Re: References for Brivo Systems Door Access Controls?

"J." <jsloud2001donospam@xxxxxxxxxxxx> wrote in message
news:ao2d82dubpv7rmtt1ns1ecj56ufog2ilp4@xxxxxxxxxx
On Tue, 6 Jun 2006 22:55:26 -0700, "Will" <westes-usc@xxxxxxxxxxxxxx>
wrote:

That's a shame that Brivo appears to have no option to run their control
software on the customer's computer. I don't like the security
implications of the administration tool running on their computer. What
happens when someone steals my userid and password? What happens when
they
go out of business? How does Brivo uplink the access panel to their
computers? The panel is Internet connected and they connect to it
directly?

I believe they have redundant servers at two separate locations - east
coast and west coast, maybe? They'll claim this is more secure
because they have much better security at their server sites than
would a typical end-user with a local database housed on a box on the
receptionists desk. With any remotely accessible system, you run the
risk of someone with your login and password compromising the system,
although with most systems you would also need the client side
software to be able to communicate. As far as them going out of
business, you'd have to find some access control panels and some
software to replace Brivo with should this happen. Their systems use
standard HID card readers.

If the Internet security is under my control, I can put the panel on a
separate network attached to a computer whose access requires both a
userid/password as well as a cipher code that is randomized (see
http://www.safeword.com for an example). The CIA could get in, but your
average kiddy hacker wouldn't have a chance.

About 40% of all home computers (and quite a large number of business ones
too) have keystroke sniffing programs installed (e.g., Trojan Horses) and I
don't think userids or passwords can be made secure any more.

--
Will



.

Relevant Pages

  • [Full-Disclosure] Panelist Needed
    ... Information Technology Security and Assurance Conference and Exposition ... The panel will be moderated by Mr. Jeff Lunglhofer, ...
    (Full-Disclosure)
  • RE: How to restrict users to see data in a mutiuser environment?
    ... interested setting up workgroup security. ... ' Gets the userid of the current user. ... Dim Length As Long ... which you open the form you want to filter. ...
    (microsoft.public.access.modulesdaovba)
  • RE: How to restrict users to see data in a mutiuser environment?
    ... ' Gets the userid of the current user. ... Dim Length As Long ... If you plan to use workgroup security, you could assign users to groups by ... which you open the form you want to filter. ...
    (microsoft.public.access.modulesdaovba)
  • Re: Off-the-wall Auditor Requests (was RE: Hardware Alerts)
    ... What I am hinting here is that account locking COULD be a security *risk* rather than a security enhancement to a system - because although brute force cracking of account credentials is possible, abusing a userid lockout is far easier and accessible to implement! ... Access to the RACF DB, and its backups, was tightly controlled so that a brute-force approach, by unloading the RACF DB, wasn't possible outside the Security Administration staff. ... If any DOS attempt was made for production userid's, the Operations staff had instructions to "Run this Started Task" and notify the ENTIRE security admin staff ASAP. ...
    (bit.listserv.ibm-main)
  • Re: Finding Records
    ... > login point forward that this user created. ... in the table to store the UserID, and the form whereby records are added ... security, rather than using Access's built-in user-level security (which ... UserID is an administrator. ...
    (microsoft.public.access.formscoding)