Securing Your Facility? 61
krahd asks: "We, at the CS department of our University, in Uruguay, are evaluating different ways of securing the access to our floor. Until now we have used just a traditional door lock, but its's time to delpoy a new, more geeky solution. So, after reading this Ask Slashdot, I figured I'd pose this question as a follow-up. What would be the best way to do it? We've already evaluated biometric technologies like iris-scanning and fingerprint-scanning, and more traditional ways like intelligent cards but, what others possibilities exist, and which would you choose? Yes, price does matter."
biometric!!! (Score:2, Interesting)
Re:biometric!!! (Score:4, Informative)
-Sean
Re:biometric!!! (Score:5, Informative)
That does not defeat the purpose at all. The concept of using two different authentication mechanisms together is called two-factor authentication. Not only is it a well-established Information Security principle, it's also considered a Best Practice.
After all, if someone steals your finger, at least they won't know your PIN!
Re:biometric!!! (Score:2)
I agree with you. But I wish the send authentication method was more secure, and less expensive.
-Sean
Oops! Typo: Make that second, not send... (Score:2)
Re:biometric!!! (Score:4, Funny)
Re:biometric!!! (Score:2)
Re:biometric!!! (Score:4, Insightful)
...Well not unless they put a gun to your head and say "give me your PIN".
To tell you the truth where I work they would be better simply asking the staff for their PIN and "would they mind letting them in".
Actually - I just remembered - we do have some doors that need those electro-magnetic induction keys to open.
They are always propped open. The problem is that people can't be bothered with too much security - make it a hassle, and they will use the simplest method of bypassing the system to suit their own lazyness. This is where transparent biometric authentication will clean up - let the door know who you are without bothering you. By this stage though we will be at the same technology level as a guy on the door who knows you and opens it for you.
Re:biometric!!! (Score:2)
If your coworker kept pictures of his wife naked or his life-savings (s/his/her/g, etc) in his deskdrawer you'd bet your life he/she would make sure that drawer was locked down with the best possible securitymeasures every time it he/she leaves...
Re:biometric!!! (Score:2)
Ahh yes - this reminds me of my suggestion that naked pictures of web server admins, along with their
Re:biometric!!! (Score:2)
why put a cardreader on your toilet, is it *really* necessary?
Good question. Why does my work put combo locks (those 5 pin doorknob things) on the toilet, anyway?
Re:biometric!!! (Score:2)
Thank god for mobilephones
Re:biometric!!! (Score:4, Insightful)
I'm fairly certain that that anyone who's willing to steal my finger would be able to get my PIN without too much additional effort. The amount of pain I'd be willing to endure for the security of any of my previous or current employers, all of whom have proven to be willing to lay me off at the drop of a hat, is vanishingly small. A believable threat would likely be sufficient, especially if my cooperation meant I got to keep my finger!
Then again, if I ever where employed by someone who actually showed any loyalty at all to their employees, I probably would endure a fair amount for them.
The lesson here is: all the technological security measures and all the best practices in the world amount to precisely dick if you've done nothing to foster loyalty in your employees. And, of course, you can't get loyalty without giving it.
Re:biometric!!! (Score:1)
Yeah- instead of beating you senseless to get your PIN, they beat you senseless to get your PIN, AND cut off oyur thumb.
Re:biometric!!! (Score:3, Informative)
Re:biometric!!! (Score:3, Interesting)
Database compromised (Score:2, Funny)
</sarcasm>
Armed Guards (Score:5, Funny)
Not what you were looking for? I suggest implimenting a system involving some kind of 'frikin lasers'
Re:Armed Guards (Score:4, Funny)
Oh, wait. You said you wanted this for a FLOOR... not a pool.
Maybe call in Kevin McCallister, from Home Alone [imdb.com]. He might be able to rig up a good butane torch at head level so whoever enters that door... well, let's just say they won't want to go in again. That, among other such traps.
Damn! (Score:2)
The opening scene in the punk metal club (FireFight!) - just watch the look on the hired gun's face when the boss says 'Kirill - time to go to work.'
Be sure if I ever need to secure a facility I am going to fill it with ex-military from the Soviet Union. Of course maybe there is a reason my company hasn't put me in charge of plant security...
Re:Armed Guards (Score:1)
What are the requirements? (Score:4, Insightful)
You didn't specify what your requirements for this project are, but I'd say that in order to make an informed decision, you should at least know this much:
Maybe... (Score:4, Funny)
What is your favorite color?
Re:Maybe... (Score:3, Funny)
Re:Maybe... (Score:1)
Use an electronic key pad lock (Score:4, Informative)
Appropriate Google search [google.com].
-Sean
Sadly the Solution Is... (Score:5, Insightful)
Just manage it properly. I chimed in on the last conversation on securing your network and made basically a related point [slashdot.org]. You can implement biometrics (I wouldn't recommend), proximity cards (which seem very popular and have some advantages that I'm sure others will discuss), keypad locks etc. But, if you don't manage the access, that is track who has a card, who used to have access but shouldn't now etc everything else is just there for appearance's sake. Security is a process, NOT one time thing.
Say you go with proximity cards, the real security in those is that you can regularly check who has access to what, who USED their access and so forth. (While also true of a keypad or biometric system, proximity card systems relatively cheap, reliable and ubiquetous on the market.) Regular reviews of access and access privileges are MUCH more important than which technology you choose.
That said, you should define very clearly who should and shouldn't have access to your secure areas. Once you've defined who should and shouldn't, then define what levels of security will exist for those who should have security privileges. THEN, regularly review security privileges to see if the actually privileges out there jibe with your security definitions. Finally, if possible, design your system based on layers of security, where the most secure areas cannot be reached without first passing through less secure areas.
Keep it simple.... (Score:3, Informative)
We use ID card/code right now, and there's quite a lot of grumbling over it.
Either way, they are simple and secure -- don't bother with anything fancy, it isn't worth your time.
Re:Keep it simple.... (Score:1)
I think this is the quarter that IT is in the bombshelter, iirc we'll all be one big happy family in bldg 70.
iButton (Score:2, Informative)
Re:iButton (Score:2, Interesting)
If someone loses a fob, then the lock person (luckily not me) has to go to every lock and remove that fob from the list of fobs that lock will r
price range? (Score:2)
Post a guard (Score:4, Insightful)
There is only one physical security system worth squat (IMHO): a single door and some old, cynical guy with a gun.
-- MarkusQ
Just Lock the Damn Door (Score:2)
> you choose? Yes, price does matter."
An ordinary non-master mechanical lock, and careful control of the keys. Spend your money on something useful.
Depends (Score:5, Insightful)
If you only need to keep honest people honest then locks and keys are really the best bang for your buck, and are going to be equally as effective as any high dollar thermal / visual / biometrics system.
Given that many buildings are built to residential spec's (meaning 18" between studs with drywall) or have glass windows I can circumvent most door locks with a razorblade (cut through the drywall anywhere except where the door is, generally from a neighboring room,) a hammer (break glass, climb in,) or a ladder (false hung ceilings are made of something only slightly more substantial than cardboard, move the ceiling tile in the hallway, climb up, move 6 feet in, move another tile, drop down.
None of the above are particularly effective vs. an armed guard with an attitude.
Ummm... Security guards? (Score:3, Insightful)
Security guards.... (Score:2)
Sometime you are in a hurry, you need access desperately and if the proper procedures are not in place you just sit there waiting that the guard somehow miraculosly find out who you are.
Re:Security guards.... (Score:1)
I was suggesting a security guard as an alternative to expensive retina scanners or handprint identifiers
Facial thermography and voice recognition or voice (Score:1)
Re:Facial thermography and voice recognition or vo (Score:1)
Physical security (Score:3, Funny)
Re:Physical security (Score:2)
Price MATTERS? (Score:2)
Drywall is cheap. Don’t forget the basics… (Score:5, Funny)
Re:Be Geeky if you want, but.... (Score:1)
Simple solution (Score:2)
Does your university offer student IDs. I know mine did almost 20 years ago. There is a magnetic strip on it that can be read to determine who's ID it is, then it is just a matter of hooking that up. These are all things that usually exist at a university, other groups have all ready done this, so should be easy to implement (
Where I used to work (Score:5, Interesting)
All the workstations for the operations department used smart cards that also acted as proximity cards.
You'd plug in your card to the PC, enter a password, and you have access.
It also doubled as the proximity card, which we used for all the datacenters we had in the building, as well as for some of the cabinets.
For the critical NASDAQ stuff we had a seperate room with a mantrap, proximity card and hand scan. Once again all those cabinets in the room also used proximity cards.
This way, while most of us had access to the datacenters, we could only access the cabinets that we were supposed to. Network guys could only access cabinets that where needed by them, etc etc.
Worked pretty well, especially the combo smart card/proximity card. This way, you had to grab the card and take it with you when you went anywhere, which locked the workstation and prevented an inhouse people from tampering with anything.
Since you are college people (Score:2)
Not sure how hard this is to implement but probably not that expensive and for a schools with engineers - a nice project to try.
The only way (Score:2)
My 2 cents (Score:2)
Fourth: Do not. DO NOT neglect other methods of entry. Look in the plenum spaces above the cieling tiles. Are there conduit holes a person could fit through? Are windows secure? Vents? Check the hings on the door.
Fifth: Keep people allowed in to a bare minimium, and if possible, make sure they all know and trust eachother
Voice biometric (Score:1)
Doesn't take much computing power and is pretty accurate compared to iris, fingerprint, etc.
Hello, my name is Werner Brandes. (Score:1, Funny)
Traps (Score:1)
a new, more geeky solution (Score:2)
Scan cards (Score:1)
at my school, our lab is equiped with a stand alone ID card reader [bestaccess.com] that reads the bar code on the back of all student IDs, those that don't have them (fac/staff) etc have a key to the room. Overall the system works fairly well, except when the batteries in the reader die, so make sure there is an alternate method to get the door open. One thing about this though, is that the allowed times are set per user, and from what I know there aren't any group capabilities, which makes it a pain to change allowed acc
Why don't you... (Score:1)
Spy movies can give you plenty of ideas on these sort of things.