Access Tailgating: Biggest Security Vulnerability
What is the 'biggest' access control security vulnerability? One security consultant argues that, for most installations, it is tailgating.
In this report, we share:
- A security consultant's analysis that tailgating is the biggest access risk
- Tailgating is easier to exploit than card copying
- A short explanation of Tailgating and the problems is creates
- Easy tailgating solutions are not common
IPVM Resources
IPVM has many resources explaining the problem and how to address it in your access systems including:
- Tailgating: Access Control Tutorial
- Practical Solutions To Piggybacking and Tailgating
- Access Control Turnstiles Guide
Specific Products:
- Axis Tailgate Detection Tested
- Experiences With Smartersecurity Door Detective Anti-Tailgating Sensors?
- Anti-Tailgating Startup: Spyfloor
- Density Presents Occupancy Monitoring & Tailgating Detection
Consultant ***** *******
** ******** ** ************** ** ******** * ****** ****** ****,******* *. *****, *********,***** ********************:
********, *** ******* ************* ** **** access ******* ******* ** **********.
** **** ** ***** * **** through *** ******, **** **** *** someone ** ***** ** ***** *** building *** **** **** ***** **. Many ****** **** **** ******** **** the **** **** *** *** **** asked.
****** ** ******** ***********, * **** that * *** *** **** * building ***** **** ********* **** **% of *** ****.
***** *** **** * ******** ******** consultant *** **+ ***** ******* ** the *******, *** ****, *** *** published * ****** ** ******-******* ********, including*** ******* ** **********.
Tailgating ****** **** **** *******
***** ******* *** *** *********** ***** seconds *** *** ** **** ***** gadgets ******* **** **** $**, ***** says **** ********** ** **** ******:
******* ***** ** ********** *** *********** to ******** ***** ** ******* **** as ******* **** ************** ***** *** networks ** ************** ***********. *******, ** most **********, ***** *** *** ********** cases ** ** ******** ******* ****** using ***** *******.There *** *** ****** **** ** ***** * ********: **********, slipping a latch, or simply looking for a door that has failed to close properly. [Emphasis IPVM]
Members ******
***** ** *** *** **** *** who **** ********** ** * **** problem.******* **************** ** *********:
********** *** ****** ****--*** *******--*** ******* way ** ******** * **** ****** entry *****.
******* ********** ****:
** ******* *********, *** ******* ** often **********. ****** ***** ******* * mullion ** ********* **** ** ****.
Tailgating *******
'**********' ******* **** * ************ ****** user ***** * **** ******** *** or **** *********** ** *********** **** through ***** *** **** ** ****.
*** ********* *** ******** ***** **** holding * **** **** *** *******. It **** ******* ************, ********* **** someone ** ******* ** ********* ****** it ******* ** **** ****.
****, *** **** ***** ** ***, is **** ******* ******* * ********* act ** ********* ******** ****** * valid ********** ** **** *** ******** system. **********'* ****** *** ****** ** entire ******** ********.
Common ******** *** ******* *****
** **** ********, ******* *** **** open *** ****** ** * ****, kind **********. ********, ********** ******** *** door **** ****** *** ** ********* as ****, *** *** ****** *** will ******* ********* ** **-*******.
*******, **** ****** ** *** ******** how **** *** *********** ** ****** control ****** **** ***** *** '**** manners'.
Easy ********* *******
********** ** * ******* *** ***** expensive ******* ** *****, **** ********* generally ******* **** ******** ******** ** many*********** ******* *** *******.
*** ***** ********* ********* *** ***** vigilance *** ****** **********, ***** *********** by ******** *****:
*******, ********** ***** ****** ********** ** involved, *** ********** **** *** *** be **********, *** **** *********, ** a ****.
Other ****** ******* ***************
** ***** *****, **** ** ********** is *** ******* ************* ** **** installations, **** ************* *** **** ******* risk. ********** ** ****** * **** in ********** **** **** * **** volume ** ******** *******. ** ****** security **********, ***** ******* ** ****** low ** ***** ** *** *********** of ** ******* ** ******* ***** (e.g., * ****** ******** ***** *****), other *************** ********* ******* *** ** more ********* *****.
***** ******** **** ********* ********* ***** **** ***** ******* *** locking, ***** ************* ******** ***** **** being ******. **** ***** ***** **** finished ******** '****-*****' ** ****** ** trash ** ******* ********* ** ***** mats:
*** ************** ** **** ***** ** often ***, *** *** **** **** present ** **** *** ** ******* prominent **** ** **** ****.
******* ***********, ************** ********* ******* ******, ***********, *** ********* to ******* ****. **** ************* ** when * ***** **** ***** ***** card ** * ****** ** ***, essentially *** ******** *** ****** ** approve ****** ********.
*******, * ******* ** ******* ****** systems ** '****-********' ********** **** ******** or ******** *********** **** ********* *** same ******* ***** ****** * *** minutes.
Vote / ****
**'* * ****** ********* ** **** tailgating *** "*******" *******.
*** ** ****? **’* *** **** frequent *********. *** ** *****’* **** a *************** ******** ***.
**** ******* *** ** **** ************* more ********* ** ***** ***** *******.
*** *** ********* * **** ** a ****** ****** ** * ******* of *** ***** *******.
**** *** *** ****** ******* *** you ***'* **** * ****.
** ***** **** **** ********* **** old **** ********** *** * **** them *** **** ** ** ** copy ***** *****. ** **** *** I **** ***** **** ****** * customer *** *** * **** ****** and **** ** ***** ******!
***** *** ****** ********* *********** ** great ** *** ******** *** ****** it. *** *** ******* **** ** inexpensive ****** ********* ***********.
*'** ******* **** ** *** ********* doors **** **** ***** ******, ********** is ************* ****. * ****** ***** their *****, ******* ******* ** *** door, *** ***** ****** ***** ** and ***** *** **** *** ***** it **** *** ** ******* ** so.
* ******* ***** ******* *** * tremendous ****** *** *********** **** ************, but ** **** ***** **** * huge ******** ****. * **** ***** seen * ****** ***** ****** *** wait *** *** **** ** *****. Most **** **** ** ******* ******** the **** **** ***** * ****** later.
**** ****, *** **** ** *** of *** ******* ** ***'* ***** power ****** ********* ** **** ****** doors ** *** ********. ** ****** gets * ****-***** ******** ** ******** or ******* ** ***. ** **** require *** **** **** ** ** set ** *** ******** ******* ****** of **** ********* ** ****.
* ***** **** ***. *** ****-******** facilities, * **** **** ****** ****** at ********** *** ***** *****. *** power ***** * ******* *** * checkpoint ****** ****** ***** *** ****** guards ******* ******* ****** ******* *** gate. * ****** *** ******* *** same ********** ** * ***.
*** *** **** ** *** ***** that ****** *** ****** **** **** with *** **** ********** ********** ** mitigate *** ******* **** ***-**-*-**** ******* like********** ***? *** **** *** ****** *** they ***** *** ******* ***** ****. Define/write *** ******** ************ ******** *** make *** ************* **** *-***** **** it ******* * ******** ***** **** occupancy *** **** *** *** ****.
*** **** *** *** *** ********** but ******** ** *** **** ** a ****** ****** ***** ********** ** standard ******* *** *** *** ****** 100% ****-******* ********** ** *****. **** do *** *** *** * ****** post ********? * **** ********* *** more **** * ****** ******.
********** ** *** ******** * ********** problem... ** ** * ****** *******.
************, ** ** * ******* ** "trusted" *********** (******* ** ****** ***** is * '*******' ********) ** ****** the ************ ** ***** ******* **** a *** ** *** ********.
********** *** ** ********* ***************, *** only ** ********* *** ********* ******* which *** ***** ********* ******* **********, inconvenience, *** ****.***** *** ***% ********* anti-tailgating ************, *** *** **** *** the ***** ****** ** ******* ** inconvenience.
**** *** **** *** **** *** all ** *** **+ ***** *'** worked ** *** ********.
******** ** ** ** **/****** ********** issue *** ******** *********** ** ************ violators ** **** **** ********* *** in *** **** *** ******* **** cost *********.
* ***** *** *** **** **** its * *******/****** ******* **** ****** can ******* *** ***** ********* *** vendors. ********** ** **** * ****** problem **** *** * ******* ********** holding *** **** **** ** * tailgating ******* ** ***** ***** **********. When * ********* ********** ********* ** gain ************ ****** * ** *** sure *** ** **** **** ** the ********* ****** ** */* ********* of *** ************ **********.
** **** ******** ************ **** ** Data ******* **** **** ******* ***********/******* technology ** *** ** ******* ******** that * ******/********* *** ***** *****.
********** ** *** ******** * ********** problem... ** ** * ****** *******.
* *****, **** ** ***** **** to **, *** ********* ***** ********** is ****** * ******* ** ******* spending ***** **, *** "********" **** of ******** ******** ***** ***** **** play. *****, ***-*****, ****** ********, ** similar ****** *** ******** **** ** any ******** **** ***** ******** ** mitigate **********.
*******, *** *** ***** **** *** naive ***** ********* ********* **** **** tout ***** "********** *********" ****** **** have **** ** ** * ******* of * **.* ******** ******* :)
* ** ********** ******* **** **** hilarious. *** ** *** ******** ** the ******* ** ****** ** *** elementary ****** **** ** **** ******. (Literally *** **** ******). *** ****** see *** ***** * *** **** I **** ** **** ** *** of ** ****, *** **** ****** me **, *** *** *** ****** me ** *********** **** * **** the **** ****** ****** **! "****, I *****!" **** *** ***** *** it **.
**, ***, * ***** ****** ******** is *** ******* ******* ** ***.
*** ** *** ******** ** *** article ** ****** ** *** ********** school **** ** **** ******. (********* the **** ******).
* ******* **** ******* *** **** a ******* ************ ** **********, *** now * **** * ********:
** ** ****** ** ******* ******* defeating * ***-**** ** ******* **** doors ****? ** **, *** ***** the **** **** ****** ****** *** outer **** *** ****?
**'* *** * *******. ****** *** flight ** ****** ** *** **********. There ***** ** ***** ****** ** exit/entry *** ** ***** ** ****.
*** ****** ** ******* * **** open *** ******* ****.
** * ****** **** *****?
*** ****** ** ******* * **** open *** ******* ****.
** ** *** *****
*) ** ****** ****** ** *** first ****
*) ****** ** **** *** ***** hand
*) ****** **** **
*) *** ******* ******
*) **** *** **** ** *** outside ******, ** **** ** **** shutting
*) ****** ****** ** *** ****** door
*) ****** ** **** *** **** hand
*) ************* *** **** *** ** keep *** ****** **** **** ********
*** *** ******’* ** **** **** til ***** *** **** *** **** the ***** **** ** **** *** second?
***’* *** *** *** ******** ********** that ** **** **** **** * and * **** ** *** **** time *** **** ******?
** **;
**, *’* **** ***** **** ** thinking **’* * *********** *******, ****** U7 *** ** ***********…
**'* * ****** ********* ** **** tailgating *** "*******" *******. ** ******* out ** *** *******, ***** *** quite * *** ***** *************** **** can ** "******" ********* ** *** circumstances.
** *********, ********** *** ** *** easiest *** **** ******* **** *** access ** *** *** ***** ****** the ******** **** *** ********** **** had ****** **. * *********** ******** in *************.
*** ***** ************* **** ***** ** mind ** *** *********** ******** *** was **** *** ** **** ** employer. ***** ****** **********, ** **** many *****, ** *** ******** *** days *** ******** *****. * ******* potential ******* ** **** ****** ** retaliate ***********. *** ****** ********* *********** with **.