From: | dhinkley@***.org |
---|---|
Subject: | Security Systems Additions |
Date: | Thu, 6 Jun 1996 00:12:02 -0700 (PDT) |
As well as fitting in well with the consept for this NERPS publication,
he following article fills in some holes in FASA's Corporate Security Handbook.
It is not complete (about 75%) the main text is, it is the GM's section that
needs to be fleshed out. Your comments are both requested and desired. The
runners comments will be dated in the final version, I need to know what the
game date range for the publication so when I do it it is in the same date time
range as the other articles.
David Hinkley
dhinkley@***.org
Gurth
How do wee designate type faces, special characters, and the like that
is not available in the ASCII character set? Or would you like a finished
version (with all changes) sent to you as a file?
DH
=====================
Copyright (C) 1996
All rights reserved
David G. Hinkley
All That is Old is Not Obsolete
>>>>>[It is simply amazing what one can find when one looks under the right
rock. I ran across this article last week, and thought it might be interesting.
And it is not due to be published for at least a month. So get here just hot
before the presses]<<<<<
--Phantom
While the use of highly skilled computer enhanced operators to oversee
elaborate security systems has become the accepted standard among security
professionals. It is not the only way to provide security. Many of the older
proven systems are still effective and can provide high levels of security at
reasonable cost. CCTV alarm systems, Locks, and card access systems are still
effective deterrent to undesirable activities.
>>>>>[Undesirable activities.....could they be talking about
us?]<<<<<
-- Fast Eddy
>>>>>[Only if they are attempting to stop thefts from children's
piggy-banks and
other similar hard targets :)]<<<<<
-- Boomer
The addition of a hard-wired computer the basic Close-Circuit Television
system can become a difficult to detect motion detection alarm. In simple terms
the signal from a single CCTV camera is run through the computer which monitors
the color value (grey value in monochrome systems) of all the pixels in the
alarmed area. If the value should change suddenly, the computer triggers an
alarm. In most cases the alarm response, is an audible alarm, and the switching
of that camera's picture to a display monitor. This system is commonly used to
provide surveillance within clean rooms as it can be relocated without the need
to relocate wires or drill holes. It is only effective in areas that are free of
motion. While it is a generally reliable, false alarm trouble shooting can be
quite difficult at times.
>>>>>[For an old design these are extremely effective, The turn the common
CCTV
camera into a motion detector. And if that was not bad enough, the system also
trips when a loop-back unit is spliced into the camera system.]<<<<<
--Fast Eddy
>>>>>[Not all the time, it just takes the right touch......or a
mouse]<<<<<
-- Shadowrider
>>>>>[A mouse?]<<<<<
--Fast Eddy
>>>>>[When ever I think there maybe a live operator or one of these
systems, I
release a mouse or two just as I make the connection. When the picture pops up
on the screen, the operator sees the mouse and goes back to his comic
book]<<<<<
--Shadowrider
>>>>>[hey what does hard wired mean?}<<<<<
--Mork the Ork
>>>>>[A hardwired computer is one that has its program wired in. Once it is
built you can't reprogram it. Deckers hate the things, cause there is nothing
they can do with them]<<<<<
--Sweet Sue
The common lock is an often over looked component of a buildings security
system. The selection of the correct lock for a use can enhance a security
system while the wrong choice can defeat the most elaborate. Locking systems can
be divided into three major groups, Common mechanical locks using keys,
electronically controlled locking mechanisms and combination locks.
Key control is the most important factor in conventional pin tumbler
locking systems. While conventional locks can be picked it is much easier to use
the key. A lock will open for anyone who has the key. Key control starts with
the purchase of the lock. Cheap locks are manufactured in numbers that greatly
exceed that number of key variations. The are also much easier to defeat with
brute force or the subtle manipulations of lock picks. The more exclusive the
key way the less likely a duplicate key exists. This is place that spending a
bit more gets a lot more results. After you have the lock installed, you need to
still need to properly control keys. First only have made, the exact number of
keys you need. Do not label keys with either your address or license number,
doing so only makes it easy for the inconvenience of a lost key ring to become a
major loss. And don't hide a key outside your home or on your car. There are no
original hiding places, anyplace you can think of someone else has used before.
>>>>>[Hey Phantom, anyway you could pull the plug on this? This guy is
reveling
all our secrets]<<<<<
--Fast Eddy
>>>>>[That figures, I always thought that you would have trouble breaking
into a
paper sack with a sharp knife.]<<<<<
--Boomer
>>>>>[Boomer haven't you heard Eddy's mother doesn't let him play with
sharp
objects]<<<<<
--Sweet Sue
Mechanical locking systems have one advantage that is often over looked in
this electronic age, they are not connected. To open them you have to be there
with the correct key or combination to open them. There is no way for a hacker
to unlock them from a terminal miles away. No computer glitch will compromise
your security. If you don't have the key, you don't get in.
>>>>>[There is something positively un-American about this
conspiracy]<<<<<
--Electroman
>>>>>[Conspiracy?]<<<<
--Sweet Sue
>>>>>[Yes conspiracy. First using rigger controls on security systems. Now
locks
that can't be opened by computer command. There aught to be a law. :)]<<<<<
--Electroman
Many years ago locksmiths came up with a way eliminate the need for a
person to carry a separate key for every lock. Actually it is two different
ways, the first is keying several locks to the same key. The other is creating a
master key for a group of locks. This is different from the first method in that
the key for one lock in the system will not open any other lock. Master Keys
systems are established at the same time the locks are pined. Special split pins
are used that make it possible for two different keys (the master key and the
regular key) to open the same lock. With some locks it is possible to have three
separate keys thus making sub-mastering possible. With careful planning an
entire building can be keyed in a manner that provides proper levels of security
while not requiring management to lug a huge ring of keys around.
>>>>>[A free hint chummers. While you can't tell a master key from a normal
key,
you can identify a masterkeyed lock by disassembling it. And most important it
contains all the information you need to make a master key that works in all the
locks in that buildings system. And if you are quick about it, they may never
guess you did it.]<<<<<
--Fingers
Electronic locking systems come in two major types, those that use a
electronically controlled solenoid to operate a mechanical bolt and those that
use electromagnetic force to secure a door. Either type can be controlled either
from a remote location or at the door's location. Keypads, Mag-Locks and Pass
Cards are commonly used to provide local control.
>>>>>[Electromagnetic force...how effective can that be, especially when
the
power goes off]<<<<<
-- Boomer
>>>>>[Very effective, I have seen a door that was blown open with
explosives and
the electromagnetic lock was still functioning, the battery back up worked that
well]<<<<<
-- Shadowrider
The classic combination lock used on safes and vaults is still a reliable
choice. The large number of combinations available, the requirement that the
lock be operated on site and on more sophisticated systems the time lock result
in a lock that is hard to beat. The most important factor is the security of the
combination. The fewer people who know it the more secure it is, and like keys
there is no safe place to hide it.
>>>>>[Desk blotters and desk pull outs are the first place to look, then
the
Rolidex looking under 'Safe'. And if you can't find the one for the safe you
need try other executive offices on the same floor because there is often a
sealed envelope with the safe combinations for the other safes in one of them.
]<<<<<
--Fingers
>>>>>[If you use the envelope on a clean covert entry, put it back with the
seal
broken. The security types will have a suspect, after all it HAS TO BE an inside
job, their building security is to good for some to get in undetected]<<<<<
--Sweet Sue
>>>>>[Now that is truly evil!!]<<<<<
--Boomer
Time locks add a further dimension of security. They limit the time that
the lock can be opened with the combination. This permits more individuals to
have the combination permitting access during business hours without them also
being able to come back afterhours and open the safe.
>>>>>[Unless you can speed-up the clock]<<<<<
--Fingers
>>>>>[Speed up the clock?]<<<<<
--Boomer
>>>>>[All it takes is the right equipment. The Artificer is the man to
see]<<<<
--Fingers
Possibly the most secure and flexible access control system for small to
medium sized companies is the Card Access System. Systems use a credit card
sized plastic card encoded with a discrete identification code. This code
consists of two parts an installation or facility code common to all cards for
that particular plant or facility and a individual number unique to that
particular card. Normally this coding is magnetic in nature but in some cases
bar-code technology is also used. It is also common to combine the access card
with a company identification card. When the card is presented to a reader, the
reader transmits the code number to a central computer (normally a dedicated
unit not used for any other function) which checks the card code with a central
listing for all the cards in the system and determines the degree of access
permitted. If the bearer of the card is listed as being permitted to enter
through the door at the time the card was presented the signal is sent to the
reader to unlock the door and the transaction is recorded in a access log kept
on the systems main computer. If access is not permitted then the attempt is
also logged, the door is not unlocked and an alarm may be sent for a human
response if required.
>>>>>[They log unsucessful attempts?]<<<<<
--Fast Eddy
>>>>>[Sure, besides paranoia, a important trate for security types, logging
unsuccessful attempts provides them with a lot of valuable information. It helps
identify inquisitive employees as well as the enthosatic types who just want an
early start. It permits the fine tuning of access times and lastly it can reveal
a pattern of intrusion attempts}<<<<<
-- Big Bopper
The current level of access for any particular each card is recorded only
on the central computer and can be changed at any time by the system operator.
It is not possible to determine what level of access the card permits through
the examination of the card. Thus it is not possible to determine if a
particular card is a master card that opens all doors in the building or one
that only opens employee washrooms during business hours. While it is possible
to copy a particular card or to change the coding (depending on the card type)
the degree of access if any can not be set except at the main computer.
>>>>>[This system sounds really easy to beat, just deck in and change the
access
for your card to all the doors, all the time and you are in like Flint. And just
to make things truly interesting dump all the rest so security can not move in
the building]<<<<<
--Fast Eddy
>>>>>[Nice try Eddy, only one problem. You have to get to the computer
first.
These systems use small dedicated computers that are not connected to anything
but the access control system]<<<<<
--Sweet Sue
This computer polls all card readers, key pads, locking mechanisms and
biometric devises on a periodic basis (several times a minute). In the event
that a reader is cut-off from the main computer the event is recorded and an
alarm is sent. In most operations a human guard is set to investigate. His
response time would vary widely depending on the size of the installation and
and the manpower available. The effected card reader or readers revert in to
stand alone mode. This normally takes on one of three forms. The doors remain
locked, the doors automatically unlock or most commonly the readers perform in
what appears to the user to be a normal manner. That is the door is unlocked
upon the presentation of a card. The difference is that the reader is granting
access to any card that has the correct installation code regardless of the
programed access. As most individuals using the door have access they never
know the difference. It is not possible to determine if a particular reader is
in stand alone mode through external examination.
>>>>>[This is the weak spot Eddy. If you can get the reader into stand
alone
mode then any card from the system, even those that are dropped from the system
as lost will work. And there is no record of the entry.]<<<<<
--Sweet Sue
>>>>>[As long as the System Administrator is not truly paranoid and sets
the
readers to lock the door down if it is cut off from the central computer. I have
seen systems where a communications failure meant could not get into the
building at all]<<<<<
-- Fingers
The card access readers can control both electronic controlled and combined
lock systems and are often combined with keypads or biometric devices. The
latter is to overcome the single largest drawback of these systems the card
grant access to anyone who presents the card. The use of a special computer, not
connected to the Matrix or other computer systems makes the system really secure
from outside tampering. However its largest strength is that the level of access
granted to a particular card can be changed at any time whether or not the
operator has access to the card.
While the there are a lot of new high tech security equipment available,
these old and proven methods should not be overlooked. The keys to a good
security system is defence in depth and utilizing the right equipment for the
right job. Remember this is a classic case where old does not equal obsolete.
>>>>>[There is nothing made by the hand of man that can not be defeated by
another slightly smarter man with that proper touch of larceny.]<<<<<
--Shadowrider
================
GAMEMASTER INFORMATION
================
Lockpicking /Safe Cracking Skill : This technical skill deals with opening
locked doors with out the use of the proper key or combination. A character with
this skill understands the basic operation of mechanical locks and how to open
them by manipulation. He also is aware of the physical weaknesses of doors,
locks and safes and how to apply force to open them. A character with this skill
would also need demolitions skill to effectively use explosives to open a safe.
[This skill is located on the Skill Web off the main Quickness stem separated by
2 circles from the main stem.]
Locksmithing : This is a Build / Repair (B/R) skill covers the maintenance and
repair of locks and safes. A Locksmith can key or re-key locks, install locks,
and make keys. A skilled locksmith can also pick locks and open combination
locks by manipulation. [A character with this skill does not have the skills
necessary to use explosives to open a safe or vault] [This skill is located on
the Skill Web off the main Quickness stem separated by 2 circles from the main
stem.]
Pin Tumbler locks
Level 0: Cheap hardware store lock
Level 1: Quality lock,
Level 2: Quality lock, limited available keyway
Level 3: Top quality lock, restricted keyway
Level 4: Top quality lock, custom keyway
Combination Locks
Level 0: 4 digit single number lock
Level 1: 3 number, factory set lock
Level 2: 3 number, user set lock
Level 3: Manipulation resistant, 4 number, user set lock
Level 4: Double, Manipulation resistant, 4 number, user set lock
Safes and Vaults
Level 0: Lockable metal cabinet.
Level 1: Home wall safe
Level 2: Commercial Quality Safe
Level 3: Bank Vault
Level 4: Custom High Security Bank Vault
Safe and Vault descriptions consist of 4 parts the level of the locking system,
the level of the vault design, the barrier rating of the material the container
is made of and if it is equipped with a time lock. The locking system can be
either key, combination or mag-lock.
TimeLocks:
Master Keys: A master key can be made either from the records of the locksmith
who keyed the set of locks or by disassembling and examining a master keyed
lock. The target number is 1+ level of the lock. The operative skill is
Locksmithing.
Picking Locks: Target number is 2 + (locks level x2) Base Time is 1 minute + 30
seconds per locks level
Opening Combination Locks by Manipulation: Target Number is 4 +(locks level
x2)+modifiers Base Time 2 minutes x 4 minutes per level
Manipulation modifiers
Dead silence -1
Normal Background noise 0
Moderate Noise +2
Loud Noise +4
Lock equipped with error limiter +4
Safe Cracking: Target number is 4 +(level x2)+ barrier rating/4 Base time is 15
minutes plus 30 minutes per hour plus barrier rating times 10 in minutes