ITRH Interview on Physical Security

Quick announcement: I was recently interviewed for the In the Rabbit Hole Urban Survival Podcast. This time Aaron and I talked about physical security. We had time to delve pretty deeply into some good topics including general security considerations, deadbolts, padlocks, and safes (a lot of stuff about safes). If you’re interested check it out at https://www.intherabbithole.com/e179/. If you like it, feel free to let Aaron know. Continue reading “ITRH Interview on Physical Security”

Enhancing Deadbolt Security

In my last post I recommended some specific locks. This week’s post will cover improving the security of existing locks, or the Grade 1 hardware I recommended. The goal is to create a “Grade 1+” lock, by adding some additional security measures. Enhancing deadbolt security very achievable with just a little spare time, access to a locksmith, and some basic hand tools. Continue reading “Enhancing Deadbolt Security”

Threat Model-Based Deadbolt Selection

Several weeks I ago I wrote a post about Mechnical Lock Threat Models, detailing categories of locks, and the users who should have them. In this post I am looking specifically at deadbolt selection, and offering some recommendations based on my mechanical lock threat models. Continue reading “Threat Model-Based Deadbolt Selection”

Threat-Model Based Padlock Selection

Today I will cover some padlocks that I use and personally recommend.  Padlock selection should occur based on the threats they are likely to face.  There are two basic threat models I use when selecting padlocks.  The first is low-to-medium security applications.  These locks will be robust enough against forced entry and offer some light protection against picking and other surreptitious defeat.  The other is high security.  The cost of a high security lock is justified in several instances: if surreptitious entry is a legitimate concern.  They are also preferred for unattended containers.  This might be your luggage†, your gym locker, or a shed on a vacation property.

Continue reading “Threat-Model Based Padlock Selection”

Physical Security Books

Since beginning the Lock Safari series of articles I have been asked by several of you about physical security books.  Today’s post will quickly cover the four most useful volumes in my library that pertain to physical security.  Some of these books are quite costly; I am not suggesting you need them all.  For this reason I have broken them down into categories.  Exactly half of these books deal with defeating lock through lock picking or other methodology.  I believe an understanding of these techniques is crucial to understanding how to counter them.  This doesn’t mean you need to be a master locksmith or expert lock picker – you don’t.  But if you understand the principles of how these exploits work, you can better understand how to protect your home.

Continue reading “Physical Security Books”

Knox-Box Key Box Explained

I’m willing to bet most of you regularly encounter a lock box like the ones in the photos – even if you haven’t noticed it.  They are typically mounted on the exterior of a public building, usually near a door.  If you want to see one, keep your eye out at your local shopping mall, library, hotel, or apartment complex.  You’ll probably run across one, or several.  They may protrude from the wall, or they may be mounted flush with it.  The purposes of the Knox-Box key box may be something of a mystery to most. Few people understand why these things exist. Continue reading “Knox-Box Key Box Explained”

Mechanical Lock Threat Models

In a continuation my suite on threat modeling, this post will discuss lock threat models.  There are many high security locks that are intended to address the vulnerabilities of the standard pin-tumbler mechanism.  There is also a spectrum between bargain-basement hardware and expensive high-security locksets.  I understand that security doesn’t exist in a vacuum: though it would probably be a more secure world if everyone had a high security lock, it would also be a very expensive one.  Deciding on the right lock for your needs should be informed by a threat model.  Continue reading “Mechanical Lock Threat Models”

Gate Access Control: Doing It Wrong

I have several photos like the one below.  Friends who know me know that I like locks, and sometimes send these photos to me.  I occasionally run across a gaggle of locks like this, and perhaps you have, too.  There is a reason gates are sometimes locked like this.  This is a method of gate access control.  This gate protects a facility that must be accessed by multiple parties.  These parties may not want to share a key or combination with each other.  Parties may also arrive at infrequent periods to gain initial access.  The property manager can unlock his lock, introduce the new one into the chain, and grant repeated access.  There is a serious security issue with this arrangement, however. Continue reading “Gate Access Control: Doing It Wrong”

Lock Safari Salt Lake City, UT

I recently had the opportunity to explore another city in my search for rare and interesting locks.  Lock Safari Salt Lake City took me through quite a few neighborhoods over a long weekend.  Over three days a close friend and I covered the Marmalade, 9th and 9th, Temple Square/Downtown, and Sugar House areas of SLC.  I found quite a few interesting locks, but not as many as I expected from a city of this size.  But I didn’t come up totally empty-handed, and I visited a major landmark: the Mormon Temple.  I always enjoy seeing what locks are used on noteworthy buildings, though they rarely fail to disappoint.  Without further ado, here’s what I found on Lock Safari Salt Lake City: Continue reading “Lock Safari Salt Lake City, UT”

Real World Example: Physical Insecurity

I recently ran across this door and lockset in the industrial district of a major US city.  Seeing an old, ramshackle (or abandoned) commercial building with a padlock hasp on the door is not all that uncommon.  However, I was close enough to notice something interesting.  Look at the photo.  This door presents an excellent example of physical insecurity – but why?

Physical InsecurityIn case you have trouble seeing the mortise cylinder, below is a close-up shot.  It’s a Medeco mortise cylinder.  Though the keyway is badly worn, it is a Medeco Original (first generation).  This is a beautiful old lock.  It has probably served this building for twenty-five years or more.

Physical InsecuritySo, what is wrong with this picture, and why is it so interesting to me?  It is interesting to me because the Medeco is a UL 437-Listed  high security lock.  Medeco locks are extremely popular and prolific, and are even trusted by the US Government.  There are  problems with Medeco‘s security, but they are still a huge upgrade over standard door hardware.  In spite of this, this door is protected with a $12 Master padlock.  Master Locks are used by BosnianBill as bad examples for every lock-defeat technique imaginable.  This padlock has four pins.  It is vulnerable to picking, bumping, and padlock shims.  It can be cut and pried, as can the hasp.  And look at the stack of washers holding the hasp on.  It’s not hard to imagine a hacksaw blade slipping into the stack and cutting the bolt.  The Medeco has five rotating pins and a sidebar.  It can still be picked or bumped but this requires much greater skill.

Why is this so?  I imagine the Medeco key has long since been lost, but it is also possible the Medeco is broken.  In this example I have no way of knowing, but it is interesting to think about.  Instead of tracking down a locksmith and having the lock decoded or repaired, the owner decided to implement his own system of access control.  In doing so he or she reduced decent security to gross physical insecurity.