If it was a centralized system, everything went in a locked room in locked cabinets. Though we all know how useless those locks and cabinets are. You can pry them open with a screwdriver in 5 seconds half the time. The better ones had shackles you could padlock, but that wasn't common.
For edge systems (using HID Edge, go figure), where we located them above the door, we just used tamper screws to lock them down to the backbox. I preferred spanner screws.
In all cases, the more important step was getting emailed alarms when some component went down, immediately. Drilling out a lock or a screw takes no time. Someone should know when it's penetrated, and fast.
I hate putting controllers and such above the door. I try to avoid that and use a central location depending upon the size of the building. In the case of multiple floors I pick a central point per floor. I do generally lock the access control panel with a key, and depending upon which power supply was sold I would do the same for the power supply. I always try to supervise the power supply via the auxillary inputs. Mostly for loss of AC and low battery.
IPVMU Certified | 03/17/14 07:25pm
In the end, the customer was fine with the risk and I wasn't going to press it.
Very familiar scenario. This is why I am curious about this topic. Usually the customer wants the door to lock/unlock on command, and anything beyond that is a 'reach goal'.
They typically don't even want locking controller cans, and if they do, they just leave the keys hanging from them. If the customer expressed concern about spoofing or combo controller security, it usually was because we put the idea there to begin with.
I am really curious to know what best practices look like for this aspect of access control.
IPVMU Certified | 03/17/14 05:54pm
I remember years ago commenting to a customer on the existing controllers they had in a droptiled ceiling with fail safe doors, with a little bit of tunneling into a firewall above the corridor and something to pull out or cut the power wire I could have gotten into the office (provided the batteries died). In the end, the customer was fine with the risk and I wasn't going to press it.
Im sure there are other applications where keeping the components secure is an issue, but in reality, I havent run into many.
It used to come up more with alarm panels being close to access points, but its been a while since I have seen that either.