Tailgating: Access Control Tutorial

By: Brian Rhodes, Published on Oct 31, 2019

Nearly all access control systems are vulnerable to an easy exploit called 'tailgating'. Indeed, a friendly gesture in holding doors for others often compromises access security.

IPVM Image

** **** ****, ** take * **** ** 'tailgating', *** **** ****** causes, *** ******** * options ** *******/******** **********:

'**** ****' ******
**********/********* *****
********/********
************ *********/*********
******* & *********

The *******

'**********', **** ****** '************', describes *** ********* **** a ************ ****** **** opens * **** ******** one ** **** *********** to *********** **** ******* while *** **** ** open.

*** ********* *** ******** occur **** ******* * door **** *** *******. It **** ******* ************, typically **** ******* ** focused ** ********* ****** it ******* ** **** door.

****, *** **** ***** of ***, ** **** someone ******* * ********* act ** ********* ******** behind * ***** ********** to **** *** ******** system. **********'* ****** *** render ** ****** ******** insecure.

Common ******** *** ******* *****

** **** ********, ******* the **** **** *** people ** * ****, kind **********. ********, ********** slamming *** **** **** behind *** ** ********* as ****, *** *** create *** **** ******* neighbors ** **-*******.

*******, **** ****** ** not ******** *** **** are *********** ** ****** control ****** **** ***** own '**** *******'.

******, **** ******** ********** to *** ******* * door ***** *********. ********* articles ******** *** ******* of ******** *** *******, like:

* ******** ** *********: do *** **** *** door *** ******?
***, **** *** **** Open *** *****
****’* *** *** “******* The **** **** *** People” ****

*******, *** ****** ***** articles **** ** ********* is ***** *** **** secure *** ********** **** closed *** ******.

Security ********* ** ***

**** ****** ** *** deliberately **** ** ********* the ******** ******** ** a **** ** ********, but **** **** ** recognize *** ***** ***** behavior *** **.

*** **** ****** ** balance '**********' **** '********' is ********** ********* ** why, ** **, * door ** * ******** point. *** *** ******** doors, *** **** ***** frequently ****, *** *********** part ** *** ******** access ********** *********. *** if * **** ** kept ****** *** ******, or ** ** ** equipped **** ****** ******* like ******* ** *******, it ****** ***** ** held **** *** ******** kept ****** ***** ********** entry.

*** ***** ********, **** training *** **** ******* is ********* ** ********* security **********. ******** ****** and ******* ******* ** 'low ****', *** ***** effective *** ** ******* with **** ****.

IPVM Image

Other ************ *******

***** *** * ******* of ***** ********** **** causes. ************* *** '***' of **** **** ********** helps ** ********* *** best ******* ******* **:

Bad *******: Especially in rainy and cold climates, holding the door open offers a welcome shortcut to those seeking the warm and dry environment of a facility. In these cases, sheltered entries, **********, ** ******* **** diminish *** ******** ** hold **** ***** *** of ************* *********.
Misaligned/Worn *****: Over the course of thousands of open/close cycles, even commercial grade doors, hinges, frames, and closers sag or become worn over time. If left unchecked, doors may not fully close when opened or may take a long time to close, therefore allowing many people entrance from a single card read. A regular and discipline door maintenance schedule for access-controlled openings is critical to prevent the issue.
*************/********:***** *** * ******* of ****** **** ** keep * **** **** latching ***** ** *** been ******. *********, *****, bunched-up ****, *** ******** tampering *** *** ******** employed ** ********* *** task ** ********** * credential *** ******, ***** seen ** ******* ** employees. *** **** ******, consider ************ '******* ****' doors ** ******** ********* with ******* *** ******** systems ** ******** ********* and ******* ***** ************** paths *** ******* ******.
Malicious ******: Preventing untrusted or dangerous people from entering an area is often the primary goal of access control. Often, readers and locks alone are not enough to mitigate this risk despite the occurrence being minor. To properly prevent undetected entry, often additional engineering controls like sensors, analytics, or even turnstiles are needed.

Tailgating *********

*** **** ** ********** is ********** *** ****** every ****** ********** ******** is **********. ***********, * host ** *********** ******** are ********* ** ****** the *******. ** *** section ***** ** **** a **** ** *** major *****:

'**** ****' ******
**********/********* *****
********/********
************ *********/*********
******* & *********

'Hold ****' ******

**** ****** ******* ******* have *** ******* ** monitor**** ******** ********- ****** ******** **** check ******* * **** is ****** ** *** - *** *** ** set ** ***** ** a **** ** **** open *** *** ****.

******** ****** ** ***** open ****** **** * few *******, ******* ********** that ******** ****** *** able ** **** ******* a '**** ****' ****. However, ***** **** ** a ***-**** ** **** measure *** ********** **********, it **** ** *** biggest ****** ** ******** alarming **** ***********. ****** a ******** ******** ******** its ****** ******* ******, this ******** ** ****** to ** (********) ********* as ********** *** ***********.

********** ****** ****** ******* cost ******* $*** - $400 ******* **** ****** control ******* *** ** configured ** ***** * local ***** *** ****** beeper *** **** ******** switches ** * '****' configuration *******.

Turnstiles/Revolving *****

** ****** *****, ********** have ***** **** *******, noisy ********** ******* ** sleeker, *****, *************** ****** access ******* ******. **** type ** ********* ********* entry ** * ****** person ** * **** and ********** *** ******* to **** * **** open *** ************ ******.

*** *********** ***** ***** provides ** ******* ** an '****** *********' ******** to ******** ****** **** an ******** *****, *** features '**********' *********:

** ******* **** ********** unit ** ******* **** ********* (*****)****.

*** **** ** ********** and ********* ***** *** range **** $*,*** ** $25,000+ *** *** ********** core ****** ********, *** retrofitted *************. *** ****, see ************* *****.

Mantraps/ ********

***** ************* *** ********* that ******* *** **** of ********** *****. ******* sized **** ***** ****** for *** ********, *** doors *** ********** ** open *** *** ** a ****.

**** ***** *** ******** set ****** ** ****** until *** ******** *** has **** ****** *** is ******. ******* *** physical ***** ****** * mantrap ** *****, **** one ****** *** **** read ** ********* ******* the *****.

IPVM Image

***** ************* **** * variety ** ********* **** beyond ********; ** **** cases, *** ******** ** airlocks ** ********* '***** room' ************ **** ******* contamination, ** **** *** used ** ********** *********** for **********. ***** ************* are *********, ***** ******* $10,000 ** ****, *** because **** *** ******** sets ** ***** *** have ***** ******** **********, they *** ***** *** most ****** ****-********** ********.

*** ****, *** ********* ******* ******** *****.

Piggybacking *********/*********

**** ******, ******* ***** in ******* **** ** the ***** ** * door, ** * ***** mat, ** ****** ********-****** surveillance *******, *** ********** to ****** ********** ******** through ** *******. *** movement ******* ** * single ********** ** ******** against *** ****** ******** measured ** ** *********** into ** *******.

** ******* *** *****-***** sensor ******-********** *******: ************ ******* ******** ***** of **** ******** * door:

*** ******* ** *** door-based ********* ******** **** in *** ***** ***** below:

** **** ****** * video ****** *** ******** that ******* ****** **** overhead ** ******* ******** ********* ****.

*** **** ** ***** solutions **** *** ********* range **** ~$*** *** a ****** ******** (**** camera), ** $*,***+ *** a ****** **** ********* mat ** '***** *******' sensor.

Anti-Tailgating ********* ******

***** ********* ******, *** 'best' ****** ** * tough ****** ** ******.

**** ******** ******** ***** with ********** ****** **** on ******** ************ *** signage ** ****** ********** holders ***** *** *****. Lacking *** ******* ** organizational **** ** ********* the *****, *** ************* (and ********** *****) ** tailgating ******.

** **** *****, ****** more **** ***** *** vigilance *** ********* ** deal **** *** *****, but **** *** ** used ** **** ******:

IPVM Image

** ***** ***** ***** tailgating **** ** *********, the *** ** ********** and ******* ** ******. However, *** ** *** cost ** ***** *********, many *** ***** **** them *** ********* *** instead *** *** **** costly (*** ****-*********) ******* like ********* ********* ** Video *********.

Comments (11)

Jeremy Ellis

10/31/19 03:45pm

**** **** **** ** only ********* *****.

Brian Rhodes

IPVMU Certified | In reply to Jeremy Ellis | 10/31/19 04:16pm

* ******** ***********-************* **** ******* *********** from ***** ******, *** multiple ****** ******** ******* an ****** ****.

Shannon Davis

TED Systems
10/31/19 04:44pm

*** **** *** ** prevent ********** ** ** access ********** ***********, *** the ********* ****, ** to *** ***** ****** the ******. ** *** employee *****'* **** **** the ********* **** ***** point, *** *** ********* area, **** *** ****** can ** ***** ** not ***** ***** **** the **** ****, *** interior ****, ***** ****** the ******** ** ****** protocol ******. *** ***% effective ****** *** ******** good ****** *** ******* up ***** ** ***** can *** ********** ******* in * ***** ******. This *******, *****'* **** with ******* ****** ** who ** *** **** to *********** ** ****** to *** **** *** does **** **** ****** sure ********* **** **** the ******** ** ****** can ** ******* *** reporting ********.

* **** **** **** help **** *** ***** of ******* ************ ******* from ******** *** ******** by ********** ** ***** in * ****** ******* because *** ***'* ****** know *** ** ** employee *** *** ** not *** **** *** are **** ****** ** hold *** **** **** for ******* ****.

***** *** **** ***** but **** ****.

Undisclosed #1

In reply to Shannon Davis | 10/31/19 05:34pm

*** **** *** ** prevent ********** ** ** access ********** ***********, *** the ********* ****, ** to *** ***** ****** the ******. ** *** employee *****'* **** **** the ********* **** ***** point, *** *** ********* area, **** *** ****** can ** ***** ** not ***** ***** **** the **** ****, *** interior ****, ***** ****** the ******** ** ****** protocol ******. *** ***% effective ****** *** ******** good ****** *** ******* up ***** ** ***** can *** ********** ******* in * ***** ******.

***** ** *** ******* else ******** **** ********. Unfortunately ** ********: ******** spaces ********** **** **** tailgating ***********. **** ** often *** ** ********* leaving ***** ****** ** their *****, ** ******** with ***** ********* ********* where **** *** **** member **** ***** **********. While *** *** **** a ******* *** ********* main ********, *** ********** do *** **** ***** near *** ******** *****.

Undisclosed #1

10/31/19 06:57pm

***********, * **** ****** with * ********* ******** team **** ********* ** resolve ********** ******* *******, and * **** ***** of **************. **** *** driven ******* ******** ********** by *** ******** ****: Monitoring **** ********* **********, holding ********* *********** ** they *** ******* **** in, *** ******** *********** people ** *** ******** who *** *** *** a ****.

*** ***** ******** ****** the ******* **** *** high, ** **** *** using ********** ** *****, staffing ** *****, *** used *** ***** ******** most ******** ***** ****.

*** ******* ** ************** took ***** * ***** until ** *** ********* stopping *********, ****** **** to ***** ***** *****. A ****-****** ******, ***** Security *** *** ******* out ****** ******** ********* for ***** *********. *** it ***** **?

** ******* ***** ** for ******** ***** **** critical ************** ****** ****** the **** ****.

*** **** *** ** address **** ** ******* that ******* ** *******, and **********. *** **** analytics ** *** ***** are ******* ** *** don't **** ******* *** engagement. **** ****, *** MUST ************ ******** ** that ********** ** **********.

Carter Maslan

Camio | In reply to Undisclosed #1 | 11/02/19 09:17pm

*********** #*, *** * talk **** *** *** 10 *******?

*'* ****** ********** ******** more ***** *** ********* of **** *******. *'*******@*****.****** **** ******* * quick ***** **** ** your ******** ** ** with ***?

Undisclosed End User #2

10/31/19 10:32pm

** **** ****** ***, put ** **** **** Tourlock ******** ******* ** all ********* ***** ****** and ****** *****. *** person ** * **** with ****** **********, *** a *** ********* *** it ****** *** *******.

Undisclosed Manufacturer #3

11/01/19 05:11am

*** ***** ***** **** dFlow ****'* *******, *** you ****** *** ****** walking ******* ** ******* open ***** **** *********. Not *** **** ******* I ****, ***** ** be ****** ***** ****'* work **** *** *** marketing ********!

**** ****** ***** *** have ******** ******* *** and ****** *** ******* some ******** ************ ***** they *** ****** * break ** *** ****** and ** ***** ** alarm *****. *** **** find *** ****** *** this **** ** ********* is ***** **** **** so *** ******* *** have * *********** ******** apart.

**** ***** ****, ********* times *'** **** ****** hopping ******** ********** **** one ******, ***** ** their ***** **** **** issues. ** ** ***** nobody ** ***** ****.

Undisclosed #4

11/02/19 03:34am

'**********', **** ****** '************'...

************ ** *** ***-*********, consensual **** ** **********, imho.

Undisclosed End User #5

11/03/19 08:07pm

******* ***** ** *** at *** ********, ******* tailgating, ** *** **** wind! *** ** *** layout ** *** **************, an ******** ****** ** 15 *** ** *******, and ******** **% ** our ***** **** *** stuck ****, **** *** auto-closers ****** ** ******** the *** ******** ***********.

** **** ** **** signage ** *** ** these ***** ******* *** employees ** **** *** doors ****** ****** ****! Can *** ******* ***** told, ***** ******* **, that *** **** **** turn ******, **** **** door *** **** ** closed ****** ***? *** can ******* *** **** that ***** ***.

** ******* ****** ******* doesn't **** *** ** our ***** ****, *******, they **** ****** **** such ********, *** ****** the ****** ******** ** start ******* **** ****** like *** ***** ** the *** ** *** Poltergeist *****.

Robert Winslow

11/04/19 03:03pm

* ******* * "******" facility ** *******. **** employ **** ********** *** Man-Traps ** ********* *********. They *** ********** * nuisance ** *** ********* who ** ********** ******** to ********** ****, ********** when **** **** ********* their ********** *** **** it ****. * **** even **** *** ****** cramped **** *** "****" of * ********* **** both ****** "*********" *******. It *** ** * real ****** ** ******* is ************* ****** ** a ***** ***** ** other ******* ******.

********** ******* ** ****** the *****. *** *** only ******* *** ******** the ******** *****. ** is **** ***** ************** to ****** ** ** used ********!

Read this IPVM report for free.

This article is part of IPVM's 6,534 reports, 880 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.