Physical Security Alert - from WServerNews Vol. 11, #34 - Aug 21, 2006 - Issue #590

"We're often so concerned about IT security we forget to "close the front door". There is a way to hack cylinder locks with so called "bump keys" that are becoming more and more available. Click this link, see the 07:41 minute video (Dutch with English subtitles) and prepare to be flabbergasted. Next, get yourself a biometric lock (not key-based) for the actually important real estate like server rooms that you need to secure. I only heard about it this week, but the data is from Jan, 2005. All the more reason to take action. Here is the video:

http://www.wservernews.com/CGT1E8/060821-Bumping

They also have a PDF where they describe the process (PDF):

http://www.wservernews.com/CGT1E8/060821-Bumping_PDF "

WOW!

I emailed my FBI buddy about this, he is a "tech", to find out what he knows. I'll post his reply when I get it. :eek:

Old news (but worth knowing.) Most people evaluate security on how hard they perceive it would be for them to get through it, and they usually only look at the surface and do so with a limited base of knowledge and skill set.

To XOTech's point, IT security fundamentally breaks down if physical security is compromised. Facilities that I've worked at used a combination of badge-access, biomentrics, and keypads for entry with cameras and live guards for good measure. Even then, a determined advesary could probably get in if they really wanted to and were willing to throw time and resources at the problem.

Most general defensive security measures boil down to raising the bar high enough that the advesary seeks another target.