A recent physical security audit of a data center revealed a vulnerability with the existing access control system. The system uses standard passive RFID cards, which are susceptible to skimming and cloning attacks. A server administrator has been tasked with mitigating this risk. Which of the following solutions represents the most effective technical control against this specific threat?
Replace the passive RFID readers with more powerful long-range readers to improve reliability.
Install a mantrap at the data center entrance to prevent tailgating.
Upgrade the system to require multi-factor authentication, combining the RFID card with a personal identification number (PIN) entered on a keypad.
Implement a policy that requires all personnel to store their access cards in RFID-blocking sleeves.
The correct answer is to implement multi-factor authentication (MFA) by combining the RFID card with a Personal Identification Number (PIN). This is the most effective technical control because even if an attacker successfully clones an RFID card, they cannot gain access without also knowing the user's PIN. This addresses the identified vulnerability directly.
Implementing a policy for RFID-blocking sleeves is an administrative control, not a technical one, and relies on user compliance. A mantrap is a physical control designed to prevent tailgating, which is a different vulnerability than card cloning. Replacing the readers with more powerful ones does not address the cloning risk and could potentially increase the range at which a card could be skimmed.