Globally Tailgating is common problem

Globally Tailgating is common problem

One of the biggest weaknesses of automated access control systems is the fact that most systems cannot actually control how many people enter the building when an access card is presented. Most systems allow you to control which card works at which door, but once an employee opens the door, any number of people can follow behind the employee and enter into the building. Similarly, when an employee exits the building, it is very easy for a person to grab the door and enter the building as the employee is leaving.

This practice is known as "tailgating" or "piggybacking". Tailgating can be done overtly, where the intruder makes his presence known to the employee. In many cases, the overt "tailgater" may even call out to the employee to hold the door open for him or her. In these cases, good etiquette usually wins out over good security practices, and the intruder is willingly let into the building by the employee.

Tailgating can also be done covertly, where the intruder waits near the outside of the door and quickly enters once the employee leaves the area. This technique is used most commonly during weekends and at nights, where the actions of the more overt tailgater would be suspicious.

Solutions To The "Tailgating" Problem

First, recognize that the tailgating problem is probably the biggest weakness in your security system. This is particularly true at doors that handle a high volume of employee and visitor traffic. Many security managers spent a lot of time worrying about unauthorized duplication of access cards and computer "hackers" getting into their security system over the network. It is far more likely that someone who wants access to your facility will simply "tailgate" into the building rather than using one of these more exotic methods to breech your security.

The practice of overt tailgating can be reduced somewhat through employee security awareness training. If employees are frequently reminded of the tailgating problem, they are less likely to let a person that they do not know into the building deliberately.

It is difficult to overcome the problem of covert tailgating through employee security awareness alone. While it would be possible to ask employees to wait at the door until it locks after they pass, it is probably not likely that this procedure would be followed except under the most extreme circumstances.

You can follow this link http://arindamcctvaccesscontrol.blogspot.com/2015/11/anti-passback-in-access-control-systems.html "Regular access control is more than adequate for standard control at entry points. Use anti-tailgating systems to address a specific problem that could or has happened" says Arindam Bhadra.

The problem of covert tailgating can usually only be reliably solved through the use of special "anti-tailgating" devices.

"Anti-Tailgating" Devices

To minimize the problem of tailgating, the security industry has created a number of "anti-tailgating" devices. These devices include mechanical and optical turnstiles, security revolving doors, security portals, and doorway anti-tailgating devices.

The essential function of each of these devices is that they permit only one person to enter or leave the building at a time. They either do this by providing a physical barrier that only allows one person to pass, or electronically by providing sensors that detect when a person attempts to tailgate in, or when more than one person tries to enter using the same card.

The following is a brief summary of each of the common types of anti-tailgating devices:

HALF-HEIGHT MECHANICAL TURNSTILE

Description: Rotating mechanical barrier arms installed at waist height prevent passage through opening. Electrically-controlled, using valid access card causes arms to unlock allowing passage of one person. Turnstile can be controlled in both directions, or allow free-passage in one direction.

Approximate cost: ₹ 4, 50,000 to ₹ 5, 50,000 per opening.

PROS: Lowest cost anti-tailgating device, readily accepted by most users, relatively unobtrusive, well-proven and reliable.

CONS: Can easily be climbed over or under, requires separate door or gate for emergency exit and for handicapped users, easily defeated by knowledgeable intruder, can be somewhat noisy when operated.

Comments: Good choice for use at visitor lobbies or employee entrances where cost is a consideration. Works best when turnstile can be observed by security officer or receptionist to allow detection of people climbing over or under the device.

FULL-HEIGHT MECHANICAL TURNSTILE

Description: Rotating mechanical barrier arms installed to prevent passage through opening. Extends from floor to height of approximately eight feet. Electrically-controlled, using valid access card causes arms to unlock allowing passage of one person. Turnstile can be controlled in both directions, or allow free-passage in one direction.

Approximate cost: ₹ 14,50,000 to ₹ 15,50,000 per opening.

PROS: Provides good security at a moderate cost. Well-proven and reliable.

CONS: Obtrusive in appearance, requires separate door or gate for emergency exit and for handicapped users, lacks sophisticated anti-piggybacking detection features, can be somewhat noisy when operated.

Comments: Good choice for commercial and industrial facilities where security and cost considerations are more important than appearance.

OPTICAL TURNSTILE

Description: Consists of two freestanding pillars mounted on each side of opening. Equipped with electronic sensor beams that transmit between pillars. Passing though opening interrupts sensor beam and causes alarm unless valid access card has first been used. Sensor beams are connected to computer processor that detects when more than one person attempts to pass though opening on a single card. Turnstile can be controlled in both directions, or allow free-passage in one direction. Available with or without mechanical barrier arms and in a wide variety of styles and finishes.

Approximate cost: ₹ 20, 50,000 to ₹ 25, 50,000 per opening.

PROS: Aesthetically-pleasing appearance, accommodates handicapped users, does not require separate emergency exit, has sophisticated anti-piggybacking detection systems, provides good visual and audible cues to users.

CONS: Expensive, units without barrier arms provide no physical deterrent, must be used at an entrance manned by security guard, relatively high "false alarm" rate, some user training required to work effectively.

Comments: Good choice for use in manned building lobbies where aesthetics prevent the use of a half-height manual turnstile.

SECURITY REVOLVING DOOR

Description: Standard revolving door that has been specially modified for security use. Extends from floor to a height of approximately eight feet. Typically has multiple quadrants equipped with electronic sensors that detect number of people in each quadrant. Use of valid access card allows one person to pass through door, if more than one person attempts to enter, door sounds alarm and reverses to prevent entry. Door can be controlled in one or both directions.

Approximate cost: ₹ 70,00,000 to ₹ 75,00,000 per opening.

PROS: Provides best protection against tailgating and piggybacking, fast, handles high volumes of traffic, unobtrusive in appearance, provides energy savings when used at exterior entrances.

CONS: Very expensive, requires separate door or gate for emergency exit and for handicapped users, door cannot be used for loading/unloading of large objects, relatively high maintenance costs.

Comments: Good choice for use at unattended building entrances where appearance is important.

SECURITY PORTAL (also called "Security Vestibule" or "Mantrap")

Description: Consists of passageway with door at each end. Regular swinging doors or automatic sliding doors can be used. Passageway is equipped with sensors that detect total number of people present. Sensors can include electronic beams, floor mat switches, and weight detectors. Video cameras with analytic software can also be used (see video analytics below). To use, user enters passageway and closes door behind him. He then proceeds to second door, and uses access card to enter. If more than one person is present in passageway, portal sounds an alarm and prevents entry. Portal can be controlled in one or both directions.

Approximate cost: ₹ 18,50,000 to ₹ 21,50,000 per opening.

PROS: Provides good protection against tailgating and piggybacking, unobtrusive in appearance, accommodates handicapped users, does not require separate emergency exit, allows load/unloading of large objects.

CONS: Expensive, relatively slow, cannot support large volumes of traffic, some versions can have high maintenance costs.

Comments: Good choice for use at unattended building entrances with relatively low traffic volumes and for entrances into high security internal areas, such as computer rooms.

DOORWAY ANTI-TAILGATING DEVICE

Description: Consists of devices installed on each side of regular doorway. Equipped with electronic sensor beams that transmit between devices. Passing though opening interrupts sensor beam and causes alarm unless valid access card has first been used. Sensor beams are connected to computer processor that detects when more than one person attempts to pass though opening on a single card. Doorway can be controlled in both directions, or allow free-passage in one direction.

Approximate cost: ₹ 6,00,000 to ₹ 7,00,000 per opening.

PROS: Easy add-on to existing doors; provides good protection against tailgating and piggybacking, unobtrusive in appearance, accommodates handicapped users, does not require separate emergency exit, allows loading/unloading of large objects, relatively inexpensive.

CONS: Must be used at an entrance manned by security guard, does not provide good visual and audible cues to users, some false alarms.

Comments: Good choice for use at doorways with relatively low traffic volumes and where conditions do not permit the use of another type of device.

VIDEO ANALYTICS ANTI-TAILGATING SYSTEMS

Description: Consists of video cameras installed at doorway opening. Cameras are connected to a computer with special video analytics software that detects and analyzes people and objects at the door. System may use multiple cameras that allow precise determination of object size, height, and direction of travel. When used at single door, video analytics anti-tailgating systems work similarly to doorway anti-tailgating devices and sound alarm when more than one person attempts to enter through door after a valid access card has been used. Video analytics anti-tailgating systems can also be used with security portals to both sound alarm and deny access when more than one person attempts to enter.

Approximate cost: ₹ 3,50,000 per opening for single door system, ₹ 12,50,000 to ₹ 15,50,000 for security portal system.

PROS: Easy add-on to existing doors; provides good protection against tailgating and piggybacking, unobtrusive in appearance, accommodates handicapped users, does not require separate emergency exit, allows loading/unloading of large objects.

CONS: Single door systems do not provide a physical barrier so must be used at an entrance manned by security guard, requires frequent user training to prevent false alarms, relatively expensive.

Comments: Popular choice for use at computer rooms and other high-security facilities.

Selecting the Right Anti-Tailgating System

Choosing the right anti-tailgating system is an important decision. You need to consider your overall level of security risk, your ability to provide security staff to monitor your entrances and respond to alarms, and your budget for initial purchase and ongoing maintenance of the anti-tailgating systems.

Artical Publish by Safe Secure Magazine in the month of May 2019 issue.

Role of IT in Access Control System

Role of IT in Access Control System

It is a fact that IT is becoming more involved in the physical security world. In a small minority of companies, these two departments are actually merging, although this is a mammoth task fraught with problems, not only in terms of technology, but primarily in terms of culture.

In the access control world, one could say it’s normal for IT to be involved in networking (assuming the access systems make use of the corporate network and/or the IP protocol), but the scope of IT has slowly been creeping into more of the access control functions. In smaller companies, for example, it’s not unusual for the service provider responsible for the company’s IT to also take the responsibilities of physical security.

So how far has IT made inroads into the access control world in general? HID Global broadcast arrange a webinar in October 2018 in which it revealed some new research into the increasing role IT departments and personnel are playing in the physical access control world. The webinar was hosted by HID Global’s Brandon Arcement and Matt Winn. After discussing the findings of the research, they went on to advise physical security operators as to how they can embrace their IT colleagues further, with the goal of improving the holistic security posture of their organisations.

The survey was conducted by The 05 Group, sponsored by HID and was completed in March 2018. As the title of this article notes, the research found that IT departments are now more involved than ever in organisations’ physical access control decisions and implementation, and that trend is set to increase.

The 05 Group surveyed 1 576 individuals from more than a dozen industries, including education (19%), information (16%), government (11%), manufacturing (8%), health services (8%), and security, professional and business services (8%). Of the respondents, 35% were IT managers, 26% were IT directors, 13% were IT staff, 8% were CIO/CTO, and 3% were VPs of technology. The survey also spanned companies of different sizes, with 24% having less than 100 employees, 22% 101-500 employees, 11% have 501-1000 employees, 17% have 1001-5000, 6% have 5001-9999, and 6% have 10 000-24 999 employees. The results therefore cover a broad spectrum of companies and industries.

 The numbers tell a story

The research offers a significant amount of data about the role of IT in access control, however the webinar brought out a few pertinent facts (a link to the white paper written by HID from the research is at the end of this article). When asking the organisations being surveyed “Who is primarily responsible for physical access control in your organisation”, the responses were as follows:

• 29% said both IT and physical security.

• 26% said IT only.

• 25% said facility management handles the job.

• 12% said physical security only.

• 8% said the property management company was tasked with access control.

With a quarter of the respondents already saying IT is responsible for access control, and a further 29% saying it is shared between the two departments, it’s clear that the divide between IT and physical security is rapidly vanishing – and in some cases, altogether gone. And this is a trend that will continue; in organisations where IT is not involved in access control, 36% of the respondents said it will be within the next five years.

For those organisations where access control responsibilities are shared, 47% of the respondents report it had been shared within the past five years. Similarly, where IT owns the responsibility, 42% of the companies say they were given this task within the last five years. Once again we see that IT/physical security convergence in the access world is an expanding reality.

We mentioned IT’s influence in access control above in terms of the networking of access systems, however, this is an old function. The webinar showed that both IT professionals as well as physical security professionals see IT being involved in all areas of access control. When it comes to physical security professionals:

• 66% of physical security professionals see IT involved in influencing the decision-making process.

• 48% see IT’s involvement in integrating access and other systems.

• 37% see IT involved in implementation.

• 22% see IT involved in managing the systems.

From the other side of the table, IT professionals have a similar view:

• 76% expect to influence decision making.

• 72% will be involved in integration.

• 59% will be involved in implementation.

• 39% expect to be involved in managing systems.

Not all wine and roses

Of course, as these different cultures work together, there are bound to be some issues. It is in the field of integration where IT sees problems. Half of the IT people surveyed have issues with the lack of integration of access systems with other IT systems. This is an area in which the access control industry could make significant changes in the short-term to ensure their software and hardware can be more easily integrated with existing business management and security systems.

When it comes to new access control systems, the IT school has a few things it wants to see on the vendors’ to-do list. They want improved ease of use (71%), the ability to support or add new technologies (68%), mobile access (59%), and integration with existing security platforms (54%).

It’s also clear from the survey that IT is not all that comfortable with access control technology. Areas such as credential management, decision making with respect to access control systems, how system components work and also individual features within access systems can cause a bit of nervousness among the IT folk. These are areas in which physical security professionals can make their mark, as they are more skilled in dealing with these issues as well as others unique to their industry. 

Helping IT in access

The driver behind this convergence is not a technical issue, but is itself a convergence of a number of separate drivers. HID notes the primary drivers are:

• Converged threats that impact both physical and logical infrastructure. If you have a physical vulnerability it puts your logical systems at risk, and vice versa.

• Proliferation of networked devices in the age of IoT (the Internet of Things) which all require both physical and logical security. Interestingly, the webinar held its own real-time survey of the attendees and this topic was selected as having the biggest impact on access control’s shift to IT with half of the audience selecting it.

• Compliance to new regulations, which again rely on both sides of the table.

• Budget consolidation, which we are all suffering through.

• A shift in reporting structures as executives try to get a handle on the seemingly endless threats companies face on all fronts.

When it comes to the role of physical security professionals and how they can assist in the convergence between the two sides and help improve organisational security, 80% of the respondents said they play a role in establishing best practices, while 50% see physical security having a role in preventing unauthorised access in general, and 49% say they can help in achieving compliance. In order to streamline collaboration, the HID webinar suggests, among other issues, that both sides need to work on aligning project priorities and determining responsibilities, and balancing the technical acumen of IT when it comes to access products and management. 

A converged example

The webinar went on to provide an example of how the two divisions could work together in an access control installation. When it comes to the physical access control host, HID advises organisations to integrate physical access control systems (PACS) with an IT source of identity such as LDAP. Furthermore, administrators should ensure there is a set policy around regular software updates and patches, while they should also take advantage of IT’s experience (and equipment) to ensure high availability.

When it comes to the controller, HID advises organisations to settle some of the issues raised above by requiring an open controller platform that can be integrated with other technologies and other vendors’ products. Preventing vendor lock-in is a costly lesson IT departments have learned. It also suggests considering an ‘IP-at-the-door’ topology, keeping controller firmware updated to the latest versions, using strong passwords and encrypting communication between controllers and hosts (and using OSDP – Open Supervised Device Protocol – for encrypted reader communications).

Another strong warning was to take care when selecting access credentials as many of the card and fob technologies available are easy to replicate, making it simple for the wrong people to easily gain access. There are secure card technologies out there and these should be used as a standard. A business benefit of these more advanced credentials is that they can also be used for additional business functions, such as secure printing, vending machines and network logon.

The webinar presenters also touched on the benefits of using users’ mobile devices as credential holders. These can offer higher levels of authentication, easier administration and more user convenience that does not come at the expense of the company’s security.

Whether you are on the IT or physical security side, the most important part of the research (depending on your biases) can be seen in the answer to the question “Do you believe that increased collaboration between physical security and IT can improve the overall security of your organisation?” An overwhelming 95% of all the respondents said “yes”.

While the full convergence of physical and logical security is still some way off, people in the access control sector obviously understand that IT and physical security working together is critical to develop a successful security defence strategy for their organisations. In the access control industry this may be easier to achieve, but as noted in the introduction, it is often a question of culture (or ego, to be blunt) that prevents collaboration and results in organisations being vulnerable to the ever-increasing threats they face from well-organised criminal syndicates, as well as unhappy teenagers with too much time on their hands.

End of the article thanks to Mr. Andrew Seldon, for valuable time to us & security sa team.

You need an Access Control Systems

Do you need an Access Control Systems?

Access control security systems are designed to restrict physical entry to only users with authorization. Many organizations, governmental and private, have started adopting access control security systems for physical entry into their facilities. Whether it is a simple non intelligent access control system like a punching in a password, or advanced biometric systems that scan and permit entry very specifically, there are many advantages to employing these security systems.
It is important for businesses of every size to keep important data and remove threats. All businesses acknowledge this basic security concern by placing locks on the door and giving keys to employees that need to access these locks. If you answer yes to any of the following questions, you may need access control systems:

• • Is a lost or stolen key a security threat to your business?
  • Time Based Control for Security Systems
  • Do you need different access for different employees and clients?
  • Would it be really beneficial to restrict access based on time or day?
  • Do you need a record of people’s “comings and goings?
  • Could your employees/clients be more secure?
  • Reduced Requirement for Manpower
  • Biometric Systems

Benefits of access control systems

The benefits of access control systems are thus many:

• Audit trail – With access control systems, you will have a record of every opening and attempted opening of each door or specific area. The audit trail can be valuable in resolving employee issues.
• Time/day restrictions – Do you have certain employees that should only be there at certain times and days. An access control system make more sense to control their access than to give them a key that allows access at any time or day.
• Lost or stolen keys – When keys are lost or stolen, it is an expensive process for a business to completely rekey each door. Access control systems allow you to remove access by deactivating the I.D. badges or other security credentials.
• Remote access control – Many access control systems allow you to control of all of the business’ locks from one main system. With access control systems, you can easily and quickly lock down your businesses in an emergency as well as add and remove credentials.

Design 1:

Design 2: Single Door

Design 3: 4-Door single controller.

Design 4: New Concept, PoE Based

Design 5: SYRiS Product with SQL Database, Multi-location. One SY230NT Controller can controll 4nos of Door. Practically i do many projects with this.

How the Access Control System WorksØ  The typical access control system consists of a card/ pin reader, electromagnetic lock or door strike, power supply system and a push button.
Ø  The valid and authorized card user must present the card to the security system.
Ø  Upon verification by the reader, the locking system will be de-energized and the door can be pushed open.
Ø  To exit the premises, the person will have to press a door lock release switch and the system will release the lock.
Ø  A power back up is also installed while fitting in the access control system.
Ø  A break glass is also incorporated in case of emergency.

Accepting Real-World Access Control Challenge

I write about change quite a bit because I am fascinated with all of the various elements that make change both interesting and dreaded by most people. To write about a subject, many writers research the subject matter they are tackling. I do this too, but I prefer hands-on experience. Reality changes in a hurry in our business world. What can this principle teach us in the world of convergence security technology?

Plenty, if it means you have the responsibility of delivering sustainable security solutions your customers count on every day. So let’s use a real-life example to more closely examine the tactical side of security. The challenge was to design, sell, install and commission a replacement of a 30-year-old+ mag stripe electronic access control system with a new IP-based system. Now, for plenty of you this challenge is a walk in the park, part of your everyday security business life. For others, it is not — including yours truly. Yes, I have security system integrator experience with a large company and founded an IP video integration company, but it’s been a few years since I strapped on a 33-inch tool belt. Wisdom and waist size have both grown a bit over the years, but that didn’t stop me. I was up to the challenge and charged forward.

Changing the Mindset on Decades-Old Ways

What I know about security technology from an application and elemental building blocks perspective is much different than putting the IP system puzzle pieces together onsite at 5:30 a.m. because the customer opens for business at 11 a.m. Ladders are unsightly, liability increases and the business operations are impacted — not to mention dropping fiberglass from the ceiling tiles into someone’s glass of beer.

The pressure of doing an IP installation properly in the correct sequence, and coordinating other contractors and supplier support while wrestling with old technology, is as close to “ground truth” as you can expect in the civilian world. Schedules and timing are important when you cut over an access control system. The old system has to continue operating while a new system is readied to take over the workload on a very specific date (no pressure here to get it right!). Now add to this the expectation of your customer for a significant operational improvement and you are involved with a bare-knuckle fight with change. Did I mention that I love a good challenge with change?

Here’s how this installation tale began. An acquaintance is a controller for a chapter of a large, well-known fraternal organization that has thousands of chapters worldwide. And he is not just any controller ... he was recognized nationally in 2012 as the best in the country, a guy who knows a thing or two about business and return on investment. He knew I worked in the security field so we started talking about the mechanics and costs of membership-based organizations that restrict/permit access based on bylaws and being current with their dues. Now add some size to this challenge. This particular chapter has approximately 800 male and female members, each with separate requirements.

So how were they managing access privileges? Every year the chapter needed to order new magstripe cards for all its members. This is an old credentials technology, so you can understand some of the cost factors. These credentials had to be replaced every year when membership dues were due. To this cost add the management time for physically handing over a new credential once dues were paid. This process has obviously worked for 30+ years, but what would the future look like for 30-year-old+ magstripe readers and 24VAC electric strikes? How long would they last? Could they even be repaired? How long could they disrupt operations if they did fail? Perhaps it is time to consider a change in electronic access control technology and upgrade the system.

Analyze Your Recommended Technology Applications to Ensure They Are Appropriate

I initially recommended a biometric solution since it would entirely eliminate the cost and management of card credentials. I like cool technology that is affordable and reliable (and I just wrote about this technology a few months ago, noting that it is an obvious solution to recommend).

But not so fast — remember, blindly recommending the application of technology can be dangerous, as well as narrow-minded and myopic. Does this sound like anyone you know or work with perhaps? We all are guilty of sticking with a “true blue” product or supplier because it is the path of least resistance. Guilty as charged.

How can you avoid the automatic product choices in your comfort zone? Ask the right questions. While biometric fingerprint technology is affordable and reliable, it isn’t a panacea. There is a large percentage of chapter membership groups that evolved in the late 1950s, and using new technology can be intimidating and less effective with their older members. Consider the lifetime use of older members’ hands and the gradual deterioration of their skin.

Biometric fingerprint technology has come a long way in the past five years but still has its limitations. What about facial recognition biometrics? Yes, the technology does work better in this application, but consider the perception of the older members and their comfort level of using card credentials for the past 30+ years vs. presenting their face to a reader or camera … it might feel a bit Orwellian, no?

Applying new technology and, more importantly, the right technology means asking your prospect/customer the right questions then considering the impact of change your solution delivers.

In this particular installation challenge, what was the best choice? An RFID credential solution made the most sense from a cost, application and functionality perspective. With several good choices for reliable IP access control systems I chose a new supplier, breaking out of my comfort zone, that I had done some consulting with to test my thinking.

I started by asking the appropriate questions to ensure the technology would fit the application. For example, how simple would it be to manage from a customer’s perspective? How cost effective would it be now and in the future? Once I got the answers I needed, it was time to kick the tires and light the fires.

The hardware and software components were fairly straightforward and not overly complex to process. Actually they were quite simple, and who doesn’t love simple? The documentation gets a C+ in my book and has room for improvement.

The supplier’s customer support in the field at crunch time — you know, when the customer is looking over your shoulder — was an A. The price vs. value delivery was in the A+ range, allowing me to provide additional spare parts and lots of extra credentials, which all IP systems you sell should absolutely have. This will ensure that any future service or maintenance will be fast, which is especially pertinent for electronic access control installations. What other challenges should you consider?

Thanks to Mr. Paul Boucherle for help.