Physical Security Ideal Doors & Padlocks

Physical Security: Ideal Doors & Padlocks
Deviant Ollam
ShakaCon – 2016/07/13

http://enterthecore.net
Security Consultant By Day

Criminal Consultant By Night

Basically… I’m Professionally Dangerous

Why Does Physical Security Matter ?

Lots of Folk Are Discussing Network Security

Kemuri Water Company was responsible for supplying and
metering water usage over a number of neighboring counties.
From the onset, KWC was adamant that no evidence of
unauthorized access had been uncovered. ... It became clear
that KWC management was aware of potential unauthorized
access into the OT systems of the water district.

From the onset, KWC was adamant that no evidence of
unauthorized access had been uncovered. ... It became clear
that KWC management was aware of potential unauthorized
access into the OT systems of the water district.
An unexplained pattern of valve and duct movements had occurred
over the previous 60 days. These movements consisted of
manipulating the PLCs that managed the amount of chemicals used
to treat the water to make it safe to drink, as well as affecting the
water flow rate, causing disruptions with water distribution.

An unexplained pattern of valve and duct movements had occurred
over the previous 60 days. These movements consisted of
manipulating the PLCs that managed the amount of chemicals used
to treat the water to make it safe to drink, as well as affecting the
water flow rate, causing disruptions with water distribution.
Access to customer water usage, PII, and payment data required only a username and password.
No second authentication factor was needed. Next, we found a direct cable connection between
the application and the AS400 system. Making matters worse, the AS400 system had open access
to the internet and its internal IP address and administrative credentials were found on the
payment application webserver in clear text within an initialization file.

But with a Physical Breach…

All of your firewall rules…

All of your firewall rules… can be compromised

All your hard work here…

All your hard work here… gets undermined here

Hands-On Attacks are Possible On-Site

Not To Mention… Outright Theft, Damage, and Tampering

What’s Wrong With Your Door?

Lockpicking is Easy!

Opening with a Key

Opening with Lockpicks

Lockpicking is a Topic for Later

Hinge Removal

Security Hinges & Jamb Pin Screws

Door Latch Attacks

Shrum Tools / Traveler Hooks

Slimjim Tools

Protective Plates?

Dead Latches

Dead Latches Rely on Proper Door Fitment

Door Fitment

Crash Bars

Exit Paddles

Deadbolt with Thumb Turn

Thumb Turn Flipper

Key Boxes

Emergency Boxes

Municipal & Contractor Boxes

Decoding Multi-Wheel Combinations

Edge Gaps and Motion Sensors

Request-to-Exit (REX) Sensors
Passive Infrared (PIR)
Range Controlled Radar (RCR)
Hybrid of Both

Modern Door Lever Style Handles

Under Door Attacks

Under Door Attack Prevention – Security Door Bottom

Under Door Attack Prevention – Blocking Shroud

Under Door Attack Prevention – Blocking Clips

Door Frame Spreading

Hammerhead Deadbolt

Padlocks
first, some terminology…

The Shackle

The Body

The Keyway & Plug

The Pin Stacks

The Release or Cam

The Latch (often two Latches)

Attacking The Latches… Shimming

Padlock Shims

Homebrew Padlock Shims

Single Latch or Dual Latch?

Shim-Proof Padlocks… Double-Ball Mechanism

Warded Locks

Distinct Keyway

Warded Keys

Attacking The Pin Stacks… Overlifting

Comb Picks

Overlifting Shouldn’t Be Possible

Overlifting Shouldn’t Be Possible, But…

Overlifting is Possible with Improperly Designed Locks

Overlifting with Comb Picks

Attacking The Release or Cam… Bypassing

Lock Bypassing – Master 175

Lock Bypassing – American Padlocks

Where Do We Encounter These Padlocks?
?

Are There Vulnerable Locks on Your Sites?

Thinking Critically About Your Doors, Too?
?

A Door With Problems

Magnetic Lock Systems

Cloning Electronic Credentials

Padlock Attacks and Mitigations

component: latches
attack: shimming
mitigation: double ball / shim-proof mechanism

component: latches
attack: shimming
component: warded key systems
attack: skeleton keys
mitigation: never use these for any reason

component: latches
attack: shimming
component: pin stacks
attack: overlifting with comb picks
mitigation: proper fabrication dimensions

component: latches
attack: shimming
component: pin stacks
attack: overlifting with comb picks
mitigation: proper fabrication dimensions
component: release cam
attack: bypassing
mitigation: blocking elements or key-retaining
systems immune to bypassing

Very Robust Padlocks

Very Robust Padlocks - Abloy Protec

Very Robust Padlocks - Abus 83/45

Very Robust Padlocks - Abus 83/53

Door Attacks and Mitigations

component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws

component: hinges
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed

component: hinges
component: latches
attack: loiding
component: inside thumb turn, crash bar, etc.
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment

component: hinges
component: latches
attack: loiding
component: inside thumb turn, etc.
component: key boxes
attack: weak locks can be picked
mitigation: remove them or get a variance

component: hinges
component: latches
attack: loiding
component: edge gaps
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal

component: hinges
component: latches
attack: loiding
component: bottom gap
attack: under door attacks
mitigation: security door bottom and/or
blocking shroud

component: hinges
component: latches
attack: loiding
blocking shroud
component: doorframe
attack: jacking / spreading attacks
mitigation: interlocking deadbolt along with
stronger frame structure

component: hinges
component: latches
attack: loiding
component: inside thumb turn, etc
blocking shroud
component: doorframe

component: hinges - $50
component: latches - $150
attack: loiding
component: inside thumb turn, etc - $200
component: key boxes - $0
component: edge gaps - $150
component: bottom gap - $60
blocking shroud
component: doorframe - $200

component: hinges - $50
component: latches - $150
attack: loiding
component: inside thumb turn - $200
component: key boxes - $0
component: edge gaps - $150
component: bottom gap - $60
blocking shroud
component: doorframe - $200

Thank You Very Much
+1-347-263-7522
delta@enterthecore.net
(PGP keys on major servers)

Physical Security Ideal Doors & Padlocks

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (18)

Ähnlich wie Physical Security Ideal Doors & Padlocks

Ähnlich wie Physical Security Ideal Doors & Padlocks (20)

Mehr von Shakacon

Mehr von Shakacon (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Physical Security Ideal Doors & Padlocks