In September 2017, SDMMAG.com published a comprehensive article on the present and future of cybersecurity, highlighting some of the most interesting perspectives which we also covered in our latest article. The portal also published a checklist that allows almost anyone to verify whether their existing access control system meets security standards.
Our partner, Farpointe Data—one of the world’s leading manufacturers of security systems—created the following checklist for integrators to provide guidance on enhancing cybersecurity for access control systems. Naturally, most steps in the checklist require the assistance of a specialist, so we recommend asking your supplier how well your system meets these criteria. If you need help with the audit, get in touch with us.
Default Codes
Never leave passwords or codes set to their default values, as default codes can be easily found in the basic manuals of security systems. Search whether there are publicly available default codes for your system and compare them to the ones currently in use—if you found them, others can find them too.
Ask your security system installer whether they use passwords in the transmitted, so-called delivered software code. If they do, switch to a solution where this isn’t necessary—especially if communication takes place over an unencrypted channel.
The Dangers of Wiegand
The Wiegand interface is a practical wiring standard that dates back to the 1980s and was already the foundation for the popular Wiegand card readers at the time. This standard is still used in access control systems today, ideally in an improved form. Nowadays, using the Wiegand standard alone does not guarantee that the system is secure—you must ensure it is implemented with up-to-date encryption. It is recommended to use strong encryption between the credential and the reader and/or between the reader and the controller.
What can you do to ensure secure access control for your company?
Find out whether your access control system’s card reader uses this standard, and if it does, check whether the system relies on an open, industry-standard 26-bit Wiegand format or customized Wiegand formats (such as ABA Track II magnetic stripe or serial options like OSDP, RS485, and TCP/IP).
Ask whether the system detects the presence of a card and only connects the access control system to the network when a verified card is connected.
Ask whether maximum protection is ensured during data transmission between the card and the card reader. The key is that the reader should only accept information from the card based on specially encoded authentication data.
It’s worth checking whether the system cross-verifies the data and can detect its authenticity.
For facilities requiring higher security, check whether PIN code technology has been implemented—where users regularly register (and occasionally update) their PIN codes—and whether this is supplemented by biometric technologies, such as fingerprint recognition.
Do the card readers meet security standards?
It’s worth checking whether the card readers installed for access control at your company are designed to prevent their internal electronics from being accessible from the unsecured sides of the building.
It’s important to ask questions not only from a cybersecurity perspective but also regarding the physical integrity of the devices—for example, whether the equipment could be damaged in cases of vandalism or other physical impacts.
Are the reader’s wires fixed in place, and are they protected with foil shielding connected to a solid ground to prevent external signals from being sent into the wiring—thus preventing system breaches or interference? Cable connections should not be made with externally accessible connectors but rather with wire nuts or more modern, secure solutions, ideally away from the reader itself. It’s also recommended that the reader’s wiring be routed separately and isolated from external access.
Is the protection of the cards properly ensured?
Ask what type of cards are being used. Many believe that 13.56 MHz contactless smart cards are more secure than 125 KHz cards. However, it’s important to understand that card frequency alone does not determine security—what truly matters is how advanced the encryption techniques used by the card are. Investigate whether encryption exists and what type is used for data transmission between the card and the card reader. Be aware that the most common, unencrypted 13.56 MHz and 125 KHz cards can now even be duplicated at key duplication shops.
Not your area of expertise?
Naturally, most property operators aren’t deeply familiar with security systems—that’s why we recommend relying on the 20 years of experience and extensive references of Anteus Kft. If you’re unsure whether your current access control system meets modern security standards, or if you’re planning to develop a new system from scratch and want it perfectly tailored to your company’s profile for optimal protection: get in touch with us and we’ll help you!
