Chapter 11: Electronic Security Systems Flashcards
What are the components of a full-featured access control system?
A credential reader, communication cabling, distributed processor, central database, software, supplementary interfaces to external systems and applications for request to exit devices.
What is personnel access control?
the portion of an access control system used to authorize entry and to verify the authorization of personnel seeking entry to a controlled area.
What is single factor authentification?
When one identification is required for access authorization.
What is dual factor authorization?
When two forms of identification are required for access authorization.
What is it called when three forms of identification are required for access authorization?
Three factor Authorization.
What are some ways to defeat access control points?
- Deceit
- Direct Physical Attack
- Technical Attack
How can an adversary use deceit to defeat an access control point?
By using false pretenses to convince security personnel or an employee to permit entry.
What are some way that an adversary can use direct physical attack to defeat an access control point?
Through force and the use of tools.
How can an adversary defeat an access control point by using a technical attack?
forging a credential or guessing or obtaining pass codes or pins.
What types of measures are used to determine who is allowed access to a facility and who to deny?
- credentials or other items in a person’s possession (such as metal key; a proximity device, chip embedded insertion card, magnetic stripe card; or a photo identification card
- private information known by the individual (password or pin)
- biometric features of the person. (fingerprint, hand geometry, iris and retinal patterns, signature, or speech patterns) this provides the highest levels of security.
What is a comprehensive access control system designed to do?
- Permit only authorized personnel and vehicles to enter and exit.
- Provide ability to audit compliance with access control policies.
- Detect and prevent the entry of contraband material.
- Detect and prevent the unauthorized removal of assets.
- Provide information to ensure the timely assessment and response to events categorized as exceptions or alarms conditions.
What is a PIN numer?
a Personal Identification Number
What are some weaknesses associated with the use of pin numbers?
- An individual could pass the PIN and credential to an unauthorized individual
- The PIN could be observed surreptitiously by an adversary (Shoulder Surfing)
- The PIN could be obtained by coercion.
How many possible PIN combinations are there in a four digit PIN?
10,000
What are some examples of the types of credentials used in access control?
- photo identification badges
- exchange badges
- stored-image badges
- coded credentials
What types of credentials require a high degree of vigilance from security?
- photo identification badges
- exchange badges
- stored-image badges
What are some weaknesses of a photo identification badge?
- a false photo identification badge can be made
- the individual can make up his or her face to match the face on a stolen badge.
- Guard inattentiveness
What is an exchange badge sytem?
a system that requires matching badges be held at each access point. When an employee presents a badge and requests entry, a guard compares the individual to the one on the corresponding exchange badge held at the access point.
What is a positive aspect of the exchange badge system?
The actual credential, with access, is never allowed to leave the facility.
What is a negative of the exchange badge system?
Someone can make up their face to match the face on the credential.
What is a stored image badge?
This is a system that requires a guard to verify an individual’s identity based on visual characteristics of a stored image.
What is a stored image badge system susceptible to?
The use of makeup as a disguise,
What are the most common techniques for coding a badge?
- Magnetic Stripe
- Wiegand Wire
- bar codes
- proximity
- smart cards.
Where is magnetic stripe encoding typically used?
In credit and debit card systems