At work we use RFID tags to enter the building and each floor. The tags double a

Question

At work we use RFID tags to enter the building and each floor. The tags double as photo ID, I always wondered if they are used (or can be used) to keep track of staff movements.

I always assumed that they were tied to a staff ID when issued. But another staff member thinks they are generic access i.e. all cards are copies (for each access level) and they just stick your picture on the front.

My question is: What is standard industry practice? I'm sure my scenario is technically feasible, but whether it is widely used is another question.

Explanation / Answer

I have managed two popular systems, and both have this capability of tracking. If you think about it, you must have a central database with at least a user table and rights tables in the back end in order to restrict people to certain areas (our IT staff were the only ones allowed through the protected server room doors, for example), and all systems I have used tracked history of events. At least one system used MSSQL in the back end. If the system didn't know WHO it was trying to enter, it wouldn't be able to differentiate based on role access.

As a consequence, you can do some nifty security controls with this. You can restrict certain users to certain floors or buildings, and at certain times of the day. You could allow after hours access but generate a report each morning of anomalies. You could track the last place a person ENTERED, though unless you have to use your card to exit, this may not be the current user location. Location tracking over time would be easy. I currently use a SIEM product that aggregates these events as well, so you're sometimes not even limited to the vendor-provided management software for control and correlation.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.