A server administrator is conducting a security assessment of a newly acquired data center. The current physical access control system uses standard 125 kHz proximity card readers. The administrator's primary concern is the risk of unauthorized personnel creating copies of employee access cards to gain entry. Which of the following upgrades would be the MOST effective mitigation against this specific threat?
Install high-definition security cameras monitoring all entry points.
Upgrade the system to use encrypted smart cards and compatible readers.
Enforce a strict policy requiring immediate reporting of all lost or stolen cards.
Integrate the card reader system with a mantrap at the main entrance.
The correct answer is to upgrade the system to use encrypted smart cards and compatible readers. Standard 125 kHz proximity cards lack encryption and their data can be easily captured and cloned using inexpensive, readily available tools. Encrypted smart cards (which typically operate at 13.56 MHz) use a microprocessor to perform cryptographic operations, establishing a secure and encrypted communication session with the reader. This makes them highly resistant to cloning and replay attacks, directly mitigating the specified threat.
A mantrap is a physical control designed to prevent tailgating by allowing only one person to pass through at a time; it does not prevent an individual with a cloned card from gaining access.
Security cameras are a detective control, meaning they can help identify an intruder after a breach has occurred, but they are not a preventative measure that would stop an attacker from using a cloned card to enter.
A policy for reporting lost or stolen cards is an important administrative control, but it addresses the threat of a missing card being used, not the technical vulnerability of an active card being cloned without the employee's knowledge.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are standard 125 kHz proximity cards considered insecure?
Open an interactive chat with Bash
How do encrypted smart cards mitigate cloning risks?
Open an interactive chat with Bash
What is the difference between preventative and detective controls in security?