One issue we've run into is that door security vendors usually don't get computer security. They understand the physical side, but haven't a clue about the cyber side.
For example, our old vendor insisted that we a) couldn't run anti-virus on any of the machines in their system "for performance reasons", b) couldn't do Windows patches "because we weren't supposed to touch the system", and c) the door controller(s) couldn't be segregated from our regular nets due to the way their control client talked to the master controller. We have a much smarter maintenance vendor now and all those issues are just fine. I'd look for a modular system that allows multiple kinds of authentication sensor for different areas. For example, the standard swipe/wipe reader in most places, a swipe/wipe+pinpad for more secure areas, and a full swipe/wipe+scramblepad for the highest security areas. There's also a big difference in the security of a contactless resonance system and a true smart card with on-board CPU and a true crypto challenge/response. All that said, how many times do you expect a higher-order attack? I would not consider RFID based systems as a feature, but as a bug. One nice feature of our current system is that it's integrated with the badging system. In one mode, every time you go through a door, there's a pop-up of the badge picture of the badge owner. If you've got security desks, they can see if the badge face matches the picture they see on the door camera. Oh, and how long are you going to keep the door access logs? _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
