[hackerspaces] RFC: security alarm and access control systems in use

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[hackerspaces] RFC: security alarm and access control systems in use

Brett Dikeman
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

charlie wallace
>Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

because they know that there are a gazillion other ways to gain entry,
most people trying to break in don't come armed with proxmarks.

On Mon, Jun 15, 2015 at 5:47 PM, Brett Dikeman <[hidden email]> wrote:

> A hackerspace I belong to has probably hit the point of needing an alarm and
> access control system. I'm wondering what good solutions have been created -
> what the "state of the art" is in hackerspace security these days.
>
> https://wiki.hackerspaces.org/Doorlock
>
> It'd be awesome if that were updated with any new projects - and if some of
> the existing writeups could be updated or better documented; a number of
> them say "this writeup needs to get updated" or the writeup is super sparse.
> This is a very common and basic need, so more info/guidance would be very
> beneficial. Not just what people have made, but tradeoffs, lessons learned,
> mistakes made, etc.
>
> Also: why do so many of these hackerspace access control systems use RFID /
> proximity cards? Hackerspace people are among the most likely to know how
> laughable security is with them, yet so many hackerspaces use them?
> It's...weird.
>
> -B
>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Paul Brown
In reply to this post by Brett Dikeman
"Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them?"

Here's a good podcast that covers a related topic: http://99percentinvisible.org/episode/perfect-security/

tl;dr: "It’s not just locks that keep us safe—it’s the existing social order."


On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <[hidden email]> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss



_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

JB Zurn

I think a lot of hackerspaces use RFID because it's a fun project for members to build. Also because it's easier to reprogram cards and codes than to track down keys and replace locks.

Also I guess they assume that someone who is capable of hacking a proxcard system would probably enjoy hanging out with people at a hackerspace.

If you have people around who don't realize stealing stuff indirectly reduces the number of interesting people to hang out with at their space, there may be a culture problem.

That being said,  it may help to combine cards with access codes (that are changed regularly). Something you have and something you know, as it were. There's always the "camera" debate too. Whether people are more afraid of thieves or cameras depends on the group. A camera compromise is to point the camera at the entrance, away from the space.

-Brooks


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Brett Dikeman

On Mon, Jun 15, 2015 at 9:55 PM, JB Zurn <[hidden email]> wrote:
Also I guess they assume that someone who is capable of hacking a proxcard system would probably enjoy hanging out with people at a hackerspace.

Given our space has instructions on how to hang out with us (public events, email and ask), someone with such poor respect for other people's boundaries is not someone I would want to be part of our community. I'm well aware security is never perfect; yes, there are easier means, but other methods (ie physical) leave much more evidence, do not potentially endanger the reputation of an innocent party, etc. There are a multitude of reasons for wanting good access control. We've had to expel one member and lock them out because their behavior harmed others.

Anyway...this was just a secondary comment/grousing, and I don't want to get bogged down in it. Simple take it as my opinion that hackerspaces should demonstrate good security, given how often so many people who frequent them, concern themselves with, or make fun of, poor security practices of others.

What's the current state-of-the-art / who has a really sweet setup? Lessons learned? Thank you to the person who added a new link to the wiki!

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Arclight
We developed this access control system and also sell copies:

http://accxproducts.com/wiki/index.php?title=Main_Page

The version 4 Open Access is a very robust platform that supports
2xWiegand-format card readers, 4xrelays, 4xsupervised alarm zones, has
a real-time clock, and can have a Raspberry Pi bolted on. You can buy
them here:

http://www.wallofsheep.com/

The hardware is deployed at 50+ sites and is used for industrial
stuff. It will work stand-alone or docked to a server for
logging/remote control. What it could use some help with is a nicer
Web GUI. There are two projects available now, but more work would
improve things considerably.

As far as RFID goes, it has lots of security limitations. For managing
a hackerspace, it offers cheap, easily-revoked tokens and logging. We
got tired of dealing with metal keys, so we developed this system and
went for simple card format.  There are also better tokens available,
and contactless RFID can be combined with a PIN or other second factor
very easily.

We figured out after a couple of years that security model mostly includes:

1. Keeping the junkies from the alley out of our space
2. Making it difficult for someone to roll a moving truck up to the
space on a long weekend and make off with all of our gear.

The rest of the features are about convenience (i.e. letting the
maintenance man in remotely/etc).

Arclight
23b Shop, Fullerton CA
http://blog.shop/23b.org
Arclight

On Mon, Jun 15, 2015 at 8:35 PM, Brett Dikeman <[hidden email]> wrote:

>
> On Mon, Jun 15, 2015 at 9:55 PM, JB Zurn <[hidden email]> wrote:
>>
>> Also I guess they assume that someone who is capable of hacking a proxcard
>> system would probably enjoy hanging out with people at a hackerspace.
>
>
> Given our space has instructions on how to hang out with us (public events,
> email and ask), someone with such poor respect for other people's boundaries
> is not someone I would want to be part of our community. I'm well aware
> security is never perfect; yes, there are easier means, but other methods
> (ie physical) leave much more evidence, do not potentially endanger the
> reputation of an innocent party, etc. There are a multitude of reasons for
> wanting good access control. We've had to expel one member and lock them out
> because their behavior harmed others.
>
> Anyway...this was just a secondary comment/grousing, and I don't want to get
> bogged down in it. Simple take it as my opinion that hackerspaces should
> demonstrate good security, given how often so many people who frequent them,
> concern themselves with, or make fun of, poor security practices of others.
>
> What's the current state-of-the-art / who has a really sweet setup? Lessons
> learned? Thank you to the person who added a new link to the wiki!
>
> -B
>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Ron Bean-2
In reply to this post by Brett Dikeman
>Also: why do so many of these hackerspace access control systems use RFID /
>proximity cards? Hackerspace people are among the most likely to know how
>laughable security is with them, yet so many hackerspaces use them?

I haven't seen it, but I've been told that there is video of a member
letting himself in with a slimjim when his RFID card didn't work. One
could argue that it would have been easier for him to hack the system,
but in his case I don't think so. (He's no longer around, but that's a
different story. Also, the doors now have latch guards.)

Anyway, this is one anecdote in favor of the idea that the people we're
trying to keep out are unlikely to bother hacking the RFID system (for
the same reason that burglars seldom bother to pick locks-- only nerds
do that, and they're not interested in breaking in).

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Daniel F
In reply to this post by Brett Dikeman

As much as rfid has inherent security issues, it makes giving people access easy.

If it's a standard key then you have no idea who is coming in or out. Getting another set cut is expensive and can be problematic, and if someone looses their key or stops paying membership then I've got to replace the locks and 30+ sets of keys.

With rfid, I know who's coming in when, new cards can be added for pennies and little effort and it's extremely easy to disable a single members access should it be needed.

Sent from a touchscreen; apologies for typos and berivity.

On 16 Jun 2015 01:47, "Brett Dikeman" <[hidden email]> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Joshua Pritt
In reply to this post by Ron Bean-2
I added Melbourne Makerspace's lock system to the wiki page.
Note that our front wall and door are all glass so anyone with a rock, brick, hammer, thick skull can get in.
We do have an inner door that has a push button number lock so we have a two factor, something you have and something you know authentication.
But like we all know, locks just keep honest people honest.  It's not going to stop someone that's 100% motivated to really get in.
Even with a retinal scanner we'd still have some Mission Impossible people coming in through the bathroom vents!

Our door lock is powered by a Raspberry Pi and a little RFID reader module and interfaces with Seltzer via a custom REST query to check if the swiped RFID serial is in our DB then checks if the key's owner has paid their dues in the last 3 months.  If the key isn't found in the DB it gives an Access Denied message on the little LCD screen AND emails our board members with the serial number that was tried.
If the person hasn't paid their dues it emails the board members with that member's balance.
If it's all good it will give an Access Granted! message on the LCD screen and open the relay for the magnet lock.
We recently put a UPS on the system for power blinks, etc.






On Tue, Jun 16, 2015 at 9:39 AM, Ron Bean <[hidden email]> wrote:
>Also: why do so many of these hackerspace access control systems use RFID /
>proximity cards? Hackerspace people are among the most likely to know how
>laughable security is with them, yet so many hackerspaces use them?

I haven't seen it, but I've been told that there is video of a member
letting himself in with a slimjim when his RFID card didn't work. One
could argue that it would have been easier for him to hack the system,
but in his case I don't think so. (He's no longer around, but that's a
different story. Also, the doors now have latch guards.)

Anyway, this is one anecdote in favor of the idea that the people we're
trying to keep out are unlikely to bother hacking the RFID system (for
the same reason that burglars seldom bother to pick locks-- only nerds
do that, and they're not interested in breaking in).

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

dosman
In reply to this post by Daniel F
While I have several key machines and a stock of key blanks, it’s still easier to add an RFID fob for someone (we use an older Arduino version of the Open Access system discussed earlier). It’s also easier to have your invoicing system automatically disable their RFID when they forget to pay several months in a row, so I think it comes down to ease of use. Also it’s nice to have an audit trail when you are trusting new people with 24x7 access. But it’s probably more likely people enjoy having IRC bots announce when people physically show up at the space and such.

On the flip side, electric door strikes are flimsy compared to dead bolts and I don’t trust them without additional enhancements. I do recommend shoring up your door security if you use them. Like others have said, I’m not worried about someone with a proxmark working on the RFID, I’m worried about junkies looking to snatch the lowest hanging fruit. At a minimum this means adding a cover plate over the door strike area, 1/8” steel plate can be used too. The thing to prevent is any pry tool from getting a foot-hold in the door near the parts that bind (the electric strike). The further away from these points pry tools are used, the more the door will flex which reduces the pressure going directly on the strike. Door flex is a good thing up to a point at least.

Both doors to our building had crow bar marks at the seams next to the dead bolts before we moved in. Thankfully we have nice commercial steel door frames and quality steel doors, whoever was working on it did not appear to have gotten in. And don’t neglect your door hinges if they are on the outside, a lithium powered saws all can do amazing things. I like to install 3/4” steel bolts in the inside seams of doors (with matching holes in the frame) so even if the hinges are cut clean off the door isn’t going anywhere.


On Jun 16, 2015, at 10:01 AM, Daniel F <[hidden email]> wrote:

As much as rfid has inherent security issues, it makes giving people access easy.

If it's a standard key then you have no idea who is coming in or out. Getting another set cut is expensive and can be problematic, and if someone looses their key or stops paying membership then I've got to replace the locks and 30+ sets of keys.

With rfid, I know who's coming in when, new cards can be added for pennies and little effort and it's extremely easy to disable a single members access should it be needed.

Sent from a touchscreen; apologies for typos and berivity.

On 16 Jun 2015 01:47, "Brett Dikeman" <[hidden email]> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Shirley Hicks
In reply to this post by Paul Brown
The Red Mountain Makerspace has been using a commercial APT system in March, in combination with keyed locks.

Yes, this is not terribly hackerish, but we needed to get infrastructure in place in a relatively short period of time to deal with some real security concerns. We're in an old building in a transitioning neighborhood. We need to grow our org as quickl to address real community needs for tech education, exploration and community development, so we've chosen to pay for services that will take time and skill to develop, while using the inhouse talent pool to complete tasks within their existing skillsets. 

Going with a commercial solution for the next few years allows us to focus on growing our introductory circuitry, 3D printing, CNC, open source and programming offerings and to support development of the local tech community. Our plan is to switch to RFID cards tied to membership dues payment within the next nine months. (we'll probably get it done sooner, but we are practicing allowing for the worst and working towards the best possible outcomes).

Shirley Hicks
Secretary/Business Admin/Programmer/Maker
Red Mountain Makers
Twitter: @redmountainmake
Facebook: Red Mountain Makers

 
On Jun 15, 2015, at 8:14 PM, Paul Brown <[hidden email]> wrote:

"Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them?"

Here's a good podcast that covers a related topic: http://99percentinvisible.org/episode/perfect-security/

tl;dr: "It’s not just locks that keep us safe—it’s the existing social order."


On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <[hidden email]> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss







_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Bob Bownes

At the CoG, we are using an off the shelf card system but are implementing our own rfid system for the new building.  Cost and flexibility are the motivations. We need to control >10 doors, >10 locking cabinets, and a similar number of machine tools, 3d printers, etc. 

Nothing on the market will drive that many doors that for under $$$$. The building system that was quoted handled 12 doors and was >$30k. And it went up exponentially from there. Not to mention it was a closed system so we could not tie it into our CRM/member management system. 

The result is a system based on COTS hardware (Commercial door strikers, magnetic locks, card readers, biometric scanners, TiVa C and Ethernet relay boards) and an open API. 

Komradebob 

On Jun 16, 2015, at 10:49, Shirley Hicks <[hidden email]> wrote:

The Red Mountain Makerspace has been using a commercial APT system in March, in combination with keyed locks.

Yes, this is not terribly hackerish, but we needed to get infrastructure in place in a relatively short period of time to deal with some real security concerns. We're in an old building in a transitioning neighborhood. We need to grow our org as quickl to address real community needs for tech education, exploration and community development, so we've chosen to pay for services that will take time and skill to develop, while using the inhouse talent pool to complete tasks within their existing skillsets. 

Going with a commercial solution for the next few years allows us to focus on growing our introductory circuitry, 3D printing, CNC, open source and programming offerings and to support development of the local tech community. Our plan is to switch to RFID cards tied to membership dues payment within the next nine months. (we'll probably get it done sooner, but we are practicing allowing for the worst and working towards the best possible outcomes).

Shirley Hicks
Secretary/Business Admin/Programmer/Maker
Red Mountain Makers
Twitter: @redmountainmake
Facebook: Red Mountain Makers

 
On Jun 15, 2015, at 8:14 PM, Paul Brown <[hidden email]> wrote:

"Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them?"

Here's a good podcast that covers a related topic: http://99percentinvisible.org/episode/perfect-security/

tl;dr: "It’s not just locks that keep us safe—it’s the existing social order."


On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <[hidden email]> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss






_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

michael howard
I guess it comes down to size and community agreement at each space. 

With very few members a metal key is ok. At 50 members or so, knowing who is coming and going becomes an issue. 

A very security-oriented hackerspace might find it interesting for members to hack their way around the door and everything else, and invest lots of time and money on security projects. 

A more artist or maker-oriented group would likely find this cheating or sabotaging the community, and take some actions. Perhaps  punitive. 

As said, security is mostly made up of social agreement, behavior, and not only  equipment. 

Many small communities hardly have locks at all, and rely mostly on social agreements,  social punishments, etc. 

Perhaps a compromise could be made in creating some sort of official game or projects around the door and space security. 



Em terça-feira, 16 de junho de 2015, bownes <[hidden email]> escreveu:

At the CoG, we are using an off the shelf card system but are implementing our own rfid system for the new building.  Cost and flexibility are the motivations. We need to control >10 doors, >10 locking cabinets, and a similar number of machine tools, 3d printers, etc. 

Nothing on the market will drive that many doors that for under $$$$. The building system that was quoted handled 12 doors and was >$30k. And it went up exponentially from there. Not to mention it was a closed system so we could not tie it into our CRM/member management system. 

The result is a system based on COTS hardware (Commercial door strikers, magnetic locks, card readers, biometric scanners, TiVa C and Ethernet relay boards) and an open API. 

Komradebob 

On Jun 16, 2015, at 10:49, Shirley Hicks <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;shirley@velochicdesign.com&#39;);" target="_blank">shirley@...> wrote:

The Red Mountain Makerspace has been using a commercial APT system in March, in combination with keyed locks.

Yes, this is not terribly hackerish, but we needed to get infrastructure in place in a relatively short period of time to deal with some real security concerns. We're in an old building in a transitioning neighborhood. We need to grow our org as quickl to address real community needs for tech education, exploration and community development, so we've chosen to pay for services that will take time and skill to develop, while using the inhouse talent pool to complete tasks within their existing skillsets. 

Going with a commercial solution for the next few years allows us to focus on growing our introductory circuitry, 3D printing, CNC, open source and programming offerings and to support development of the local tech community. Our plan is to switch to RFID cards tied to membership dues payment within the next nine months. (we'll probably get it done sooner, but we are practicing allowing for the worst and working towards the best possible outcomes).

Shirley Hicks
Secretary/Business Admin/Programmer/Maker
Red Mountain Makers
Twitter: @redmountainmake
Facebook: Red Mountain Makers

 
On Jun 15, 2015, at 8:14 PM, Paul Brown <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;paul90brown@gmail.com&#39;);" target="_blank">paul90brown@...> wrote:

"Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them?"

Here's a good podcast that covers a related topic: http://99percentinvisible.org/episode/perfect-security/

tl;dr: "It’s not just locks that keep us safe—it’s the existing social order."


On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;brett.dikeman@gmail.com&#39;);" target="_blank">brett.dikeman@...> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Discuss@lists.hackerspaces.org&#39;);" target="_blank">Discuss@...
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Discuss@lists.hackerspaces.org&#39;);" target="_blank">Discuss@...
http://lists.hackerspaces.org/mailman/listinfo/discuss






_______________________________________________
Discuss mailing list
<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Discuss@lists.hackerspaces.org&#39;);" target="_blank">Discuss@...
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Ron Bean-2
In reply to this post by Joshua Pritt
>But like we all know, locks just keep honest people honest.

I'm amused that people keep repeating this.
Locks keep dishonest opportunists looking for easier targets.

It's like that old joke that says "I don't have to outrun the bear, I
just have to outrun you."


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Jens
In reply to this post by Brett Dikeman
At MakeICT in Kansas, our makers/hackers built an RFID system that runs on a Raspberry Pi and syncs with our member management software, Wild Apricot.  We have been pleased with it's capabilities and recently connected it to the alarm system at our facility.


(Can't edit the Wiki for some reason, sorry)

Jens
Treasurer, MakeICT

On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <[hidden email]> wrote:
A hackerspace I belong to has probably hit the point of needing an alarm and access control system. I'm wondering what good solutions have been created - what the "state of the art" is in hackerspace security these days.

It'd be awesome if that were updated with any new projects - and if some of the existing writeups could be updated or better documented; a number of them say "this writeup needs to get updated" or the writeup is super sparse. This is a very common and basic need, so more info/guidance would be very beneficial. Not just what people have made, but tradeoffs, lessons learned, mistakes made, etc.

Also: why do so many of these hackerspace access control systems use RFID / proximity cards? Hackerspace people are among the most likely to know how laughable security is with them, yet so many hackerspaces use them? It's...weird.

-B

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss



_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Arclight
One of the issues with improving the hackerspace security stack is
getting everything into a restful APIU.  What is everyone doing for
serial interfacing?  Has anyone thought about using GPSD or another
high-quality serial daemon's code as a bidrectional, event-driven
serial handler?

Arclight

On Tue, Jun 16, 2015 at 10:20 AM, Jens <[hidden email]> wrote:

> At MakeICT in Kansas, our makers/hackers built an RFID system that runs on a
> Raspberry Pi and syncs with our member management software, Wild Apricot.
> We have been pleased with it's capabilities and recently connected it to the
> alarm system at our facility.
>
> http://makeict.org/wiki/index.php/Electronic_Door_Entry
>
> (Can't edit the Wiki for some reason, sorry)
>
> Jens
> Treasurer, MakeICT
>
> On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <[hidden email]>
> wrote:
>>
>> A hackerspace I belong to has probably hit the point of needing an alarm
>> and access control system. I'm wondering what good solutions have been
>> created - what the "state of the art" is in hackerspace security these days.
>>
>> https://wiki.hackerspaces.org/Doorlock
>>
>> It'd be awesome if that were updated with any new projects - and if some
>> of the existing writeups could be updated or better documented; a number of
>> them say "this writeup needs to get updated" or the writeup is super sparse.
>> This is a very common and basic need, so more info/guidance would be very
>> beneficial. Not just what people have made, but tradeoffs, lessons learned,
>> mistakes made, etc.
>>
>> Also: why do so many of these hackerspace access control systems use RFID
>> / proximity cards? Hackerspace people are among the most likely to know how
>> laughable security is with them, yet so many hackerspaces use them?
>> It's...weird.
>>
>> -B
>>
>> _______________________________________________
>> Discuss mailing list
>> [hidden email]
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
>
>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Buddy Smith
Don't forget to look into legal requirements when building or installing an access control system. If your space needs a Certificate of Occupancy you may have to meet legal requirements ( like UL listings, failsafe, etc etc etc).

It can be fun to roll your own, but consult with lawyers (or your insurance company) if need be.....

I am not a lawyer. Just offering a word of advice.

On Tue, Jun 16, 2015 at 1:31 PM, Arclight <[hidden email]> wrote:
One of the issues with improving the hackerspace security stack is
getting everything into a restful APIU.  What is everyone doing for
serial interfacing?  Has anyone thought about using GPSD or another
high-quality serial daemon's code as a bidrectional, event-driven
serial handler?

Arclight

On Tue, Jun 16, 2015 at 10:20 AM, Jens <[hidden email]> wrote:
> At MakeICT in Kansas, our makers/hackers built an RFID system that runs on a
> Raspberry Pi and syncs with our member management software, Wild Apricot.
> We have been pleased with it's capabilities and recently connected it to the
> alarm system at our facility.
>
> http://makeict.org/wiki/index.php/Electronic_Door_Entry
>
> (Can't edit the Wiki for some reason, sorry)
>
> Jens
> Treasurer, MakeICT
>
> On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman <[hidden email]>
> wrote:
>>
>> A hackerspace I belong to has probably hit the point of needing an alarm
>> and access control system. I'm wondering what good solutions have been
>> created - what the "state of the art" is in hackerspace security these days.
>>
>> https://wiki.hackerspaces.org/Doorlock
>>
>> It'd be awesome if that were updated with any new projects - and if some
>> of the existing writeups could be updated or better documented; a number of
>> them say "this writeup needs to get updated" or the writeup is super sparse.
>> This is a very common and basic need, so more info/guidance would be very
>> beneficial. Not just what people have made, but tradeoffs, lessons learned,
>> mistakes made, etc.
>>
>> Also: why do so many of these hackerspace access control systems use RFID
>> / proximity cards? Hackerspace people are among the most likely to know how
>> laughable security is with them, yet so many hackerspaces use them?
>> It's...weird.
>>
>> -B
>>
>> _______________________________________________
>> Discuss mailing list
>> [hidden email]
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
>
>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Pete Prodoehl
In reply to this post by Bob Bownes

Any info on how you are doing the system? We've discussed using RFID for
machine access multiple times but no one has stepped up to design (or
build, or fund) a system yet.


Pete


On 6/16/15 10:14 AM, bownes wrote:

>
> At the CoG, we are using an off the shelf card system but are
> implementing our own rfid system for the new building.  Cost and
> flexibility are the motivations. We need to control >10 doors, >10
> locking cabinets, and a similar number of machine tools, 3d printers,
> etc.
>
> Nothing on the market will drive that many doors that for under $$$$.
> The building system that was quoted handled 12 doors and was >$30k.
> And it went up exponentially from there. Not to mention it was a
> closed system so we could not tie it into our CRM/member management
> system.
>
> The result is a system based on COTS hardware (Commercial door
> strikers, magnetic locks, card readers, biometric scanners, TiVa C and
> Ethernet relay boards) and an open API.
>
> Komradebob
>
> On Jun 16, 2015, at 10:49, Shirley Hicks <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>> The Red Mountain Makerspace has been using a commercial APT system in
>> March, in combination with keyed locks.
>>
>> Yes, this is not terribly hackerish, but we needed to get
>> infrastructure in place in a relatively short period of time to deal
>> with some real security concerns. We're in an old building in a
>> transitioning neighborhood. We need to grow our org as quickl to
>> address real community needs for tech education, exploration and
>> community development, so we've chosen to pay for services that will
>> take time and skill to develop, while using the inhouse talent pool
>> to complete tasks within their existing skillsets.
>>
>> Going with a commercial solution for the next few years allows us to
>> focus on growing our introductory circuitry, 3D printing, CNC, open
>> source and programming offerings and to support development of the
>> local tech community. Our plan is to switch to RFID cards tied to
>> membership dues payment within the next nine months. (we'll probably
>> get it done sooner, but we are practicing allowing for the worst and
>> working towards the best possible outcomes).
>>
>> Shirley Hicks
>> Secretary/Business Admin/Programmer/Maker
>> Red Mountain Makers
>> http://www.redmountainmakers.org <http://www.redmountainmakers.org/>
>> Twitter: @redmountainmake
>> Facebook: Red Mountain Makers
>> Meetup: meetup.com/redmountainmakers
>> <http://meetup.com/redmountainmakers>
>>
>>
>> On Jun 15, 2015, at 8:14 PM, Paul Brown <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>> "Hackerspace people are among the most likely to know how laughable
>>> security is with them, yet so many hackerspaces use them?"
>>>
>>> Here's a good podcast that covers a related topic:
>>> http://99percentinvisible.org/episode/perfect-security/
>>>
>>> tl;dr: "It’s not just locks that keep us safe—it’s the existing
>>> social order."
>>>
>>>
>>> On Mon, Jun 15, 2015 at 7:47 PM, Brett Dikeman
>>> <[hidden email] <mailto:[hidden email]>> wrote:
>>>
>>>     A hackerspace I belong to has probably hit the point of needing
>>>     an alarm and access control system. I'm wondering what good
>>>     solutions have been created - what the "state of the art" is in
>>>     hackerspace security these days.
>>>
>>>     https://wiki.hackerspaces.org/Doorlock
>>>
>>>     It'd be awesome if that were updated with any new projects - and
>>>     if some of the existing writeups could be updated or better
>>>     documented; a number of them say "this writeup needs to get
>>>     updated" or the writeup is super sparse. This is a very common
>>>     and basic need, so more info/guidance would be very beneficial.
>>>     Not just what people have made, but tradeoffs, lessons learned,
>>>     mistakes made, etc.
>>>
>>>     Also: why do so many of these hackerspace access control systems
>>>     use RFID / proximity cards? Hackerspace people are among the
>>>     most likely to know how laughable security is with them, yet so
>>>     many hackerspaces use them? It's...weird.
>>>
>>>     -B
>>>

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Pete Prodoehl
In reply to this post by Ron Bean-2

I saw the video... The member in question claimed he forgot his RFID tag
inside the building and got locked out.

Of course the same (ex-)member also managed to pay dues late every
single month, which prompted us to lock people out if they were late
with dues payments.

Now our system actually shows you when your membership expires, so that
you know you'll be locked out after that date, if you fail to pay.

(Many of our possibly draconian policies are in place due to a few bad
members we had in the past.)


Pete


On 6/16/15 8:39 AM, Ron Bean wrote:

>> Also: why do so many of these hackerspace access control systems use RFID /
>> proximity cards? Hackerspace people are among the most likely to know how
>> laughable security is with them, yet so many hackerspaces use them?
> I haven't seen it, but I've been told that there is video of a member
> letting himself in with a slimjim when his RFID card didn't work. One
> could argue that it would have been easier for him to hack the system,
> but in his case I don't think so. (He's no longer around, but that's a
> different story. Also, the doors now have latch guards.)
>
> Anyway, this is one anecdote in favor of the idea that the people we're
> trying to keep out are unlikely to bother hacking the RFID system (for
> the same reason that burglars seldom bother to pick locks-- only nerds
> do that, and they're not interested in breaking in).
>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|

Re: [hackerspaces] RFC: security alarm and access control systems in use

Petr Baudis
In reply to this post by Arclight
On Tue, Jun 16, 2015 at 10:31:32AM -0700, Arclight wrote:
> One of the issues with improving the hackerspace security stack is
> getting everything into a restful APIU.  What is everyone doing for
> serial interfacing?  Has anyone thought about using GPSD or another
> high-quality serial daemon's code as a bidrectional, event-driven
> serial handler?

In brmlab's homegrown RFID door system, I've found Perl's POE reasonably
pleasant to use in a daemon that does aysnchronous serial communication
and web, irc interfaces simultaneously:

        http://log.or.cz/?p=156

--
                                Petr Baudis
        If you have good ideas, good data and fast computers,
        you can do almost anything. -- Geoffrey Hinton
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
12