[FAQ] Protecting my RFID Card

RFID is a type of wireless technology, used by many organisations to provide access control for buildings.

RFID (Radio Frequency IDentification) Cards allow you to obtain sensitive information to help identify objects that have been fitted with special RF identification tags in order to easily manage assets and materials, determine access control and track inventory.

Being able to identify and account for items so quickly and easily, it is vital that we secure these cards adequately.

Here are some ideas on how to protect your RFID card;

  • Use approved RFID Protection sleeves (FIPS 201) for all RFID cards to make card skimming more difficult – http://en.wikipedia.org/wiki/Radio-frequency_identification#Shielding
  • Never display RFID card IDs in public (code usually printed on the card) as cloned cards can be produced from this alone – http://andrewmohawk.com/2013/01/27/bypassing-lf-entry-systems/
  • Don’t rely on only RIFD tags as access control to highly sensitive areas, use other factors such as biometrics in conjunction with physical tokens (RFID cards).
  • Be aware of the information being given out as social engineering attacks will usually be cleverly disguised.
  • Never assume people are authorised to have access to sensitive areas of the building. If you are suspicious it is perfectly acceptable to ask why somebody is where they are and to follow it up.

[FAQ] Security Considerations for Customised Off The Shelf (COTS) Product Security


There are a number of elements that relate to the early stages of the Software/System Development Lifecycle (SDLC) that should be considered in regards to security. Unfortunately, for a number of projects, our company becomes involved at the final stages of the process, which often results in highlighting a lack or ineffective due diligence at the early phases. It is difficult to manage a project where the software is found out to be inherintly insecure and often leads to excessive launch delays, greatly increased budget requirements for additional resolution or even an outright cancelling of an expensive project.

While many people hate the analogy of “buying a car” when it is applied to IT, it is actually particularly relevant for product selection. In both cases, you have to be wary of products being rebadged, inferior internals within the product, whether it performs well in a test drive, an inability to easily conduct ongoing maintenance and poor after-purchase support.

Surely if I bought a product from a large software vendor everything would be fine?

A product that carries the supposed weight of a large multinational corporate has absolutely no bearing on its quality. Keep in mind that large corporates typically tend to conduct company acquisitions today rather than gamble on developing a product from scratch internally. The quality of the product is usually directly dependent on the company who authored the software – whom you may not have even heard of.

Continue reading