If I were the owner of such a system, Notre Dame, I would have very specific security goals for it. The major goal would be to keep authorized persons out of the dorm. In order to protect the confidentiality and integrity of any information or possessions that students keep in their dorm rooms, persons who are not cleared to enter the building should not be allowed inside. There may be information the needs to stay confidential, and items removed without reason would challenge the integrity. The other goal of these systems is to always allow access to those that should have access to the building, ensuring availiability. By using a system where a person must have the card and know the number, Notre Dame attempts to achieve both of these goals. In reference to the goal of denying access, the system makes it more difficult for intruders. They must obtain a resident's ID card and also learn his or her birthday. On the other hand, this system where the resident must swipe a card and type in a birthday (a fact that ND assumes all people know about themselves) verifies the identity so that residents of the dorm have access to the building at all times.
Looking at the system from another perspective, an intruder would also have goals when attempting to gain access to a building. By entering a dorm or room, the intruder would aim to alter the contents of the room by stealing items that should be inside or disclose protected information from the room. These go against two of the three items included in the DAD triad, disclosure and alteration. By another look, it is possible to see that an attacker could also deny access to people through a system such as this. The person needs their identification card to enter. If a intruder gains possession of the card in some way, the resident no longer has it and therefore does not have free access to the building. The intruder could attack this technology system and fulfill any one or combination of these goals depending on what kind of damage he or she aims to do.
The weaknesses within this system can be traced to the card being an easy thing to gain possession of and the ease of learning someone's birthday or other necessary personal information. Students do not protect their identification cards like they do their credit or debit cards. People leave them on tables, shove them in pockets, and drop them places all the time. It would be difficult to pick up a lost card. At the same time, people often search high and low for their IDs before paying the $30 fee to replace them. Once the card is replaced, the lost one is no longer active. With the amount of time people wait, there is a window for intruders to use the card to gain access. Once an ID is obtained, figuring out what dorm a person lives in is available on InsideND and finding a birthday can be simple. A birthday is not something people work to protect, and with technology today like Facebook and MySpace a birthday is not hard to find. These vulnerabilities in the system are open for people to attack.
The inherent risks based upon the value of the assets depends upon the items that may reside unprotected within a dorm or in a resident's room. I believe that the risk for attacks like this are higher because of the items that students bring to school such as laptops, cell phones, and iPods. The threats that exist are real. At least once a month, the students at Notre Dame receive an e-mail about various criminal activity on campus. At the same time, there are vulnerabilities within the technology that are able to be exploited by these threats. This creates risks for the owners, risks for Notre Dame to deal with. These risks must be dealt with as the group, Notre Dame, sees fit.
I believe that these problems can be dealt with through risk mitigation, risk transference, or risk acceptance. I do not believe that the risk can be avoided. Students in college needed technological items such as laptops and cellular phones. Not having these would avoid the risk but it is not a possible occurrence. By encouraging safety techniques such as urging residents to lock their doors and keep their possessions safe the risk can be mitigated. The risk can also be mitigated by creating a system where the number needed for entrance is chosen by the resident, like a PIN. This number may be more difficult to figure out and the resident has more reason to protect it. The risk can be transfered by buying insurance for stolen items. Finally, I believe that realistically the risk must be accepted. There is always a risk for stolen items, and by being vigilant we can deal with it.
Posts
I agree that this security system that Notre Dame has in place is rather easy to break the way you described. However, I think it might be even easier than this. If a person wants to gain access to a dorm they can pretty easily just watch and follow someone going into the dorm they want to go into and the person going in first will probably just hold the dorm open for them and not even think twice. After this the intruder really has access to any room he/she wants because probably 75% of students do not lock their doors and most simply just leave their doors wide open. It is no wonder that peoples things are stolen at the rate they are. I feel Notre Dame could do a lot of things to force students to protect their ID cards and to let them choose the 4 digit code that they type into the machine outside of the dorm but it would simply be a waste of time to do that until students decide to not let people "piggyback" into the dorms with them. It is good that people are so nice to let people come in the door behind them and that most of us are so trusting but in the world we live in today, we should really go by the belief that we can't trust anyone we do not know.
ReplyDeleteThis is a very interesting topic in thinking about the safety of us students. I can say that after having lived in a dorm for three years, I never felt scared or insecure about my living conditions. My room was never locked and people came in and out as they pleased. With that said, I agree that if someone's goal was to gain access to the dorm it would not be hard at all. It was remarked that students basically hold the door for everyone which is true and also, disguising oneself as some sort of delivery service would be a sure way to have someone open the door for you. However, granting access to someone who cannot gain it himself will be a problem no matter if ND changes how the 4 digits are selected. In my experience, the rector, ARs, RAs, and often a NDSP officer will be in the dorm monitoring the halls and/or foyer.Obviously they do not prevent all people from gaining access and stealing resident belongings. The system is not 100 percent but I think it works well and is an efficient way of getting in and out of the dorms.
ReplyDelete