Defence methods against tailgating

up vote
57
down vote

favorite

6

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building

How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?

physical social-engineering physical-access

share|improve this question

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

asked Nov 16 at 15:12

Lithilion

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  26
  

  
  
  
  
  
  

  
  .... "No." ....
  – A C
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Is there data about where/when tailgating is most likely? For example, I've seen places where dozens of people go out for smoke breaks at the same time, and return at the same time, and this smoking area is outside a standard entrance. It seems to me that this would be an ideal time/location for a tailgater to get in.
  – Andy Lester
  21 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @AndyLester "most likey"? No, I have not seen data. But there is a lot of data about how physical pen testers have been successful, and the "smoke break" route is the common vector.
  – schroeder♦
  7 hours ago
  

  
  
  
  

add a comment | 

up vote
57
down vote

favorite

6

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building

How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?

physical social-engineering physical-access

share|improve this question

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

asked Nov 16 at 15:12

Lithilion

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  26
  

  
  
  
  
  
  

  
  .... "No." ....
  – A C
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Is there data about where/when tailgating is most likely? For example, I've seen places where dozens of people go out for smoke breaks at the same time, and return at the same time, and this smoking area is outside a standard entrance. It seems to me that this would be an ideal time/location for a tailgater to get in.
  – Andy Lester
  21 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @AndyLester "most likey"? No, I have not seen data. But there is a lot of data about how physical pen testers have been successful, and the "smoke break" route is the common vector.
  – schroeder♦
  7 hours ago
  

  
  
  
  

add a comment | 

up vote
57
down vote

favorite

6

up vote
57
down vote

favorite

6

6

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building

How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?

physical social-engineering physical-access

share|improve this question

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

asked Nov 16 at 15:12

Lithilion

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building

How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let you in?

physical social-engineering physical-access

physical social-engineering physical-access

share|improve this question

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

asked Nov 16 at 15:12

Lithilion

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

asked Nov 16 at 15:12

Lithilion

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

share|improve this question

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

edited Nov 16 at 15:25

schroeder♦

70.9k29154189

70.9k29154189

asked Nov 16 at 15:12

Lithilion

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked Nov 16 at 15:12

Lithilion

40329

asked Nov 16 at 15:12

Lithilion

40329

40329

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Lithilion is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  26
  

  
  
  
  
  
  

  
  .... "No." ....
  – A C
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Is there data about where/when tailgating is most likely? For example, I've seen places where dozens of people go out for smoke breaks at the same time, and return at the same time, and this smoking area is outside a standard entrance. It seems to me that this would be an ideal time/location for a tailgater to get in.
  – Andy Lester
  21 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @AndyLester "most likey"? No, I have not seen data. But there is a lot of data about how physical pen testers have been successful, and the "smoke break" route is the common vector.
  – schroeder♦
  7 hours ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  26
  

  
  
  
  
  
  

  
  .... "No." ....
  – A C
  yesterday
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  Is there data about where/when tailgating is most likely? For example, I've seen places where dozens of people go out for smoke breaks at the same time, and return at the same time, and this smoking area is outside a standard entrance. It seems to me that this would be an ideal time/location for a tailgater to get in.
  – Andy Lester
  21 hours ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @AndyLester "most likey"? No, I have not seen data. But there is a lot of data about how physical pen testers have been successful, and the "smoke break" route is the common vector.
  – schroeder♦
  7 hours ago
  

  
  
  
  

26

26

.... "No." ....
– A C
yesterday

.... "No." ....
– A C
yesterday

1

1

Is there data about where/when tailgating is most likely? For example, I've seen places where dozens of people go out for smoke breaks at the same time, and return at the same time, and this smoking area is outside a standard entrance. It seems to me that this would be an ideal time/location for a tailgater to get in.
– Andy Lester
21 hours ago

Is there data about where/when tailgating is most likely? For example, I've seen places where dozens of people go out for smoke breaks at the same time, and return at the same time, and this smoking area is outside a standard entrance. It seems to me that this would be an ideal time/location for a tailgater to get in.
– Andy Lester
21 hours ago

2

2

@AndyLester "most likey"? No, I have not seen data. But there is a lot of data about how physical pen testers have been successful, and the "smoke break" route is the common vector.
– schroeder♦
7 hours ago

@AndyLester "most likey"? No, I have not seen data. But there is a lot of data about how physical pen testers have been successful, and the "smoke break" route is the common vector.
– schroeder♦
7 hours ago

add a comment | 

12 Answers
12

active

oldest

votes

up vote
76
down vote



accepted

This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.

You have to work with human nature, not against it.

So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:

share|improve this answer

answered Nov 16 at 15:24

Anders

47.8k21136157

• 
  
  
  

  
  31
  

  
  
  
  
  
  

  
  there are nicer-looking gates :)
  – schroeder♦
  Nov 16 at 15:34
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
  – mbrig
  Nov 16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  36
  

  
  
  
  
  
  

  
  @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
  – Nuclear Wang
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
  – Jan Hudec
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
  – Gnudiff
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

up vote
34
down vote

You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.

The company protects itself by

• installing physical gates that only allow one person in at a time


• controls that prevent the same passcard being used on the same side of the gate


• human monitors to detect tailgating


• training people to politely challenge those trying to get in without using the proper methods

share|improve this answer

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
  – user2357112
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  14
  

  
  
  
  
  
  

  
  @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
  – schroeder♦
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  19
  

  
  
  
  
  
  

  
  There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
  – Jörg W Mittag
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
  – alephzero
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  13
  

  
  
  
  
  
  

  
  Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
  – Aganju
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

up vote
18
down vote

The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.

If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.

share|improve this answer

answered 2 days ago

John Deters

25.6k23985

add a comment | 

up vote
17
down vote

(Just a passer-by opinion)

Obviously, a physical gate would work the best.

In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.

One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.

At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.

share|improve this answer

edited 2 days ago

answered Nov 16 at 17:23

Petr

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  The problem with letting in people that you recognise is the case when the employee was recently let go.
  – schroeder♦
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  12
  

  
  
  
  
  
  

  
  Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
  – Monty Harder
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
  – pipe
  2 hours ago
  

  
  
  
  

add a comment | 

up vote
8
down vote

One solution is to have "secret drills".

Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.

Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".

Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.

share|improve this answer

edited 2 days ago

answered 2 days ago

PyRulez

1,80431125

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
  – vlaz
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
  – PyRulez
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
  – Andrei
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
  – JMac
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
  – JMac
  2 hours ago
  

  
  
  
  

 | 
show 8 more comments

up vote
7
down vote

As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.

Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.

share|improve this answer

answered 2 days ago

William Michael

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
  – Nosajimiki
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
  – William Michael
  yesterday
  
  
  

  
  
  
  

add a comment | 

up vote
6
down vote

There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.

Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.

I would suggest something like
Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.

share|improve this answer

answered 2 days ago

ShapeOfMatter

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
5
down vote

This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.

You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.

How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".

Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.

share|improve this answer

answered 2 days ago

Ross Millikan

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
5
down vote

Once I got a tour by the CEO of ADB through one of their factories. Before we could enter there were 2 control posts. To enter the parking lot you had to go through an ID verification. If you walked to the building you came by this post also.

The second verification you had to go through was at the entrance. All employees, visitors,... must enter through this entrance. After the door closed you were locked in a grey zone. After you passed another ID verification you received your badge to enter the building. There is no other way in or out. If you left you had to go through the same verification.

Another example of this technique is used by a company that I used to work for. They buy/sell gold in large quantities. If you wanted to enter the building, you had to push a button, then state your business and name while looking into a camera. If the door opens and you enter the building you are locked in a small room where ID verification happened. And your bags are checked everytime you enter or leave. Even people that worked there 5+ years had to go through all those security steps. I never saw anyone with bad intents get further than the first door. If the situation is fishy the person stays locked in that room, the security takes away this person for further investigation. Never I have seen this system fail.

share|improve this answer

answered yesterday

Ilyas Deckers

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
3
down vote

If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.

Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do most of the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.

Another option is the door fob only rings an alert in the security office, where it's up to a security officer there to unlock the door based on how the camera feed correlates to the fob logs. That can be much cheaper than stationing a guard at every door, while still providing most of the same security against tailgating.

share|improve this answer

edited 19 hours ago

answered 2 days ago

Joel Coehoorn

1,2851912

• 
  
  
  

  
  

  
  
  
  
  
  

  
  They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
  – Nosajimiki
  2 days ago
  

  
  
  
  

add a comment | 

up vote
0
down vote

Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.

For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.

share|improve this answer

answered 2 days ago

Aganju

16016

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
  – vlaz
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I have my doubts too... but they seriously do that in the airport, and they should know what they do.
  – Aganju
  2 days ago
  

  
  
  
  

add a comment | 

up vote
-1
down vote

If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.

share|improve this answer

answered 2 days ago

Nosajimiki

2297

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Unless they duck, or face the other way... Technology is not a panacea.
  – wizzwizz4
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
  – wizzwizz4
  28 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

Lithilion is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197817%2fdefence-methods-against-tailgating%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

12 Answers
12

active

oldest

votes

12 Answers
12

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
76
down vote



accepted

This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.

You have to work with human nature, not against it.

So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:

share|improve this answer

answered Nov 16 at 15:24

Anders

47.8k21136157

• 
  
  
  

  
  31
  

  
  
  
  
  
  

  
  there are nicer-looking gates :)
  – schroeder♦
  Nov 16 at 15:34
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
  – mbrig
  Nov 16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  36
  

  
  
  
  
  
  

  
  @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
  – Nuclear Wang
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
  – Jan Hudec
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
  – Gnudiff
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

up vote
76
down vote



accepted

This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.

You have to work with human nature, not against it.

So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:

share|improve this answer

answered Nov 16 at 15:24

Anders

47.8k21136157

• 
  
  
  

  
  31
  

  
  
  
  
  
  

  
  there are nicer-looking gates :)
  – schroeder♦
  Nov 16 at 15:34
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
  – mbrig
  Nov 16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  36
  

  
  
  
  
  
  

  
  @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
  – Nuclear Wang
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
  – Jan Hudec
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
  – Gnudiff
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

up vote
76
down vote



accepted

up vote
76
down vote



accepted

This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.

You have to work with human nature, not against it.

So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:

share|improve this answer

answered Nov 16 at 15:24

Anders

47.8k21136157

This is not a problem that has a social solution. No amount of corporate policy will save you. Humans are social animals. In the end, if people can let other people in, they will. Even if you may be very security aware and not let anyone in, 95% of your collegues will act differently.

You have to work with human nature, not against it.

So if you want to stop tailgating, you'll need one of these, perferably placed in a reception with human supervision:

share|improve this answer

answered Nov 16 at 15:24

Anders

47.8k21136157

share|improve this answer

share|improve this answer

answered Nov 16 at 15:24

Anders

47.8k21136157

answered Nov 16 at 15:24

Anders

47.8k21136157

answered Nov 16 at 15:24

Anders

47.8k21136157

47.8k21136157

• 
  
  
  

  
  31
  

  
  
  
  
  
  

  
  there are nicer-looking gates :)
  – schroeder♦
  Nov 16 at 15:34
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
  – mbrig
  Nov 16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  36
  

  
  
  
  
  
  

  
  @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
  – Nuclear Wang
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
  – Jan Hudec
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
  – Gnudiff
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

• 
  
  
  

  
  31
  

  
  
  
  
  
  

  
  there are nicer-looking gates :)
  – schroeder♦
  Nov 16 at 15:34
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
  – mbrig
  Nov 16 at 16:25
  

  
  
  
  


• 
  
  
  

  
  36
  

  
  
  
  
  
  

  
  @Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
  – Nuclear Wang
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  2
  

  
  
  
  
  
  

  
  @Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
  – Jan Hudec
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
  – Gnudiff
  2 days ago
  

  
  
  
  

31

31

there are nicer-looking gates :)
– schroeder♦
Nov 16 at 15:34

there are nicer-looking gates :)
– schroeder♦
Nov 16 at 15:34

2

2

@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
Nov 16 at 16:25

@schroeder Indeed. I've seen Metro/subway turnstiles/gates at occasional office buildings, though its not quite as secure.
– mbrig
Nov 16 at 16:25

36

36

@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
2 days ago

@Bakuriu Most of the turnstiles I've seen like this have enough room for me and someone I know pretty well, but not enough room for me and a total stranger. It'd be pretty awkward to tailgate through one of these.
– Nuclear Wang
2 days ago

2

2

@Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
– Jan Hudec
2 days ago

@Bakuriu, I certainly do remember one at a back entrance where two normal adults would not fit. At the front entrance there was a normal, more comfortable, turnstile, but there was also security guard there.
– Jan Hudec
2 days ago

5

5

@Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
– Gnudiff
2 days ago

@Bakuriu there are better doors that physically don't allow anyone to fit in. Somewhat extreme example in this answer worldbuilding.stackexchange.com/a/126499/39218 to a question in Worldbuilding SE.
– Gnudiff
2 days ago

 | 
show 6 more comments

up vote
34
down vote

You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.

The company protects itself by

• installing physical gates that only allow one person in at a time


• controls that prevent the same passcard being used on the same side of the gate


• human monitors to detect tailgating


• training people to politely challenge those trying to get in without using the proper methods

share|improve this answer

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
  – user2357112
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  14
  

  
  
  
  
  
  

  
  @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
  – schroeder♦
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  19
  

  
  
  
  
  
  

  
  There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
  – Jörg W Mittag
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
  – alephzero
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  13
  

  
  
  
  
  
  

  
  Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
  – Aganju
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

up vote
34
down vote

You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.

The company protects itself by

• installing physical gates that only allow one person in at a time


• controls that prevent the same passcard being used on the same side of the gate


• human monitors to detect tailgating


• training people to politely challenge those trying to get in without using the proper methods

share|improve this answer

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
  – user2357112
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  14
  

  
  
  
  
  
  

  
  @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
  – schroeder♦
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  19
  

  
  
  
  
  
  

  
  There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
  – Jörg W Mittag
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
  – alephzero
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  13
  

  
  
  
  
  
  

  
  Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
  – Aganju
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

up vote
34
down vote

up vote
34
down vote

You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.

The company protects itself by

• installing physical gates that only allow one person in at a time


• controls that prevent the same passcard being used on the same side of the gate


• human monitors to detect tailgating


• training people to politely challenge those trying to get in without using the proper methods

share|improve this answer

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

You protect yourself by politely challenging people who are trying to get in without using the controls. You simply ask to see their pass or offer to escort them to reception/security. I use the simple phrase, "I'm sorry, I do not know who you are so I cannot just let you in. May I escort you to reception?" If they resist, I monitor them and quietly inform security. For me, it doesn't matter if they are the CEO or a delivery person.

The company protects itself by

• installing physical gates that only allow one person in at a time


• controls that prevent the same passcard being used on the same side of the gate


• human monitors to detect tailgating


• training people to politely challenge those trying to get in without using the proper methods

share|improve this answer

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

share|improve this answer

share|improve this answer

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

answered Nov 16 at 15:28

schroeder♦

70.9k29154189

70.9k29154189

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
  – user2357112
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  14
  

  
  
  
  
  
  

  
  @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
  – schroeder♦
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  19
  

  
  
  
  
  
  

  
  There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
  – Jörg W Mittag
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
  – alephzero
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  13
  

  
  
  
  
  
  

  
  Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
  – Aganju
  2 days ago
  

  
  
  
  

 | 
show 6 more comments

• 
  
  
  

  
  8
  

  
  
  
  
  
  

  
  "I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
  – user2357112
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  14
  

  
  
  
  
  
  

  
  @user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
  – schroeder♦
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  19
  

  
  
  
  
  
  

  
  There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
  – Jörg W Mittag
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  5
  

  
  
  
  
  
  

  
  @user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
  – alephzero
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  13
  

  
  
  
  
  
  

  
  Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
  – Aganju
  2 days ago
  

  
  
  
  

8

8

"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
2 days ago

"I'm sorry, I do not know who you are" - this risks offending people who expect you to know who they are, which can have nasty consequences, especially if you're below-average at remembering people's appearances. Even if the official security policy says it doesn't matter who they are, it matters in practice.
– user2357112
2 days ago

14

14

@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
2 days ago

@user2357112 do you have an alternate phrase to use? Because in no way should you let someone in just to avoid social awkwardness. And yes, I have said that to CEOs. The security policy should matter more than egos. It NEEDS to matter more than egos.
– schroeder♦
2 days ago

19

19

There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
2 days ago

There are two kinds of CEOs: ones that will be pissed, and ones that will applaud you. Either way, you get to find out whether your CEO has your back or not, so it's a win for you.
– Jörg W Mittag
2 days ago

5

5

@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
2 days ago

@user2357112 If you work in a country where people of a different race can do what they like (including getting you fired) simply because they are a different race, that isn't an Information Security issue, it's a Human Rights issue.
– alephzero
2 days ago

13

13

Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
2 days ago

Our company is teaching this every three months for years, and makes everyone sign that they got it. Effect: zero. 95% of people hold the door for anyone that doesn't look like a bum.
– Aganju
2 days ago

 | 
show 6 more comments

up vote
18
down vote

The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.

If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.

share|improve this answer

answered 2 days ago

John Deters

25.6k23985

add a comment | 

up vote
18
down vote

The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.

If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.

share|improve this answer

answered 2 days ago

John Deters

25.6k23985

add a comment | 

up vote
18
down vote

up vote
18
down vote

The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.

If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.

share|improve this answer

answered 2 days ago

John Deters

25.6k23985

The cheap solution is to put up scary “no tailgating - everyone must badge in at this door - no exceptions - don’t risk your job - report all tailgate requests to Joe at 123-456-7890” signs at each unattended controlled portal. Make sure there are obvious cameras in the vicinity.

If you want people to challenge someone, it’s much easier for them to do so when they have something to back up their assertions. That way they can point to the sign and blame it, instead of coming up with their own reason.

share|improve this answer

answered 2 days ago

John Deters

25.6k23985

share|improve this answer

share|improve this answer

answered 2 days ago

John Deters

25.6k23985

answered 2 days ago

John Deters

25.6k23985

answered 2 days ago

John Deters

25.6k23985

25.6k23985

add a comment | 

add a comment | 

up vote
17
down vote

(Just a passer-by opinion)

Obviously, a physical gate would work the best.

In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.

One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.

At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.

share|improve this answer

edited 2 days ago

answered Nov 16 at 17:23

Petr

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  The problem with letting in people that you recognise is the case when the employee was recently let go.
  – schroeder♦
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  12
  

  
  
  
  
  
  

  
  Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
  – Monty Harder
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
  – pipe
  2 hours ago
  

  
  
  
  

add a comment | 

up vote
17
down vote

(Just a passer-by opinion)

Obviously, a physical gate would work the best.

In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.

One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.

At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.

share|improve this answer

edited 2 days ago

answered Nov 16 at 17:23

Petr

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  The problem with letting in people that you recognise is the case when the employee was recently let go.
  – schroeder♦
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  12
  

  
  
  
  
  
  

  
  Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
  – Monty Harder
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
  – pipe
  2 hours ago
  

  
  
  
  

add a comment | 

up vote
17
down vote

up vote
17
down vote

(Just a passer-by opinion)

Obviously, a physical gate would work the best.

In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.

One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.

At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.

share|improve this answer

edited 2 days ago

answered Nov 16 at 17:23

Petr

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

(Just a passer-by opinion)

Obviously, a physical gate would work the best.

In case you don't want to install these, you may try to request all employees to challenge tailgaters, as schroeder suggests. However, I want to underline one distinction that I find important.

One my employer had the policy "do not allow strangers in, but allow people that you know, even if they do not scan their bage etc.". I have always found this to be somewhat embarassing. I have a bad memory on faces, so I can easily not recognise one of my peers, and if I ask them who they are, this will be an embarassing situation. I believe this is the main reason why such policies do not work good.

At the same time, another my employer had a different policy: "everybody must scan their badge, even if they come in as a group". And it was followed; even if we a group of peers were going to a canteen together, everybody in the group would scan their badge at a controlled door. This makes much easier for employees to control tailgating. In normal situation everybody will scan their badge with a distinct beep. If someone follows me and I do not hear a beep, then I am absolutely not that embarrassed to challenge them. Just because in case he is in fact my peer, he has already done something (a bit) wrong, and thus it's ok for me to challenge him.

share|improve this answer

edited 2 days ago

answered Nov 16 at 17:23

Petr

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

share|improve this answer

edited 2 days ago

edited 2 days ago

edited 2 days ago

answered Nov 16 at 17:23

Petr

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered Nov 16 at 17:23

Petr

2715

answered Nov 16 at 17:23

Petr

2715

2715

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Petr is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  The problem with letting in people that you recognise is the case when the employee was recently let go.
  – schroeder♦
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  12
  

  
  
  
  
  
  

  
  Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
  – Monty Harder
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
  – pipe
  2 hours ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  9
  

  
  
  
  
  
  

  
  The problem with letting in people that you recognise is the case when the employee was recently let go.
  – schroeder♦
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  12
  

  
  
  
  
  
  

  
  Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
  – Monty Harder
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
  – pipe
  2 hours ago
  

  
  
  
  

9

9

The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
2 days ago

The problem with letting in people that you recognise is the case when the employee was recently let go.
– schroeder♦
2 days ago

12

12

Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
2 days ago

Our company policy is the "everybody must scan" sort. If the CEO of the company forgot his badge and wanted to tailgate through on my swipe, I'd have to tell him "Sorry, sir. I'll be happy to sign the log with the front-desk guard to get you into the building as my guest, since I recognize you, (and they are going to ask you to show your government-issued photo ID for the log, just in case you're a look-alike who fooled me, and make you hang a Visitor badge around your neck) but I won't subvert security policy by letting you enter without going through that documented-exception process."
– Monty Harder
2 days ago

What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
– pipe
2 hours ago

What do you mean by "a physical gate would work the best"? Tailgating is when someone with access lets someone in through a gate, literally. What is a gate if not physical?
– pipe
2 hours ago

add a comment | 

up vote
8
down vote

One solution is to have "secret drills".

Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.

Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".

Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.

share|improve this answer

edited 2 days ago

answered 2 days ago

PyRulez

1,80431125

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
  – vlaz
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
  – PyRulez
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
  – Andrei
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
  – JMac
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
  – JMac
  2 hours ago
  

  
  
  
  

 | 
show 8 more comments

up vote
8
down vote

One solution is to have "secret drills".

Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.

Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".

Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.

share|improve this answer

edited 2 days ago

answered 2 days ago

PyRulez

1,80431125

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
  – vlaz
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
  – PyRulez
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
  – Andrei
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
  – JMac
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
  – JMac
  2 hours ago
  

  
  
  
  

 | 
show 8 more comments

up vote
8
down vote

up vote
8
down vote

One solution is to have "secret drills".

Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.

Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".

Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.

share|improve this answer

edited 2 days ago

answered 2 days ago

PyRulez

1,80431125

One solution is to have "secret drills".

Ask someone to let you in without a badge. Try and convince them as best you can to let you in. If they let you in without a badge, fire them. Otherwise, reward them.

Okay, it does not need to be that severe, but the point is that the secret drills should be frequent, and there is a clear incentive not to let you in much greater than the social consequences. You might want to start with a more reward focused approach, but as the employees become aware of the secret drills, you should move more towards punishment, since they should "no better".

Of course, don't always use yourself. Use the CEO. Use their immediate boss. Use other employees (although be careful with this, since the employees might let others know they are part of the secret drill. Fake employees might be better). Use someone on a phone just walking in. Use a smoking clown with with a fire axe on his back and a police cap on the head holding 6 packages with a clipboard lying on top demanding to enter the building to check on his elderly mother because he is worried that there is a gas leak.

share|improve this answer

edited 2 days ago

answered 2 days ago

PyRulez

1,80431125

share|improve this answer

share|improve this answer

edited 2 days ago

edited 2 days ago

edited 2 days ago

answered 2 days ago

PyRulez

1,80431125

answered 2 days ago

PyRulez

1,80431125

answered 2 days ago

PyRulez

1,80431125

1,80431125

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
  – vlaz
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
  – PyRulez
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
  – Andrei
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
  – JMac
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
  – JMac
  2 hours ago
  

  
  
  
  

 | 
show 8 more comments

• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
  – vlaz
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
  – PyRulez
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  3
  

  
  
  
  
  
  

  
  there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
  – Andrei
  yesterday
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  @Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
  – JMac
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  @Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
  – JMac
  2 hours ago
  

  
  
  
  

3

3

One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
– vlaz
2 days ago

One solution is to have "secret drills". so...a rather standard pentest? If they let you in without a badge, fire them. which would be terrible for morale. It's also pretty hard to enforce this the more people work in a building. Especially in a shared office building. What are you going to do if somebody from another company lets you in? Or maybe one of their guests for the day?
– vlaz
2 days ago

@vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
– PyRulez
2 days ago

@vlaz well, kind of. The purpose would be training though, not testing. Also, I did say that was a bit of an exaggeration. Also, you could report it to the person's employers, who wouldn't be happy.
– PyRulez
2 days ago

3

3

there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
– Andrei
yesterday

there's no company in the world that has enough money to pay me to work for them and have such a policy. If the company can't solve their security issues without getting into my business at the company, it's their own damn fault, and there's no reason I have to pay for it.
– Andrei
yesterday

@Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
– JMac
3 hours ago

@Andrei I don't quite understand what you mean by that. This is a threat vector that pretty much only exists due to individual employee behaviors. The issue is the employees letting unauthorized people in, so the only way to solve the security issue would involve "getting into your business at the company" by making sure you follow security protocol (or full-time security at entrance points and a high-tech system, which is costly). I don't see how this would be any different than breaking other security policies. Every user of the system has some role in security.
– JMac
3 hours ago

1

1

@Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
– JMac
2 hours ago

@Andrei Security practices should never only be the responsibility of the employees with security jobs. They would come up with the policies, and attempt to enforce them; but that doesn't mean regular employees can ignore security entirely. Your employees should be trained to not allow tailgaters at all. Sometimes installing turnstiles and the measures you talk about (such as security guards) is prohibitively expensive. That doesn't mean you can't have security practices in place with your employees, and enforce those practices. Low-overhead companies may need security too.
– JMac
2 hours ago

 | 
show 8 more comments

up vote
7
down vote

As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.

Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.

share|improve this answer

answered 2 days ago

William Michael

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
  – Nosajimiki
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
  – William Michael
  yesterday
  
  
  

  
  
  
  

add a comment | 

up vote
7
down vote

As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.

Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.

share|improve this answer

answered 2 days ago

William Michael

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
  – Nosajimiki
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
  – William Michael
  yesterday
  
  
  

  
  
  
  

add a comment | 

up vote
7
down vote

up vote
7
down vote

As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.

Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.

share|improve this answer

answered 2 days ago

William Michael

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

As a receptionist, I am trained to vet everyone who comes into the building. If I do not recognize that person, I immediately ask if they need help with anything, and who they have come to see. If they attempt to act with a sense of urgency or authority, then I notify them that they must sign in before entering the building because of food safety protocols, and continue to ask them about the details about why they are here, and then let the person responsible for meeting with them or checking up on them know that they are here.

Our office is relatively relaxed so we let a variety of people in, but typically having several procedures to "slow a person down" like having to sign in, talk to and be vetted by at least one person, and be directed to where they need to go can be very beneficial.

share|improve this answer

answered 2 days ago

William Michael

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

share|improve this answer

answered 2 days ago

William Michael

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 2 days ago

William Michael

711

answered 2 days ago

William Michael

711

711

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

William Michael is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
  – Nosajimiki
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
  – William Michael
  yesterday
  
  
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  4
  

  
  
  
  
  
  

  
  Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
  – Nosajimiki
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
  – William Michael
  yesterday
  
  
  

  
  
  
  

4

4

Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
2 days ago

Unauthorized tailgaters rarely use the front door. The main concern for this subject is going to be those back-doors that make it easy to convince someone on their smoke break to let you into an unsupervised entrance. There are many social engineering tricks to beating receptionists, but that is a different question.
– Nosajimiki
2 days ago

1

1

If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
– William Michael
yesterday

If a building has multiple entrances with a main reception desk, it would seem like the only logical thing to do in that situation would be to either have the receptionist have access to camera systems for other entrances, someone in IT, or a full/part time security guard. Edit : Posted before I finished my comment. As you stated in your response, people will find workarounds when it comes to social encounters, so the only way to ensure this doesn't happen would be to put procedures in place to have people dissociated enough to actually pay attention to these kinds of things.
– William Michael
yesterday

add a comment | 

up vote
6
down vote

There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.

Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.

I would suggest something like
Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.

share|improve this answer

answered 2 days ago

ShapeOfMatter

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
6
down vote

There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.

Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.

I would suggest something like
Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.

share|improve this answer

answered 2 days ago

ShapeOfMatter

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
6
down vote

up vote
6
down vote

There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.

Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.

I would suggest something like
Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.

share|improve this answer

answered 2 days ago

ShapeOfMatter

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

There's a lot of value to a sign, at least relative to its literal and sociological costs, but I would assume that the text matters.

Any variation of You/Everyone must swipe in at this door will set up a rule which an intruder might choose to break. It doesn't set up an expectation of rule-compliant people to enforce the rule on their peers or strangers. Even more precisely, it doesn't reassure rule-compliant people that their peers won't perceive them as uptight for enforcing the rule.

I would suggest something like
Make sure everyone entering with you swipes in. Listen for the beep indicating that their badge is valid/up-to-date.

If I'm entering the building with someone, then I know that they've seen the sign that says that I have to ask them to swipe in.

share|improve this answer

answered 2 days ago

ShapeOfMatter

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

share|improve this answer

answered 2 days ago

ShapeOfMatter

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 2 days ago

ShapeOfMatter

613

answered 2 days ago

ShapeOfMatter

613

613

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

ShapeOfMatter is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

up vote
5
down vote

This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.

You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.

How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".

Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.

share|improve this answer

answered 2 days ago

Ross Millikan

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
5
down vote

This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.

You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.

How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".

Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.

share|improve this answer

answered 2 days ago

Ross Millikan

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
5
down vote

up vote
5
down vote

This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.

You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.

How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".

Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.

share|improve this answer

answered 2 days ago

Ross Millikan

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

This is hard and you need to think about the tradeoff it implies. Most tailgaters should be allowed into the building-they really do have a beneficial purpose there. My company had multiple buildings with doors that only permitted one person through, but I could swipe my badge and let anybody in, then swipe again and go in myself. (I used to joke I should get double pay because there were two of me at work.) Visitors were supposed to check in with reception, but that was in another building and they still needed me to swipe them in-they were not given badges that would swipe.

You have a choice between a serious effort to prevent tailgating and viewing your access controls as the first step of a defense in depth. If you really want to prevent tailgating, you need to accept that beside the personnel cost for monitoring you will slow everything down. Copy machines will not get repaired as promptly, so meetings will not be as efficient. Some meetings with outsiders will not happen because it is just too much trouble. Maybe one of those held the secret to the ultimate success of your company.

How bad is it if an unauthorized person gets in? Will they be challenged if they are just wandering around unescorted? Is it worth the cost to really prevent, as opposed to just making it a bit difficult? I started with "this is hard".

Clearly this is not an answer to the question as asked, but it seems there is an underlying assumption that we need to prevent tailgating. That is true in some situations, but not all.

share|improve this answer

answered 2 days ago

Ross Millikan

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

share|improve this answer

answered 2 days ago

Ross Millikan

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered 2 days ago

Ross Millikan

1513

answered 2 days ago

Ross Millikan

1513

1513

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Ross Millikan is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

up vote
5
down vote

Once I got a tour by the CEO of ADB through one of their factories. Before we could enter there were 2 control posts. To enter the parking lot you had to go through an ID verification. If you walked to the building you came by this post also.

The second verification you had to go through was at the entrance. All employees, visitors,... must enter through this entrance. After the door closed you were locked in a grey zone. After you passed another ID verification you received your badge to enter the building. There is no other way in or out. If you left you had to go through the same verification.

Another example of this technique is used by a company that I used to work for. They buy/sell gold in large quantities. If you wanted to enter the building, you had to push a button, then state your business and name while looking into a camera. If the door opens and you enter the building you are locked in a small room where ID verification happened. And your bags are checked everytime you enter or leave. Even people that worked there 5+ years had to go through all those security steps. I never saw anyone with bad intents get further than the first door. If the situation is fishy the person stays locked in that room, the security takes away this person for further investigation. Never I have seen this system fail.

share|improve this answer

answered yesterday

Ilyas Deckers

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
5
down vote

Once I got a tour by the CEO of ADB through one of their factories. Before we could enter there were 2 control posts. To enter the parking lot you had to go through an ID verification. If you walked to the building you came by this post also.

The second verification you had to go through was at the entrance. All employees, visitors,... must enter through this entrance. After the door closed you were locked in a grey zone. After you passed another ID verification you received your badge to enter the building. There is no other way in or out. If you left you had to go through the same verification.

Another example of this technique is used by a company that I used to work for. They buy/sell gold in large quantities. If you wanted to enter the building, you had to push a button, then state your business and name while looking into a camera. If the door opens and you enter the building you are locked in a small room where ID verification happened. And your bags are checked everytime you enter or leave. Even people that worked there 5+ years had to go through all those security steps. I never saw anyone with bad intents get further than the first door. If the situation is fishy the person stays locked in that room, the security takes away this person for further investigation. Never I have seen this system fail.

share|improve this answer

answered yesterday

Ilyas Deckers

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
5
down vote

up vote
5
down vote

Once I got a tour by the CEO of ADB through one of their factories. Before we could enter there were 2 control posts. To enter the parking lot you had to go through an ID verification. If you walked to the building you came by this post also.

The second verification you had to go through was at the entrance. All employees, visitors,... must enter through this entrance. After the door closed you were locked in a grey zone. After you passed another ID verification you received your badge to enter the building. There is no other way in or out. If you left you had to go through the same verification.

Another example of this technique is used by a company that I used to work for. They buy/sell gold in large quantities. If you wanted to enter the building, you had to push a button, then state your business and name while looking into a camera. If the door opens and you enter the building you are locked in a small room where ID verification happened. And your bags are checked everytime you enter or leave. Even people that worked there 5+ years had to go through all those security steps. I never saw anyone with bad intents get further than the first door. If the situation is fishy the person stays locked in that room, the security takes away this person for further investigation. Never I have seen this system fail.

share|improve this answer

answered yesterday

Ilyas Deckers

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Once I got a tour by the CEO of ADB through one of their factories. Before we could enter there were 2 control posts. To enter the parking lot you had to go through an ID verification. If you walked to the building you came by this post also.

The second verification you had to go through was at the entrance. All employees, visitors,... must enter through this entrance. After the door closed you were locked in a grey zone. After you passed another ID verification you received your badge to enter the building. There is no other way in or out. If you left you had to go through the same verification.

Another example of this technique is used by a company that I used to work for. They buy/sell gold in large quantities. If you wanted to enter the building, you had to push a button, then state your business and name while looking into a camera. If the door opens and you enter the building you are locked in a small room where ID verification happened. And your bags are checked everytime you enter or leave. Even people that worked there 5+ years had to go through all those security steps. I never saw anyone with bad intents get further than the first door. If the situation is fishy the person stays locked in that room, the security takes away this person for further investigation. Never I have seen this system fail.

share|improve this answer

answered yesterday

Ilyas Deckers

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this answer

share|improve this answer

answered yesterday

Ilyas Deckers

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

answered yesterday

Ilyas Deckers

1512

answered yesterday

Ilyas Deckers

1512

1512

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Ilyas Deckers is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

up vote
3
down vote

If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.

Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do most of the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.

Another option is the door fob only rings an alert in the security office, where it's up to a security officer there to unlock the door based on how the camera feed correlates to the fob logs. That can be much cheaper than stationing a guard at every door, while still providing most of the same security against tailgating.

share|improve this answer

edited 19 hours ago

answered 2 days ago

Joel Coehoorn

1,2851912

• 
  
  
  

  
  

  
  
  
  
  
  

  
  They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
  – Nosajimiki
  2 days ago
  

  
  
  
  

add a comment | 

up vote
3
down vote

If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.

Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do most of the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.

Another option is the door fob only rings an alert in the security office, where it's up to a security officer there to unlock the door based on how the camera feed correlates to the fob logs. That can be much cheaper than stationing a guard at every door, while still providing most of the same security against tailgating.

share|improve this answer

edited 19 hours ago

answered 2 days ago

Joel Coehoorn

1,2851912

• 
  
  
  

  
  

  
  
  
  
  
  

  
  They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
  – Nosajimiki
  2 days ago
  

  
  
  
  

add a comment | 

up vote
3
down vote

up vote
3
down vote

If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.

Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do most of the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.

Another option is the door fob only rings an alert in the security office, where it's up to a security officer there to unlock the door based on how the camera feed correlates to the fob logs. That can be much cheaper than stationing a guard at every door, while still providing most of the same security against tailgating.

share|improve this answer

edited 19 hours ago

answered 2 days ago

Joel Coehoorn

1,2851912

If it's a situation the really matters that much, you station a security person at every entrance whose entire job is to challenge people who enter without swiping — even people known to them, since access be be revoked suddenly. Then you back this up with security camera spot checks, where the job of the cameras is allowing a supervisor to verify the guards are doing what they are supposed to, in addition to keeping records of entrances/exits.

Eventually, I expect computer vision technology to evolve to the point where a camera can be smart enough to do most of the job of the guard. It only has to detect the number of total people vs the number of distinct swipes, and you can use infrared in addition to visible light to make it difficult to fool the camera.

Another option is the door fob only rings an alert in the security office, where it's up to a security officer there to unlock the door based on how the camera feed correlates to the fob logs. That can be much cheaper than stationing a guard at every door, while still providing most of the same security against tailgating.

share|improve this answer

edited 19 hours ago

answered 2 days ago

Joel Coehoorn

1,2851912

share|improve this answer

share|improve this answer

edited 19 hours ago

edited 19 hours ago

edited 19 hours ago

answered 2 days ago

Joel Coehoorn

1,2851912

answered 2 days ago

Joel Coehoorn

1,2851912

answered 2 days ago

Joel Coehoorn

1,2851912

1,2851912

• 
  
  
  

  
  

  
  
  
  
  
  

  
  They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
  – Nosajimiki
  2 days ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
  – Nosajimiki
  2 days ago
  

  
  
  
  

They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
2 days ago

They have been that smart for a few years now, and are already used in this capacity, although you only really see them in really high profile buildings like major data centers, expect this technology to become a lot more common place in the next few years.
– Nosajimiki
2 days ago

add a comment | 

up vote
0
down vote

Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.

For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.

share|improve this answer

answered 2 days ago

Aganju

16016

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
  – vlaz
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I have my doubts too... but they seriously do that in the airport, and they should know what they do.
  – Aganju
  2 days ago
  

  
  
  
  

add a comment | 

up vote
0
down vote

Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.

For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.

share|improve this answer

answered 2 days ago

Aganju

16016

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
  – vlaz
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I have my doubts too... but they seriously do that in the airport, and they should know what they do.
  – Aganju
  2 days ago
  

  
  
  
  

add a comment | 

up vote
0
down vote

up vote
0
down vote

Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.

For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.

share|improve this answer

answered 2 days ago

Aganju

16016

Face recognition technology is about ready for that, and can easily handle large masses of people simultaneously, without the need for badges or turn styles.

For example, the Orlando airport is being converted to use face recognition instead of passport controls (supposedly still to go live in 2018). You will just walk by, and be automatically identified.

share|improve this answer

answered 2 days ago

Aganju

16016

share|improve this answer

share|improve this answer

answered 2 days ago

Aganju

16016

answered 2 days ago

Aganju

16016

answered 2 days ago

Aganju

16016

16016

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
  – vlaz
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I have my doubts too... but they seriously do that in the airport, and they should know what they do.
  – Aganju
  2 days ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
  – vlaz
  2 days ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I have my doubts too... but they seriously do that in the airport, and they should know what they do.
  – Aganju
  2 days ago
  

  
  
  
  

1

1

How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
2 days ago

How easy is this to fool by wearing a mask or something? You can't really do that at an airport - too many people around and it would be suspicious, but what about an office building at a quiet hour or even few minutes - you put the mask on, get in, take it off when nobody is around to question you? How easy is it to get a false negative, either - if somebody grew a beard or maybe had a face injury, would they be denied access? That's lower risk than a false positive but still something to keep in mind.
– vlaz
2 days ago

I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
2 days ago

I have my doubts too... but they seriously do that in the airport, and they should know what they do.
– Aganju
2 days ago

add a comment | 

up vote
-1
down vote

If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.

share|improve this answer

answered 2 days ago

Nosajimiki

2297

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Unless they duck, or face the other way... Technology is not a panacea.
  – wizzwizz4
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
  – wizzwizz4
  28 mins ago
  

  
  
  
  

add a comment | 

up vote
-1
down vote

If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.

share|improve this answer

answered 2 days ago

Nosajimiki

2297

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Unless they duck, or face the other way... Technology is not a panacea.
  – wizzwizz4
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
  – wizzwizz4
  28 mins ago
  

  
  
  
  

add a comment | 

up vote
-1
down vote

up vote
-1
down vote

If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.

share|improve this answer

answered 2 days ago

Nosajimiki

2297

If you have the budget for it, use high resolution cameras with facial recognition. Security will be alerted even if some well meaning do-gooder holds the door open for them when they enter an unauthorized area.

share|improve this answer

answered 2 days ago

Nosajimiki

2297

share|improve this answer

share|improve this answer

answered 2 days ago

Nosajimiki

2297

answered 2 days ago

Nosajimiki

2297

answered 2 days ago

Nosajimiki

2297

2297

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Unless they duck, or face the other way... Technology is not a panacea.
  – wizzwizz4
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
  – wizzwizz4
  28 mins ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  Unless they duck, or face the other way... Technology is not a panacea.
  – wizzwizz4
  2 days ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
  – Nosajimiki
  3 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
  – wizzwizz4
  28 mins ago
  

  
  
  
  

Unless they duck, or face the other way... Technology is not a panacea.
– wizzwizz4
2 days ago

Unless they duck, or face the other way... Technology is not a panacea.
– wizzwizz4
2 days ago

This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
– Nosajimiki
3 hours ago

This comes down to what level of security you are trying to enforce. Many can be configured to alert you to an unrecognized person; so, obscured faces can create false positives, but false negatives are nearly impossible. Even if you have a bag over your head, it will still mark you as an unknown person alerting security to your presence. Also, the facial recognition software that comes with them typically use machine learning; so, they learn your whole facial profile over time such that false positives become pretty rare after it's seen you a few times.
– Nosajimiki
3 hours ago

This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
– Nosajimiki
3 hours ago

This many not be a good course of action for a building where you have a lot of "unknown" people coming and going, but in general, if you are worried about tailgating as a serious security concern, you are probably talking about somewhere that unknown people should not be to begin with.
– Nosajimiki
3 hours ago

I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
– wizzwizz4
28 mins ago

I've experience with fooling automatic doors; even that's not hard. So fooling a much more complex system? A commando-roll could well be enough. And remember; if the system's too sensitive, it won't be long before positives are ignored.
– wizzwizz4
28 mins ago

add a comment | 

Lithilion is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Lithilion is a new contributor. Be nice, and check out our Code of Conduct.

Lithilion is a new contributor. Be nice, and check out our Code of Conduct.

Lithilion is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197817%2fdefence-methods-against-tailgating%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Name

Name

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

Email

Required, but never shown

This page is only for reference, If you need detailed information, please check here