I don't think that whoever it was that asked the original question about modifying a doorlock so it can be opened electronically will consider which type of credential to use based on your brief review which sounds more like a syllabus worthy of Mission: Impossible than something likely to happen in real life...
These doorways are in a University... Someone hanging around the hallway outside a computer lab for hours and hours would be noticed eventually... Unattended backpacks/briefcases/etc are MORE suspicious today than they would have been just a few years ago...
The point behind upgrading a doorway to use electronic technology to control admittance is the fact that in the event something happens inside the room (equipment theft, vandalism, etc.) it is easier to audit an access log stored on the PC hooked up to the controller unit and focus the investigation efforts on those few people than it would be to check and see who has been issued keys to the door to the lab and have to track them all down and ask questions...
Besides all of your babbling about the best ways to beat electronic access devices your inference to "someone who knows what they are doing" is incorrect... Someone who knows what they are doing would look for the simplest way in and forget all of the Sci-Fi crap and entry techniques that belong more in movies than in the real world...
Evan, ~~formerly a maintenance man, now a college student
In which case it would be better to fit 'fail unlocked' electric locks and install a key-switch to break the circuit when the key is turned. This would be operated only by the building masterkey and would be monitored so the audit trail includes masterkey uses (granted it does not 'know' which copy of the masterkey is used, but that is not likely to be a problem unless there is an excessive number of masterkeys in use).
Universities tend to have a lot of master keys floating around. Every janitor, caretaker, security guard and odds and ends of building staff are running around with some level of master key, albeit for possibly only one building in the case of staff.
Since vandalism has been known to be done by authorized computer users who heave a book into the CRT of a PC when their program fails, the university should, in addition to installing a card access system, also install a security camera so they can identify anyone vandalizing computer equipment.
For years the University of Toronto ran their computer labs with no card access and just about zero vandalism. Then one day one of their students gor frustrated when his program failed again and smashed in a glass window on a big IBM mainframe printer.
University police got him, probably because every other student in the lab grabbed him and called campus police.
While an unauthorized master key can raise havoc, generally key holders are not the problem with theft or vandalism.
Biggest problem at University of Toronto years ago was gross overcrowding of the computer facilities due to neighboring high school kids coming over to run programs to play games etc.
The day the university required a user id to run student programs on its mainframe, the crowd in the computer room dropped so much there were free keypunches! The university always required a user id to use their online terminals, but they used to hand them out to anyone who showed up for class and did not ask for student id at one point, so they had a lot of non-paying high school users who looked a lot like a first year university student.
Brian
Peter ( snipped-for-privacy@parazzdise.net.nz) writes:
Brian is correct on his statements that many master keys are usually issued... That being said those facilities staffers are much more likely to LOCK the door behind them... Professors using a computer lab might be rushing off to teach another class... The point I believe was to give electronic access credentials to the ROUTINE users of the lab spaces, at the department level only, and not require those from the facilities staff carrying master keys to have to carry an access card around with them...
Why on earth would you want to install a "fail-safe" electric strike ??? That means that for whatever cause whenever the power to the lock goes out NO ONE needs either an access card nor a key to gain entry to the room... A "fail-secure" electric strike will hold the door locked in the event of a power failure and keep the room and its contents secure...
There is a certain amount of logic to the facilities department policy of wanting a KEYED lock on every door... Power occassionally goes out... Then the access control system may not work properly unless MEGA BUCKS was spent installing it connected to battery back-ups (in every box) or emergency generator power circuits... Keys have worked and will work in any situation... Even the systems that incorporate a battery back-up in the event of a power interuption can have problems -- How often are the batteries replaced ??? If electronic access devices become the ONLY means of operating a doorway then more often than not Fire Codes come into play and EVERY piece of the system is now considered to be a "life safety" device which usually means more closer inspections as to how everything works and the necessity of having fully state licensed technicians to do any work on the system...
I think that several people have offered the idea here, and whoever it was that asked the question to begin with now has a starting point to work from...
Evan, ~~formerly a maintenance man, now a college student
I thought we were talking about a college. I'm not talking about securing the Pentagon.
BioScrypt biometric readers
You see this crap all the time in the movies. Problem is why go through all that with the special equipment when the lock is the weakest point? That's a very rich and VERY stupid thief.
Just about impossible since the electromagnetic field falls off to immeasurable strength only a few millimeters from the card. Even ferrofluid won't stick to your average magstripe.
if you would have bothered to Google, you'd see that the fingerprint attack can be done for about $50.
the rfid attack just requires a computer-controllable reader that's not ridiculously expensive.
it's not like it's a $20,000 attack to get $5000 in servers.
on what planet?
I can hang out in any public place on my school's campus and not even be noticed.
if it's just for auditing purposes, then why fiddle with biometrics and rfid and add unnecessary complication?
magstripes are cheaper and they do the job.
I was referring to someone with technical skills getting in without setting off alarms, not someone breaking a glass door and doing a snatch and grab.
no shit, that's easier.
you're correct that this would normally not be a huge problem, but any college campus with students in science or technological fields has a larger than normal supply of people who can pull off this stuff easy.
it doesn't really matter if you think it's "sci-fi" shit, what matters is how cheap it is and how widespread the knowledge of how to do it is.
In order for the idea of the "gelatin fingerprint" idea to work you need to have access to a "fingerprint" that is listed in the system... Would you really wish to go through all the effort of the process 'developed' by Tsutomu Matsumoto only to find out that the fingerprint you have harvested isn't in the system ???
-- I will point out here that this attack has been described as working against 80% of "biometeric readers", which do not scan your fingerprints at all, but merely check the measurements between certain predetermined points on you fingers and hand -- I would challenge Mr. Matsumoto to attempt his trick on a real finger print scanner one that actually scans for your fingerprint such as the ones in use by law enforcement agencies for the purposes of recording the identities of people they are booking as suspects...
I did look on google thank you, and while I agree that such a thing COULD happen it sounds as if the process takes HOURS per attempt... Not an "EASY" way in at all...
eventually...
I would agree if you did not look out of place... Most campuses today use security cameras, and someone standing in one particular place for a long time (even pacing back and forth while waiting) would look out of place... Hallways that house rooms with expensive equipment in them are often patrolled by security personnel that you may or may not be able to see, not every security officer wears a uniform with a giant shiny badge on it...
I never suggested that... I believe that the mention of the devices you listed in your original post came from the person who asked the question in the first place... All I ever said about the use of credentials was for him to check around campus and see what if any technologies are already in use... Such as magstripe ID cards that are also used in the cafeteria by foodservice personnel to keep track of meal plan accounts, which if being used for that purpose that SAME ID could be integrated into an access control system in most cases and not require computer lab users to have to carry around (or remember to carry around with them) another special card for lab access...
Someone with technical skills in physcial security matters would know how to enter this door in under 90 seconds without the use of anything more complicated than the use of a few basic tools... (battery powered drill and a screwdriver...)
If the college students want to use up hours of their time creating a gelatin finger which would be of limited use (unless it is kept cold) then so be it... I am just saying that "someone who knows what they are doing" would be INSIDE that door in 90 seconds tops without getting "high tech"...
Evan, ~~formerly a maintenance man, now a college student
I agree with all that has been said by others. Another option would be to electrify the existing locks or replace with electrified locksets and keep the existing cylinders. I also agree with others that I would strongly recommend staying away from Mag Stripe cards and going with proximity cards (rfid). Depending on the setup of the existing doors and hardware, there are many manufacturers today that retro hardware with electronics. You could also add a magnet onto the door instead of a strike. But be considerate of all factors of cost and legal issues before making a decision. The simplest and most obvious course of action is not always the best in the long run.
I thought you abandoned this group to spend extra time with your boyfriend or something? I guess since getting shitcanned from your maintenance job you have the additional time now huh?
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.