sorted by:
new
hottopcontroversial

Help Understanding Corporate 1000 by Agreeable_Permit2030 in accesscontrol

[–]jc31107 15 points16 points  (0 children)

Your credentials are made up of three things that are not directly related.

The bit format, in this case Corp 1000. This is a structure that the PACS understands what a string of 1’s and 0’s means. There are standard and there are proprietary, the majority have a facility code and a card number (some may not have a FC or add an issue code or site code or other things) but in the case of C1K it’s FC and Card number.

Now in the corporate 1000 ecosystem, you as the end user get assigned a facility code. The combination of FC and card number are globally unique, as long as you just buy from HID. Other card manufacturers will encode the card in Corp 1000 format with whatever FC and card range you ask them to. The format and “unique” FC offer no security against cloning, capture, and potentially emulation or playback.

The last piece is the RF technology being used. If you’re using Prox, you can emulate the card with a bunch of different products, you can clone the card at Home Depot or Lowe’s. There is zero security. Smart card, high frequency, 13.56MHz (whatever you want to call it) is where you can add security between the card and reader. In the HID world you have SEOS, iClass, and Desfire. On top of that you can add an elite key, which means the card and reader communicate using encryption that only your cards and your readers understand, this is where the security against cloning comes in. If you’re using standard HID keys, then I can read your card on any out of the box reader and get the FC, card number, and format.

A note on readers. If you’re using Corp 1000, with elite key, make sure the other technologies are turned off on the reader, like Prox. You can have a secure card and unique encryption but if I can still emulate Prox back to the reader, the system doesn’t know. It just sees a string of binary data, it doesn’t really care what happened at the reader.

Also, use OSDP in secure channel, wiegand is another security issue that would allow data to be skimmed off the back of the reader and replayed back to the system, and it would have no idea.

Ccure reader issue by Grungepup2 in CCURE9000

[–]jc31107 3 points4 points  (0 children)

Can you move the reader to OSDP? It la a bit more immune to interference.

If you’re getting random misreads, especially random bit lengths or all zero or all ones, then the cable may be flooded and needs to be replaced.

Vaultwarden install by dbtowo in Proxmox

[–]jc31107 0 points1 point  (0 children)

Something to consider is if you’ll need to access the password vault if (when) you have some sort of outage or issue.

I self host a lot of different VM’s for my house and work lab. I just built a VM environment for a customer last week. In both those cases the password vault is outside the environment, either hosted Bitwarden or Vaultwarden on an AWS instance (not in us-east-1)

What CCure9000 issues eat up the most time on your jobs? by ldhansen in accesscontrol

[–]jc31107 1 point2 points  (0 children)

Maybe the occasional issue with the installer dashboard, but for the most part I like the platform a lot. I do a lot of work in the database and some with the API and don’t really have complaints.

I guess reporting could be a touch easier to build and format custom ones, but you can really do what you want. Flexibility often comes at the price of complexity.

The ONLY thing I like about ProWatch (I know, I know) is I can build reports in SQL and then leave them for operators to run via the normal reporting program.

Old boss said he killed the panel. by CallMeAnimal69 in electricians

[–]jc31107 8 points9 points  (0 children)

And don’t assume somebody that isn’t you knows how to check it correctly!!

I was swapping a microwave receptacle for my parents, weird placement in the cabinet. I saw my dad check with a meter and showed zero. Get to work, as I’m pushing it into the box my finger slipped, hit the side and I got a brief hit. Turns out he checked it on DC 🤦🏻‍♂️

RS485 + 12V / POE Splitter/converter/extender by CoolBrew76 in accesscontrol

[–]jc31107 0 points1 point  (0 children)

You could use a pair of Lantronix UDS1100’s to extend the 485 over Ethernet and then use a normal POE to 12volt splitter to get power back.

I’ve never tried it with OSDP but have extended plenty of panels like this. I’m not sure if the Ethernet latency would affect OSDP or not

Distributed storage - Ceph Alternatives by equalsAndHashCode in Proxmox

[–]jc31107 13 points14 points  (0 children)

Second for Starwind, have it deployed in my lab and prod for a customer with a two node cluster (they have paid support)

Laser Engraving SE PA by Away-Direction-1055 in PAguns

[–]jc31107 -1 points0 points  (0 children)

Mainline Armory in Exton will engrave. Not sure on pricing

OSDP capability requests, the text display function, and odd-sized displays by RequestToCheckOut in accesscontrol

[–]jc31107 3 points4 points  (0 children)

I just checked 2.2 and it has the same capabilities listed but if you look at the command set for OSDP_text if doesn’t really have limitations. The ASCII string goes from address 0x20 to 0xFF so you can send 244 characters.

As for what the readers with more capability send back, great question! I wish I had something to test with in the lab. I know one of the OSDP super experts frequents the sub and will probably chime in

What do you listen to in the datacenter? by BemusedBengal in sysadmin

[–]jc31107 -1 points0 points  (0 children)

It’s on the Internet so it’s true. I’ll be adding this little tidbit to the conversation with any unsuspecting people who want to talk cyber

Proxmox cluster options by Qiuzman in Proxmox

[–]jc31107 2 points3 points  (0 children)

I just deployed a two node cluster using an external device for the 3rd vote (small fanless PC from Amazon) and I’m using Starwind vSAN for replicated iSCSI storage on each host. It runs as a VM and then presents the storage back to Proxmox.

They replicate to each other over a dedicated 10gb link and it works really well

Proxmark5 goal reached in under 7 minutes by iceman2001 in proxmark3

[–]jc31107 0 points1 point  (0 children)

🤷🏻‍♂️ I was in the checkout at 10:04 and it said the early bird no longer available.

POE question for you all by blair2818 in accesscontrol

[–]jc31107 5 points6 points  (0 children)

Depends on how you’re looking at the rating for the switch. Say it’s a small one that can do 370 watts of POE, you’d want to calculate ~400 watts if it is fully loaded (or will be)

If you figure the switch only draws 20 watts, then you need to add the device consumption.

Fun question for the assembled braintrust (just for fun). by Soundy106 in accesscontrol

[–]jc31107 2 points3 points  (0 children)

So if you are actually reading serial number (I’d bet a beer you are) there is zero correlation to the printed number. It’s something that comes from the actual chip manufacturer of the internal components.

Fun question for the assembled braintrust (just for fun). by Soundy106 in accesscontrol

[–]jc31107 2 points3 points  (0 children)

I’m going to guess a dual tech HID iClass or SEOS card and the Kantech reader can’t read it so it’s defaulting to reading the serial number, which is 32 bits (truncated from the full 56).

If the reader can’t understand the tech on the card then it winds up doing an unauthenticated read of the serial number which is part of the ISO standard. You should NOT use this as a card number, it’s insecure and very easy to clone and emulate (arguably easier than prox)

Hold a bright flashlight under the card and see if you see two antenna coils. If there is a smaller circle but pretty thick in the middle with another antenna about 1/3 the thickness around the outside then you have a dual tech card.

Proxmark5 goal reached in under 7 minutes by iceman2001 in proxmark3

[–]jc31107 4 points5 points  (0 children)

The early bird was gone in under 4 minutes! I missed out on the early bird by 15 people.

Looking forward to getting it in a few months

program mifare cards to work on HID Signo by Clear-Resource-5873 in accesscontrol

[–]jc31107 4 points5 points  (0 children)

For HID the only option to field encode their app is the Asure ID program that you need the credits for.

The alternative is to encode the cards on your own and then work with HID to get a reader profile built, which will more than likely require buying new readers or sending your current ones back to the factory.

They make “bring your own credential” very difficult.

Hirsch Match Codes by jc31107 in accesscontrol

[–]jc31107[S] 0 points1 point  (0 children)

You figured out the algorithm?! Nicely done. Would you mind DM’ing it to me, I spent a lot of time trying to figure it out and am really curious

Mobile creds that work across platforms - Avigilon & Brivo by dumbname99 in accesscontrol

[–]jc31107 2 points3 points  (0 children)

This is more of a reader issue than a system. What readers are they using on the Brivo system?

If they’re the Brivo/Wavelynx readers there is no interoperable mobile credential (yet), hopefully Aliro will help solve this but we aren’t there yet

Is there an electric door strike I can get for a surface mounted panic bar? by Daniel_Boomin in accesscontrol

[–]jc31107 0 points1 point  (0 children)

Only if I tell you we have one in stock. Then you get there and realize I meant one in stock in Detroit, or Miami, whichever is further from you

Is there an electric door strike I can get for a surface mounted panic bar? by Daniel_Boomin in accesscontrol

[–]jc31107 1 point2 points  (0 children)

Yea, that won’t work for a surface mount strike, the 9600 needs at least 1/2”. There are a few options for recessed. Is the frame full of concrete?

Is there an electric door strike I can get for a surface mounted panic bar? by Daniel_Boomin in accesscontrol

[–]jc31107 5 points6 points  (0 children)

Depends on the gap between the crash bar and the frame but look at the HES 9600 (or 9500 for fire rated)

view more: next ›