Defence methods against tailgating
up vote
28
down vote
favorite
This is a follow-up question to this one: Roles to play when tailgaiting into a residential building
How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?
physical social-engineering physical-access
New contributor
add a comment |
up vote
28
down vote
favorite
This is a follow-up question to this one: Roles to play when tailgaiting into a residential building
How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?
physical social-engineering physical-access
New contributor
add a comment |
up vote
28
down vote
favorite
up vote
28
down vote
favorite
This is a follow-up question to this one: Roles to play when tailgaiting into a residential building
How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?
physical social-engineering physical-access
New contributor
This is a follow-up question to this one: Roles to play when tailgaiting into a residential building
How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?
physical social-engineering physical-access
physical social-engineering physical-access
New contributor
New contributor
edited yesterday
schroeder♦
70.5k27152188
70.5k27152188
New contributor
asked yesterday
Lithilion
25127
25127
New contributor
New contributor
add a comment |
add a comment |
11 Answers
11
active
oldest
votes
up vote
35
down vote
This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.
You have to work with human nature, not against it.
So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:
13
there are nicer-looking gates :)
– schroeder♦
yesterday
1
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
8
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
|
show 5 more comments
up vote
13
down vote
You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.
The company protects itself by
- installing physical gates that only allow one person in at a time
- controls that prevent the same passcard being used on the same side of the gate
- human monitors to detect tailgating
- training people to politely challenge those trying to get in without using the proper methods
1
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
4
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
6
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
1
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
2
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
|
show 3 more comments
up vote
9
down vote
(Just a passer-by opinion)
Obviously, a physical gate would work the best.
In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.
One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.
At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.
New contributor
4
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
7
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
add a comment |
up vote
5
down vote
The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.
If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.
add a comment |
up vote
3
down vote
There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.
Any variation of You/Everyone must swipe in at this door
will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.
I would suggest something likeMake sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.
If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.
New contributor
add a comment |
up vote
2
down vote
As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.
Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.
New contributor
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
add a comment |
up vote
1
down vote
This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.
You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.
How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".
Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.
New contributor
add a comment |
up vote
0
down vote
Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.
For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
add a comment |
up vote
0
down vote
If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.
Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
add a comment |
up vote
0
down vote
One solution is to have "secret drills".
Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.
Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".
Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.
add a comment |
up vote
-1
down vote
If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.
add a comment |
11 Answers
11
active
oldest
votes
11 Answers
11
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
35
down vote
This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.
You have to work with human nature, not against it.
So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:
13
there are nicer-looking gates :)
– schroeder♦
yesterday
1
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
8
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
|
show 5 more comments
up vote
35
down vote
This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.
You have to work with human nature, not against it.
So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:
13
there are nicer-looking gates :)
– schroeder♦
yesterday
1
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
8
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
|
show 5 more comments
up vote
35
down vote
up vote
35
down vote
This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.
You have to work with human nature, not against it.
So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:
This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.
You have to work with human nature, not against it.
So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:
answered yesterday
Anders
47.4k21134157
47.4k21134157
13
there are nicer-looking gates :)
– schroeder♦
yesterday
1
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
8
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
|
show 5 more comments
13
there are nicer-looking gates :)
– schroeder♦
yesterday
1
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
8
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
13
13
there are nicer-looking gates :)
– schroeder♦
yesterday
there are nicer-looking gates :)
– schroeder♦
yesterday
1
1
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
yesterday
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Exactly whats in my office, although it's made of glass and the human supervisor requires to see my pass.
– deltzy
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
Also stops people from say, propping open key-carded doors the way they tend to do in my building.
– Jared Smith
22 hours ago
8
8
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
20 hours ago
|
show 5 more comments
up vote
13
down vote
You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.
The company protects itself by
- installing physical gates that only allow one person in at a time
- controls that prevent the same passcard being used on the same side of the gate
- human monitors to detect tailgating
- training people to politely challenge those trying to get in without using the proper methods
1
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
4
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
6
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
1
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
2
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
|
show 3 more comments
up vote
13
down vote
You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.
The company protects itself by
- installing physical gates that only allow one person in at a time
- controls that prevent the same passcard being used on the same side of the gate
- human monitors to detect tailgating
- training people to politely challenge those trying to get in without using the proper methods
1
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
4
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
6
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
1
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
2
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
|
show 3 more comments
up vote
13
down vote
up vote
13
down vote
You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.
The company protects itself by
- installing physical gates that only allow one person in at a time
- controls that prevent the same passcard being used on the same side of the gate
- human monitors to detect tailgating
- training people to politely challenge those trying to get in without using the proper methods
You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.
The company protects itself by
- installing physical gates that only allow one person in at a time
- controls that prevent the same passcard being used on the same side of the gate
- human monitors to detect tailgating
- training people to politely challenge those trying to get in without using the proper methods
answered yesterday
schroeder♦
70.5k27152188
70.5k27152188
1
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
4
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
6
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
1
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
2
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
|
show 3 more comments
1
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
4
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
6
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
1
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
2
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
1
1
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
19 hours ago
4
4
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
19 hours ago
6
6
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
18 hours ago
1
1
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
18 hours ago
2
2
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
13 hours ago
|
show 3 more comments
up vote
9
down vote
(Just a passer-by opinion)
Obviously, a physical gate would work the best.
In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.
One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.
At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.
New contributor
4
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
7
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
add a comment |
up vote
9
down vote
(Just a passer-by opinion)
Obviously, a physical gate would work the best.
In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.
One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.
At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.
New contributor
4
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
7
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
add a comment |
up vote
9
down vote
up vote
9
down vote
(Just a passer-by opinion)
Obviously, a physical gate would work the best.
In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.
One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.
At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.
New contributor
(Just a passer-by opinion)
Obviously, a physical gate would work the best.
In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.
One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.
At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.
New contributor
edited 22 hours ago
New contributor
answered 23 hours ago
Petr
1914
1914
New contributor
New contributor
4
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
7
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
add a comment |
4
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
7
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
4
4
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
21 hours ago
7
7
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
19 hours ago
add a comment |
up vote
5
down vote
The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.
If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.
add a comment |
up vote
5
down vote
The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.
If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.
add a comment |
up vote
5
down vote
up vote
5
down vote
The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.
If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.
The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.
If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.
answered 22 hours ago
John Deters
25.5k23984
25.5k23984
add a comment |
add a comment |
up vote
3
down vote
There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.
Any variation of You/Everyone must swipe in at this door
will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.
I would suggest something likeMake sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.
If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.
New contributor
add a comment |
up vote
3
down vote
There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.
Any variation of You/Everyone must swipe in at this door
will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.
I would suggest something likeMake sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.
If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.
New contributor
add a comment |
up vote
3
down vote
up vote
3
down vote
There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.
Any variation of You/Everyone must swipe in at this door
will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.
I would suggest something likeMake sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.
If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.
New contributor
There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.
Any variation of You/Everyone must swipe in at this door
will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.
I would suggest something likeMake sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.
If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.
New contributor
New contributor
answered 21 hours ago
ShapeOfMatter
313
313
New contributor
New contributor
add a comment |
add a comment |
up vote
2
down vote
As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.
Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.
New contributor
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
add a comment |
up vote
2
down vote
As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.
Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.
New contributor
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
add a comment |
up vote
2
down vote
up vote
2
down vote
As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.
Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.
New contributor
As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.
Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.
New contributor
New contributor
answered 14 hours ago
William Michael
211
211
New contributor
New contributor
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
add a comment |
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
9 hours ago
add a comment |
up vote
1
down vote
This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.
You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.
How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".
Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.
New contributor
add a comment |
up vote
1
down vote
This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.
You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.
How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".
Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.
New contributor
add a comment |
up vote
1
down vote
up vote
1
down vote
This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.
You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.
How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".
Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.
New contributor
This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.
You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.
How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".
Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.
New contributor
New contributor
answered 12 hours ago
Ross Millikan
1113
1113
New contributor
New contributor
add a comment |
add a comment |
up vote
0
down vote
Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.
For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
add a comment |
up vote
0
down vote
Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.
For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
add a comment |
up vote
0
down vote
up vote
0
down vote
Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.
For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.
Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.
For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.
answered 13 hours ago
Aganju
16016
16016
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
add a comment |
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
8 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
4 hours ago
add a comment |
up vote
0
down vote
If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.
Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
add a comment |
up vote
0
down vote
If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.
Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
add a comment |
up vote
0
down vote
up vote
0
down vote
If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.
Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.
If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.
Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.
edited 12 hours ago
answered 18 hours ago
Joel Coehoorn
1,2551912
1,2551912
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
add a comment |
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
9 hours ago
add a comment |
up vote
0
down vote
One solution is to have "secret drills".
Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.
Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".
Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.
add a comment |
up vote
0
down vote
One solution is to have "secret drills".
Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.
Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".
Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.
add a comment |
up vote
0
down vote
up vote
0
down vote
One solution is to have "secret drills".
Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.
Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".
Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.
One solution is to have "secret drills".
Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.
Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".
Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.
edited 53 mins ago
answered 1 hour ago
PyRulez
1,72431125
1,72431125
add a comment |
add a comment |
up vote
-1
down vote
If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.
add a comment |
up vote
-1
down vote
If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.
add a comment |
up vote
-1
down vote
up vote
-1
down vote
If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.
If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.
answered 20 hours ago
Nosajimiki
2297
2297
add a comment |
add a comment |
Lithilion is a new contributor. Be nice, and check out our Code of Conduct.
Lithilion is a new contributor. Be nice, and check out our Code of Conduct.
Lithilion is a new contributor. Be nice, and check out our Code of Conduct.
Lithilion is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197817%2fdefence-methods-against-tailgating%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown