Slashdot Mirror
Shopping for Building Access Security?
JoeCommodore asks: "At work we are planning a new facility, which will combine a lot of departments into one bigger building. We think it may be time to forgo analog key access and go with access cards (or something like it) for physical security. I could see the benefits (we don't have to collect keys and re-do locks on staff turnover, selective room access, access logs, and so forth). Beyond this, we are pretty clueless on the ins and outs of such systems, so I am asking those of you who have had to shop, install, administer, or even just regularly use such systems, what are your thoughts, recommendations, or opinions? This is pre-building so we can do just about anything within reason."
Don't let any salesmen convince you to go with some fancy-dancy biometric system. Most of the affordable ones don't work for shit. Like you can spoof some finger-scanners by using a gelatin mold based on fingerprint left behind by the last guy to go through. Or spoof retinal scanners simply by taking a picture of the real person's eye, poking a hole through the iris part and then holding it up in front of your eye. The list is quite long and really kinda absurd how easily so many systems can be defeated.
Lots of vendors will give you the BS offer to try it out for a month or two and conduct any tests you want. The thing is, hardly anyone has the expertise or time and money to test these, most of the published cracks have come from academia where some grad students spent a whole semester or two on it.
When information is power, privacy is freedom.
General access at our work use have contact-less (?) cards that every single employee has. I really like the system since the card is the size of the standard credit card (not fatter) and works over the distance of about 10-15 cm, and not being blocked too much by the surroundings (e.g. deep inside the wallet) so i can keep it in there all the time.
The card is assigned a unique number (which can probably be linked to username in Active Directory or the likes), and all cards are administered in groups by a central database, so granting/deniyng access is a matter of minutes. The card reader is a small box (about 10cm in height and 5 cm in width) and can be installed on doors and turnstiles likewise. All data is transfered to the database on-line, so the guard-lady/guy actually sees who you are and and all the other necessary info on the screen in front of them (I finally don't have to sign in every time i go to work at night or on weekends)
For more restricted access we have finger-print readers (retina scanners were too expensive at the time of installation), but that is not for general access.
P.S.: From personal experience i think it is important for the card to work through clutter and not to have it take out from the wallet (purse, bag etc). At least that's the difference for me between the cards i like and the cards i don't like.
P.S.: also i had cards on several ocasions that were not working in close proximity to each other (overlapping frequencies?)
there is no issue with my network
Once you lock the doors with electronics remmeber power outages can and will hurt. Also your security is right out the window (door in the case!).
Plan for no power to power the locks.
1) One company, they planned for power outages, by placing the key control computer in a closet, with its own UPS. The day the building went dark (failed breaker) the key control was working find, the servers were on their own UPS. Every desktop was down; the wireless routers and inter-floor routers/switches were down; OH the doors to server were locked - NO power open them. We all could see in the computer room though the big glass window as the equipment started to hardfail.
2) At another company, once the power fails, all doors are opened and blocked with a chair to allow employees and anyone else though. All the video cameras are offline along with every switch. It would have been better just to clear the building and send everyone home.
So keep a few keys, they help.
we used those in our datacenter, just walk up and wave your wallet at the reader and it blinks and you are logged as going and the door opens, makes it pretty easy to see the comings and goings of all the employees and see who spends more time where.
Some places also use these for time clocks and apparently they work pretty well when placed by the front door.
anime+manga together at last.. in real time.
An ideal system would combine what you have with with you know for effective security. Combining a pin number with an contactless access card for instance would be reasonably effective, and probably at least as secure as any biometric system alone and probably cheaper.
The place where I work is actually set up with a pretty comprehensive physical security system involving access cards. The departments with more critical... stuff I guess for the sake of not divulging overly... are even separately alarmed. The swipe cards are uniquely numbered and assigned per employee. Each employee is authorized only for particular doors. The big downfall is that the system is actually several different systems that ultimately just have the same employee "user interface" as it were. There are actually, per site, several separate full security systems built by several different vendors and tied together by a VAR we had contracted to do this for us. Apparently this is fairly standard practice (we checked with numerous security system vendors before selecting one of course). It's also pretty standard for it to cost between $3000 and $8000 USD per door depending on a number of variables (mostly building electrical wiring/backup power wiring /etc.). It works well, but the people in charge of maintaining it and maintaining employee access have a world of headaches for when there's a job change and a bigger one when an employee leaves (as they basically have to remove that employee's access from all of these different systems *now*). I'm not giving any suggestions one way or another, just throwing some information out there.
-----------------------------------------
Remove the Greed which plagues mankind.
"Don't let any salesmen convince you to go with some fancy-dancy biometric system. Most of the affordable ones don't work for shit. Like you can spoof some finger-scanners by using a gelatin mold based on fingerprint left behind by the last guy to go through. Or spoof retinal scanners simply by taking a picture of the real person's eye, poking a hole through the iris part and then holding it up in front of your eye. The list is quite long and really kinda absurd how easily so many systems can be defeated."
And the amazing thing is that you can do all that with security looking on.
"we used those in our datacenter, just walk up and wave your wallet at the reader and it blinks and you are logged as going and the door opens, makes it pretty easy to see the comings and goings of all the employees and see who spends more time where."
So does yours take American Express, Discover, or Diners Club?
Make sure you can get where the door controller is at in the event of a hard powerfailure. Don't rely on a UPS to help you with this.
Otherwise plan on finding clever ways to hit the emergency door lock release button from outside the door area, and then plan on crawling through the ceiling to get to where the cardsystem is at.
FWIW, the door system I am complaining about was put in before I got there. It was easier to change employers than to get that stuff changed after the fact.
Oh, and don't underestimate the ease of breaking into your place. I've done it with mine using a myriad of ways, including a dowel rod to push the emergency release button our firecode mandated us to have (the suite was inside a larger building, and the doors chosen for cosmetic reasons allowed a small gap through which you could stick things); using a heated water baloon taped to a drinking straw or two, wiggled in front of the motion sensor that opened the door when someone approached it from the inside; having the building maintainance staff trigger the system's fire alarm doorlock override system from the fire panel; or in one case, just waiting until the UPS the door magnets were on lost power and then walking right in.
Also, never underestimate the vulnerability of the doorhandle lock if you use the type of doorlocks that sit in the doorjamb and simply make it so the always-locked door can be opened.
And don't forget the human element. You may want to ensure your doors have some sort of mechanism to alert security if they are propped open. You may want to install a local buzzer to discourage such practices.
I agree with the other posters regarding biometric locks--Mythbusters recently tested them and was not impressed with their ability to distinguish real and fake fingerprints.
Abloy (also known as Assa-Abloy) and Medeco both manufacture physical locks that are difficult to pick. It is also difficult to find someone to duplicate them.
Sent from my iPhone
We actually discussed this topic quite extensively recently here: http://www.servomagazine.com/forum/viewtopic.php?t =4949
Originally, my boss Pete suggested that we use saliva - that would make entering the building a matter of simply licking the sensor.
Later on (in the discussion linked above) we thought it might be even better to try and grab some DNA from urine. That way, you could kill two birds with one stone - gain entrance to the building and relieve your bladder all at once. If your company does periodic drug screening then you could just integrate that into the process too.
Still, nothing beats the simplicity of just licking the sensor.
I worked for a company that -- like yours -- was building out from scratch. The boss (that's Mr. Idiot to you) wanted real high-tech. So, we got a box of access cards and a bunch of readers. We had to supply the computer -- running nothing newer that Win98 -- in 2002. After that debacle was past, we got to find out how much fun it was to need both the card and our fingerprint to get into the office. Ignoring the security part, what do you think happens when you have a band-aid on the one finger that you use to get into the office? Well, being as I was the admin and had (and I think still to this day have) the master key to the office, I let myself in the Orville-and-Wilbur way. Then, I went ahead and programmed all of my fingers into the system. Great way to waste a half hour, yeah. But, if I were to injure myself on the job again and need a cast to ny fingertips, at least I could still get to work the next day...
-J
I'm a security manager at a University in the states. We're moving more and more toward electronic access control for many of the reasons you state. As always, they wanted us to do it on a budget, but I feel we've managed to install a respectable system.
We use a product of a GE child company called IdentiCard. It's a low proximity system that will do just about anything you would like it to do. To activate a reader, you must hold a card within a few inches of the reader. The typical cards store only a uniqe number that is associated with a user account in the backend. There are also smart-card variations available that work with the system (there are several smartcard programming features in the control software). Making the cards is as simple as printing the card design, assigning the card to a user, then running it through a laminator (takes a long time if you've got to make several hundred or even thousand).
The backend of the system consists of an SQL database of users, cards, access groups, reader groups, etc. The physical system consists basically of readers, the data cables, per-building (or per-area) controllers which connect to the readers, then the cabling back to the primary server in our IT department. The cable they ran seems to be some proprietary bundle of wires, but they claim they can even do things like video integration and whatnot with it.
The only thing I have not liked about the system is that each user may be assigned only 3 access groups. While an efficient and well-managed access control policy deals with this just fine, it requires you to think ahead on what access groups you want. But then, you can also define as many groups as you want, you just can't assign more than three to any single user.
Identicard Home Page: http://www.identicard.com/
There are three card types that are common and moderately safe:
1. Magstripe: Simple and cheep, but easy to duplicate.
2. Smartcard: Very difficult to fake, slightly less convient than than swipecards.
3. Contactless Smart Cards: Nearly as secure as smartcard, and far more convient. Employees would prefer this option, but it is probably the most espesnsive.
The smartcards use public key cryptography with challenge/response verification which makes them quite secure. Arguagble more secure than physical keys.
Avoid passive RFID cards.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
some Fire codes may force you to have all doors auto unlock when the fire alarm goes off or the power go outs. This is so people can not get suck in parts of a building. People have died and this is way that is in the fire codes.
The better systems have "tailgating detection", so that only one person can enter at a time. Some systems use machine vision, some use stereo camera pairs, and some use multiple infrared beams.
If you install an anti-tailgating system, employees take security much more seriously. You don't have to go all the way to a double door/mantrap system. The usual setup is that you can't open the door if there are two people close to it, and if, once the door is opened, two people go through, that's an exception condition.
A big question is how exception conditions are monitored. You need someone, somewhere, to evaluate them. Usually with a video link, which is becoming standard in security systems. Someone in security control has to decide if someone pushing a cart or carrying a big box is OK, because the tailgating systems will detect that. You can buy such monitoring as a service from central station security services. You want to detect a few exception conditions a day. More than that, and they're treated as false alarms. Less than that, and you're missing stuff.
Don't overcentralize. Everything should be monitored centrally, but locks should be capable of standalone operation.
I would recommend a "dual mode" system for doors - one that relies on a card reader (something physical that the person would need to carry with him or her) along with a biometric scanner - fingerprint for example. The chances of someone other than the person you wish to grant access to having both of these is slim. Of course you need to weigh the actual security provided by these means against what precisely you need to protect. Compared to what you have now, what I describe is far more secure.
I've seen a few access control systems that have been in place for over a year and still have weekly problems requiring technicians to come out and fix thems. Other systems get installed once and never have a problem. So clearly there is some quality difference between the different products. I would suggest that you make sure that any follow-up/repair work is at their expense, and there are some sort of penalties on the vendor if the system fails to perform as designed. You don't want a system that's flaky, costing employee productivity, and requiring constant repairs for which you're builled by the hour.
I would like to suggest Computrols, Inc( Computrols, Inc). They have an excellent interface for handling multiple card, job codes, doors, and access areas based on card permissions.
You are getting some good tips here. Also, talk to lots of vendors. With enough conversations you can put together an even more comprehensive list of possibilities and potential problems.
But the most important thing to start with is your requirements. Start with why do you want to replace mechanical keys? Save rekeying costs when employees leave or lose a key? That will frequently pay off by itself. Do you want to avoid people propping doors open because keys are inconvenient? Electronic can help with that, too. Just put the readers in a convenient place (ie. hip-level if you are using cards in wallets/purses - higher if the keys are embedded in picture ids that must be worn in the facility) and buy a system that sounds alarms when doors are open too long. Most businesses don't need to go overboard on security but can still benefit from electronic access.
On the other hand, you may have specific requirements imposed by your type of business or your vendor relationships. If you are handling, for instance, banking records, IRS info, medical data, etc. you may have some very specific security requirements and the key you use will be only a small part. Read the specs specific to your industry or your customers' industries and go from there.
And be sure that you have a tested disaster-recovery procedure. Others have told stories so I'll tell one, too. A friend worked on a NASA funded project. The satellite they were controlling cost 500 million dollars. They had fancy keylocks, backed up by redundant power and a operational plan that involved immediately shutting down non-essential systems and if the power outage looked long-term, having the university physical-plant connect in the emergency generators. When the big all-California whole-day power outage hit the plan fell apart. The on-duty controller headed down the hall, punched in his code and had it accepted but....nothing happened. Turns out that while the security system was backed up, the solenoid that actually retracts the lock was not. Neither was the phone system. Or the pager company transmitter sites. Fortunately the controller found a pay-phone and eventually a manager with a plain-old-telephone at home so they were able to get physical keys to the server rooms. (Note: disaster recovery is rife with this sort of tale. We found that while we can theoretically access our systems, getting to our office when the elevators are out and the fire stairs are locked due to silly post-911 security "enhancements", we can't actually get to our office in a major power outage.)
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
Call a local security company that will be able to go over your options. I work for one company and we don't use any biometric devices. There are a number of different access control products that will work from low security proximity cards to high security scramble pads. Because of all of the options please give the pro's a call, we do our best to find the right product for your company.
help?!? in search of sig
I was faced with a similar tast about a year and a half ago. I called several local security vendors and eventually choose one that provided a DMP Panel.
0 010:10053&IID=XR2500F-R
http://buy.dmp.com/dmp/Shop?DSP=30100&PCR=1:100:1
Now a new facility you want Access control, but A fire alarm system is also required, and hey what's a building without a security system ? this device was a combination of all three in one.
The panel is located in the server room, has battery backup and is attached to a generator circuit.
Alarm access can be through a keypad or tied to your proximity token.
Door access was setup with prox card readers
Central station hookup is via the Internet with a phone line backup, other options are available as well. Let me tell you with that Internet hookup for monitoring it's amazing how fast the central station gets the data..
I also purchased the management software so I can manage the users myself, set change access times, enroll new prox cards, de-activate users that left, can pull system and access logs at any time.
It didn't make sense to me to install 3 seperate systems and have to manage them when I could o it all in one place..
ymmv
Best of luck
far...out
Without that, people will feel a social need to keep the door open for the next person, so you'll lose quite a lot of security. I've seen both with and without where the companies that were with were clearly a lot more secure. Also, if you can afford it, have somebody present at all times for checking who or what uses the door. Try to make a building with one front door, or at least a strongly limited amount (not more than 2 or maybe 3 for a huge company).
At my University we have access cards with an embedded chip (like on a recent credit card) and a two-factor authentication system. To gain entry to a controlled area, you have to put the card in a reader (no RFID here) and type in your 4 digit PIN. In theory at least, the PIN is known to only the holder of the card, so if the card was copied/faked/stolen/found, it would be unusable by itself. The access cards are required for things like access to buildings, laboratories within buildings, computer labs, and after-hours access to anywhere that would normally be open. Obviously, access is restricted to only the areas you are authorised to enter, and this is managed by a central database.
This is much more secure than the one-factor authentication systems that use any kind of access card alone. My own view is to avoid biometric security, thanks to it being unproven technology and there have been reports of gaining access with play-doh, etc.
The downside to this system is that it takes longer to authenticate and grant access; time is lost in inserting and removing the card, and entering the PIN on the keypad. If you were to add something to prevent tailgating, then you'd have to think about whether this would cause a bottleneck in your site. You could probably speed it up by using RFID cards with the PIN system, but if you do, make sure they actually do challenge-response authentication, not just passively give out an ID number to every Tom, Dick and Harry with an RFID sniffer.
As always, everything depends on what level of security you need, what kind of building you're planning and how many staff you'll have using the system. I'd strongly recommend, as others have said, talking to a couple of well known security companies and finding out what their systems have to offer and how much it will cost to roll it out. Just don't let a salesman steam-roller you into deploying something that doesn't fit your needs, and be cautious of unproven technology. YMMV.
We have multiple locations. Most are "low security" where passing an access badge is a requirement to enter the facility and largely movement in the building is unrestricted.
In our secure environment, we have a policy which requires scan "in" and "out." Each person is required to scan every pass through doors. If you scan "in" and don't scan "out" you are prevented from scanning "in" anywhere until you see security to clear your card. This works pretty well.
But Herr Heisenberg, how does the electron know when I'm looking?
One way security is managed in a data center is the identicard process, biometrics are available but haven't been implemented yet, but more importantly keys are available. The keys, however, are tracked and locked in a system that is outside the network. There are between 3 and 5 levels of power available - power outage is the least of our worries where internal security is concerned. And the building has been designed to withstand several different types of natural disasters - either unique or simultaneous. I definitely recommend having keys available for all access but not generally in use. The identicard works very well for maintaining some constraints on people wandering through places they really shouldn't be.
Just to keep in perspective we aren't talking about a high security data center but a non-profit agency (yeah, money is tight, yadda yadda). So nothing like finger or retinal scans, maybe magstripe, but I would be leary of that.
The two things we see are a 1) regular turnover of staff (the preschool program is seasonal) and 2) having meeting areas available for use off hours. So I think maybe some cardlock doors and then the rest keylock (limited key distribution) might be a good compomise. The idea of timetracking employees was brought up but I don't know if that works well for an organization with many diverse programs.
So, what's the software like for these things? Are they usually some horrid over-grown VB that doesn't play well with others or are they usually a pretty flexible apps (export, import, LDAP?, web based, etc.)?
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
- Plan and test the power down. There are neat two-way locks (the frame is electric, the door keyed) out there. Use them
- Avoid Yale-style locks, use Abloy or similar.
- Avoid Biometrics and passive RFID
- Layer your defences & use multiple factors where necessary (where fingerprints _can_ be useful)
- consider what is going to happen when someone quits; loses their hardware or just leaves it at home
But doors are barely the start. Windows, roofs and ceilings need to be considered. While "DIY: Burglar proof your home with concrete" is an old joke, it's a good concept to consider.For windows 3M has some rather nice film products, which will really slow down intruders Your really secure areas should have no windows, and concrete/brick on all six sides. But the point of physical defences is merely to delay intruders until the police or security guards arrive. This arrival delay is a key parameter in your design.
Then there's IT, which is another game all together.
Have useful, sensible, published policies, make sure staff understand why they are there and back your policies up with action. Eg.
This means having something to audit - ie. records of what is where and who is responsible for it. Who was in what areas (including visitors) and when.
Show that the organisation cares - but you need to strike the right balance. In some organisations a breach is is a breach is a breach. In others, "ask forgiveness" is the meme.
Where the letter has been broken, but it was broken in a considered manner taking into account the facts available and aims of the organisation then the resulting management review may form the opinion that it was the right thing to do at the time. (Such as letting the Fire Department into the server room to put out a fire). Policy may even need to changed!
There's no point having a "no cameras" policy if the VP marketing can wander in with her/his 3G video phone. And if marketing needs to break the rules (such as making glossy brochures)
If someone identifies a new or changed environment, say "thanks", publish an interim response immediately and add it to your next-period work list. Security is not static.
Now, this is not free (as in beer) so you need to understand how much your management cares (can they spell risk analysis?). Classify your risks, evaluate the cost of breaches and then balance cost vs probability. Have a plan & policy and generate your procedures/work instructions from that.
Seems like a lot of work? Well, look for balance and minimise the amount of material/people you need to protect. "Need to know" and "physical seperation" are good maxims.
If you really care (and if you are subject to SOX or other legislation, your management should) get expert advice from an ex-spook or COMSEC cleared person.
-- Butlerian Jihad NOW!