Security Basics mailing list archives
Re: Biometric Access logs
From: Stephen Mullins <steve.mullins.work () gmail com>
Date: Tue, 3 Mar 2009 07:29:55 -0500
Short of forcing everyone in your organization that has the access to reach the exterior of the door in question record their biometric data with your access control system (which wouldn't help at all if the attempt was not made by an insider), there are two other options that come to mind. One, you could set up a camera to observe the door and capture 4 or 5 seconds following an attempted or successful activation of the biometric door control. That would at least allow you to have a visual on the people attempting to access the server room. Two, you could add another authentication method that must be utilized before the biometrics can be attempted. I.E. combine smart card access with the biometrics. The biometric would only be allowed to be attempted after the smart card is swiped and belongs to someone on that door's access control list. This would at least tell you whose smart card is being used. If you saw a failed access attempt by a specific individual's smart card you could contact them for further investigation and if they claim the access attempt wasn't made by them then you could quickly disable their old smart card on that door's access control list. This two factor authentication method would also be more secure than biometrics alone. Steve Mullins On Mon, Mar 2, 2009 at 7:24 AM, John <tornado579 () gmail com> wrote:
Hi All, Request you to give your views on the following issue. We have Biometric access controlled server room door for better security. There is no doubt that Biometric proovides enhanced protection. But the issue with this access control mechanism is that it is not possible to review and analyze denied attempt logs since the logs only shows that access was denied, but to whom and other details are obvisouly not shown because only few users from IT department only have the access to the server room. It is not like Swipe cards based Access control where all the employees are registered with the access control system. In that it becomes easily possible to trace who tried to access what and when. We faced issue in the audit because of this and auditor insisted that the review and analysis of the logs for the Biometric controlled area needs to be done. What can be done in this scenario like this? Please give in your comments. Thanks.
Current thread:
- Biometric Access logs John (Mar 02)
- Re: Biometric Access logs Shailesh Rangari (Mar 03)
- Re: Biometric Access logs Thor Norse God of Thunder (Mar 03)
- RE: Biometric Access logs Murda Mcloud (Mar 03)
- RE: Biometric Access logs Christian Campbell (Mar 03)
- Re: Biometric Access logs Kurt Buff (Mar 03)
- Re: Biometric Access logs Stephen Mullins (Mar 03)
- Re: Biometric Access logs Rogerio Carvalho (Mar 03)
- <Possible follow-ups>
- RE: Re: Biometric Access logs fac51 (Mar 05)