You have spent lots of money on a high-grade, pick-resistant, ANSI-rated lock for your door. Your vendor has assured you how it will resist attack and how difficult it would be for someone to copy your key. Maybe they’re right. But… the bulk of attacks that both penetration testers and also criminals attempt against doors have little or nothing to do with the lock itself! This talk will be a hard-hitting exploration (full of photo and video examples) of the ways in which your door — the most fundamental part of your physical security — can possibly be thwarted by someone attempting illicit entry. The scary problems will be immediately followed by simple solutions that are instantly implementable and usually very within-budget. You, too, can have a near-perfect door… if you’re willing to learn and understand the problems that all doors tend to have.
8. http://enterthecore.net
Lots of Folk Are Discussing Network Security
Kemuri Water Company was responsible for supplying and
metering water usage over a number of neighboring counties.
From the onset, KWC was adamant that no evidence of
unauthorized access had been uncovered. ... It became clear
that KWC management was aware of potential unauthorized
access into the OT systems of the water district.
9. http://enterthecore.net
Lots of Folk Are Discussing Network Security
Kemuri Water Company was responsible for supplying and
metering water usage over a number of neighboring counties.
From the onset, KWC was adamant that no evidence of
unauthorized access had been uncovered. ... It became clear
that KWC management was aware of potential unauthorized
access into the OT systems of the water district.
An unexplained pattern of valve and duct movements had occurred
over the previous 60 days. These movements consisted of
manipulating the PLCs that managed the amount of chemicals used
to treat the water to make it safe to drink, as well as affecting the
water flow rate, causing disruptions with water distribution.
10. http://enterthecore.net
Lots of Folk Are Discussing Network Security
Kemuri Water Company was responsible for supplying and
metering water usage over a number of neighboring counties.
An unexplained pattern of valve and duct movements had occurred
over the previous 60 days. These movements consisted of
manipulating the PLCs that managed the amount of chemicals used
to treat the water to make it safe to drink, as well as affecting the
water flow rate, causing disruptions with water distribution.
Access to customer water usage, PII, and payment data required only a username and password.
No second authentication factor was needed. Next, we found a direct cable connection between
the application and the AS400 system. Making matters worse, the AS400 system had open access
to the internet and its internal IP address and administrative credentials were found on the
payment application webserver in clear text within an initialization file.
175. http://enterthecore.net
Padlock Attacks and Mitigations
component: latches
attack: shimming
mitigation: double ball / shim-proof mechanism
component: warded key systems
attack: skeleton keys
mitigation: never use these for any reason
176. http://enterthecore.net
Padlock Attacks and Mitigations
component: latches
attack: shimming
mitigation: double ball / shim-proof mechanism
component: warded key systems
attack: skeleton keys
mitigation: never use these for any reason
component: pin stacks
attack: overlifting with comb picks
mitigation: proper fabrication dimensions
177. http://enterthecore.net
Padlock Attacks and Mitigations
component: latches
attack: shimming
mitigation: double ball / shim-proof mechanism
component: warded key systems
attack: skeleton keys
mitigation: never use these for any reason
component: pin stacks
attack: overlifting with comb picks
mitigation: proper fabrication dimensions
component: release cam
attack: bypassing
mitigation: blocking elements or key-retaining
systems immune to bypassing
178. http://enterthecore.net
Padlock Attacks and Mitigations
component: latches
attack: shimming
mitigation: double ball / shim-proof mechanism
component: warded key systems
attack: skeleton keys
mitigation: never use these for any reason
component: pin stacks
attack: overlifting with comb picks
mitigation: proper fabrication dimensions
component: release cam
attack: bypassing
mitigation: blocking elements or key-retaining
systems immune to bypassing
188. http://enterthecore.net
Door Attacks and Mitigations
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
189. http://enterthecore.net
Door Attacks and Mitigations
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, crash bar, etc.
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
190. http://enterthecore.net
Door Attacks and Mitigations
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, etc.
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes
attack: weak locks can be picked
mitigation: remove them or get a variance
191. http://enterthecore.net
Door Attacks and Mitigations
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, etc.
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes
attack: weak locks can be picked
mitigation: remove them or get a variance
component: edge gaps
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal
192. http://enterthecore.net
Door Attacks and Mitigations
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, etc.
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes
attack: weak locks can be picked
mitigation: remove them or get a variance
component: edge gaps
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal
component: bottom gap
attack: under door attacks
mitigation: security door bottom and/or
blocking shroud
193. http://enterthecore.net
Door Attacks and Mitigations
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, etc.
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes
attack: weak locks can be picked
mitigation: remove them or get a variance
component: edge gaps
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal
component: bottom gap
attack: under door attacks
mitigation: security door bottom and/or
blocking shroud
component: doorframe
attack: jacking / spreading attacks
mitigation: interlocking deadbolt along with
stronger frame structure
194. http://enterthecore.net
component: hinges
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, etc
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes
attack: weak locks can be picked
mitigation: remove them or get a variance
component: edge gaps
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal
component: bottom gap
attack: under door attacks
mitigation: security door bottom and/or
blocking shroud
component: doorframe
attack: jacking / spreading attacks
mitigation: interlocking deadbolt along with
stronger frame structure
Door Attacks and Mitigations
195. http://enterthecore.net
Door Attacks and Mitigations
component: hinges - $50
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches - $150
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn, etc - $200
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes - $0
attack: weak locks can be picked
mitigation: remove them or get a variance
component: edge gaps - $150
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal
component: bottom gap - $60
attack: under door attacks
mitigation: security door bottom and/or
blocking shroud
component: doorframe - $200
attack: jacking / spreading attacks
mitigation: interlocking deadbolt along with
stronger frame structure
196. http://enterthecore.net
Door Attacks and Mitigations
component: hinges - $50
attack: removing the pins
mitigation: security hinges or jamb pin screws
component: latches - $150
attack: loiding
mitigation: anti-thrust latch, properly installed
component: inside thumb turn - $200
attack: reach-through tools / thumb turner
mitigation: good deadbolt, door fitment
component: key boxes - $0
attack: weak locks can be picked
mitigation: remove them or get a variance
component: edge gaps - $150
attack: tricking sensors & electronic locks
mitigation: better sensors, security astragal
component: bottom gap - $60
attack: under door attacks
mitigation: security door bottom and/or
blocking shroud
component: doorframe - $200
attack: jacking / spreading attacks
mitigation: interlocking deadbolt along with
stronger frame structure