Back to All Events

Physical Security and Lock Technology


  • secwest.net Vancouver Canada (map)

Description

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Topics

This course will cover:

  • Theory & Overview

    • Basic introduction

    • Components of a lock

    • Photos of the most typical locks

    • "Take a look at your keys" (many will match)

  • Weak Security: The Basic Pin Tumbler Design

    • How they function internally

    • How picking happens (depiction)

    • How picking is performed (demonstration)

    • How picking is easy (audience participation)

  • Weak Security: Alternative Designs

    • Combination Locks

    • Warded Locks

    • Dimple Locks

    • Tubular Locks

    • Wafer Locks

    • Barrel Locks

  • Q&A; break and Tools Setup

  • Group Hands-on application of the above-demonstrated techniques

  • Fun for Police & Feds

    • Basic Handcuffs

    • Better Handcuffs

    • Gun Locks

    • Group Hands-on

  • The Bump Attack

    • How many locks are vulnerable

    • How bumping works

    • Detail of Bump Keys (more detail than I give in public lectures)

    • Making a Bump Key (i cut one by hand in front of everyone, and even imperfect it will still work)

    • Group Hands-On (audience is given a variety of locks to bump open)

  • High Security (a.k.a. "We've seen everything that's wrong... now what can we do about it!?")

    • Security Pins

    • Unshimable Padlocks (Double-ball, Sargent & Greenleaf 8077)

    • Sidebars: The best additional layer of security (if done properly)

      • Pin-based systems (Assa & Schlage)

      • Slider-based systems (Evva & Scorpion)

    • Rotating Disk Locks (demonstration of Abloy, picking with Falle Tool, Protec, laser decoding?)

    • Magnetic Locks (Miiwa vs Evva)

    • How some sidebars can fail (how people attempt to pick some Assa, some Medeco)

    • Safes & Vaults (discussion of safe locks, UL ratings, and how some of the oldest designs, like "lever locks", are still in use and do very well in safes)

    • Countermeasures to the Bump Attack

      • Which high security locks are completely invulnerable

      • Why some high security locks are vulnerable (maybe even MORE than cheap locks)

      • New designs for inexpensive, everyday locks that make them resistant or even immune

      • Pickbuster and other fluid-based solutions

  • Institutional Concerns (important details for people who have oversight of grounds, campuses, or entire facilities)

    • Master Keying (how it is achieved, what the risks are, how to mitigate them)

    • Interchangeable Cores (why they're easy to manage but can pose a risk, how to check if your SFIC system is safe)

    • Contractor Pins (how to make a new facility secure during and after construction)

    • Restricted keyways and how they relate to key duplication control

    • Electronic security systems, access controls, etc

  • What to Try When You Leave

    • Other resources for more learning (books, web sites, etc)

    • Hobbiest and Aacademic communities for lockpicking

    • Sport picking events

    • Advanced tools and techniques to acquire and attempt

    • Tips for testing your own security

    • Maintenance and lubrication of locks

  • Security in the "real" world

    • Many attacks are unsophisticated and do not involve picking

      • Windows & Doors (why they're often installed poorly, how to reinforce them) Walls, floors, ceilings (how secure do you need to be?)

      • Illicit access to wiring

    • Integration of locks with larger security systems

    • Logging and records (Mul-T-Lock "CLiQ system" example)

    • Cost/Benefit analysis

    • "List of terrific locks"

    • The "American Padlock" example which ties the physical world to the digital world so perfectly

You'll learn

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America... convince management that a new investment is necessary by showing them yourself how the server room door can be opened without a key in under a minute! :-)

Prerequisites

None. If you have your own lockpick tools, you are welcome to bring them, but this is not necessary.

Prerequisite material

None. A set of tools will be provided to you as part of the course.

 

Instructor: Deviant Ollam

No bio.