Posts tagged security

I’ve recently had a small ponder on the subject of the University’s ID cards and ways to make them more useful, since user experience is something I care strongly about and how we identify people is a big part of that.

Something I’d really like to see is the University have a proper unified access system, after recently talking to a student who carries their ID card and three other completely blank white cards to allow them access to various rooms and buildings. One other staff member sports two white cards (completely blank) and a keyfob on top of their ID card. At one point I carried my student ID card, staff ID card and no fewer than four mysterious blank white cards all issued by various University departments.

Asking someone to carry multiple additional credit card sized pieces of plastic and potentially clip other things to their keyring is over the top when people are already carting around driving licences, debit cards, store loyalty cards and lord knows what else. On top of the sheer quantity of plastic is the inherent flaw in having blank cards – yes they provide no information on which doors they open which is great if they’re lost, but equally they provide no information on which doors they open which is really annoying if you have more than one of them.

I propose that to solve this problem the University replaces all staff ID cards with RFID enabled ones (Mifare 1K cards for preference, the exact same ones as the current mysterious blank white cards). As soon as this is done they issue all new students and card replacements with RFID cards.

A blank white Mifare 1k card, bought in a pack of 100, will cost around 70p. Yes this is more than the current blank cardstock, but the extra expenditure is virtually nothing in the grand scheme of things (you could easily spend 50-60p on giveaway pens). The card externally looks and feels exactly the same, so all of the University’s current information and security features will work, including the barcode to retain perfect backwards compatibility. In short there is no risk whatsoever to existing ID card processes and systems in moving from ‘dumb’ cardstock to RFID cardstock.

Since the new cards follow the exact same standards as the current mysterious blank white cards a person’s ID card can now be treated as a security card. There is absolutely no requirement at all for multiple cards, since in the past I’ve had my blank white cards merged into one. Keep a note of which person each ID card belongs to and should they lose a card or leave you simply look up their name in the system and revoke the card access, then as soon as they get a new ID card you restore their access.

In theory such as system (should our building security sport half-decent interfaces to anything) could even be tied into HR and student information systems, which is where what I do comes in. Imagine that when a student enrolls their card is printed as usual and automatically programmed to let them into the rooms which are appropriate for their course. When a member of staff is issued with their ID card there’s no subsequent waiting for a departmental administrator to fish a mysterious blank white card from a filing cabinet somewhere, they’re simply instantly granted access to their building and office. Finally, when someone moves or leaves their security access is seamlessly updated.

Yes, RFID will cost more (pennies per card), but as far as I can see all we’re going to do is maintain compatibility with barcode based systems, streamline and simplify the building access systems, and since Mifare 1k is a fairly de-facto standard for RFID applications (cashless systems, security, you name it) then we’ve put in part a major part of infrastructure for future developments.

So what do you think? Arguments for and against are more than welcome.

Today we’ve just finished setting up and testing our brand-new, very shiny SSL certificate for our primary Online Services support server. This means that the CWD is now ready to be used on all of the University’s secure systems, starting (hopefully later today) with a roll-out of the new wireless sign in page.

What this also means is that we’ve been able to tighten the security on Nucleus so that in future all requests must be over SSL. For those using Nucleus for things please take this as a warning – as of the end of the week all Nucleus requests over HTTP will fail.

Finally, we’re a step closer to our complete OAuth implementation! We’re still ironing out a few bugs and awaiting our security audit, but it’s getting there.

The waiting is over, the changes have been made, LUNA is here.

All users of the internet in University accommodation (Student Village and Riseholme Park) will see the new service whenever they connect to the internet. None of your details have changed, you still use the same username and password to connect, but how things look will be different. Hopefully cleaner, faster and easier to use.

The next phase of the upgrade (requiring people to have updated machines and anti-virus) is already partially in effect, all new machines being connected and those already in quarantine will need to be running recent service packs. However, as far as we are aware nobody is affected by this requirement since you’re all well behaved and have updates turned on. At the next scheduled required rescan (about two weeks away) all users will be required to be up to date and running anti-virus and anti-malware software. Sadly we don’t have a cool web address like http://getsecure.lincoln.ac.uk to give to people which talks them through what to do, so in the meantime I’ve created my own quick guide:

Nick’s Guide to Getting Secure

Read it, make sure you follow the three simple steps, and that’s it. Easy.

Hooray, it’s Freshers’ Week! Today involves having to negotiate the swarms of scared looking freshers as they look in a confused manner at maps of campus. It’s also the day when ICT is watching the servers nervously, as 10,000 students all try to retrieve their (still not published, so don’t bother) newly published timetables. Here’s an important message: don’t panic. If you get lost or confused just grab a helpful looking person and 9 times out of 10 they’ll be happy to point you in the right direction.

In the slower-paced world of Online Services R&D my task for today (in between the mind-numbing tedium of SU induction workshops) is to iron out the last few kinks in the printing implementation, more specifically those to do with user rights. Once that is done I can get cracking with test servers and get a functional SafeCom system working. Despite needing to dip in and out of the office this week to attend inductions, welcome backs and Freshers’ Fayre (come visit Drama Society, we’re awesome!) I realistically hope to have a workable solution in place by the start of term next Monday.

(more…)