Access Control: Combo Reader / Controllers Tutorial

Author: Brian Rhodes, Published on Jul 22, 2013

Economical or foolhardy? Industry professionals are torn on combination door readers. These units typically integrate credential readers and door controllers into a single unit hung outside the door. Does the tampering risk also mean they are a security risk? We look at the units in this note, weigh the pros and cons, and address whether and where the risk is worth the benefit.

The Risk

********** *** ********** ** *** ******* ** *** ****** **** means ** *** ** ******** ****, **********, ** ******** *******. When *** ****** *** ********** *** ******** *******, **** **** is *********. *** ********* **** ** ******** ** *** ****** or ****** ****, *** ** *** ********** ********* ** ********* ****** such ******, ** ****** ******* ********** ** ***** *** ****.

*******, **** *** ****** *** *** ********** *** *** **** device, ** ****** ********** *** *************. ** ******* **** * combo **** *** *** ****, **** *** ******** ****** ******, or **** ** ****** *** *** ******** ******* **** * wide **** ****? ***** **** ********* ******* *** ********* **** as *** ***** ** *** ***** *****, * ****** **** ******* the **** ** *** *** **** *** *** ***** *** without **********.

****** ****

**** ****** ********** ***** ******* * '**********', ***** *********** **** ********, *** * '******', ***** ** *** ******* ********** *********. *************, ***** ********** have **** ********, ******** ***** **** **** **** ** ** ********* and *********.

*******, ******* ****** ************* ***** '***********' ***** **** ***** *********** and ******* **** * ****** ****. ***** ******** ***** '*************' compatible ******** ******* *** *** **********, *** *** * ****** box ** ******* **** ** ********** ****** ** ***.

*** ** *** ****** ***** ******** ** * ***** **** is ****** **** *** ***********, ******** *** **** ******** ** ***** ** **** '********* readers' **** ******* '***** *****' *********. ******, *** ****** **** includes * ****** ** ****** ******** *** *********** **** ******** is ********** ** *** **** ****: **** ********** *********.

 

Hardware *******

*** **** ** ******* ******** **** ********** *** **** ** risk ********* ********. *** ***** **** ******* ********* *****, **** maglocks, ******** *** ********** *** ********* ***** ** *** ***** and ***** **** ** ** *********. *******, ******** ******* *** generally *** ********** ** ********** *******, *** ******* ***** *********.

********:**** **** ******** *** ************* ******* *** *** '******** *******' from *** **********, *** ********** **** ** * ***** ** the ***** *******, *** ******** *** ********** ****** *** *******. The ***** ***** ************* ******* **** ********:

******** *******:******* ** *** **** ** ****** *** **** *****, **** simply ***** **** ******** ** ****** ****** ***** ********** *** door ** ****. ** **** *****, *** ****** ** ********* until *** ****** ****** ******* * **** ** ****. ****, the ********** ****** ***** ** *** ******, ******** *** **** lock ** ***** ****** ******* *** ******.

***** ******, **** ******* *** **** ** ******** *** ********** free *************; ** *** ********** ** ****, *** ****** ******* unpowered *** *** **** ***** *****. ** ****, ** ***** require ** ********** ** ***** ****** *** ********* ** ***** wires ***** *** ****** ** ***** ** '******' *** ****. While ***** * *************, **** ***** ** ********* ******** **** familiarity **** **** ** *** *******.

Tamper *************

********* ** ***** *********** ********* ******* * '****** ******' **** detects ******* ******* ** *** ********** **** *** ****, *** locks *** *** **** **** ******* ********** ***** ** *******. This ****** ****** *** **** ******* ***** ******** **** ***** authorities/operators **** *** ********** ** ***** ********:

***** *** ********* ***** ** ****** ******, **** *** *** mechanical **** ***** *****, ****** *** ** '******* ******' **** uses ** ** ******* ** ****** ********. ** *** ****, using **** ***** ****** * ******** **** ** ********** *** ********** and ****, **** ****.

****

*** ******* ************* ** ***** ***** ***** ***** **** ****** cost **** *********** *******. *** *******:

********: ** *** **** ***** ~$***, *** ****** * *** ****** at ~$** ***** ****** $***.  *******, ****** *** ******** ***** cost ** ******* *** ****** *** *** ~$** - ~$*** to *** ****, *** * ***** ******* ** *** $****.

*****: * ****** **** *** ***** ***** ~$***. *********** *** installation **** ** ******* ********* ******* ** $** - $*** savings *** ****.

External **********

** ******** ***** *** *************** ** * ***** **** *** high, ********** *** **** ****** ************ ******* ***************** ******* *** ****. ************* ************* ******** **** **** ********* ******* *** **** ***** ** environmental ********** ******* ******** *** **** - ****** ******* ** optical *******.

***** ********** *** ** ***** ** *******, *** * ********* designed **** ********* ****** ***** ** ****** *******, *** ********* mount **** * ****** ******* **** **** ********** **** ***** fasteners.

*******, ****** ********** *** *********, ********** **** ***** *** ***** cost ** ****** ***. ********** **** ******* ~$** - $*** each, ********* ********** *** ******* ** ***** * '*****' **** to ***** ****. 

***************

*********** ***** *****, ***** ***** ****** **** ** **** ** *** to ****** ******** ******** ***** **** ** *** *** ********:

  • ******** *****:******* ***** ****** * ******** *** ****** ******* ****** ** security *** *** ****** ***** ********* ** '*****' *********** **** video ************ *** ****** ***** *** *** ***** ** ****** attempts.
  • ***** **** ********: *** **** ** ****** ********* ******** ** *** ***** ** recommend ***** **** ** ******* ***** ******* ** **** *** security.
  • ** **** ********:******* ***** *** ******* ***** ***** **** ***** *******, **** should ** ******* ** '**** ********' ******* ****** ** ********** or ************* ****** *******. ***** *** **** ** *****, ***** it ******** ** *** **** ****** *** ***** **********.

Brute *****: *** **** ****

***** ***** ***** ***** ***** ************* **** *** **** **** standard ***********, *** ******* ****** ** ********** ***** ******* *************** brute ***** *******. ***** ***** **** *** ********** ** ******, most ******* **** *** **** *** **** *** **** *** knowledge ** ******* ****, ****** ******** ******* ** ****** *** opening ******. 

*** ********* ***** ***** ***** ***** ****** ** ****** ** part ** * ****** ****** ** ********** ******* '******** ********' of *** ****** *******. ** ** ******** ****** **** ***** through ******** * ********** *** *** ****, *** ********* *** use ***** ***** ** ***** **** *** ****, **** *** issue ** ********.

Comments (8)

The technical advantages of having a single, integrated, intelligent IP device at the door are manifold. But what will drive adoption is simply cost savings (which is potentially more attractive than modeled in this very good article). Security is a matter of degree, not absolute. I expect the inevitable additional functionality and lower cost will prevail over perceived security vulnerabilities which can be effectively mitigated.

We currently have our multi-door microcontrollers in close proximity to the BA/FA alarm control panel and recieve an input signal in the micro's when there is a fire alarm. The exterior doors then unlock to assist firefighters with access. How would this work with the controllers at the door?

Hi

There are ways to do this:

The Maglock can be controlled by an independent power supply. The Alarm/Fire system can activate that relay in case of fire to open the door...

The Fire Alarm dry contact signal can be translated into a digital signal to the server signaling it to open the door.. We don't like this idea but it is doable

If the door/controller powers the Maglock through PoE, then have the Fire Alarm relay cut power to the PoE switch thereby removing power fomr the controller, hence the Maglock...

As for tampering with the Reader/comtroller to removepower fromthe Maglock, we use ISONAS and they have adevice that effectively address the tampering isue...

I was looking at some all-in-one units for home use, from Samsung and Dahua. They typically look like this:

I believe in these that the reader, controller and strike are all in one unit. After reading the article, I am thinking that having the strike integrated may actually be a good thing, since it makes it harder to attack the leads which control the strike.

Is that right or are there new vulnerabilities that are introduced?

Units like you list above do not use an electric strike. The lock latch is retracted or the handle retracts the latch when the lever handle is turned.

Think of a 'hotel style' lock. That is essentially what your standalone unit examples are.

Ok, let me have the bad news, what sucks about them? :)

No need to reply, found this excellent article:

Hotel Access Control Explained

Nice article. Thank you for exploring the risk issues.

A point you didn't address is the case where there's now IP outside the door. If the thing is PoE powered or has a LAN connection, there's the added issue that the net could be the target. Yes, we still bring Bubba to use the prybar but now after that even the low end thieves have a kid on the team with a Rasperry Pi and a a 12 volt battery in their backpack, ready to do rude things over the network drop. There are reports of people accessing devices outside the building for net access, I don't think that's too far-fetched.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Higher Power PoE 802.3bt Ratified, Impact on Security Products Examined on Oct 12, 2018
Power over Ethernet has become one of the most popular features of many video, access, and other security products. See our PoE for IP Video...
Door Hinges Guide on Oct 10, 2018
Some of the trickiest access control problems are caused by bad door hinges. From doors not closing right, to locks not locking, worn or warped...
Security System Health Monitoring Usage Statistics 2018 on Oct 09, 2018
How well and quickly do integrators know if devices are offline or broken? New IPVM statistics show that typically no health monitoring is...
UTC Merges Lenel and S2, Creates LenelS2 on Oct 03, 2018
UTC has completed the acquisition of S2, launching literally Lenel's2 LenelS2 with UTC declaring that "LenelS2 unites two world-class teams with...
Anti-Tailgating Startup: Spyfloor on Oct 03, 2018
A Canadian startup, Spyfloor, is using a different approach to warn against tailgating, a common access control problem. By counting feet,...
VMS Mobile App Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone on Oct 01, 2018
Mobile VMS apps are a critical interface for the modern surveillance user. But who does it best and worst? We tested 6 manufacturers - Avigilon,...
Favorite Power Supply Manufacturer 2018 on Sep 28, 2018
While power supplies are becoming less important as PoE matures, they remain vital to access control systems, where increased power for locks,...
AHJ / Authority Having Jurisdiction Tutorial on Sep 27, 2018
One of the most powerful yet often underappreciated characters in all of physical security is the Authority Having Jurisdiction (AHJ). Often,...
Access Control Lock Guide on Sep 26, 2018
In this guide, we examine locks; critical elements of any security system and fundamental parts of every access control system. Two fundamental...

Most Recent Industry Reports

Hanwha Dual Imager Dome Camera Tested (PNM-7000VD) on Oct 18, 2018
Hanwha has introduced their first dual-imager model, the PNM-7000VD, a twin 1080p model featuring independently positionable sensors and a snap-in...
Camera Height / Blind Spot Added to IPVM Camera Calculator on Oct 18, 2018
IPVM has added camera height and blind spot estimation to the Camera Calculator. This is especially helpful for those who need to mount cameras up...
Axis Strong US Growth, Flat EMEA - Q3 2018 Financials on Oct 18, 2018
This spring, Axis had its best financials in many years (see Axis Strong Q2 2018 Results). However, over the summer, Axis had many products sold...
Best Alternatives to Banned Dahua and Hikvision on Oct 17, 2018
With the US government ban and a growing number of users banning Dahua and Hikvision, one key question is what to use for low cost? While Dahua and...
Video Quality / Compression Tutorial on Oct 17, 2018
While CODECs, like H.264, H.265, and MJPEG, get a lot of attention, a camera's 'quality' or compression setting has a big impact on overall...
Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...
ADI's Financials Revealed + W-Box Growth Priority on Oct 15, 2018
  ADI is one of the most powerful distributors in the security industry but how big are they? How much profit do they make? How much do they sell...
Dahua Face Recognition Camera Tested on Oct 15, 2018
Dahua has been one of the industry's most vocal proponents of the value that AI creates: As part of this, Dahua has released a facial...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact