Back to: Data Center Physical Security Professional
Lesson 3.4: Anti-Passback & Tailgating Mitigation
1. Learning Objectives
By the end of this lesson, you will be able to:
- Define “Anti-Passback” (APB) and distinguish between Hard, Soft, and Timed APB.
- Explain the difference between “Piggybacking” (cooperative) and “Tailgating” (uncooperative).
- Evaluate hardware solutions like Optical Turnstiles and Weight-Sensing Floors for preventing unauthorized entry.
2. Anti-Passback (APB): Stopping Badge Sharing
The Threat: An employee (Alice) badges into the Data Center. She then passes her badge back to her friend (Bob), who is waiting outside. Bob scans the same badge and enters. Now, two people are inside, but the system only sees one.
The Solution: Anti-Passback logic requires a specific sequence: In $\rightarrow$ Out $\rightarrow$ In.
- How it works: The Access Control System (ACS) tracks the “state” of the badge.
- If Alice is “Inside,” the badge cannot be used at an “In” reader again until it has been scanned at an “Out” reader.
Types of APB:
- Hard APB: The system denies the second entry attempt and triggers an alarm.
- Use Case: High-security zones (Server Rooms).
- Soft APB: The system allows the entry but flags a violation in the report for the security manager to review later.
- Use Case: Office areas (prevents embarrassment/blockage at turnstiles while tracking abuse).
- Timed APB: The badge cannot be used at the same reader for a set time (e.g., 5 minutes).
- Use Case: Parking garages.
Critical Safety Note: APB creates a risk during emergencies. If someone leaves without badging out (e.g., through a fire exit), their badge is stuck “Inside.” Most systems automatically reset all APB statuses during a Fire Alarm.
3. Tailgating vs. Piggybacking
While often used interchangeably, there is a subtle distinction in physical security:
- Piggybacking: The authorized person knowingly holds the door for the unauthorized person (Common courtesy/social engineering).
- Tailgating: The unauthorized person slips in behind the authorized person without their consent or knowledge.
4. Mitigation Hardware
A standard door cannot stop tailgating. You need intelligent hardware.
A. Optical Turnstiles (Lobby Level)
These are the standard barrier for Layer 2 (Building Entry).
- Mechanism: They use arrays of infrared beams to detect objects passing through.
- Logic:
- 1 Badge Swipe = 1 Person allowed.
- If the beams detect two distinct bodies moving through on a single swipe, the barriers close on the second person, or an alarm sounds.
- Pros: High throughput (30–60 people per minute).
- Cons: Can be jumped over (unless full-height).
B. Security Revolving Doors
- Mechanism: A cylindrical door with four quadrants.
- Anti-Tailgating: The door uses overhead sensors (Time of Flight cameras) to scan the compartment. If it sees two people in one quadrant, the door reverses and backs them out.
- Piggybacking Prevention: It prevents two people from squeezing into one segment.
C. The “Smart” Mantrap (Portal)
For the Data Hall (Layer 4), we need absolute certainty.
- Weight Systems: The floor of the mantrap is a scale. It has a pre-set “Expected Weight” or a “Maximum Weight variance.”
- Example: If the average human is ~80kg, and the scale registers 160kg, it assumes two people are inside and locks the second door.
- Volumetric Sensors: 3D cameras inside the airlock count the number of human shapes. If >1, the door remains locked.
5. Practical Application: Logic Design
Scenario: Designing the main entrance for a Tier IV facility.
- Problem: Staff love to hold doors for each other (“politeness”).
- Solution:
- Install Full-Height Turnstiles: Physically impossible to hold open.
- Enable Hard APB: If Employee A holds the turnstile for Employee B, Employee B never “badged in.” When Employee B tries to leave, the “Out” turnstile will reject them because the system thinks they are already outside. Employee B is now trapped in the lobby and must explain themselves to the Guard.