RE: Physical Access Cards

["Paul Jenkins" <pjenkins () dsci com>]

Ok I eluded to this earlier but I'm going to emphasize it this time, If
you have scan access only to your building and you have Photo-ID badges
this is as bad as printing the logo on the proximity/mag card, and
putting a welcome mat at the front door. 

However if your org has Badge/pin (or other 2 factor) having the logo on
the card should pose no additional risk, (IMHO), since these
organizations usually have an ID card required to be worn, then print
the logo it should add no additional risk, since more information could
be gathered from the badge.

If you have badge only access that card should be kept with no
identifying information, business cards, ID-badges, etc. To me badge
only is unnecessary risk, unless sensitive areas behind the initial
access point are further protected. 

Is it paranoia, maybe a little, just think of the information as a whole
not individual pieces. Walk down the hall and look at the average user
and what they have on that lanyard (keys, ID, Phone lists, god forbid
system passwords and pins).

All that withstanding if your not adding any additional information to
the lost "bundle" would the look of a logo on the access card make
management happy, I say go for it.

-Paul


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of craig.wilson () redtray co uk
Sent: Friday, October 02, 2009 1:51 PM
To: Steve Freeman; listbounce () securityfocus com;
jcoyle () winwholesale com; security-basics () securityfocus com
Subject: Re: Physical Access Cards

I would agree.  Though if someone on the street should pick it up and
gain entry that is about as severe as it can get and would probably be
the exception not the rule.


Sent from my BlackBerry(r) wireless device

-----Original Message-----
From: "Steve Freeman" <freema2 () bellsouth net>
Date: Fri, 2 Oct 2009 07:00:10 
To: <jcoyle () winwholesale com>; <security-basics () securityfocus com>
Subject: RE: Physical Access Cards

My company used to print the company name on the access cards until we
had
an incident where someone lost their card, didn't report it right away
and
the person that found it used it to gain entry into a secure area. I
suggest
not putting any identifying information on the card.

Just my thoughts!

Steve

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
Behalf Of jcoyle () winwholesale com
Sent: Thursday, October 01, 2009 9:54 AM
To: security-basics () securityfocus com
Subject: Physical Access Cards

Good Morning,

Do you have reservations about printing the company logo on building
access
cards?
If so, what are they?

Sincerely,
Jeffrey Coyle


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL
certificate.  We look at how SSL works, how it benefits your company and
how
your customers can tell if a site is secure. You will find out how to
test,
purchase, install and use a thawte Digital Certificate on your Apache
web
server. Throughout, best practices for set-up are highlighted to help
you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------