Breaking Physical Access – and the mindset that undermines it!


Breaking Physical Access – and the mindset that undermines it!

Securing physical access to assets, the internal access points and buildings that contain them is typically the responsibility of a security group outside of IT and assumed to be secure. However, the process for evaluating the technology that is implemented at the door is often very different than how IT selects vendors, and the culture and criteria for doing so it far more relaxed.

The result is that many of the access points that act as a barrier to entry, such as those to datacenters, executive offices, R&D labs, dispensaries, and even the front door, are more times than not fairly simple to subvert – and all the while, look like an authorized user while doing so. The bottom line is that IT executives have been relying on colleagues to execute security that meets their expectations, but has largely failed them. Further, such gaps are typically not identified, remediated, and remain a constant exploitation in a system that fails to provide the tools to identify, analyze or report if such events are even taking place.

This session will review how the technology in a building system environment operates, the culture and vendor ecosystem that drives its flawed approach, draw parallels between IT and Physical Access philosophies, and ultimately review and demonstrate how environments believed to be secure, can be systematically attacked. We will also review a constructive red team approach, methods, anatomy of various attacks in the real world, and discuss remediation measures that should be taken to improve safeguarding critical assets in most environments. Last, will discuss identification credentials across the spectrum to provide insight and understanding regarding security levels from enterprise and government programs and the difference between them.

 

About Terry Gold:

Terry is a subject matter expert in digital identity management, authentication, and access control in both physical and information-based environments. For the last ten years, he has been dedicated to developing strategies for some of the largest companies in the world concerning their planning and execution of RFID, PKI, smart cards, and vulnerability assessments.

He is the founder of IDanalyst, a vendor-neutral research and advisory firm specializing in identity management, credentialing and privacy. His firm provides guidance to end users on vendor and market capabilities, best practice for selection, audit, and methodology for deployment.

Terry also presents at various conferences including bSides, DerbyCon, ISC West, and is a board member of Security B Conferences of California as well as an organizer for Security B Conferences of California. Terry holds a bachelors degree from Jacksonville University and resides in Southern California.

 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *