A door access system should allow personnel to exit without any form of authentication, especially if the systems lose power such as during a fire. If you’re planning to take the Security+ exam you should have a basic understanding of physical security and environmental controls including door access systems.
For example, can you answer this question?
Q. You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)
A. Biometrics
B. Cable locks
C. CCTV
D. Mantrap
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Understanding Door Access System
A door access system is one that only opens after some access control mechanism is used. Some common door access controls are cipher locks, proximity cards, and biometrics.
When implementing door access systems, it’s important to limit the number of entry and exit points. As an example, if a data center has only one entrance and exit, it is much easier to monitor this single access point. You can control it with door locks, video surveillance, and guards. On the other hand, if the data center has two entry/exit points, you need another set of controls to control access in both places.
Another important consideration with door access systems is related to personnel safety and fire. In the event of a fire, door access systems should allow personnel to exit the building without any form of authentication.
Securing Door Access with Proximity Cards
Proximity cards are small credit card-sized cards that activate when they are in close proximity to a card reader. Many organizations use these for access points, such as the entry to a building or the entry to a controlled area within a building. The door uses an electronic lock that only unlocks when the user passes the proximity card in front of a card reader.
You’ve probably seen proximity card readers implemented with credit card readers. Many self-serve gasoline stations and fast-food restaurants use them. Instead of swiping your credit card through a magnetic reader, you simply pass it in front of the reader (in close proximity to the reader), and the reader extracts your credit card’s information.
It’s intriguing how this is accomplished. The card doesn’t require its own power source. Instead, the electronics in the card include a capacitor and a coil that can accept a charge from the proximity card reader. When you pass the card close to the reader, the reader excites the coil and stores a charge in the capacitor. Once charged, the card transmits the information to the reader using a radio frequency.
When used with door access systems, the proximity card can send just a simple signal to unlock the door. Some systems include details on the user and record when the user enters or exits the area. When used this way, it’s common to combine the proximity card reader with a key pad requiring the user to enter a personal identification number (PIN). This identifies and authenticates the user with multifactor authentication. The user has something (the proximity card) and knows something (a PIN).
Many organizations use proximity cards with turnstiles to provide access for a single person at a time. These are the same type of turnstiles used as entry gates in subways, stadiums, and amusement parks.
Remember this
Proximity cards are credit card-sized access cards. Users pass the card near a proximity card reader and the card reader then reads data on the card. Some access control points use proximity cards with PINs for authentication.
As a side note, one of the worrisome issues related to these cards is that attackers can build or purchase systems that can read your credit cards if they operate as proximity cards. The attacker places the reader in a purse or bag and positions it close to your wallet or purse, perhaps by standing behind you in the elevator, a store, or a line. The electronics on the card would charge and then transmit without your knowledge. The collected information can be used later to make unauthorized purchases.
About the only way to prevent this is to wrap your credit cards in some type of shielding, like aluminum foil. There are companies that sell credit card shield protectors for as much as $29.95. However, you can make your own shield with a couple of well-placed pieces of aluminum foil in your wallet or purse.
Securing Door Access with Biometrics
It’s also possible to use biometric methods as an access control system. One of the benefits is that some biometric methods provide both identification and authentication. When connected to a back-end database, these systems can easily record the activity, such as who entered the area and when.
For example, you can install a retina scanner at the entrance to a secure server room. When individuals want to enter, the biometric scanner identifies and authenticates them. It’s important to ensure you use a biometric system with a low false acceptance rate. Otherwise, it might falsely identify unauthorized individuals and grant them access.
Remember this
Door access systems include cipher locks, proximity cards, and biometrics. Cipher locks do not identify users. Proximity cards can identify and authenticate users when combined with a PIN. Biometrics can also identify and authenticate users.
Q. You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)
A. Biometrics
B. Cable locks
C. CCTV
D. Mantrap
Answers are A, C, D. A biometric reader used for access control, a mantrap, and a closed-circuit television (CCTV) system all provide strong physical security for accessing a data center.
Cable locks are effective theft deterrents for mobile devices such as laptops, but they don’t protect data centers.