Forced Entry / Duress Access Tutorial

By Brian Rhodes, Published May 17, 2018, 10:03am EDT

Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for criminals, unsuspecting people inside are vulnerable. 

But 'Duress Access' is a common, although overlooked, access system feature to combat the threat.

In this note, we examine the duress options for common types of access readers:

  • Biometrics
  • Keypads
  • Card Readers

And we address how opening design, closed access areas, and physical layering adds strength to perimeter access control for such risks.

Criminals Force Users To Unlock Doors

In general, once entry is made and the criminal is able to enter a building, the primary security boundary keeping people safe has been breached.

Forced entry has been an entry path for criminals in several events, notably in 2015's mass shooting inside French tabloid 'Charlie Hebdo', where active shooters forced an employee holding her child to enter her door PIN code at gunpoint in order to gain access.

Once inside, they murdered 10 people. Armed Responders only arrived in force at the scene more than 30 minutes after the killers fled.

The overall risk includes less violent acts, including theft or burglaries, where armed bandits wait for unsuspecting users as they key in codes or present cards, only to force Tailgating into a facility to commit crimes.

Vulnerability Even In High-Security Deployments

Access control only works when credentials are protected and unable to be misused. Making sure the doors and openings are protected is not enough.

*** *******, ******** ******** at ******* ***** *** not * ****** ******, and *** *********** ****** up ******** *********** ***** **** ******** ******. *** ******** *** a ********* ****** ******* system *** * ********** security **** ********* ** a ******. ****** **** shooting ***** *** **** the ********, *** ****** grabbed ** ******** ** an ****** *** ****** her ** **** *** main ******** ** ********. From *****, **** *** unabated ****** ** *** inside.

** **********, *** ******** of '**** ***** ** done ***********?' ** ***** by ****, ********** ** those ******* ** * similar ****** ****** ** keep ******* *** **** away.

Access ****** ****** *******

** *** **** ** forcing * ******* ** open *****, ** ******** refusal *** ****** ** immediate ***********, *** **** seconds ** ******* *** response *** ** ****. ************* the *** **** ** Charlie *****, ********* ****** undo *******, *** ****** changes ** *** ******** system ***** **** ** the **** ***** ******** the ****** *** *********** lowered *** ****.

** *******, *** **** access ********** ***** ** be ********** ** ******** handle *** ***** **** a '******' ****** ** sent **** * ******. Even ** *** **** access ****** **** *** claim ****** *******, * custom **** ** ****** can ** ********** *** event *****-******* ******** ***** ******* ******* ********* ************* of * ****** *****.

** ********, *** ******** and ************* **** ***** a ********** *** ****** notifications ** ****** **** include:

**********

*** **** ********** *******, if ** ******** ** specially ********** '********* ****' fingerprint ** **** (**: the ****-**** ***** ****** than *** *****-**** *****), the **** ****** ******, but alarms *** ****** ** notifying ********/*********** ** *** system ******* **** ************ or **** ** ****** responders.

** ******* '******' *********** enrollment ** ***** *********'* ***************, *** *** ******* and ******** *** ******* to **** ********* ****** management ********:

** * ********, *** act ** ***** *** appear ** ********* **** what ** ******** ********, but ****** *** ******, officers *** ** ************ acting ** ******* ********* to **** ****** ** a **** ***** ** emergency *** ****.

*******  

******* ****** *** ********** as ***** *** ***** ******* ****, ******* *** *** of *** ******** ** configure *** ******. ** a **** ****** * special ****, **** ** an ********'* *** ** reverse *****, ** * two ***** '********* ****', the ****** ******* *** door, *** **** ****** and ******** ***** *********.

*****, ** * ********, the *** *** ****** no ********* **** ******, and ***** ***** ****** can **** **** *** or ***** *** ******** code *** ********* ** enter **********.

Card *******

*************, *** ** *** most ****** ************** ******* also *** *** ******* 'duress' ******** **************. **** ******* issue ***** ******** *****, one ***** ** '*********' card **** ******* *** same ** * ****** credential ***** *** **** triggers ********* ****** ** used. 

*******, **** *******, ****************'******* *' ********** *******, ***** ** a **** ***** ***** badge ***** ***** ** rapid ********** * '****** event' ** ********* *** may ****** ***********.

*******, ****-***** ******* *** ***** to ***** ******** ** extra ***** ** ***** of ******** *** *********, and ****** *** **** readers ******* ***** ** implement **** *** **** effectiveness ** ***** *******. 

Building ****** ******* ****** *****

*******, *********** *** ******* or ***** ***** **** specific ******** ** ******** the ********* ****** ** forced ***** ** ********.

* *** ** ****** time, ** ****** ***** occurs, ** ** **** more **** *** ********** exit *** ******* ** segregate ******. ****** ******* like ******** *** **********, *********** *** ******* internal ******** (**: ***** rooms, ********, ****** *****) with ********** ******* ****** can **** ****** ** unprotected ***** *** ******** emergency ********** **** ** potential *******.

Avoiding ***** ***** ** ********

********** ** *** ****** or ****** ****, ******** managers *** ********* ****** absolutely ***** ********* *** true ********** ** *** systems **** ******.

****** **** '***** *** victims' *** *** ************ a ******* ***, *** lesson ** *** ** misgauge *** **** ********** value ******* ** ****-**** security *******. **** * modern ****** ****** *** not ****** ** ******** all ***** *** ******* Hebdo *** **** ** duress *********, *** ********* may **** **** **** even *****.

*** ***** ****** *** security ******** *** **** assessment ******** *** ** evaluate ********** ************ **** current *** ******** *****.

Comments (3)

Undisclosed Manufacturer #1

05/21/18 04:41am

I brushed past this and decided to read it.  We used to sell duress as the “security between the outside and the inside”.

Although it has been problematic for people to remember how to use it on that rare occassion, and more often the creation of a false silent alarm due to the methods used such as changing the last digit by one up or down.

Added to that is the common requirement for no verification by the dispatchers.

Of course, how many alarms use the years 1950 to 1999 for codes still or the default 1234!

Undisclosed #2

IPVMU Certified | 05/21/18 03:10pm

Again, to a criminal, the PIN may appear no different than normal, and users under duress can even give out or share the alarming code for criminals to enter themselves.

Pro tip: Always try PIN in reverse first...

Robert Shih

Independent
05/25/18 06:36pm

I'm beginning to wonder if duress reactivity should involve some sort of force based response mechanism. What better way to put down animals like that than by a machine?

Maybe I'm being extreme. Maybe I'm politically biased and driven by my complete anti-religiousity. However, the Charlie Hebdo incidents are among the most infuriating in respect to terrorism and Islam in general.

Speaking of which, are there any interdiction systems that are effective and readily available through proper channels that are worth talking about for a commercial (non-industrial) application?

Read this IPVM report for free.

This article is part of IPVM's 6,735 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports