Results 1 to 9 of 9

Thread: MIFARE / HID / EM4100 secure?

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default MIFARE / HID / EM4100 secure?

    Hi everyone,

    I'm looking at getting our new building fitted out with a prox-based access control system.

    From what I've read, all the affordable systems seem to be cloneable. EM4100 seems the easiest, followed by HID and MIFARE. Is this a real problem in reality?

    There'll be CCTV cameras as well, but only on the inside of the entrances.

    The building is for a not-for-profit org so there's no real need for extra-high security (they can just smash a window really). It's mainly for the convenience of being able to issue and cancel cards easily.

    There will also be an alarm system, but I haven't decided if it will be part of the access control system, or independent.

    Does a combined access control + alarm system cost significantly more than e.g. a Solution 16/64 with a generic access controller? I've been looking at cheapo ebay access controllers - they're cheap but the control software looks pretty average.

    There are about 4-5 external doors. I'd like to get a whole heap of internal doors done up too, depending on cost.

    Thanks!



Look Here ->
  • #2
    Senior Member

    Join Date
    May 2010
    Posts
    2,106
    Thanks
    252
    Thanked 839 Times in 515 Posts
    Rep Power
    368
    Reputation
    6489

    Default

    Standard 26bit access control technologies are very easily cloned. Devices are available enabling the cloning of such cards simply by walking by you. You really have to look at the risk profile of your premises in deciding upon a direction. In reality, you're likely a very low risk so the chance of someone bothering to clone a card are two fifths of bugger all. Having said that, doesn't cost 'that' much more to make use of newer technologies that make cloning more difficult or nigh on impossible.

    As for having independant alarm and access control systems there is no real advantage. Infact, the opposite is true. Having a completely integrated solution offers many benefits not the least of which is system management. IE: A staff member leaves or a new one starts, you only have to update details in one system.

    Regarding the cheap gear available on Ebay, don't bother. You're unlikely to get any semblance of local support in installing it, let alone maintaining it. Spend a few extra $$$$ on something that's tried, tested and fully supported. You'll be thankful you did the first time you need support. Also, depending on how many doors you're looking to control, some of the lower end (by high quality) solutions may suit your needs perfectly and within your budget.

    At the end of the day, it's your security at stake. You're the one that needs to decide how much you're willing to risk it.

  • #3
    Junior Member
    Join Date
    Feb 2010
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default

    Hi Drift,

    What would be a decent difficult-to-clone technology be at the moment, and roughly how much a reader would cost?


    As for having independant alarm and access control systems there is no real advantage. Infact, the opposite is true. Having a completely integrated solution offers many benefits not the least of which is system management. IE: A staff member leaves or a new one starts, you only have to update details in one system.
    Oh definitely, the only benefit I had in mind was cost. From what I read, something integrated like a Tecom system would end up costing quite a fair bit more than a basic Bosch Solution 16 or 64 system, plus a standalone access control system.

    Would anyone happen to know roughly how much a decent alarm + access control system would cost, lets say with 6 doors (with rfid readers) and ahh, maybe 15 PIRs and 10 reeds and maybe 10 glass break sensors? It's a small standalone 3-storey building.

    The building is still in the early stages of renovation so I'm just checking to see what sort of system we would find most suitable.

    At the end of the day, it's your security at stake. You're the one that needs to decide how much you're willing to risk it.
    That's true. We have the benefit of being a slightly boring target for thieves, so once I get a better idea of what kind of money these systems cost, I'll be able to make a smarter decision.

    I've tried some of those ebay cheapies (a standalone fingerprint reader which can be managed from a computer) and it works pretty well for 2 of our internal doors.

    They're extremely easy to bypass if you unscrewed them from the wall and crossed a wire or two, but realistically someone would just shove a screwdriver in between the cardboard-cored door and aluminium door frame before bothering to do that. Or just kick it.

    Maybe getting a proper system for the external doors and using ebay cheapies for the internal ones would be a good compromise.

    Thanks

  • #4
    Senior Member
    downunderdan's Avatar
    Join Date
    Sep 2008
    Location
    Sydney Metropolitan
    Posts
    2,497
    Thanks
    163
    Thanked 601 Times in 422 Posts
    Rep Power
    365
    Reputation
    4649

    Default

    You can have good and you can have cheap. But you only get to choose one.

    In regards to pricing, the labour component is probably the most expensive and it's difficult to estimate that here. You also need to allow for door hardware e.g. strikes, hook-locks, maglocks etc. and installing these can vary in difficulty. As you're renovating, a lot of this is quite easy if planned in advance, for example allowing for cabling, strikes etc .in the doorframes. Your choice of door is also important as is the direction it opens.

    If you go with something like a Solution 64, you are limited to their choice of cards and readers. There's nothing wrong with this at all, but you may want to avoid over-complicating things by adding third-party hardware into the mix.

    The other thing to keep in mind is (as I've told too many enterprises over the years) is you could spend $200,000 on access control but if a single staff member allows a person to tailgate (follow) them into the building, it's a total waste of time.
    Last edited by downunderdan; 05-05-12 at 09:59 AM.

  • #5
    Junior Member
    Join Date
    Jun 2009
    Age
    46
    Posts
    45
    Thanks
    1
    Thanked 1 Time in 1 Post
    Rep Power
    181
    Reputation
    20

    Default

    Use HID Iclass High Security

    has a mutual authentication system that gives a layer of encryption between reader and card...

    or, in other words, you can only read the cards on the readers on the site,
    if you present the card to any other iclass reader, you get nowt!


    Ignore the actual platform itself (innerrange / bosch / tecom, etc), that technology is different and doesn't really mean much in your scope, and, at the end of the day, a huge percentage of cards, etc communicate with the platform / panel by 26 bit weigand anyway

    now, those that say 26 bit weigand is insecure - probably, but, what theif is going to bother tapping into the datastream from the card reader, or trying to lever the card reader off the wall (and triggering the tamper in the iclass),
    they'd just 'borrow' someones card to get into the building!



    have a look at to see one of our installers that can help you with this install

    Otherwise, you could alwalys go paradox EVO
    () and use that with HID iclass card readers, set to high security!

    Dean

  • #6
    Junior Member
    Join Date
    Feb 2010
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default

    Thanks dean! I'll have a look through them all. Do you know offhand roughly what price range the iCLASS and Paradox readers and panels are in?

    I agree, wiegand may be insecure, but I suppose it's easier to just break something than to bug a reader or clone a card. Either way they'd have to get past the alarm and cameras as well.

  • #7
    Senior Member
    downunderdan's Avatar
    Join Date
    Sep 2008
    Location
    Sydney Metropolitan
    Posts
    2,497
    Thanks
    163
    Thanked 601 Times in 422 Posts
    Rep Power
    365
    Reputation
    4649

    Default

    Quote Originally Posted by eug View Post
    I agree, wiegand may be insecure, but I suppose it's easier to just break something than to bug a reader or clone a card.
    Absolutely! The security of any system is only as strong as its weakest link.

    I always enjoy getting into propeller-headed arguments with people over the vulnerability of a particular high-security biometric/proximity reader they've installed on a door which wouldn't stand up to a well aimed kick.

    Either way they'd have to get past the alarm and cameras as well.
    Hang on a sec. Those are for Detection, not Denial. The alarm tells you your security has been breached. The cameras show you how it was breached (and by whom unless they are wearing a sophisticated camera anti-detection system such as ) but neither of those are likely to stop it happening.

    I'm just saying...

  • #8
    Junior Member
    Join Date
    Feb 2010
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default

    Quote Originally Posted by downunderdan View Post
    Hang on a sec. Those are for Detection, not Denial. The alarm tells you your security has been breached. The cameras show you how it was breached (and by whom unless they are wearing a sophisticated camera anti-detection system such as ) but neither of those are likely to stop it happening.
    Ahh yes, what I meant was, even if someone successfully clones a card and manages to unlock the doors at night, they still have to disable the alarm. If it was an inside job and that person has the alarm code, they'd be captured on video. The doors are unlocked during the day so it really only matters at night.

    Incidentally, what do you guys think of fingerprint readers? I've installed two at our old building for internal access and they've been working pretty well so far. I always tell everyone to wipe or smudge their finger across the sensor after a read so no latent prints are left behind. Do people actually use them in a commercial setting?

  • #9
    Member
    Join Date
    Aug 2010
    Location
    NE Vic
    Age
    38
    Posts
    304
    Thanks
    27
    Thanked 27 Times in 23 Posts
    Rep Power
    179
    Reputation
    160

    Default

    Quote Originally Posted by dean_woody View Post
    Use HID Iclass High Security

    has a mutual authentication system that gives a layer of encryption between reader and card...

    or, in other words, you can only read the cards on the readers on the site,
    if you present the card to any other iclass reader, you get nowt!


    Ignore the actual platform itself (innerrange / bosch / tecom, etc), that technology is different and doesn't really mean much in your scope, and, at the end of the day, a huge percentage of cards, etc communicate with the platform / panel by 26 bit weigand anyway

    now, those that say 26 bit weigand is insecure - probably, but, what theif is going to bother tapping into the datastream from the card reader, or trying to lever the card reader off the wall (and triggering the tamper in the iclass),
    they'd just 'borrow' someones card to get into the building!



    have a look at to see one of our installers that can help you with this install

    Otherwise, you could alwalys go paradox EVO
    () and use that with HID iclass card readers, set to high security!

    Dean
    Set it to Card and PIN.
    EVOs are good

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •