Slashdot Mirror
Securing Your Facility?
krahd asks: "We, at the CS department of our University, in Uruguay, are evaluating different ways of securing the access to our floor. Until now we have used just a traditional door lock, but its's time to delpoy a new, more geeky solution. So, after reading this Ask Slashdot, I figured I'd pose this question as a follow-up. What would be the best way to do it? We've already evaluated biometric technologies like iris-scanning and fingerprint-scanning, and more traditional ways like intelligent cards but, what others possibilities exist, and which would you choose? Yes, price does matter."
You didn't specify what your requirements for this project are, but I'd say that in order to make an informed decision, you should at least know this much:
- Where you want/need access control (how many
doors, for example)
- How many people need access, and which ones need 24 hour access vs. time-limited access
- How critical is the space that you will control access to? For most uses, biometrics are
probably overkill. Keycards work well for many
applications and are usually much more reliable.
My advice is to think seriously about what you actually need, and don't try to solve problems you don't have. Make sure you get something that meets your real requirements, is stable and reliable, and fits in your budget.Check out my eclectic infosec blog at InfoSecPotpou
Whatever, any security system will do.
Just manage it properly. I chimed in on the last conversation on securing your network and made basically a related point. You can implement biometrics (I wouldn't recommend), proximity cards (which seem very popular and have some advantages that I'm sure others will discuss), keypad locks etc. But, if you don't manage the access, that is track who has a card, who used to have access but shouldn't now etc everything else is just there for appearance's sake. Security is a process, NOT one time thing.
Say you go with proximity cards, the real security in those is that you can regularly check who has access to what, who USED their access and so forth. (While also true of a keypad or biometric system, proximity card systems relatively cheap, reliable and ubiquetous on the market.) Regular reviews of access and access privileges are MUCH more important than which technology you choose.
That said, you should define very clearly who should and shouldn't have access to your secure areas. Once you've defined who should and shouldn't, then define what levels of security will exist for those who should have security privileges. THEN, regularly review security privileges to see if the actually privileges out there jibe with your security definitions. Finally, if possible, design your system based on layers of security, where the most secure areas cannot be reached without first passing through less secure areas.
After all, if someone steals your finger, at least they won't know your PIN!
...Well not unless they put a gun to your head and say "give me your PIN".
To tell you the truth where I work they would be better simply asking the staff for their PIN and "would they mind letting them in".
Actually - I just remembered - we do have some doors that need those electro-magnetic induction keys to open.
They are always propped open. The problem is that people can't be bothered with too much security - make it a hassle, and they will use the simplest method of bypassing the system to suit their own lazyness. This is where transparent biometric authentication will clean up - let the door know who you are without bothering you. By this stage though we will be at the same technology level as a guy on the door who knows you and opens it for you.
There is only one physical security system worth squat (IMHO): a single door and some old, cynical guy with a gun.
-- MarkusQ
After all, if someone steals your finger, at least they won't know your PIN!
I'm fairly certain that that anyone who's willing to steal my finger would be able to get my PIN without too much additional effort. The amount of pain I'd be willing to endure for the security of any of my previous or current employers, all of whom have proven to be willing to lay me off at the drop of a hat, is vanishingly small. A believable threat would likely be sufficient, especially if my cooperation meant I got to keep my finger!
Then again, if I ever where employed by someone who actually showed any loyalty at all to their employees, I probably would endure a fair amount for them.
The lesson here is: all the technological security measures and all the best practices in the world amount to precisely dick if you've done nothing to foster loyalty in your employees. And, of course, you can't get loyalty without giving it.
Under capitalism man exploits man. Under communism it's the other way around.
Nobody wants to hire a few decent-quality security guards anymore. I mean you'll want to lock the facility down with a nice little card access system, but there's a lot to be said for face recognition and random inspections/stops. Spend money on a person.
I would say it probably depends on how important locking down the facility is to him.
If you only need to keep honest people honest then locks and keys are really the best bang for your buck, and are going to be equally as effective as any high dollar thermal / visual / biometrics system.
Given that many buildings are built to residential spec's (meaning 18" between studs with drywall) or have glass windows I can circumvent most door locks with a razorblade (cut through the drywall anywhere except where the door is, generally from a neighboring room,) a hammer (break glass, climb in,) or a ladder (false hung ceilings are made of something only slightly more substantial than cardboard, move the ceiling tile in the hallway, climb up, move 6 feet in, move another tile, drop down.
None of the above are particularly effective vs. an armed guard with an attitude.
Glonoinha the MebiByte Slayer