Access Control Cards – Are they really secure?

June 25, 2008 at 9:39 pm 1 comment

The news broke to day that over in London England hackers succeeded in cloning or duplicating the cards that most Londoner’s use to ride on mass transit.  These so called Oyster Cards are a version of smart card that is used in a great many other places for access control to secured areas.  The Dutch government has issued a country wide security alert due to the fact that they use the same or at least very similar technology at most of their government buildings!

Both Wired Magazine (http://blog.wired.com/cars/2008/06/hackers-crack-l.html) and the Evening Standard in London have articles on this story (http://www.thisislondon.co.uk/standard/article-23454596-details/Oyster+card+cloning+fears/article.do).

This is just the latest problem with this technology to come to the surface.  The main problems with these systems is that they are often specified incorrectly and sometimes just installed poorly.  Also they are only as good as the people who have administrative access.  I took over the management of a fairly simple system at a large corporate site and was amazed that the functionality of the software wasn’t even fully enabled and the previous administrator had made no real effort to audit the system.  I spent a very hectic 3 weeks auditing the system, inventorying the access rights of several hundred employees and getting the reporting module actually working!

There is a very good white paper on some best pratices for these systems here: (http://www.smart-id.com/documents/Access_Control_Industry_Best_Practices_wp_en.pdf).

The news is full of successful attempts to bypass these systems. Another story from Wired magazine: (http://blog.wired.com/27bstroke6/2007/08/open-sesame-acc.html)

Now I am not saying that I am dead set against using these devices, just that you need to realize that they are far from perfect or fool proof.  Just like any other similar system such as a burgler alarm they need to be designed carefully, used with their limitations firmly in mind and monitored constantly.

As always I thank you for your time and interest. Please take the time to Digg, Stumble Upon or add to the other social network of your choice to help me spread the word about these issues. Please forward any questions or suggestions to: askthefm@gmail.com

Social Bookmarks:

Add to Technorati Favorites

Advertisements

Entry filed under: Disaster Preparedness, security, Technology. Tags: , , .

Recycling Compact Fluorescents – It’s getting easier! Senator’s Urge IRS to be more flexible on Low Income Tax Credits

1 Comment Add your own

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Categories

Feeds


%d bloggers like this: