I mean, if the keycard is the only thing you need to enter a building, you do have to prepare for the very ordinary case that the card is just stolen, or cloned using non-implant tech...
Release the hounds! Securing datacenters may soon need sniffer dogs
Sniffer dogs may soon become a useful means of improving physical security in datacenters, as increasing numbers of people are adopting implants like NFC chips that have the potential to enable novel attacks on access control tools. So claims Len Noe, tech evangelist at identity management vendor CyberArk. Noe told The …
COMMENTS
-
-
Thursday 18th July 2024 13:05 GMT Jon 37
I agree.
The whole story seems to be: "If your security is weak enough that someone with a cloned RFID card could get in, THEN the attacker could make the job more difficult by using an implant, SO you should do weird things to try to detect implants".
Totally ignoring the fact that their security is weak enough that someone with a cloned RFID card could get in, and preventing implants doesn't solve that.
As you say, the right fix is to use unclonable access cards.
Such a thing should be doable, but RFID standards seem to be such a mess that I have no idea how to do that, or even if there are any solutions available that can do that.
Does anyone know of good documentation on how to securely do RFID, that is not just manufacturer sales-language nonsense?
-
-
This post has been deleted by its author
-
-
-
-
-
Thursday 18th July 2024 15:24 GMT Jimmy2Cows
Plus I know dogs are really good at sniffing things out, but could they really smell an implant through your skin?
Seems it would have to be turning up in skin secretions or breath, which would mean it's getting into your blood stream. Seems pretty damn toxic, not the sort of shit you'd really want in your body.
-
Thursday 18th July 2024 15:56 GMT ThatOne
Indeed, this is just "let's think of a flashy headline" nonsense.
Like the issue with implanted chips BTW. As already mentioned above, the problem here isn't that a person with implanted cloned tags can foil your security, but that a person can foil your security with cloned tags. Dogs (or shark-filled moats) are clearly not the best solution to that problem...
-
-
Thursday 18th July 2024 03:37 GMT david 12
triphenylphosphine oxide that’s used to coat circuit boards to prevent them from overheating.
WTF?
Perhaps this means that TPP oxide has been included as a flame retardant? It sometimes is, but that's in all kinds of common plastics, which are common, so sniffing wouldn't prove anything.
Has anybody got any information that it's used for thermal bonding or temperature handling?
-
-
Thursday 18th July 2024 18:30 GMT Michael Strorm
"Captain Cyborg: The Next Generation" not a big success, then?
Largely forgotten? I'd never even heard of him in the first place, and the fact he doesn't have a Wikipedia article suggests he can't ever have been that famous.
Perhaps you're confusing him with the person who I thought Noe came across across as a poor man's version of, Captain Cyborg AKA Kevin Warwick?
-
-
Thursday 18th July 2024 09:13 GMT Bebu
Huh?
How is going up to a scanner and waving your cloned card in front of it different from waving your cloned implanted hand in front it?
I would have thought before deploying beagles, or whatever breed, to detect an implant which would be contingent on scenting a chemical normally used in the construction such devices, other options might be considered. Would pacemakers or insulin pumps attract these hounds?
E-Passports have some basic biometrics recorded in their electronics which with the cameras at airport gates are used to automatically more or less verify the passport holder's identity. Seems like a far more reasonable approach.
Even requiring the card to be placed in a tray which takes the card inside the machine (like a CD) to be be verified would defeat these self chipping nutters.
Actually employing a dozen anal retentive security guards and having them constantly man the front desk requiring everyone entering or leaving the building sign in or out, as well as being identified and vetted by these guards in complete compliance with the organisation's (physical) security policy is likely to be much more effective.
As a young chap seeing a vice chancellor who, one evening, insisted on entering the institution's server room only to be threatened with his physical removal from the site, taught me a lot about security. The policy was only persons explicitly authorized the IT director was permitted access and then only for the specified purposes the permission was granted and by default only during business hours.
-
Thursday 18th July 2024 15:46 GMT Persona
Re: Huh?
How is going up to a scanner and waving your cloned card in front of it different from waving your cloned implanted hand in front it?
Well if anyone is looking at the CCTV monitor they are going to think "Wow, that's odd. That dude did that without a security card. Perhaps he is using implants. Let's send out the dogs to chew his gonads off."
-
Thursday 18th July 2024 14:20 GMT Nate Amsden
just about 21 years ago...
I visited a real datacenter for the first time. An AT&T datacenter in Lynwood, WA. Facility is still there just not operated by AT&T for at least a decade.
Unlike the facility I have used since 2011, this Lynnwood facility had no gates, just security cameras outside. Going inside the guard checked my ID to see if I was on the list. If so they gave me the key to our cage. From there I went into a man trap, where I put in my passcode I believe. Then I had my hand scanned. I learned much later apparently it checked your weight too. Assuming you paased then the trap opened on the other side and you were free to go to your cage.
The weight checking thing was interesting as one of my coworkers was actually too heavy for it. So they had to bypass the mantrap for him. I was on a first name basis with the entire staff there so frequently I wasn't forced to use the man trap especially if I was bringing in equipment.
The more modern QTS datacenter I am familiar with also has multiple man traps for different parts of the 1M sq foot facility. Though no weight checks the traps are regular rooms maybe 64 sq feet. They used to check fingerprint to get inside the man trap then iris scan to get out of it and onto tge datacenter floor. Though the fingerprint scanners were really problematic, so I assume that is why they removed them. Also have a badge for it, no ID checks required if you have a badge. Well there is at least one more sensitive area of the facility that has a man trap with what appears to be a security guard inside(man trap door has a small window in that particular case). Twitter is in that facility, don't know if it's for them or some other customer.
Point is of course, having badge only access hasn't been a thing in proper datacenters in decades.
-
-
Thursday 18th July 2024 18:50 GMT Michael Strorm
Re: Up until
> Someone who has a pacemaker, diabetes implant etc gets the third degree by pasty faced goons
Or the security guards misunderstand what was meant by "silicon implants" resulting in an unpleasant incident the next time Dolly Parton attends an open day at her local data centre.
-
-
This post has been deleted by its author