Solutions to 5 Common Access Control Problems

•Published Nov 21, 2016 16:23 PM

Effective security is more than just good equipment. In fact, thousands of dollars in electronic access control can be wasted if they are not used properly. In many cases, proper operational controls fail to be implemented and enforced.

In IPVM's Access Control courses, students share real world situations where access control does not work. Over the span of multiple courses, key trends emerged.

5 common problems include:

Using Only One Credential or One Access Schedule
Door Props Are Rampant
Tailgating Is Not Addressed
Uncontrolled Doors Are Used
Lousy Visitor Management

Inside, we examine each one and explain how to solve them.

IPVM ****** ********

** *** ***-**** ****** ******** *****************, ** *** *** ********* ******** assignment ******** ** **** *****:

"**** ******** ** ****** ********** ********** Access *****. ** *** **** *** **********/***** like ****? **** ** *** ***** they *** ***** *****/ *** ****** it ** *****?"

**** ***** ******** *** ***** *** experience ** ******** **** ****** *** remedy. ****** ****** ******** ** ****** **** poorly *** **** *********** *** ***** quicker. **** *** ******** ******** ** responses ****** *******.

Only *** ********** ** *** ****** ********

*** **** ****** ******* *** *** users ****** *** ******* ****** ***** and ******** *** *** *****, ** even *****: ******* *** ******* ********** among ******** *****. **** ***** ****** with *** ********** *** *** ******* controlled ***** ** ***** *****, **** into '********** *****' ***** ******** ** important. ******** ******** ********:

"*************, *** ** *** ****** ******** use **** ***** **** ********** **** and ****** **** ** ******** ********* without ******* **, **** ****'* ****** till ** ********* **** * **** later (******* ****** *** ****** ******** are *****)."
"* **** ** *** ******** **** uses ****** ***** ****** ** **** user, *** **** *** ***** ****** (is ********, ***********, ******, ***.) ** create ****** ********* ** ******* ***** areas **** *** ******. ********* **** card **** *** ** *** ********* *** internal ***** ** *** **** *** gives *** ** *** ********* ** any *****."
"*** **** ******* * **** ** where **** ****** ****** *** *** doors ** *** ******* *** **** when *** **** ****** ******, **** a ****** *** **** *** ********. This ** * ******** ****** ** what *** ****** *** ******** ***."
"** * ****** ** ****, * school ****** *** ********** ******* *** recently ******* ** **** ** ****** to ***** *** ****** *********** ******* faculty **** ********* *** ******** ****** the ****** ****** *** ************ **** contractors/custodial *****, ***... *** ****** ********, high ********, *** ***** ** *** people ***** ****** ***** ** ****'* want **** *****."
"*'** **** ***** ***** **** ***** unlock **** ********* *** **** ***** to * ****** ******* ****** ** associate * ******* ******** ***** ******* those **** **** *** ****** ******** so **** *** ******* ***** ****** the ***** *** ******** *** ** one ** ***** ******** ******** ****** to *** ******** ** *** ******** and *** ***** ******* **** *** unlocked ** ****."
"* **** * ******** **** * plastic **** ******* **** ******* ****** of "*** ****" ********* **** **** produce * **** ******** ****. ***** year ** ******* * ****** ***** and ** ***** ******* *** ******** or ***** *********! ** ***** ** hour ******** ***** *** ***** *********** from *** ********. ** ***** ** is **** ****** ** **** *** the ***** ***** **** *** ***** them *** ** *** **** *** hired."
"* *** ******* ** **** * site **** **** ** ***** **** all ******** *** **** **** ******. To *** ******, *** ****** **** looked **** *** ********!"

*** ********: ******* ** ******** ********* *** manage ****** ******* ****** *** ********* ** ************* ******* *** ******* ********* of ********** ****** **** ****** ********** locks *** ****. ***** ****** ** specifically ******* ** ****** *** ******* credentials *** ***** ****** ****** *** discrete ****** ****** ***** ** *** their ******** ****. *********** ** ******* should **** *** ********** ** ***** ***** features *** ****** *** **********.

** *****, ***** ********* ** ****** to ****** **** ****** ** *** system *** ****** *** ****** ***** not ********** ********** ******.

Door ***** *** *******

******* ****** ******* *** *** *** of **** *****- ********* ******** **** hardware ****-*****, ********* **** ****** ** wood ** ***** - **** **** the ****** ** ******* ***** **** and ********, ******* ********** **** **** controlling ** ********** ****** ** ***:

"*** ** *** ******* -- * campus **** * ********* ** ** acres -- *** ****** ******* ** all ***** *****, *** **** ********* flip-down **** ***** ** *** ** the ********* ***** ** **** ********* going ******* ** ***** *** *** back **. *** **** ***** *** doors **** ***** ********* ** ****. I ******** **** ** ****** *** door *****."
"*** ******** ****** **** ** ***** propped **** **** *** **** ******** at *** ***** **** ********. *** put * ****** ** *** **** if ******** ** **** ***** ** prop *** ****? * *** *** all *** ****** ***** ** * monitor *** *** **** ** *** wall ** ****** **** *** *** to ***** *** *** *** **** the ******. *** **** ****** ****** be ******."
"**** ****** ***** * **** *** into **** *** ***** ** *** habit ** ******** ***** - ********* because ********* **** ** ** *** for * *****, *** ***'* ** bothered ***** ***** ***********."
"***** *** ****** ******* ** ***** trash ****** *** ******** **** **** in *** **** ***."
"* ******** ******* * ********** ** to *** ** ** ***** ****** for *** *** *** *** **** doors **** ******* **** **** ********. When * **** * ******* ** the ******** ********, ** ****** **** if *** ***** **** **** ****/******, that *** **** ***** ** ************. They ****** ** **** * ******** risk **** ****** ** ***** '***** sweat *****'."

*** ********: ** ** ****** ** *** ********* *** **** **** ******* ****, *** ****** ******** ** ** dispose ** *** **** **** ****** or ******** ****. ** **** *****, this *** ******* ******** ******** ***** with * *********** *** ************ ****-*****, but ***** ** ***** ********* ******* up *****, ***** ****, *****, *** bricks **** **** ****** *** ********** ** wedge ***** * ****.

****** **** **** ** *********** * routine ********** *** **** ******** * potential ******** **** *********** *** ****** system.

Tailgating ** *** *********

*** ******* *** ** **** ** fix ** *** *********** * ****** user **** * **** **** *** multiple ****** ******** ** ******* ** area, ******* ********** *** ****** ****** from '***********' ****** ** ***. ** note *** **** ***** ** *** issue ** *** ********** - ****** ******* ******** **** *** ******* *** ********* ****** gestures *** ******** ** * ******* security ******:

"** *** * ******* **** ****** some ******* ** * ****** ****** network ******** ****** *** *** ********* were ******** ** *** *** ********** to **** ** ************. *******, **** would *** **** *** ******** ** the ********* **** ** ********** ** holding *** **** ****."
"********** **** ******* *** **** **** seen; ****** **** **** *****, ********* 50 ****** ***** ***** *** ******** with * *****, **** ** *** door '************' ****..."
"***** *** ** **** ********** ***** one **** ***** *** **** **** for *** ** ****** ****** ** a *** **** ***'* **** **** each *****. *****."
"* ****** ** * ** *** Force **** **** *** ********* ** armed *** **** *******-**** ** *** outside, *** ** *** **** ****** for ******* ** **** *** **** and ***** ********** ** ******** *********** into **** ******** ***** ****** **** no ************* ** *** *****."
"*** ********* ******* *** ********* ******* had *** **** ********, *** *** supervisor ***** ******* ** *** ********* workers ****** *** *** ********* ******* to **** **** *** ******** *** tailgate, *** ***** *** *** ********."

*** ********: ******** *********** ******** *** ********* to ********** ** ******* **********, **** ********** ** **** ******* ** ****** ******* ** **** ***** *********. *******, ** many ******** *** **** ********* ****** involve ******** *********, **** ********, *** area ******* ********* *** ******* *** risks ** *** *****.

Uncontrolled ***** *** ****

*********, *** ***** **** ** ******** in ** ****** ******* ******, *** due ** ************ ** ********* ***** uncontrolled ******** ** * ******** ******* traffic. *** **** ** ***** ***** doors ***** *** ****** ****** ***** be ******* ********* *** *** ********** the ******** **** ** ******* * facility ******:

"* **** **** ** **** ******/ warehouse ********* ***** *** ***** ****** is ******* *******. *******, *** ***** just **** ****** *** **** *** the **** ** ***** **** **** and ** *** *** ****** ** stop *** **** **** ******* ** to *** ***** ******."
"*** ***** * **** ** ****, had ******* **** ****** ***** ****** the ******** *** **** ** *** doors ****'* **** * ****** ** use **** **** *** ******. *** of ***** ***** *** ***** **** to ** *** **********. ** ****'* have * **** ****** ****** ** it, *** ** *** ** ***** to *** ***** ***** **** ** tempting ** *** ** ** **** running ****. * *** ** ** would **** ***** ** *** **** to *** ******. ****** ** *** department ***** **** *** **** *** the **** *** *** *******, ******** access **** *** ******** ******* ****** to **** *** ***********."
"******* ********** **** * **** ******** with ******* *** ********, *** *****'* multiple **** ***** **** ******* *** screen ***** ***** **** ****** *** enter ** ***** ****. ***** **** stolen *** *** ****."
"* ****** * ****** ** *** restricted ****** **** *** ****** ** direct ******* ******* *** ****** ** order ** ****** *** ******* ******** and ******. **** ***** **** ****** had ** *** **** *** **** handicap ***** ******* *** ******** ** latch *** **** ****. **** ****** the ********** ******** ***** ** *** remedied."
"*** **** ********** ***** ** *** whole ******** *** *********** ******* ***** storage **** *** **** ****** * side **** **** *** ***** ****** and *** ** *** ******** *** workers."

*** ********: **** *********** *** ******** ****** **** to ********* ***** ********* ******** *** authorized *** ***, *** **** **** action ** ****** ******, ****, ** add ************ ******** **** *** ****** system. ***** ******** ** **** ********** and ****** ******** *********** ****** ******* **** ****** ** **** are ********* ****** *****, **** *** and ****** ** ****** ******* ************ entry.

Lousy ******* **********

*******, ******** ** *** ************ ************** ********* of ********* ******** **** **** ****** control ********** *** ** *** ******* goals ** *** ******. ***** **** visitors *** *** *****, * ***** percentage ***** ** **** *******, *** without ******* ********** ** ***** **** can ******* ** *** ****** **********:

"*** ** ** ******'* **** ***** ** passing *** ******* ****** *** ******* and ***********. **** ***'* **** ***** of *** *** ***** ***** ****** go."
"*'** **** **** ********* **** ************ lobbies. *******, **** *** *** *** an ******** ** *** ******* ** the ********, *** ***'* ******* **** the ***** **** *** ****** ********. That ***** **** *** ********* ****** buzzes ******* **, **** **** ****** to *** **** ** *** ****."
"*********** ***** ****** ** ***** **** as *** *** ******** *** *** not ******* ** *** ** **** though ** ***'* * **** ******** area."
"*** ** *** ******* ******** ** Hospitals ** ******** ** ******* **********. There ** ****** ******* **** ******** people **** ***** ***** **** ****, to ****** ****** ** *** ******** areas."
"* ****** ** * ***** ************ where ******** **** ******** ** ****-** and **** ******** ***** ******. ***** was ****** ******* ** *****, ******* it *** ***** **** ********* **** open ***** ***. **** *** ******** had ****** ********, **** *** * much **** **** **** ** **** than **** ******** ****** ****."

*** ********: ** ** ****** ** ********** ********** ******* ******** ****, **** ****** ********* **** ** add-in ****** ** ************ ******* ****** directly **** *** ******, *********** *** need ** * ****** ********** ******* 'check **' ******. ***** ******* ** not ********* ****** *** ******* ************** ********, the **** ** *********** ******** ******* troubles ** ******* **** *** ** significantly ********* ******* ********** ******* ********** ********.

Comments (1)

Undisclosed #1

•Nov 21, 2016

IPVMU Certified

The most vulnerable place in the whole building was radioactive medical waste storage that was just inside a side door that was never locked and was an hot shortcut for workers.

How heinous was the existing EAC that people would take 'hot' shortcuts thru radioactive waste storage?

Reactions:

(2)