nanog mailing list archives
Re: replacing compromised biometric authenticators
From: "Jörg Kost" <jk () ip-clear de>
Date: Fri, 13 Oct 2017 15:24:02 +0200
Hi,in the case I mentioned, the datacenter provider (=Level3) removed hand geometry scanners from its facility and switched all users to card + pin. Also the provider is going to run this policy Germany- or even Europe-wide, as being told by Level3 account rep.
The mentioned facility does not have any tailgating prevention, e.g. a mantrap or turnstile access. The outside door, which is visible from the street, and the inside colocation doors are now sharing the same access method (card + pin). So now the card becomes valuable and transferable. Before it was: Parking lot: Card, Outside door: Card + pin, Inside door: Card + hand.
There is a security sub-sub-contractor on this site, but they are not responsible for access or any thing real :-], thats why I am interested how Level3 runs its others facility and I am still looking for feedback. From contract side the access device is not exactly defined, hence you can accept, quit end of term or of course upgrade your suites, racks, … with a custom solution, as long as Level3 staff can enter, too.
To bring things back to the biometric topic:The hand geometry scanner does not save fingerprints but hand sizes and shapes. From current mailings I understand, that people have a lot of different definition of biometric and may not count the hand scanner as "(full?) biometric" device.
Regards "bionic" Jörg On 13 Oct 2017, at 13:03, Alain Hebert wrote:
Odd, 1. captcha(?)In my millennia of experience I never saw a captcha used as a mean for DC access control. Just as a programmatic way to reduce brute force for some website functions.On my network janitor keychain I have (in order of hackability from easiest to hardest)1. keycard only 2. keycard + fingerprints 3. keycard + face (2d) 4a. keycard + eye 4b. keycard + top of hand mappingBut all the DCs, I deal with, have highrez cameras and tailgating controls... Biometrics are just a part of a wider system.----- Alain Hebert ahebert () pubnix net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 10/12/17 16:58, Rich Kulawiec wrote:On Wed, Oct 11, 2017 at 05:04:08PM -0400, Ken Chase wrote:If the current best operating practice is to avoid biometrics, why are theystill in use out here?(1) for the same reason some idiots still use captchas (2) new hotness > old and busted, regardless of merits (3) because they facilitate coerced risk transference away from the people who are actually responsible (and are paid to be so) to the people who shouldn't be responsible (and aren't paid to be) ---rsk
Current thread:
- replacing compromised biometric authenticators Ken Chase (Oct 11)
- Re: replacing compromised biometric authenticators Andrew Kirch (Oct 11)
- Re: replacing compromised biometric authenticators Matt Harris (Oct 11)
- Re: replacing compromised biometric authenticators Wayne Bouchard (Oct 11)
- Re: replacing compromised biometric authenticators Rich Kulawiec (Oct 12)
- Re: replacing compromised biometric authenticators Jean-Francois Mezei (Oct 12)
- Re: replacing compromised biometric authenticators Alain Hebert (Oct 13)
- Re: replacing compromised biometric authenticators Jörg Kost (Oct 13)