a) Employee Identification Badges / Smart Cards: The company should provide employees with picture identification badges with a smart chip and magnetic strip. The company will provide unique public-key infrastructure (PKI) certificates on the employee’s smart chip, which will allow user access to the company network. Radio Frequency Identification (RFID) capable cards should not be used. While they are more convenient for access control than swipe cards, an attacker can scan and capture the identification information provided by the RFID chip without having to have any physical contact with the ID card, and use that information to gain access [43]. Employees who require privileged access to administer devices and services on the network, should be issued a second card with separate administrative credentials.
b) …show more content…
The lock should require multi-factor authentication, such as a card swipe and an access PIN, or a biometric id check and a PIN. Preferably, the PIN entry keypad would randomize the position of the digits for each PIN entry attempt. The system should be connected to the network, be centrally configured and record all access attempts in a log.
c) Video Surveillance System: In order to keep records of who is physically accessing critical areas and devices, video monitoring cameras should be installed with good views of those areas. At a minimum, cameras should have a view of the inside of the wiring closet / server room, the entry point to the wiring closet / server room, and the main entrance to the company