Announcement

Collapse
No announcement yet.

Access Control Paradigms

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • john_harrington
    replied
    SecTrainer,

    It is my pleasure!

    John

    Leave a comment:


  • SecTrainer
    replied
    Originally posted by john_harrington
    Hi SecTrainer,

    I always try to use groups for access control. For example, at an airport I recommend setting access up by airline that way if jetBlue hires a new person the system admin does not have to figure out what doors to give that person- they just apply the Jet Blue clearance and the General clearance.

    Regarding special doors or clearances- security or the system administrator generally applies the general clearance but only should give access to a specific area (let's say a lab) after an authorization form is submitted by the person who controls that area to the system administrator. It can be as easy as a simple email dialog, an online form through the corporate intranet (my preference) or good old paper!

    These are the types of issues that I try to include in my client's policies and procedures.

    John
    Thank you, John. The wealth of your experience is very evident.

    Leave a comment:


  • john_harrington
    replied
    Hi SecTrainer,

    I always try to use groups for access control. For example, at an airport I recommend setting access up by airline that way if jetBlue hires a new person the system admin does not have to figure out what doors to give that person- they just apply the Jet Blue clearance and the General clearance.

    Regarding special doors or clearances- security or the system administrator generally applies the general clearance but only should give access to a specific area (let's say a lab) after an authorization form is submitted by the person who controls that area to the system administrator. It can be as easy as a simple email dialog, an online form through the corporate intranet (my preference) or good old paper!

    These are the types of issues that I try to include in my client's policies and procedures.

    John

    Leave a comment:


  • Rooney
    replied
    Originally posted by SecTrainer
    Thanks very much for your thoughtful reply, John. Is it your experience that access control policy and programming can be based largely on group definitions as we do with network access control, so that by identifying an individual as a member of a group the access decisions are already predetermined?

    If so, and presuming that there would then be individual ad hoc exceptions, for instance, occasional contractor visits like elevator service techs, who do you believe should have the authority to make the decision regarding access for those individuals? (Let's presume that this is a high-security facility such as a DoD contracting company, and that you don't have the manpower to individually supervise them continually while on-site.)
    Normally when I installed systems, the groups were similar to the way network access was done. Then you can assign the group to the particular entrance. Groups should normally be broken down to a detail level suitable for the requirements. For example, night shift employee level 3 only has access to doors in his/her work area during shift, whereas, night shift employee level 1 may be a supervisor that has access to all doors but only during his/her shift.

    As for the occassional contractor. We would give them an access card that only works during a specific time (will only be there a few hours or a few days). And only allow access to needed areas during needed time periods. If the person needed access to a high level location then they must be escorted if not cleared. I normally did not assign them to a group because they only need access to certain areas that may only be part of a group. If they forgot to return the card, (happens all the time) the card automatically becomes useless after the access interval programmed into the system expires.

    Leave a comment:


  • SecTrainer
    replied
    Originally posted by john_harrington
    SecTrainer,

    Great topic!

    If I had to choose one of your options, I would go with a fully closed facility. It is much easier to give access to people than it is to take it away.

    However, I would prefer to start in the middle. An access control policy needs to be drafted- this may include access times, data retention, privacy, etc. After review by key stakeholders, it needs to be adopted formally by the organization.

    An access control matrix should then be developed during the design phase of the project. This is something as simple as an XY spreadsheet with a list of doors down the side and a list of clearances at the top. Clearances consist of a door or group of doors and the time(s) they can be accessed. An example would be the "All Doors_24X7" clearance- so every door would be selected in the matrix, akin to a Grand Master brass key. Another would be something like "Employee General M-F 0600-2000" where select doors like the main employee entrances would only be selected and would only be accessible from 0600 until 2000, Monday through Friday. From there special access levels are "drilled down" to individual doors such as server rooms. The physical programming is labor intensive and can be incorporated into the integrator's scope in the specification and programming schedule if the clearances are defined.

    One of the keys to success in access control programming is that the naming conventions that are used make sense to the system administrator or person who assigns individual access levels to a card. This extends to Time Codes (Day X Time ex. M-F 0800-1800), door names, door groups, events, etc. It decreases the time required to assign access and program the system, while reducing operator errors.

    John
    Thanks very much for your thoughtful reply, John. Is it your experience that access control policy and programming can be based largely on group definitions as we do with network access control, so that by identifying an individual as a member of a group the access decisions are already predetermined?

    If so, and presuming that there would then be individual ad hoc exceptions, for instance, occasional contractor visits like elevator service techs, who do you believe should have the authority to make the decision regarding access for those individuals? (Let's presume that this is a high-security facility such as a DoD contracting company, and that you don't have the manpower to individually supervise them continually while on-site.)

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by john_harrington
    SecTrainer,

    Great topic!

    If I had to choose one of your options, I would go with a fully closed facility. It is much easier to give access to people than it is to take it away.

    However, I would prefer to start in the middle. An access control policy needs to be drafted- this may include access times, data retention, privacy, etc. After review by key stakeholders, it needs to be adopted formally by the organization.

    An access control matrix should then be developed during the design phase of the project. This is something as simple as an XY spreadsheet with a list of doors down the side and a list of clearances at the top. Clearances consist of a door or group of doors and the time(s) they can be accessed. An example would be the "All Doors_24X7" clearance- so every door would be selected in the matrix, akin to a Grand Master brass key. Another would be something like "Employee General M-F 0600-2000" where select doors like the main employee entrances would only be selected and would only be accessible from 0600 until 2000, Monday through Friday. From there special access levels are "drilled down" to individual doors such as server rooms. The physical programming is labor intensive and can be incorporated into the integrator's scope in the specification and programming schedule if the clearances are defined.

    One of the keys to success in access control programming is that the naming conventions that are used make sense to the system administrator or person who assigns individual access levels to a card. This extends to Time Codes (Day X Time ex. M-F 0800-1800), door names, door groups, events, etc. It decreases the time required to assign access and program the system, while reducing operator errors.

    John
    John, this is masterful. SecTrainer, really neat material to add to your proposal.
    Enjoy the day,
    Bill

    Leave a comment:


  • john_harrington
    replied
    Originally posted by SecTrainer
    I'm currently writing a module on Access Control Management and thinking about the differences between two AC paradigms, which would also be applicable to physical security design. I'll list the two paradigms and am asking for your thoughts about the advantages/disadvantages of either one over the other

    1. "Open-to-Closed": We start by considering the facility as being "wide open" - with FULL access to EVERYONE - and then we implement or "add" restrictions one by one to "lock down" the facility to eliminate all identified forms of unacceptable/disallowed access, based on the business purposes/uses of the facility.

    2. "Closed-to-Open": Here, we start by considering the facility as being completely "locked down" - providing NO access to ANYONE - and then we remove restrictions one by one based on demonstrated need for access, until the access pattern permits all legitimate forms of access and activity as demanded by the business/usage purposes of the facility.

    Some questions might be:

    1. Do you think both paradigms would ultimately arrive at the same access control pattern, just from different directions, or do you think that the process of adding restrictions to a "FULL-OPEN" facility might result in a different access pattern than the process of removing restrictions from a "FULL-CLOSED" facility?

    2. Do you think there would be a difference in the access control systems we might use or consider using if we used one paradigm rather than the other?

    3. Do you think that one paradigm offers any advantage over the other in terms of avoiding "unintentional consequences" or "holes" in the access control system?

    Any thoughts at all are appreciated!
    SecTrainer,

    Great topic!

    If I had to choose one of your options, I would go with a fully closed facility. It is much easier to give access to people than it is to take it away.

    However, I would prefer to start in the middle. An access control policy needs to be drafted- this may include access times, data retention, privacy, etc. After review by key stakeholders, it needs to be adopted formally by the organization.

    An access control matrix should then be developed during the design phase of the project. This is something as simple as an XY spreadsheet with a list of doors down the side and a list of clearances at the top. Clearances consist of a door or group of doors and the time(s) they can be accessed. An example would be the "All Doors_24X7" clearance- so every door would be selected in the matrix, akin to a Grand Master brass key. Another would be something like "Employee General M-F 0600-2000" where select doors like the main employee entrances would only be selected and would only be accessible from 0600 until 2000, Monday through Friday. From there special access levels are "drilled down" to individual doors such as server rooms. The physical programming is labor intensive and can be incorporated into the integrator's scope in the specification and programming schedule if the clearances are defined.

    One of the keys to success in access control programming is that the naming conventions that are used make sense to the system administrator or person who assigns individual access levels to a card. This extends to Time Codes (Day X Time ex. M-F 0800-1800), door names, door groups, events, etc. It decreases the time required to assign access and program the system, while reducing operator errors.

    John

    Leave a comment:


  • Rooney
    replied
    Originally posted by Bill Warnock
    Trouble is there are many wonderful security contractors who are not part of the beltway crowd, in other words have not hired their fair share of retired high ranking officers a star or better, former DOD civilian employees, members of congress who have either retired or were defeated and finally deep pocket contributors. Two examples are the folks who have developed a superior assault rifle that puts the M-4 to shame or Pinnacle the folks who have developed "Dragon Skin" body armor. The makers of near counterfeit proof ID cards who are not part of the establishment stand little chance of getting anyone to look at their product. It hurts the entire security community and well as the public they wish to serve.
    SecTrainer ideas border on brilliant but he has to approach the marketplace with care with a strategic plan to get it to the right people if he wants a fighting chance.
    Enjoy the day,
    Bill
    Being a DOD contractor and a small business, we had a VERY hard time getting our products out to the people that need them. I understand your statement and agree COMPLETELY. A well thought out strategic plan is a must to get people to know about your product or service. Taking a product to market that you know is better than what is out there does not guarantee anything. There are more and more very smart people out there that make products or have services that will make our lives easier. The discipline needed to press forward when times get tough is great. You have to have an all or nothing attitude and stick it out. Without that is defeat.

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by Rooney
    I know what you mean. In a "dog eat dog" world any outside criticism is frowned upon. If you can't handle criticism, you shouldn't be in the "beltway" anyway. I still have the tar and feathers though (havent used in a long time).
    Trouble is there are many wonderful security contractors who are not part of the beltway crowd, in other words have not hired their fair share of retired high ranking officers a star or better, former DOD civilian employees, members of congress who have either retired or were defeated and finally deep pocket contributors. Two examples are the folks who have developed a superior assault rifle that puts the M-4 to shame or Pinnacle the folks who have developed "Dragon Skin" body armor. The makers of near counterfeit proof ID cards who are not part of the establishment stand little chance of getting anyone to look at their product. It hurts the entire security community and well as the public they wish to serve.
    SecTrainer ideas border on brilliant but he has to approach the marketplace with care with a strategic plan to get it to the right people if he wants a fighting chance.
    Enjoy the day,
    Bill

    Leave a comment:


  • Rooney
    replied
    Originally posted by Bill Warnock
    Rooney, some of the beltway crowd are a fickle bunch and don't like to have their rice bowls cracked. The remark I made was not really tongue in cheek, damn shame really.
    Your musings are on target.
    Enjoy the day,
    Bill
    I know what you mean. In a "dog eat dog" world any outside criticism is frowned upon. If you can't handle criticism, you shouldn't be in the "beltway" anyway. I still have the tar and feathers though (havent used in a long time).

    Leave a comment:


  • SecTrainer
    replied
    Thanks, Rooney - very insightful commentary, and obviously based on experience.

    Leave a comment:


  • Bill Warnock
    replied
    Originally posted by Rooney
    SecTrainer,

    In response to your original question.

    "Closed to open" normally results in tighter security because of the following:

    1. As security measures are laxed to allow persons in, the level of the security has been initially high enough to disuade circumvention. Persons that were allowed at the higher levels have been deemed to be "low risk".

    2. As the security levels are relaxed the facility has greater control on how far to relax them. If a security issue arises it is much easier to find the level of intrusion and set the standards to a level beyond.

    "Open to closed" can result in future breaches of security because of the following:

    1. As the security level is at the lowest level, people have more opportunity to evaluate a way around tighter controls.

    2. Since all access was allowed at the beginning the personnel were not screened for access. As the level of access is tighter the personnel have a better chance to pass thier level forward onto others.

    As for the access control system itself. The "closed - open" scenario would be harder to breach then the other way around. In the "open to closed" scenario the access system itself would probably need to be changed due to the openness of the method of operation.

    I'm looking forward to read others comments on this thread. Great question.

    (Being in the industry that Bill said would tar and feather will refrain me from the emi scenario) lol
    Rooney, some of the beltway crowd are a fickle bunch and don't like to have their rice bowls cracked. The remark I made was not really tongue in cheek, damn shame really.
    Your musings are on target.
    Enjoy the day,
    Bill

    Leave a comment:


  • Rooney
    replied
    SecTrainer,

    In response to your original question.

    "Closed to open" normally results in tighter security because of the following:

    1. As security measures are laxed to allow persons in, the level of the security has been initially high enough to disuade circumvention. Persons that were allowed at the higher levels have been deemed to be "low risk".

    2. As the security levels are relaxed the facility has greater control on how far to relax them. If a security issue arises it is much easier to find the level of intrusion and set the standards to a level beyond.

    "Open to closed" can result in future breaches of security because of the following:

    1. As the security level is at the lowest level, people have more opportunity to evaluate a way around tighter controls.

    2. Since all access was allowed at the beginning the personnel were not screened for access. As the level of access is tighter the personnel have a better chance to pass thier level forward onto others.

    As for the access control system itself. The "closed - open" scenario would be harder to breach then the other way around. In the "open to closed" scenario the access system itself would probably need to be changed due to the openness of the method of operation.

    I'm looking forward to read others comments on this thread. Great question.

    (Being in the industry that Bill said would tar and feather will refrain me from the emi scenario) lol
    Last edited by Rooney; 05-01-2007, 08:26 PM. Reason: update answer

    Leave a comment:


  • SecTrainer
    replied
    Okay - let's see if I can save my skin. How about pulsed laser or something "non-EMI"?

    Leave a comment:


  • Bill Warnock
    replied
    SecTrainer EMI/RFI conductive coupling and radiation remain the bane of the security industry.
    I wouldn't float your suggestion anywhere within the beltway, defense contractors and their minion would be out to tar and feather and otherwise molest your body. Look at what is happening to Dragon Skin!
    Bill

    Leave a comment:

Leaderboard

Collapse
Working...
X