apply that to further research.

Cognitive and Emotional Responses of Criminals

Your brain and your body work in mysterious ways, and they in connection with each other (Van Gelder and De Vries 2014). Your mind is always analyzing what is going on around you and sending messages to your body, for example when you know something is going to hurt you automatically stiffen up and try to prepare for the pain. This is the cognitive behavior of your brain, it controls the underlying thinking, analyzing decision-making, etc. while sending signals like emotions out through the body to give a more physiological reaction (Van Gelder and De Vries 2014). These responses can be fear, love, happiness, etc., anything where someone feels or their body changes.

Criminals as well have, generally, the same makeup as normal humans when it comes to their cognitive and emotional behaviors (Steele 2015). Some research by criminologist over the past several decades has gone into looking at decision-making with criminals and how choice theories affect criminals compared to average humans. Most of the research has found very little in the way of differences when it comes to measuring cost vs. benefit (Steele 2015).

Other research has taken a more in-depth look at the brain itself and studied not only choice but the activity of behavior in criminals. This action plays out with the cognitive parts of the brain analyzing the cost and benefits before a crime occurring (Van Gelder and De Vries 2014). In 1962 two researchers, Schachter and Singer did an experiment that showed artificially arousing a person’s physiological state mixed with their cognitive state while manipulating the environment can alter their emotions (Mezzaceppa 1999). Even though this experiment involved pharmaceuticals and individuals as the environment, it showed that there is a possibility of manipulating emotions with environments. However, since the 1962 study of Schachter and Singer, many others have tested their theory have challenged it with different, same, or slightly different results (Mezzaceppa 1999).

This research, along with the environmental theories builds up an approach for the hypothesis of designing an environment for an entryway that is unattractive to criminals; it creates a spike in their emotions to affect their ability to make rational decisions on cost vs. benefit.

Entryways into and Human Threats

These components have been selected due to their capacity to loop everything together and theorize the perfect access point is utilizing specific parts from different areas to create an entryway. CPTED tells us natural surveillance, access control, and territoriality is extremely important to crime prevention (Reynald 2014). Part 2 discusses the role of how cognitive and emotion is controlled in the body and that it is possible, but not guaranteed, to manipulate the behaviors. Mix all of this and out will come the perfect solution to an entryway.

CPTED argues for the use of natural and manmade objects to be used to design an environment for the security. As mentioned earlier, in this day in age, security threats are more significant than ever, and security professionals must think outside the box. Mixing symbolic materials which would be considered landscaping, fountains, natural barriers, benches, etc. with security technology is what is needed in today’s world. Complete control over the flow of people and where they go, using concepts already researched is the new direction of environmental security design.

Defense-in-depth is a known security measure that almost every facility uses, and even executive protection teams use (ASIS International 2009). Defense-in-depth can be described as layers of security where the outer most layer is furthest away from the most valuable asset, and an adversary would have to face a countermeasure at each layer (ASIS International 2009). Depending on the security level, the facility or person might have anywhere from three to ten layers of security.

The fastest way from one point to the next is a straight line. People know this from shared knowledge and life experience. Many entrances to facilities allow for a straight line from the parking area to the reception area.

Just mixing some of these issues anyone can see a formation coming together. Combining layered security, with two of the CPTED guidelines (access control and natural surveillance), along with not allowing a straight line from the parking area to the reception area, will affect a human threats ability on a facility.

If a human threat were to attempt to get into a facility to shoot someone, they would have to go through an outer layer which would have a gate and possibly a guard. They would have to park on the side of the building but visible (natural surveillance) and walk a long distance, zig-zagging while being visible (delaying). Before reaching the front reception area which is layer 2 and should be locked down at this point.

This is just one example of this application could be used for many environments that could have more cognitive and emotional effects on the human threat due to the natural surveillance aspect of the design. The more criminals are seen, the less likely they typically are to commit a crime (Tseng, Duane, and Hadipriono 2004).

The studies of environmental design theories have been evolving for decades and will continue. We live in an ever-growing era of rising threats from both criminals and terrorism and need further studies and research in the field of security science and design. The government typically has the market on security design topics, but the area is rapidly growing, and soon more and more private security officers will be seen in public places.

Work Cited

ASIS International. 2009. “Facilities Physical Security Measures.” Arlington.

. 2017. Protection of Assets – Physical Security. Edited by M Knoke. Arlington: ASIS International. doi:10.1016/B978-0-12-416007-1.00013-3.

Brunet, James R. 2002. “Discouragement of Crime Through Civil Remedies: An Application of a Reformulated Routine Activities Theory.” Western Criminology Review 4 (1): 68–79.

Clarke, Ronald V. 1989. “The Theory of Crime Prevention through Environmental Design.” In, 20.

Cohen, Lawrence E, and Marcus Felson. 1979. “Social Change and Crime Rate Trends: A Routine Activity Approach.” American Sociological Review American Sociological Review 44 (4): 588–608.

Hayward, K. 2007. “Situational Crime Prevention and Its Discontents: Rational Choice Theory versus the ‘Culture of Now.’” Social Policy & Administration 41 (3): 232–50.

Meyer, Sunniva. 2012. “Reducing Harm from Explosive Attacks against Railways.” Security Journal 25 (4). Nature Publishing Group: 309–25. doi:10.1057/sj.2011.23.

Mezzaceppa, Elizabeth S. 1999. “Epinephrine, Arousal, and Emotion: A New Look at Two-Factor Theory.” Cognition & Emotion 13 (2): 181–99. doi:10.1080/026999399379320.

Pleskac, Timothy J, and Ralph Hertwig. 2014. “Ecologically Rational Choice and the Structure of the Environment.”  Journal of Experimental Psychology 143 (5): 2000–2019. doi:10.1037/xge0000013.

Reynald, Danielle M. 2014. “Environmental Design and Crime Events.” Journal of Contemporary Criminal Justice 31 (1): 71–89. doi:10.1177/1043986214552618.

Steele, Rachael. 2015. “How Offenders Make Decisions: Evidence of Rationality.” British Journal of Community Justice 13 (3): 1475–279.

Tseng, Chun-Hao, Josann Duane, and Fabian Hadipriono. 2004. “Performance of Campus Parking Garages in Preventing Crime.” Journal of Performance of Constructed Facilities, no. February: 21–28. doi:10.1061/(ASCE)0887-3828(2004)18.

Van Gelder, Jean-Louis, and Reinout De Vries. 2014. “Rational Misbehavior? Evaluating an Integrated Dual-Process Model of Criminal Decision Making.” Journal of Quantitative Criminology 30 (1): 1–27. doi:10.1007/s10940-012-9192-8.

Securing the system from non-invested users by utilizing the VLAN P.I.A. system


Network oyline



In a typical IT infrastructure, there are seven domains that all carry with them their challenges and risk for securing against attacks (Stewart, 2014). These seven domains; the user, workstation, LAN, LAN to WAN, WAN, remote access, and systems application domains all require layered security approaches as well as both human input and technology made by humans (Stewart, 2014). Even when dealing with the OSI model, at different layers, each layer has its function and needs to be adequately secured and understood (Kamesh & Sakthi Priya, 2014). However, out of all of these domains, the one that deals with humans, is used in both the architecture and OSI models, and has vulnerabilities that come with humans, is the User domain.

People are often unpredictable, make mistakes, and get quickly involved in the wrong situations without thoroughly thinking of the long-term consequences. Humans also are predictable by nature; they tend to create insecure passwords and use them on the same accounts (Chanda, 2016). Password cracking and theft are a significant vulnerable and risk of not securing not only a network but also the information on the network and future information (Chanda, 2016).

Humans are trustworthy and susceptible to espionage or social engineering as a form of information gathering to gain more intelligence on a system or a particular application (Oriyano, 2014). The thing that makes humans great makes them a challenge in the security world. In security; controlling these urges and keeping this information protected is an advantage. However, that isn’t very human.

Typically, at a firm, there will be what could be considered two types of humans. Invested humans and non-invested humans. An invested human would be the everyday proprietary employee who works directly for that firm, gets a paycheck from that company and has a vested interest in that firm succeeding. A non-invested human is someone who isn’t a proprietary worker for the business, has no real connection to the company besides coming every couple of weeks or months to fix something or even a visitor to the business. Someone who has no loyalty to the company and is there to do a job, make another firm money. They typically are a proprietary worker for an entirely different firm, but they come to this company on occasion to either work on projects, fix issues, upgrade hardware, etc. These people are vested in the company they work for, which keeps the majority of them honest but aren’t one-hundred percent invested in the companies they go to. They are usually known as contractors, consultants, technicians, etc. In the realm of security, they can be known as “risk”.

Vulnerabilities & Risk

When talking about threats and vulnerabilities then calculating the likelihood of occurrence to reach a prioritized list of risk (ASIS, 2015), each firm would have to determine what priority the user domain risk is, however, it is likely very high. Password theft is typically one of the most substantial risks along email scams. However, this paper is going to discuss the risk of  “Guest” entry into the primary computer network.

Guest, people who are non-invested in the firm but have to access the network and are authorized by whichever authentication method the business uses to log into the same network as all the firm’s data and essential files sit. In 2006, a study was conducted and found that just in the United States, tech firms held 98% of all their assets in nonphysical, intellectual property assets (Slate, 2009) that were possibly vulnerable to network attacks. This means the guest who sometimes has full access and permission to communicate with the servers, software, and almost all layers of the network from inside has the opportunity to carry out a large-scale attack. They could use some exploits such as injecting malware using a thumb drive, an XSS or SQL injection on a physical server, or even implanting a file on the system to monitor everything and continuously send them a mirror copy of the data. This can all be done within seconds at a workstation; there are several live demonstrations of scripts online that are on a USB drive and placed onto a computer where it works in the background and takes less than thirty seconds to accomplish the commands and exit out.

It’s been long known by researchers that there are three foundations to crimes. These elements are when there is a bringing together of an adversary and a suitable target with the absence of eyes or someone to see them (Reynald & Elffers, 2009, p. 39). This was established in 1979 in Cohen and Felson’s research on Social Change and Crime Trends, which resulted in the “Routine Activity Theory” (Cohen & Felson, 1979). Further research has renamed this to what it’s known today as the crime triangle. The crime triangle is an updated version from years more of research on the subject and shows that crimes must have the motive, opportunity, and ability. If anyone of those factors is missing the offense will not take place (Cohen & Felson, 1979). Law enforcement uses this when they try to prevent crime and other industries due as well. Allowing non-invested humans into sensitive space if giving them the opportunity not taking it away.

This paper is going to focus on the concept of VLANs or Virtual Local Area Networks as a means of mitigating the risk from non-invested humans or “guest”.

Three LAN Compartments

To introduce this, the concept is called Virtual Local Area Network; however, this paper will change it up with some few changes due to the fact there needs to be one-way communication coming from the Business LAN. For that reason, this paper is going to refer to this concept as “Privacy Integrity and Authentication Local Networks”. The entire idea is relatively simple; there are three different LAN’s; Business LAN, Security LAN, and Guest LAN. All three of the networks will not cross each other which is the primary point for securing them. It is impossible for someone who is logged into the Security LAN to enter the Business LAN as an example. The Security LAN is its own area with several servers that serve multiple clients for surveillance, reporting, authentication, etc. The Guest LAN, where non-invested individuals will have access to, will be a mirrored image of the Business LAN. That way the Guest can see in real time what the business is doing or slightly delayed. See Fig. 1 for the topology of the network.

Security LAN

The first section that will be discussed will be the Security local access network or SEClan. The SEClan network should be a network for all of the security needs of the company including physical and most IT security. This is where surveillance video will be stored, sensitive documents, authentication servers, and software among other security-related functions.

One of the primary goals of the SEClan is to act as a general backup to the entire company’s network. This will take a lot of storage space and more than likely, depending on the firm, many servers to do this. These servers such as a database, authentication, media, file and other types of servers would all be needed to complete the mission. Being this is the backbone of the company and holds the company’s critical information, financial reports, customer reports, business continuity, etc., security is a must to this LAN.

General security practices should be upheld when it comes to two-factor identification methods for logging into the LAN as well as possibly even higher security depending on the material. Biometrics to also get onto the login page is a possibility for physical security if needed and passwords should be issued to employees not chosen. Coming into this LAN from the VLAN switch that this paper will talk about later, will be a router with port forwarding with the correct ports for FTP, HTTP, etc. and a firewall.

All VLAN firewalls will require communication from one LAN to the outside WAN before a packet can be sent back. The firewall will be instructed never to let an unsolicited packet through. The firewall should also have the best practices when it comes to what the users of the LAN need and what is secure (Stewart, 2014). A team inside the IT departments and Security departments can come together to determine these rules. This is the same for all the VLANs.

Normal Business VLAN

The next LAN is going to be the standard business LAN, where proprietary employees are authorized to conduct their work as long as it stays within policy. This LAN is set up with the servers it needs to be able to maintain its business operations and competitiveness along with two VPN servers.

During the authentication stage of gaining authority to enter the company’s LAN, the system administrator will set the user, based on the username and account, on which LAN they will have access to and be directed to go. If a new employee comes in, when they get assigned a username and account for logging into the system it will log them directly into the standard business LAN. When a consultant receives an account issued to them, it will give them access to the Guest LAN.

The Business LAN is the primary and most significant LAN of the system and takes up the most bandwidth and usage. Every employee except security personnel, are on this LAN, and it even could have limited remote access capabilities. The business LAN is used for every department. However, you could subnet the network more and create other VLANs depending on your switch and its capabilities.

Guest LAN

The final LAN is the Guest LAN and is used by those who aren’t invested in the company. This LAN is a perfect mirror image of the Normal Business LAN as it continuously updates data through a locked VPN server throughout the day. The data comes directly from the Business LAN and filters through the Guest LAN, making it seem like the real network with minimal delay. However, due to the security measures put in place, it is complicated to upload anything into the Business Network. It is imperative as an IT professional to test your security and the VPN into the Guest LAN is the significant vulnerability. In this scenario, this vulnerability is tested at a minimum once a quarter per policy, however, it is more than likely checked once a week.  It is always documented when a “penetration test” is conducted, along with the results and any screenshots.

As the VPN comes into the Guest LAN, it is met by a forcefield of firewall rules and protections against outgoing packets. As many may say, a firewall can be referred to a bouncer checking ID’s, the wrong person has one, and they get thrown out (Liu & Gouda, 2008). In this scenario, the packets transmitting through the internet would be the ID’s and the information the bouncer is looking for isn’t a birthdate, but instead packet header, port numbers, etc.

Errors in firewall rules can be costly for anyone, but when you’re protecting a million or billion-dollar business, it can be devastating. The key to preserving this single line that connects the Guest to the Business is layered security. Layered security is merely layering countermeasures on top of another so an adversary must keep working (Bhabad & Bagade, 2015). This will hopefully delay them and eventually infuriate them and make them go away.

In the P.I.A. setup with the VLANs, the firewall rules allow for a limited number ports to transmit packets from the Business LAN over a Virtual Private Network to the Guest LAN where it is then filtered to where it needs to go to mirror the Business Network. However, the firewall rules, do not allow and deny any and all outgoing traffic from the Guest LAN (Source: server IP address) to the Business LAN (Destination: VPN IP address). There are two firewalls in place that have this same rule as you can see from Fig. 1.

To make this a bit clearer, the rules on the VPN and firewall only allow for packets to be transmitted from the Business LAN to Guest LAN. If someone were to transfer something from the Guest LAN to the Business LAN, it would be blocked by one of two firewalls, and at least one out of four alerts would come across the IT Security wire.

An IDS or IPS should be added to make another layer of security to create specific data packets aren’t crossing over. A customized IDS or Intrusion Detection System should be installed behind the firewalls near the VPN router and switch, closest to the VPN servers. Having a great IDS, or IPS, as it is sometimes, is referred to can be a great solution to capturing unwanted harmful packets as it often has a database of malware it can compare to and updates frequently (Edith & Chandrasekar, 2014). With the proper information placed inside it should alert IT, staff, if anyone is trying to pass information or trying anything suspicious. It should also be noted, if you look at Fig.1, the Security LAN has the same process due to needing a daily backup sent of all the company’s information. This setup has all the same settings, and nothing is different. Fig 2. Shows an example of the proper firewall rules to allow this option to occur.

However, even with these layers of protection, it is still possible for someone to upload something into the one VPN connection to harm the business network. Malicious content that could be injected physically into a drive manually from a website or email can be incredibly dangerous to the network. This is why a limited number of workstations, depending on the need, should have access to this tunnel. Limiting the number of stations limits the number of vulnerabilities and raises the quality of overview. In the security department, there shouldn’t be any workstations that can access the VPN. The VPN servers should only communicate with switches, routers, and servers in this network. If a typical workstation attempts the VPN connection, an alert should be done, and the firewall should stop it by rule.

The security to get onto the workstation, for guest, should be a password given to you by either IT security or by corporate security and it should last for a maximum of five-hours before a new one must be issued. There should also be software preloaded onto computers to log an alarm when a “guest” inserts a drive into the workstation. A software program such as thing couldn’t be hard to find.

There’s going to be a time when a guest must be on the actual business network to fix an issue. During these times, the guest should be supervised by an IT professional. A robust policy should be applied, and the guest should be forced to log into an account created for them to track them and set off the internal software and supervised. These are ways to mitigate these risks.

VLAN Switch

The entire system will only work off a switch that is a managed switch with VLAN capabilities. What that means is if there are thirty Ethernet ports in the back the IT professional can set each LAN with ten ports and they are all on separate ‘virtual’ networks through the eyes of security. The last LAN can’t talk to the first, and the first can’t speak to the second. You would need to set up a router and route traffic out of that virtual LAN and back into the other one to communicate.

In the figure 1 picture, the demonstration of the VPN is almost a representation of this. On all, Guest, Security, and Business, I had to route the transmission away from the VLAN and towards the VPN server creating an entire network.

Remote Access

It is clear that at some point technicians or consultants are going to have to be inside the system physically. As mentioned before, an IT professional should be able to mitigate that, however, when it comes to remote access things do change. Some companies look for remote access for technicians; others seem to give it to their employees. In this paper, remote access is never suggested for non-invested persons. It is also not recommended for invested persons, but it has to happen, especially in today’s world.

It should be offered with maximum security to both the physical workstation, some access control, logging onto the computer, dual authentication with the remote access software. This dual authentication should be, the password and a ten-minute text message or email with a code. Maybe even a third authentication such as a phrase could be added, but remote access is hazardous and vulnerable especially to foreign travelers.


When it comes to information security, the world is growing. Hackers are getting smarter; technology is getting larger. Everything is progressing and with it comes new responsibility for IT Security professionals to think outside the box. A lot of people in the IT industry are extremely inside the box; they are book smart, they can tell you the formula or whatever you want to know. However, the people trying to dismantle their machines, their brilliance, they think differently.

They look at life from the outside, they think outside the box. One thing about security is you have to adapt to your threat. It happens in almost every line of ‘security’ I know. If you are going to be successful, you must overcome and adapt. Being the ones who are always coming in from behind doesn’t seem like adapting but more responding. Sometimes, just sometimes even security can have some imagination to you. It’s up to the people who implement the security to be imaginative or learn from an incident. Proactivity works, taking steps like these VLANs and others can upgrade the security of many companies across the world in one area.


ASIS. (2015). The New ASIS Standard on Risk Assessment. ASIS. Arlington, VA.

Bhabad, M. A., & Bagade, S. T. (2015). Internet of Things : Architecture, Security Issues, and Countermeasures. International Journal of Computer Applications, 125(14), 1–5.

Chanda, K. (2016). Password security : an analysis of password strengths and vulnerabilities. I. J. Computer Network and Information Security, 7(July), 23–30.

Cohen, L. E., & Felson, M. (1979). Social Change and Crime Rate Trends: A Routine Activity Approach. American Sociological Review American Sociological Review, 44(4), 588–608. Retrieved from

Edith, J. J., & Chandrasekar, A. (2014). Layered Architecture to Detect Attacks Using Asymmetric Support Vector Machine. Journal of Applied Security Research, 9(2), 133–149.

Kamesh, & Sakthi Priya, N. (2014). Security enhancement of authenticated RFID generation. International Journal of Applied Engineering Research, 9(22), 5968–5974.

Liu, A. X., & Gouda, M. G. (2008). Diverse firewall design. IEEE Transactions on Parallel and Distributed Systems, 19(9), 1237–1251.

Oriyano, S.-P. (2014). Hacker techniques, tools, and incident handling (2nd Editio). Burlington, MA: Jones & Bartlett Learning. Retrieved from!/4/2@100:0.00

Reynald, D. M., & Elffers, H. (2009). The Future of Newman’s Defensible Space Theory: Linking Defensible Space and the Routine Activities of Place. European Journal of Criminology, 6(1), 25–46.

Slate, R. (2009). Competing with intelligence: New directions in China’s quest for intangible property and implications for homeland security. Homeland Security Affairs, 5(1), 29. Retrieved from

Stewart, J. (2014). Network security, firewalls, and VPNs (2nd Editio). Burlington, Vermont: Jones & Bartlett Learning. Retrieved from!/4/2/2@0:0