Threat Model-Based Deadbolt Selection

Several weeks I ago I wrote a post about Mechnical Lock Threat Models, detailing categories of locks, and the users who should have them. In this post I am looking specifically at deadbolt selection, and offering some recommendations based on my mechanical lock threat models. Continue reading “Threat Model-Based Deadbolt Selection”

Hotel Room Insecurity

I travel a lot, and I stay in a lot of hotels. For the last five years I have averaged somewhere 150-200 nights a year in hotels.  This year (so far) has seen me in hotels in at least 32 different cities including Boston, Charleston, Knoxville, Las Vegas, New York, Phoenix, Salt Lake City, San Diego, Tampa, Vancouver, and a host of military towns.  This gives me a lot of opportunities to see and think about the security of hotels and hotel rooms.  Hotels generally try to put on a face of security with signs reading, “For our guests’ safety this door is locked between the hours of __ and __”.  I have found this, in reality, to be so much security theater.  Hotel staff are trained in hospitality, not security.  And no matter how secure a hotel attempts to be, there are inherent flaws that are hard to overcome.  Let’s look at some examples of hotel room insecurity and what you can do to mitigate them. Continue reading “Hotel Room Insecurity”

Sighthound Video Surveillance App

Physical security is an inherent part of information security. If an attacker can achieve physical access to your devices, you are already behind the power curve.  Maintaining physical control of your devices is maybe the most important step you can take to protect your data-at-rest.  However, there are some occasions when maintaining physical control is not possible or practical.  One of these occasions is during hotel stays.  Hotel rooms – and even their safes – are incredibly insecure (I’ll talk more about this in an upcoming post).  They are usually the best alternative to lugging your laptop around to dinner, out of drinks, or for a day at a local attraction. Rather than leave my laptop (and other stuff) totally undefended, I use a video surveillance app called Sighthound to keep an eye on things when I’m away. Continue reading “Sighthound Video Surveillance App”

Tattoos, Tattoo Recognition, and Privacy

When I was a kid, people with tattoos were pretty few and far between.  If you had ink there was a good chance you’d been in the military or jail.  If you had tattoos on your hands, head, or neck you had almost certainly been to jail, or were, at very least, somone people didn’t want to mess with. These days a guy (or girl) with knuckle tattoos is just as likely to be a barista or art major as an ex-con.  A recent Harris poll estimates that 1 in 3 Americans has a tattoo, and half of millenials have them. Continue reading “Tattoos, Tattoo Recognition, and Privacy”

Puck Locks vs High Explosives

I was recently aboard a military training facility that is used for a variety of training techniques, like close-quarters battle (CQB) and explosive breaching.  On one of the breaching lanes I saw something interesting: a puck lock breached with high explosives.  Puck locks do not have a visible hasp.  They are one of the most mechanically secure padlock designs available.  Since everyone loves explosives, I thought this would be an interesting pictorial post: puck locks vs high explosives.

Continue reading “Puck Locks vs High Explosives”

Threat-Model Based Padlock Selection

Today I will cover some padlocks that I use and personally recommend.  Padlock selection should occur based on the threats they are likely to face.  There are two basic threat models I use when selecting padlocks.  The first is low-to-medium security applications.  These locks will be robust enough against forced entry and offer some light protection against picking and other surreptitious defeat.  The other is high security.  The cost of a high security lock is justified in several instances: if surreptitious entry is a legitimate concern.  They are also preferred for unattended containers.  This might be your luggage†, your gym locker, or a shed on a vacation property.

Continue reading “Threat-Model Based Padlock Selection”

Physical Security Books

Since beginning the Lock Safari series of articles I have been asked by several of you about physical security books.  Today’s post will quickly cover the four most useful volumes in my library that pertain to physical security.  Some of these books are quite costly; I am not suggesting you need them all.  For this reason I have broken them down into categories.  Exactly half of these books deal with defeating lock through lock picking or other methodology.  I believe an understanding of these techniques is crucial to understanding how to counter them.  This doesn’t mean you need to be a master locksmith or expert lock picker – you don’t.  But if you understand the principles of how these exploits work, you can better understand how to protect your home.

Continue reading “Physical Security Books”

Knox-Box Key Box Explained

I’m willing to bet most of you regularly encounter a lock box like the ones in the photos – even if you haven’t noticed it.  They are typically mounted on the exterior of a public building, usually near a door.  If you want to see one, keep your eye out at your local shopping mall, library, hotel, or apartment complex.  You’ll probably run across one, or several.  They may protrude from the wall, or they may be mounted flush with it.  The purposes of the Knox-Box key box may be something of a mystery to most. Few people understand why these things exist. Continue reading “Knox-Box Key Box Explained”

Mechanical Lock Threat Models

In a continuation my suite on threat modeling, this post will discuss lock threat models.  There are many high security locks that are intended to address the vulnerabilities of the standard pin-tumbler mechanism.  There is also a spectrum between bargain-basement hardware and expensive high-security locksets.  I understand that security doesn’t exist in a vacuum: though it would probably be a more secure world if everyone had a high security lock, it would also be a very expensive one.  Deciding on the right lock for your needs should be informed by a threat model.  Continue reading “Mechanical Lock Threat Models”

Gate Access Control: Doing It Wrong

I have several photos like the one below.  Friends who know me know that I like locks, and sometimes send these photos to me.  I occasionally run across a gaggle of locks like this, and perhaps you have, too.  There is a reason gates are sometimes locked like this.  This is a method of gate access control.  This gate protects a facility that must be accessed by multiple parties.  These parties may not want to share a key or combination with each other.  Parties may also arrive at infrequent periods to gain initial access.  The property manager can unlock his lock, introduce the new one into the chain, and grant repeated access.  There is a serious security issue with this arrangement, however. Continue reading “Gate Access Control: Doing It Wrong”