Page 688 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 688

security mechanism, smartcards are subject to weaknesses and
               vulnerabilities. Smartcards can fall prey to physical attacks, logical

               attacks, Trojan horse attacks, or social-engineering attacks. In most
               cases, a smartcard is used in a multifactor configuration. Thus, theft or
               loss of a smartcard does not result in easy impersonation. The most
               common form of multifactor used in relation to a smartcard is the
               requirement of a PIN. You’ll find additional information about
               smartcards in Chapter 13, “Managing Identity and Authentication.”


               Memory cards are machine-readable ID cards with a magnetic strip.
               Like a credit card, debit card, or ATM card, memory cards can retain a
               small amount of data but are unable to process data like a smartcard.
               Memory cards often function as a type of two-factor control: the card
               is “something you have” and its personal identification number (PIN)
               is “something you know.” However, memory cards are easy to copy or
               duplicate and are insufficient for authentication purposes in a secure
               environment.



               Proximity Readers

               In addition to smart/dumb cards, proximity readers can be used to
               control physical access. A proximity reader can be a passive device, a
               field-powered device, or a transponder. The proximity device is worn
               or held by the authorized bearer. When it passes a proximity reader,
               the reader is able to determine who the bearer is and whether they
               have authorized access. A passive device reflects or otherwise alters

               the electromagnetic field generated by the reader. This alteration is
               detected by the reader.

               The passive device has no active electronics; it is just a small magnet
               with specific properties (like antitheft devices commonly found on
               DVDs). A field-powered device has electronics that activate when the
               device enters the electromagnetic field that the reader generates. Such
               devices actually generate electricity from an EM field to power

               themselves (such as card readers that require only that the access card
               be waved within inches of the reader to unlock doors). A transponder
               device is self-powered and transmits a signal received by the reader.
               This can occur consistently or only at the press of a button (like a
               garage door opener or car alarm key fob).
   683   684   685   686   687   688   689   690   691   692   693