Door Locks (OBJ 1.2)

Physical Security Control Measures: Door Locks

Overview of Door Locks

  • Exploration of door locks as physical security control measures.
  • Importance of door locks in protecting organizational assets after initial perimeter defenses.
  • Concept of perimeter defenses becoming ineffective once unauthorized persons enter the building.
  • Physical security aspects include electrified fences, bollards, surveillance cameras, security guards, access control vestibules, and lobby security.

Purpose and Function of Door Locks

  • Door locks are designed to secure entryways by regulating access.
    • Prevent unauthorized intrusions and ensure entry to individuals with keys or access codes.
    • Key role in safeguarding digital assets, sensitive information, and personnel.
  • Placement of door locks in key areas such as main entrances, server rooms, and network closets.

Types of Door Locks and Their Effectiveness

  • Recognition that not all door locks provide equal protection levels.
    • Examples of poor security: simple padlocks and basic pin and tumbler locks.
  • Demonstration of the inadequacy of standard padlocks:
    • Skilled attackers can defeat a padlock in approximately 15 seconds.
    • Demonstration setup includes a standard padlock, key, lock pick, and tension wrench.
    • Padlocks depicted using a basic pin and tumbler system.

Common Door Lock Mechanisms

Basic Door Locks
  • Standard locks on household doors can also be easily defeated.
  • Techniques for attack include:
    • Using slender rods or coins to unlock.
    • Basic locks can take about 30 to 60 seconds for skilled attackers to bypass.
Electronic Door Locks
  • Introduction to more complex electronic mechanisms that enhance security:
    • Use of identification numbers, wireless signals, and biometrics.
  • Example of an electronic door lock using an 8-digit PIN:
    • Offers a 1 in 100 million chance of random guessing for security.
    • Capability to log access for auditing.
Wireless Signal Locks
  • Functions of wireless technology in door locks:
    • Use of smartphone taps (NFC), Wi-Fi, Bluetooth, and RFID for access control.
Biometric Locks
  • Utilization of physical characteristics for access control:
    • Examples include fingerprint scans and facial recognition.
    • Study of a biometric lock's function at a server room door based on fingerprints.
  • Integration of biometric authentication into everyday devices like smartphones:
    • Example: iPhone models using Touch ID and Face ID.
  • Distinction between biometrics as an inherence factor (something you are).

Challenges with Biometrics

False Acceptance Rate (FAR)
  • Definition: Rate at which an unauthorized individual is mistakenly authenticated as valid.
    • Example scenario of misidentification leading to unauthorized access.
False Rejection Rate (FRR)
  • Definition: Rate at which an authorized user is denied access.
    • Example scenario of increased sensitivity leading to fail for legitimate users.
Balancing FAR and FRR
  • Importance of tuning the biometric system for optimal performance.
  • Crossover Error Rate (CER) defined:
    • Equal point where FAR and FRR intersect, becoming critical in evaluating biometric system effectiveness.
    • Lower CER is desirable for better security.

Multi-Factor Authentication Systems

  • Description of enhanced security through combining multiple authentication methods:
    • Example: server room access using both a PIN and fingerprint.
    • Access control vestibules employing electronic badges and PINs for secure entry.
  • Turnstiles as a method of physical access control between public and secured areas.

Cipher Locks

  • Definition: Older locking mechanisms requiring a numerical combination.
    • Typically used in high-security environments such as data centers.
    • Example: Mechanical cipher lock used at Dion Training offices requiring an 8-digit code.

Conclusion

  • Door locks form an essential layer of physical security to protect sensitive information from unauthorized access.
  • Disparity in security capability across different types of locks stresses the need for informed selection.
  • Emphasis on understanding the implications of using biometric systems and balancing security measures to ensure robust access control.