Slashdot Mirror
What Electronic Door Lock Would You Buy?
zentigger asks: "I work for an ISP that supports internet in several dozen remote areas. Our POPs are typically fairly small shed-like structures, with a couple racks of equipment. For the most part, we can manage this stuff in-band, but frequently we need to have a local agent physically access the equipment for some minor maintenance work or adjustments. As time goes on, the shuffle of keys is becoming farcical and expensive. What we need is an electronic lock of some sort that can be reprogrammed remotely (preferably from a remote console via serial or directly via ethernet) that will stand up to extreme weather. Google certainly turns up lots of glossy brochures — although I don't see how they can -all- be 'The heaviest duty lock you can buy!' Does anyone have good experiences with any particular products or perhaps other means of dealing with the key shuffle?"
Sargent & Greenleaf are *THE* stanrdard when it comes to electronic locks. See here.
Your an ISP... you have bandwidth and old servers... simply get an electronic latch, a webcam, and patch it through to your security officers.
With some easy code, you could remotely unlock the buildings for workers on an as needed basis. Plus it provides video surveillance, and a method to document who accesses the facilities and when.
Keys would still be in the hands of a few techs for situations when the network is down.
Sometimes the best solution is to stop wasting time looking for an easy solution.
A while back I did some consulting for a somewhat remote municipality, who was in your exact same situation. They had small "equipment sheds" located throughout the region, and were having problems maintaining physical access. Their solution was to invest in a bunch of programmable electronic combination locks that they could reprogram as people were fired and/or promoted and not have to go through the whole rekeying process. This created an entirely new problem: People forgetting access codes that changed every several months. These workers worked around the problem the only way they could: Prying open the doors with tools, breaking the doors and sometimes the locks in the process. This forward-thinking municipality ended up footing the bill for the lock retrofit, a bunch of broken doors, and ultimately a return to standard keyed locks. FYI, YMMV...
A remote controlled lock? Via Ethernet? In all honesty, that is one of the stupidest ideas I have heard in a LONG time.
I don't respond to AC's.
Here is my preferred electrical door lock in action. Never had a problem with a burglar yet.
I have a complete electronic defense system for my home and I am currently upgrading the AI. It was slow going at first, the AI kept requesting to be given a name. Eventually i gave in and called it Skynet and things have been going quite well, although the Asimo I hooked up to it does like to chase me round the house a lot trying to taser me. I am going to ask one of my mates at the NSA if one of their global domination scenarios can connect and defeat it as a final acceptance test. Should be cool.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Is there some reason you can't just have all of the locks keyed the same?
Any locksmith should be able to do this for you.
Most companies I see use HID or S&G for card access. I personally would recommend HID (one of their newer card reader lines that use two-way authentication).
For mechanical lock backup, go with Medeco, Mul-T-Lock, or Abloy. All of which are immune to bumping, are restricted in key duplication, but keys are still decently available when you need copies made at a locksmith with your card.
Lastly, if you want a solution that is a hybrid, requiring only cylinders changed rather than lock hardware, you might consider the Mul-T-Lock CLIQ series. The CLIQ keys are mechanical and electronic, and the reader is in the cylinder, so no wiring of doors is needed. To remove a key from the authorized list, you just code the programmer key to remove it, then walk around and stick the key in the appropriate doors.
How about an access controlled door whose panel can report back by LAN/WAN back to the server? All you would need to do at the point that someone leaves the company is disable the card. Then you wouldn't need to deal with keys. The Topaz http://www.gesecurity.com/portal/GESDownload?ID=29 91&DID=16883&documenttype=Data%20Sheet system should work nicely.
I worked my way through college as a locksmith. I've always favored hardware security (keys) over electronic widgetry. Talking to a Medeco dealer about getting your locks on a solid masterkey system would give you a solid system, but allowing remote sites to be accessed- possibly by different agents each time- wouldn't work.
One solution might be Videx. I've only glossed over their literature, but they seem to have a pretty good solution in place.
http://www.videx.com/products/detail/cyberlock.h tml
Specifically, the section on how "the CyberKey Authorizer enhances CyberLock systems by providing the ability to program and download CyberKeys at remote locations." That might be too pricey for your application. I've never priced out "door" costs on Videx hardware.
So I'm thinking that the way to do it is to have a keypad facing down so that you curl your fingers up to push the buttons so the person near you doesn't see. I figure having only four buttons would make it easier to enter the combo without looking. Buttons on the bottom would also have the advantage of keeping water out of your buttons.
One of the reasons I wanted a combo was I figured it would also be a lot faster than pulling the key out of my pocket every time. In fact I think a quick combo lock would be so quick that it wouldn't be too much trouble to just leave the door locked all the time.
Some other good features for the lock would be different combinations for everyone in the house. And some one time use combos and guest combos.
By the way if you are hiding a key outside your house make sure you put it around the corner or something so if someone is with you then you won't have to reveal your hiding place.
http://www.kaba-ilco.com/access_control/index.aspx
No, I don't work for them, but I use them.
This depends on where your systems (equipment sheds) are, whether they are all wired or wireless, whether you want your database centralized or de-centralized. In other words, there are a lot fo variables, and some great answers.
Feel free to email me. I work for a company that handles access control, video security, etc. We manufacture our own solutions, and work through integrators (if needed) for installation.
Joshua
Jmarpet@dvtel.com
Oh great, advice from someone who doesn't know the difference between "your" and "you're".
For a long time, geeks have come to share homes (eg, Open Sourcerers, who perfer lower living costs, et al.)
;-)
We can envision techie villages, bringing together a mix of renewable energy geeks with al the other geeks, onto a modest sized property,
away from the smells & noises of cityscapes, within commuting distance, but closer to nature & its beauties, maybe with windows looking out over nothing but natural sights & sounds (if the windows are opened
It the coming WiFi (WiMax & beyond) days, such villages might be happy to keep a near-constant watch over remote ISP facilities, either for $'s or some extra bandwidth.
There would possibly be problems with trust, but there always are.
(Insurange could be the ISPs workaround, if they were to get stung.)
Depends how handy or rolled you want this. I will assume you already have remote reboot/power ability at the colo-like locations, such as Baytech or WTI equipment.
Simplest method would be to hook up a stepper to the inside lock handle. You're talking a $10 piece of aluminum machined to fit a standard lock handle (i.e. deadbolt throw), wiring a stepper to a parallel port or using a serial to stepper driver adapter, and picking up some surplus drivers and motors on ebay.
Guy wants in, gives you a call, you open the door remotely remotely by logging into the machine that controls the stepper. Add webcams, etc. as needed if you want that sort of authentication, or to confirm the lock has turned to the appropriate position (or needs to turn more). Or, have a standard login/pass interface, any authentication network method you prefer (VPN, one time password, etc.). A tech could be standing in front of the door, use a laptop over a cell network to submit a one time password, and have the lock open.
You could even have a wireless router or ethernet port at the location for direct plugin; just make damn sure that it's suitably protected (i.e. VPN only, firewalled to a separate on machine nic that rejects everything except IPSEC or something).
Note that depending how you set this up, your driver has to be powered; this is a good thing--wire the stepper driver into your power management *separately* from the machine (so the machine power on/off is controllable as well as the driver), and you can have some additional tricks to use, i.e. someone can have the password to open the lock, but not the power management password, so you can turn off the stepper driver completely while you reset or implement new lock controlling passwords. This will also save energy; no need to have the driver sucking power holding position of the lock once the lock is set. And, if the stepper gets broken or stuck, powering the driver down will allow unpower the stepper so you can use a regular key.
If the power goes out completely or if the power management thing fries, no power means again unpowered stepper driver and hence the motor, allowing it to turn freely; it stays in the position it was last at too (since it's a stepper controlling a regular lock, it acts like a regular lock, meaning it doesn't change position just because the poewr goes out).
For redundancy (primary network down), you'd need a separate network of some sort (extent depends on what you want to accomplish). You'd could add a port to your router to control the power management equipment--a hub, ethernet switch, etc. that's separate from your main, and allow an access point in (wireless, direct ethernet, redundant to cell phone access, backup network) and secure as you deem fit, e.g. your choice of authentication method. If your network hoses itself, just reboot the network (not the system) equipment with the failover (i.e. cell network) and use whatever local login access you deem fit as you would standardly after. A simple method is to have your emergency network first (coming from the electrical outlet) that has limited scope.
...and it's so clever, I wish I thought of it. You need a lock that doesn't need a card-key and yet can be reprogrammed remotely, without AC power or internet connectivity.
webkeysystems.com
I only discovered this yesterday!! It uses an algorithm to generate a 6 digit key, that embodies the dates the key is valid. Basically, it's like public key encryption. Create keys on the fly, for just the period you need someone to access.
The only downside is that it's not true reprogramming of keys. You can't cancel keys, for example. In other words, if you give someone a key for 30 days, you can't cancel that key during the thirty days.
Whatever you do, avoid Chubb like the plague.
The "brains" of the system run on useless software that will not work without a hardware dongle. Check before you buy, I'm sure there are plenty of vendors who pull the same shit out there
Also, are you SURE that a keypress box (lockable box with hooks for hanging keys) won't do? When I was in the military, that's what we did. Never had a problem as:
a) We exchanged keys for identification (no ID, no key!)
b) If you lose the key or run away, we have your id, and we will hunt you down.
With a well-kept logbook, you cannot go wrong. Not to mention, no dicking about auditing whose keycard has access to which area when. If the key is missing from the keypress box, someone is using it. If it's missing after the official visitor hours, you have a problem. Scales pretty well up to a few hundred keys.
Of course, make sure you buy decent locks. Also, someone could always try to forge the keys. But that's what armed escorts are for.
I would take a strong magnet with me and see if the look can be opened with it. There are in fact many locks which can be opened this way without having to resort to hacking the electronics. This is an inherent flaw of them as they rely on solenoids to open the lock. This can only be overcome by strong magnetic shielding or by placing the solonoid in a direction so that - when attracted by a magnet - locks the lock, rather than unlocking it.
Also important is how hard it is to dismantle the lock to get to the solenoid (in order to apply a current to open the lock).
Do yourself a favor and don't buy into marketing babble or feature lists. Encryption does not help here.
I have had my eye on the RFID Digital Door Lock from ThinkGeek for quite a while now.
It's easily reprogrammed, you can issue access cards to persons as opposed to giving out a single PIN. Plus, it's supposed to be hack-proof, but probably not to the level of Sargent & Greenleaf.
I am considering it as a replacement for the lock in my flat's front door (which is arguably both less and more critical than an ISP gear shed). It's indoors, so weatherproofing is not an issue, but the flat is just rented so I can't really put any big holes in it...
Does anyone have experience with, or otherwise comments about, a lock of this type?
"Good news, everyone!"
Add & remove access on the fly.
while reading the first line of your 'utopia' I was immediately already envisioning the fourth & fifth word in your third line, but in a completely different expectation.....
every day http://en.wikipedia.org/wiki/Special:Random
This really is a classic access control problem.
There are 3 components to this normally. An physical locking mechanism such as a magnetic lock, an authentication mechanism such as a card reader and a controller.
There are numerous comments from people about 'if the network fails then you cant get in' which might be true with a simple little homebrew system but any commerical system uses the network only for programming. The actual door controller is self contained and operates without any need to talk to the computers. The only problem loss of network causes is that you cant revoke cards or issue new ones until you get the network fixed.
Some example controller manufacturers are http://www.honeywellaccess.com/, http://www.paxtonaccess.co.uk/, http://www.lenel.com/ amongst hundreds of other.
For card readers I always recomend HIDs iClass system - http://www.hidcorp.com/products/iclass/. These are smart cards and are substantially more resistant to the card cloning that has been mentioned before. They can also include things such as retina information and fingerprint profiles on the card. This avoids having to program readers on site with these things and also means that you never actually keep the users biometrics on file. They are only ever stored on the card.
As for locks... Too many to mention. I prefer solenoid locks that protrude a solid bolt into the door as these are far more difficult to force. Many cheaper maglocks can be forced by a solid kick to the door. I really depends on the door.
AC
Our recently refurbed admin building ("Hey! When are we plebs going to get our leaky windows replaced??") had its grand opening the other day, complete with University bigwigs and minor royalty. The day before it seems someone decided to upgrade the security system firmware.
When they did this, there was nobody inside. And they locked themselves out. They figured if they set the fire alarm off then the override would fling the doors open. But it didn't. They had to get someone in to smash through the security door to a) get inside and b) stop the fire alarm.
I imagine all the mess was cleaned up before the princess arrived.
Check out Computrols, Inc. They have programmable keycard locks that work over ethernet. Different card can access different zones and its all programmable from one head end unit. http://computrols.com/security
...is, as you have concluded yourself, completely useless.
Basically, you should go for the system that is easiest for you to manage. All electronic locks (and all locks in general) are easy to break, if you want to. Quite surprisingly, the more expensive locks, are often easier to break (it can be done with a screwdriver instead of a crowbar (or if your doorframe is better: power tools). And if the lock is better than that, there are always windows, or even walls.
If what you need is security, you need more than one lock to keep the bad guys out. And remember that the people most likely to break in to a better-than-average secured building is either the owner or people hired by the owner (insurance fraud); or employees or people hired by employees (or ex-employees). Your job is to not make it worth the risk. A local security company can also help with alarm systems and routine inspections. And remember the rule above, everyone, including security personnel, cleaning personnel, and so on, constitutes "employees" from a security standpoint.
Sound's like the geeks version of the Kibbutz
A small circle of friends and myself have been seriously discussing and investigating the myriad details in setting up something along those lines for ourselves. Thus far, the most compelling arguments in favour of it are the economies of scale and the various grants, tax breaks and other incentives we may gain, depending on how we are structured. The strongest argument against it has been the possibility of serious personality conflicts long term. Even setting aside the hopelessly flawed "Free Love" communes of the early '70's; experiments in communal living in North America have, at best, a patchy record of success.
I need a wheelchair van for my son. Help me get the word out. https://www.gofundme.com/wheelchair-van-for-jj
Of course, with a $10 tool, you can open the locks, but I bet the same could be said with your current locks.
Change your exterior leverset handles to accomote an "RC" Removeable Core keyway. Have this keyed to operate under your existing masterkey system. Have differently keyed cylinders pre-keyed for all of the openings that are accessible by this employee so if/when they leave someone in maintenance or the subcontractor you have for attending to these sheds change the cylinders so the old key does not work but the lock will still accept the higher-level masterkeys. Take the old cylinders and have them rekeyed with a new pin combination that will still work under the masterkeying system, so they are ready for the next turnover. In other words, the cylinder is changed quickly without having to re-key the cylinder on the spot. This still will require a reasonable level of mechanical aptitude, and a visit in person, or possibly subbing to local locksmiths, if your coverage area is too wide spread to send someone cross-country.
The existing locks you have on the doors should be able to remain in place, the outside lever and cylinder are the only parts that would need to be changed. When you change the cylinder, a long custom made key is used to pull the existing cylinder out of the leverset without unscrewing the whole thing and to put a new cylinder in.
certainly not the ones used in Jurassic Park... I know I don't want to overpay for some expensive door lock that some velociraptor can open when the power goes out...
Here's something a little different than the typical swipe card systems that all have to be connected back to some central control:
CyberlocksWe use these where I work and it's a great retrofit when you have multiple builds, including ones that don't have any electrical power. Basically, you have electrical lock tumblers that you replace the mechanical ones currently in your door handles. The key supplies the power (no batteries in the locks to change). When the key is inserted, it powers up the tumbler. The key and the tumbler do their digital handshaking (Key says: "I'm key number 12345" tumbler checks its programmed list and sees that key 12345 is on it and says "Okay, I'm unlocking the door" and mechanically unlocks the tumbler).
Pretty interesting system with a lot of configuration options. Depending on how you set up the configuration, it's a little more involved if someone loses a key, but you can reprogram the tumblers fairly easily with a programming key, and you can set them up to permanently disable key 12345 if it is considered lost/stolen.
Not hackable? Hardly. But then again, so are mechanical locks. This system gives you an electronic equivalency of security that you have with the mechanical locks, plus with a more flexible method of key control and access.
I can't speak to the security of these locks but they might be worth a look. You unlock them using the Dallas Semiconductor iButtons. Each one has a unique serial number imbedded it it and it can't be copied. We've sold these peoples timeclocks and they have worked well. They also have a line of locks that sound like they might meet your needs. http://www.accesspilot.com/
Another solution I have seen to a very like issue is having a secure door lock like the medlock that don't open the door itself, but the bolt triggers an electric trigger built in the door with battery backup for power outages that will cycle the lock mechanism. Then also, a keypad combo lock tied into a central server that will also trigger the lock mechanism. This provides secure mechanical and electronic access in best and worst case scenarios.
If the reason for attending the site is a power or backhaul problem, be careful which electronic lock you buy. It would be a shame if no power meant no access.
There was an unknown error in the submission.
mag casrds are your answer. you can remotely program the cards and there's no problem with opening the door if the network goes down at the site. they are also dirt cheap and can be set to expire so it doesn't matter if the tech loses it. video survillance is also a good idea.
If you mod me down, I will become more powerful than you can imagine....