Transportation firm tightens security using hand geometry reader, X-ray
Security was first and foremost when a major transportation company constructed the location that would house the computer network controlling all of its operations, including routing and scheduling. The organization’s concern for security could be seen in everything from the sloped embankment surrounding the building to the biometric system controlling access to its computer room.The Protection Bureau of Exton, Pa., installed the biometric system, which included a surveillance booth attended by a security guard. Employees gained access to the booth through a card reader. Inside the booth was a hand geometry reader, and an X-ray system of the kind used for baggage at airports. Using the X-ray system, the guard would visually inspect any bags or briefcases and would let an employee through if the bags passed inspection and if the hand geometry from the reader matched that on file for the employee.
The client chose to use hand geometry rather than fingerprinting because it took less time for the system to process, minimizing employee waiting times, says Protection Bureau CEO Keith M. Ladd. Another advantage is that employees are less likely to be concerned about personal liberties with a hand geometry system than with a fingerprinting system, says Ladd. “It’s a very valid type of verification,†Ladd says. “With 90 measurements you’re not identifying but verifying.â€
The client also planned for an extra level of security by specifying that the surveillance booth include a hidden scale, a measure Ladd considers unnecessary.
Overall, however, Ladd considers the installation to have been a success because it achieved its goal of helping to prevent unauthorized use of or damage to the client’s critical computer network.
TIP FROM THE FIELD
Make sure you can support any equipment that you install, Ladd cautions. Stocking a large number of spare parts can be costly. Choose an established vendor. If a supplier goes out of business, support can become a nightmare.
Conforming to a New Access Standard at The Department of the Interior
SCI Inc. of Albuquerque has the distinction of being one of the first integrators to install a smart card system conforming to a new standard that’s likely to become increasingly popular. The company last year completed the installation of a system conforming to the new standard, dubbed SEIWG (for Security Equipment Integration Working Group), for a newly constructed Department of the Interior facility, also in Albuquerque.The standard, which was spearheaded by the United States Navy for use at its own and other government facilities, is an enhanced version of the government’s common access control (CAC) standard. The CAC standard defines a contact-based system that combines physical security – or what we traditionally think of as access control – with logical security which controls the access to computer networks, providing an alternative to password protection. Contact-based systems have a chip embedded in the smart card and require users to insert cards into a reader. For user convenience, SEIWG cards use a contact-less approach to physical security, requiring users only to wave their cards in close proximity to the card reader. However, the same cards also include an embedded chip to provide contact-based logical security.
“The ultimate goal is to address the tightening and increased awareness of security, to combine logical and physical security,†says J.A. Lente, IT security manager for the DOI’s Office of the Special Trustee for American Indians, who managed the project for the DOI. Currently the DOI is using the smart card system to provide traditional access control. But future plans include using the system to control access to the organization’s computer system. “The SEIWG standard allows for a single sign-on, doing away with multiple identities and passwords,†says Lente. “A single credential is useful for going from place to place, reducing jumping through administrative hoops as management and field staff move from location to location.â€
To support single sign-on, the DOI is installing Active Directory, a server application that supports employee network log-on and access to various databases. Currently, Lente says, some employees must remember five to seven different user and password combinations. “Multiple applications run in the Department, for the Office of the Special Trustee Systems and finance and payroll, which all require different passwords and user identification numbers,†he says. “This is difficult to manage and is a burden to the end user. Single sign-on allows people to plug into a desktop machine, providing logical access to the network, their applications and the various databases.â€
SCI also will handle ongoing upgrades to the system for the DOI. Eventually the DOI also may use another capability of the SEIWG standard – PIN number security. Users will be required enter a PIN as well as presenting their cards to gain entry to higher security areas.
TIP FROM THE FIELD
Understand – and make sure your customer understands – the differences between contact-based and contact-less smart card systems, advises Levine. For example, information included on the chip in the card for a contact system, such as a cardholder’s credential number, may not be
available to a contact-less system.
Integrator Encourages Its Client to Standardize on Biometric Products
When Sound Inc. of Naperville, Ill., began talking to a major manufacturer about providing biometric security for computer rooms and design centers, one of the first challenges it encountered was that the company was already using access control from three different manufacturers. Individual locations had made decisions independently without consulting with each other.“We got them to designate a single point of contact and to make sure that everyone went through the proper channels,†says Sound Inc. security director Kevin Fitch.
Fitch and the Sound Inc. team persuaded the client to standardize on a single system and to replace systems from the other two manufacturers. The good news was that the client already had created a separate corporate-wide computer network to support its security and card access system, onto which the biometric system would piggyback.
Sound Inc. helped the client select a fingerprint system for use in computer rooms and a hand geometry system for use in the design centers. The hand geometry system was chosen for the design centers because Sound Inc. felt it would provide better operation in the event that some employees, who worked with chemicals, might have residue on their fingers that could cause problems with a fingerprint system. However, aesthetic considerations prevented the company from using the bulkier hand geometry readers throughout the system.
In planning the system, Sound Inc. was sensitive to the fact that both the hand geometry and fingerprinting systems can take quite a long time to match an employee’s reading with records stored in a central database that could be in a distant state. “We asked ourselves, ‘What can we do to save time so the system is not searching everywhere to locate a certain parameter?†Fitch says.
The solution was to install a circuit board in the access control panel in the computer rooms and design centers to retain frequently accessed information locally, eliminating the need to query distant databases. “Another advantage is that if the network goes down, I can retrieve information from the local panel and run the system transparent to communication with the network,†Fitch says.
In preparing for the system upgrade, Sound Inc. took photos of existing access control panels at each location to ensure that each panel would have room for the circuit board and to help ensure that each installation was done in a uniform manner. The company, which at press time was still upgrading some locations, is also including modem backup in each panel to help ensure that the biometric system will function even if the corporate network goes down.
