This section talks about the technologies that are commonly deployed to keep intruders out and details the inherent weaknesses of each. Security measures discussed here include the following:
badges and access tokens;
physical access controls.
Once you reach an understanding of what you are up against, it is much easier to demonstrate how this knowledge can be used in the testing process or to strengthen your own security practices.
Badges are issued to staff during enrollment or given to visitors when they sign in at reception. The purpose of a badge is to identify (and distinguish between) staff and guests and, in theory, to be able to spot an intruder immediately. They take one of the following forms:
Simple ID Badges – These badges provide basic ID only. They display a photograph and some employee information such as name, department, and position. These passes contain no electronic components or chips.
Proximity Tokens – Tokens themselves may be blank (see Figure 3.1), in which case staff will have another form of ID. However, ID badges often contain a proximity token.
A proximity token is designed to open doors when the pass is held close to the reader. They are passive, that is, they have no power source of their own, and only activate when they are in the proximity of the reader ...