Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security Technology

Securing Your Facility? 61

Posted by Cliff from the doing-more-than-keylocking-your-door dept.
krahd asks: "We, at the CS department of our University, in Uruguay, are evaluating different ways of securing the access to our floor. Until now we have used just a traditional door lock, but its's time to delpoy a new, more geeky solution. So, after reading this Ask Slashdot, I figured I'd pose this question as a follow-up. What would be the best way to do it? We've already evaluated biometric technologies like iris-scanning and fingerprint-scanning, and more traditional ways like intelligent cards but, what others possibilities exist, and which would you choose? Yes, price does matter."
This discussion has been archived. No new comments can be posted.

Securing Your Facility? More

Securing Your Facility?

Comments Filter:

  • biometric!!! (Score:2, Interesting)

    by m00by ( 605070 )
    I'd say, go biometric. your thumb, or eye don't cost anything, and it should provide some good security. that, and it's way cool, and should work for a long time, unlike other things like smart cards which wear, and other card based solution.

    • Re:biometric!!! (Score:4, Informative)

      by smoondog ( 85133 ) on Monday May 05, 2003 @12:25PM (#5882681)
      We have fingerprint scanners to get into a computer room and they are very flaky. Lots of false negatives, dunno on the false positive rate (haven't tried). They also require a 4 digit pin number. Kinda defeats the purpose, huh?

      -Sean

      • Re:biometric!!! (Score:5, Informative)

        by Hanashi ( 93356 ) on Monday May 05, 2003 @12:30PM (#5882720) Homepage
        They also require a 4 digit pin number. Kinda defeats the purpose, huh?

        That does not defeat the purpose at all. The concept of using two different authentication mechanisms together is called two-factor authentication. Not only is it a well-established Information Security principle, it's also considered a Best Practice.

        After all, if someone steals your finger, at least they won't know your PIN!

        • After all, if someone steals your finger, at least they won't know your PIN!

          I agree with you. But I wish the send authentication method was more secure, and less expensive.

          -Sean

        • Re:biometric!!! (Score:4, Funny)

          by Hard_Code ( 49548 ) on Monday May 05, 2003 @12:58PM (#5882989)
          Also, presumably if someone steals your finger, you will be aware of the security breach rather quickly!
          • Or rather dead and not able to tell anyone; if you're hard enough you'd take the pin to the grave and the badguys could hang out as much as they like with any of your fingers... won't get them anywhere though...

        • Re:biometric!!! (Score:4, Insightful)

          by skinfitz ( 564041 ) on Monday May 05, 2003 @01:01PM (#5883005) Journal
          After all, if someone steals your finger, at least they won't know your PIN!

          ...Well not unless they put a gun to your head and say "give me your PIN".

          To tell you the truth where I work they would be better simply asking the staff for their PIN and "would they mind letting them in".

          Actually - I just remembered - we do have some doors that need those electro-magnetic induction keys to open.

          They are always propped open. The problem is that people can't be bothered with too much security - make it a hassle, and they will use the simplest method of bypassing the system to suit their own lazyness. This is where transparent biometric authentication will clean up - let the door know who you are without bothering you. By this stage though we will be at the same technology level as a guy on the door who knows you and opens it for you.
          • Whether people "bother" with security measures all depends on whether the measures are appropriate for the object secured (why put a cardreader on your toilet, is it *really* necessary?) and if they grasp the value of the object that is secured...
            If your coworker kept pictures of his wife naked or his life-savings (s/his/her/g, etc) in his deskdrawer you'd bet your life he/she would make sure that drawer was locked down with the best possible securitymeasures every time it he/she leaves...
            • If your coworker kept pictures of his wife naked or his life-savings (s/his/her/g, etc) in his deskdrawer you'd bet your life he/she would make sure that drawer was locked down with the best possible securitymeasures every time it he/she leaves...

              Ahh yes - this reminds me of my suggestion that naked pictures of web server admins, along with their /. nickname, be stored on the web server to "encourage" an interest in server patch updates and security.

            • why put a cardreader on your toilet, is it *really* necessary?

              Good question. Why does my work put combo locks (those 5 pin doorknob things) on the toilet, anyway?

              • Worst place I've been they had a card-proximity sensor both ways; so if you piggybacked into the toilet you could get stuck and had to wait for somebody to let you back in...
                Thank god for mobilephones

        • Re:biometric!!! (Score:4, Insightful)

          by MrResistor ( 120588 ) <peterahoff.gmail@com> on Monday May 05, 2003 @02:41PM (#5884012) Homepage
          After all, if someone steals your finger, at least they won't know your PIN!

          I'm fairly certain that that anyone who's willing to steal my finger would be able to get my PIN without too much additional effort. The amount of pain I'd be willing to endure for the security of any of my previous or current employers, all of whom have proven to be willing to lay me off at the drop of a hat, is vanishingly small. A believable threat would likely be sufficient, especially if my cooperation meant I got to keep my finger!

          Then again, if I ever where employed by someone who actually showed any loyalty at all to their employees, I probably would endure a fair amount for them.

          The lesson here is: all the technological security measures and all the best practices in the world amount to precisely dick if you've done nothing to foster loyalty in your employees. And, of course, you can't get loyalty without giving it.

        • After all, if someone steals your finger, at least they won't know your PIN!

          Yeah- instead of beating you senseless to get your PIN, they beat you senseless to get your PIN, AND cut off oyur thumb.

      • Re:biometric!!! (Score:3, Informative)

        by missing000 ( 602285 )
        Yes, fingerprint scans often can be defeated [zdnet.com.au] easily.
    • Plus, if someone were, say, to find a way to defeat the system with a fake fingerprint, you can just issue a new fingerprint to the person who should have legitimate access. With a card-based system, if a card is lost, it's in the system forever and the person with a stolen card will always be able to get in.

      </sarcasm>

  • Armed Guards (Score:5, Funny)

    by missing000 ( 602285 ) on Monday May 05, 2003 @12:21PM (#5882651)
    Are cheap and effective. Keep a list of people allowed in and out, and check ID's religously.

    Not what you were looking for? I suggest implimenting a system involving some kind of 'frikin lasers'

    • Re:Armed Guards (Score:4, Funny)

      by erpbridge ( 64037 ) <steve@erpbr[ ]e.com ['idg' in gap]> on Monday May 05, 2003 @03:22PM (#5884463) Journal
      Or sharks... yeah, All I want are frickin' sharks with frickin' lasers on their foreheads.

      Oh, wait. You said you wanted this for a FLOOR... not a pool.

      Maybe call in Kevin McCallister, from Home Alone [imdb.com]. He might be able to rig up a good butane torch at head level so whoever enters that door... well, let's just say they won't want to go in again. That, among other such traps.
    • Having just watched Vin Diesel's XXX about five times in the past 8 days I was going to recommend unemployed KGB guards / remnants of the old Soviet Military.

      The opening scene in the punk metal club (FireFight!) - just watch the look on the hired gun's face when the boss says 'Kirill - time to go to work.'

      Be sure if I ever need to secure a facility I am going to fill it with ex-military from the Soviet Union. Of course maybe there is a reason my company hasn't put me in charge of plant security...
    • Make the school football team guard the place. Make it mandatory so they can actually earn their degree. At least that way they can say they worked in networking.

  • What are the requirements? (Score:4, Insightful)

    by Hanashi ( 93356 ) on Monday May 05, 2003 @12:27PM (#5882692) Homepage
    n.b. the dangers of relying on Slashdot for critical security decisions...

    You didn't specify what your requirements for this project are, but I'd say that in order to make an informed decision, you should at least know this much:

    • Where you want/need access control (how many doors, for example)
    • How many people need access, and which ones need 24 hour access vs. time-limited access
    • How critical is the space that you will control access to? For most uses, biometrics are probably overkill. Keycards work well for many applications and are usually much more reliable.
    My advice is to think seriously about what you actually need, and don't try to solve problems you don't have. Make sure you get something that meets your real requirements, is stable and reliable, and fits in your budget.

  • Maybe... (Score:4, Funny)

    by Hard_Code ( 49548 ) on Monday May 05, 2003 @12:29PM (#5882714)
    ...get a bridge and position a guard to ask:

    What is your favorite color?

  • Use an electronic key pad lock (Score:4, Informative)

    by smoondog ( 85133 ) on Monday May 05, 2003 @12:30PM (#5882724)
    Use an electronic keypad lock where users need a special 4 or 5 digit key to get in. Make sure it is smart enough to have many keys, so each user (or special group of users) gets their own unique key. Everytime someone leaves, just remove them from the list. Biometric methods are flaky and expensive. They sound cool, but, IMO, it will just make people want to break them.

    Appropriate Google search [google.com].

    -Sean

  • Sadly the Solution Is... (Score:5, Insightful)

    by Inexile2002 ( 540368 ) on Monday May 05, 2003 @12:45PM (#5882859) Homepage Journal
    Whatever, any security system will do.

    Just manage it properly. I chimed in on the last conversation on securing your network and made basically a related point [slashdot.org]. You can implement biometrics (I wouldn't recommend), proximity cards (which seem very popular and have some advantages that I'm sure others will discuss), keypad locks etc. But, if you don't manage the access, that is track who has a card, who used to have access but shouldn't now etc everything else is just there for appearance's sake. Security is a process, NOT one time thing.

    Say you go with proximity cards, the real security in those is that you can regularly check who has access to what, who USED their access and so forth. (While also true of a keypad or biometric system, proximity card systems relatively cheap, reliable and ubiquetous on the market.) Regular reviews of access and access privileges are MUCH more important than which technology you choose.

    That said, you should define very clearly who should and shouldn't have access to your secure areas. Once you've defined who should and shouldn't, then define what levels of security will exist for those who should have security privileges. THEN, regularly review security privileges to see if the actually privileges out there jibe with your security definitions. Finally, if possible, design your system based on layers of security, where the most secure areas cannot be reached without first passing through less secure areas.

  • Keep it simple.... (Score:3, Informative)

    by denubis ( 105145 ) <brianNO@SPAMtechnicraft.com> on Monday May 05, 2003 @12:47PM (#5882870)
    As a student at the IT dept at RIT, I've had a chance to observe our security firsthand -- it's really quite simple. The easiest security measures are "scramble pads" -- everyone has an ID code, but the numbers on the pad are displayed in random order, so other people cannot observe the code you enter. It seemed to work really well.
    We use ID card/code right now, and there's quite a lot of grumbling over it.

    Either way, they are simple and secure -- don't bother with anything fancy, it isn't worth your time.
    • As a student in the CS dept at RIT, the ones in bldg 70 work fine :)

      I think this is the quarter that IT is in the bombshelter, iirc we'll all be one big happy family in bldg 70.

  • iButton (Score:2, Informative)

    by fille ( 575662 )
    Maybe you can use iButtons [ibutton.com]? They're more robust than plastic cards and you can add a keypad for extra security. You can also hook them up to a pc to keep a log. However, the buttons are quite expensive so let the students/staff pay for them or they'll lose them frequently..

    • Re:iButton (Score:2, Interesting)

      by deque_alpha ( 257777 )
      We use iButtons on keychain fobs in my school district, and they work quite well, until someone loses a fob or we actually need to do an access audit. I don't know if this is typical of other ibutton based systems, but we have no central way to track / change access and the fob-locks require batteries which need to be replaced pretty regularly (every 6 months or so.
      If someone loses a fob, then the lock person (luckily not me) has to go to every lock and remove that fob from the list of fobs that lock will r
  • How much you loking to spend. A high security lock, or a big guy with a club and a good memory for faces are at the low end, and lazer mounted fretina scanners are at the other.

  • Post a guard (Score:4, Insightful)

    by MarkusQ ( 450076 ) on Monday May 05, 2003 @01:53PM (#5883506) Journal

    There is only one physical security system worth squat (IMHO): a single door and some old, cynical guy with a gun.

    -- MarkusQ

  • > what others possibilities exist, and which would
    > you choose? Yes, price does matter."

    An ordinary non-master mechanical lock, and careful control of the keys. Spend your money on something useful.

    • Depends (Score:5, Insightful)

      by Glonoinha ( 587375 ) on Monday May 05, 2003 @04:23PM (#5885045) Journal
      I would say it probably depends on how important locking down the facility is to him.

      If you only need to keep honest people honest then locks and keys are really the best bang for your buck, and are going to be equally as effective as any high dollar thermal / visual / biometrics system.

      Given that many buildings are built to residential spec's (meaning 18" between studs with drywall) or have glass windows I can circumvent most door locks with a razorblade (cut through the drywall anywhere except where the door is, generally from a neighboring room,) a hammer (break glass, climb in,) or a ladder (false hung ceilings are made of something only slightly more substantial than cardboard, move the ceiling tile in the hallway, climb up, move 6 feet in, move another tile, drop down.

      None of the above are particularly effective vs. an armed guard with an attitude.

  • Ummm... Security guards? (Score:3, Insightful)

    by poofmeisterp ( 650750 ) on Monday May 05, 2003 @03:20PM (#5884438) Journal
    Nobody wants to hire a few decent-quality security guards anymore. I mean you'll want to lock the facility down with a nice little card access system, but there's a lot to be said for face recognition and random inspections/stops. Spend money on a person.
    • ... without the backup of proper policies, procedures and a database of people allowed in the facilities are as effective as an open door or a brick wall, pick one randomly.

      Sometime you are in a hurry, you need access desperately and if the proper procedures are not in place you just sit there waiting that the guard somehow miraculosly find out who you are.
      • Well, I didn't mention it.. but the idea of having a security guard implies that the guard be trained well and have a host of procedures to follow.
        I was suggesting a security guard as an alternative to expensive retina scanners or handprint identifiers :)
  • verification. Facial thermography measures patterns of heat emitted by the face. Combine that with voice recognition or voice verification and it'd be hard to beat.

  • Physical security (Score:3, Funny)

    by rice_burners_suck ( 243660 ) on Monday May 05, 2003 @04:10PM (#5884934)
    Incoming telephone, cable and electric lines should be protected from the moment they enter your building. All lines should enter into a protected equipment room in the basement, which should be a concrete room with a strong, locked steel door. From there, all lines that run to your networking areas should be enclosed in protected ducts that are difficult to saw into. Each networking area should have walls of concrete with thick chicken wire on each side, over which the drywall and plaster is installed. All doors entering into these areas should be of the metal variety. No windows should allow looking into these areas. Inside the networking area should be a concrete room containing the high end servers and other expensive equipment that provides frequent services but is accessed infrequently. These should be locked behind strong doors. Guards should be posted by each door, including the one to the basement and to each networking area. Each member of personnel should have an ID badge that is difficult to counterfeit as well as a five digit entry code. The ID badge should be verified by the guard as the security code is entered into the system. This allows the door to unlock. Guards carry keys that unlock only a deadbolt on each door. The security code opens the other lock. Thus it is necessary for both the guard and the other person to participate in unlocking the door. Guards carry weapons to fight anybody who attempts to enter by force. Inside the networking areas, all computers are secured by digital means outside the scope of this post. This security setup can then be touted as 100% secure and unbreakable. Management is stupid enough to believe a claim like that.
    • Shouldn't there be a self-destruct device? I'd also suggest hiring a psychic to screen visitors. And all the guards should submit to body cavity search when they report to work!
  • So you've implemented retinal scan hardware, but you're now worried about price? I guess I would be too, if I had blown my security budget on toys before I had a plan...
  • Make sure your walls go all the way to the top. Sounds silly, but way back when I was in college, the company I worked at installed all sorts of card readers and magnetic locks. What they did not do was actually run the wall beyond the suspended ceiling. On the bright side, the doofus's id card triggered the reader on the other side when he hopped the wall.
  • You are obviously after an authentication token, I assume you realize that none of these solutions help with the access control list (figuring out who is allowed to go where/when)

    Does your university offer student IDs. I know mine did almost 20 years ago. There is a magnetic strip on it that can be read to determine who's ID it is, then it is just a matter of hooking that up. These are all things that usually exist at a university, other groups have all ready done this, so should be easy to implement (

  • Where I used to work (Score:5, Interesting)

    by Judg3 ( 88435 ) <jeremy@pa[ ]ck.com ['vle' in gap]> on Monday May 05, 2003 @05:36PM (#5885607) Homepage Journal
    We used a combo of Proximity/Smart cards and some biometric stuff.
    All the workstations for the operations department used smart cards that also acted as proximity cards.
    You'd plug in your card to the PC, enter a password, and you have access.
    It also doubled as the proximity card, which we used for all the datacenters we had in the building, as well as for some of the cabinets.
    For the critical NASDAQ stuff we had a seperate room with a mantrap, proximity card and hand scan. Once again all those cabinets in the room also used proximity cards.

    This way, while most of us had access to the datacenters, we could only access the cabinets that we were supposed to. Network guys could only access cabinets that where needed by them, etc etc.

    Worked pretty well, especially the combo smart card/proximity card. This way, you had to grab the card and take it with you when you went anywhere, which locked the workstation and prevented an inhouse people from tampering with anything.

  • You should have a magnetic student id. So you should have card readers somehow available (like dorms?) So ... use the ID and PIN number to keep people out. That way the card and PIN needs compromised to gain access. When students don't need access anymore, remove the card from the list of people who have access.

    Not sure how hard this is to implement but probably not that expensive and for a schools with engineers - a nice project to try.
  • Nuke it from the orbit, that's the only safe way to be sure.
  • I would reccomend first that you hire a good security consultant. Second, use a secure card/biometric/PIN system. Third, if you can afford it, hire a real live (TM) guard. They work best.

    Fourth: Do not. DO NOT neglect other methods of entry. Look in the plenum spaces above the cieling tiles. Are there conduit holes a person could fit through? Are windows secure? Vents? Check the hings on the door.

    Fifth: Keep people allowed in to a bare minimium, and if possible, make sure they all know and trust eachother
  • Have a look at Domain Dynamics [ddl.co.uk] for a voice based system. Maybe something like a card reader or a keypad plus a microphone at each door networked to a central database.
    Doesn't take much computing power and is pretty accurate compared to iris, fingerprint, etc.
  • Watch Cube [imdb.com]. Take notes.
  • Take advantage of your relative proximity to Antarctica and use trained attack penguins.

  • at my school, our lab is equiped with a stand alone ID card reader [bestaccess.com] that reads the bar code on the back of all student IDs, those that don't have them (fac/staff) etc have a key to the room. Overall the system works fairly well, except when the batteries in the reader die, so make sure there is an alternate method to get the door open. One thing about this though, is that the allowed times are set per user, and from what I know there aren't any group capabilities, which makes it a pain to change allowed acc

  • ...put up a sign on the door that says "Storeroom", "Ladies" or something? You could go one step further by building a false wall which hide the entrance to your SECRET LAB :)

    Spy movies can give you plenty of ideas on these sort of things.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close