Red Team Testing: It’s the 1992 “Sneakers” movie in real life in 2022.

By David Strickland, Vice President of Kenton Brothers

1992 Sneakers Movie Poster

The 1992 movie Sneakers, starring Robert Redford and Dan Aykroyd, was about a Red Team that was hired to break into companies all over San Francisco.  They were hired by the same companies they were trying to break into. This was done to test their security measures (both Physical and Cyber) – What we like to call “convergence” these days.

Robert Redford’s Red Team was made up of both physical security experts (a thief and a federal agent) and cyber security experts (a hacker and electronic technology expert). Their mission was to test and penetrate the defenses of the target company to point out any weaknesses. If vulnerabilities were found, the company could shore up their defenses and make their company more secure.

Fast forward 30 years to 2022. The Red Team Testing technique is still in full swing.

Red Team Testing is still the pinnacle of testing your security systems so that you can determine your risk of exposure. The Red team will look at every aspect of your convergent security systems and create a detailed report on your weaknesses.

Red Teams ask the question – What would happen if your company was faced with some of the following scenarios?

  • Active Shooter
  • Cyber Attacks (Internal and External)
  • Industrial Espionage
  • Theft (Physical, Digital, Intellectual Property)
  • Sabotage
  • Power outage
  • Mass Casualty event (Weather, explosives, Chemical)
  • Pandemic
  • Work Place Violence

Here are a few of the techniques Red Teams will use to test your company’s exposure level:

Physical Security Penetration Testing:

Red Team TestingRed Teams will test physical penetrations with your company’s physical assets (buildings, vehicles, networks, people) and measure the company’s response and how long it took to detect and act on those tests. They will measure the effectiveness of your policies and procedures and how they affect your deterrence and detection systems.

The Red Team will pose as employees or service providers to gain access to your company’s inner workings. They may also attempt to break into see what is possible and if they get caught. They’re looking for assets they can compromise and gain access to while on the inside.

Did your coworker leave proprietary information on a white board for all to see? Did everyone sign out of their workstations? Are your access control doors propped open for easy access? If someone unplugged one of your surveillance cameras and plugged it in to their laptop, could they gain access to your network? Can they connect a thumb drive to your server? Could they sneak a weapon in? Have all of your Internet of Things (IOT) devices had their default usernames changed? The list is long.

Cyber Security Penetration Testing

Where physical penetration testing might seem like a hammer, think of cybersecurity testing as a scalpel. Red Teams utilize web application attacks, such as cross-site scripting, SQL, piggybacking, injection and backdoors, to uncover a target’s vulnerabilities. Testers then try and exploit these vulnerabilities. These types of risk include stealing data, intercepting private/confidential traffic, asset discovery, exploitation and complete shutdown. As we all have become aware, Ransomware is a true and present threat to every size of business.

In the complex cybersecurity landscape, penetration testing has become a must for most industries. In many, in fact, it’s required by law.

For instance:

  • Health organizations ensure healthcare data security under HIPAA
  • Financial institutions test for FDIC compliance
  • Businesses accepting or processing payment cards must comply with Payment Card Industry standards
  • Critical infrastructure entities must follow guidelines outlined by NERC

Even businesses that might think they don’t have any valuable information to protect could be at risk of someone trying to take over the network, install malware, disrupt services, and more.

The End Game

What does all this sneaking around mean and why should you care? Red Team Testing allows you to identify and exploit your security weaknesses without the impact of debilitating consequences. From a Red Team’s report, you can adjust your response to the threats that you see as your biggest exposure. You’ll have the ability to identify specific weaknesses and the best approach for shoring them up.

Breaches Happen Every Day – Here’s an example.

One story about a Red Team that comes to mind was about a team that created malware laced thumb drives. And they labeled them with the contracted company’s logo to make them look official. The Red Team followed several employees to a local convenience store and would drop these thumb drives by their car door when the employee would enter the store. When the employee would come back, they would see the logo and thumb drive and assume they had dropped it. They would dutifully pick it up and bring it back to work with them. Curious about what was on the thumb drive, they would insert it in the USB port on their workstation and physically introduce malware to their cyber network. Game over.

This is a great representation of the techniques a red team employs to gain access. They used social engineering to “hack the employees” and defy the policy of no outside USB connections on the network. It seems innocent enough to the employee, however the vulnerability was able to exploit the banking information of a large regional bank. Fortunately, this was a test. Only a test.

Security Systems and Processes have the best chance for success when they’re working in unison. You may have the best security system in the world, but if you forget to arm it, it’s useless. Red Team testing allows you to test both systems and processes.

Interested in how this testing could help your organization? We can help! Please reach out today and we will discuss exactly how Red Team testing can increase the protection of your business.

Core Value: Continuous Learning – Electric Strikes with Assa Abloy

By Gina Stuelke, CEO of Kenton Brothers

In a technology company like Kenton Brothers Systems for Security, constant focus on opportunities to refine our core values is always the goal.

Assa Abloy - Electric Strike Training Assa Abloy - Electric Strike Training

Continuous Learning

Assa Abloy - Electric Strike TrainingContinuous learning is one of those core values and it’s imperative to keep us at the top of our game. As you’ll see in the pictures, some of our security specialists take their training opportunities very seriously! Our team had a blast learning the latest electric strike installation techniques at a recent training event sponsored by Assa Abloy, the largest global supplier of intelligent lock and security solutions.

An electric strike is an electrified locking device. These are cut into the jamb of a commercial door to work with a card reader and a commercial access control system to secure an opening. It’s important to know how to survey the door opening properly by evaluating the existing door and frame as well as the existing mechanical locking mechanism to determine if an electric strike is the correct product to do the job.

There is an art form to properly cutting in the strike into the metal frame of a door. It’s not for the faint of heart!

Assa Abloy - Electric Strike Training Assa Abloy - Electric Strike Training

Great job Team KB! Thank you for investing in your skills and adding value to what we can bring to our customers!

Remember when security just meant a good set of keys?

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Kenton Brothers opened its commercial locksmith doors in Kansas City in 1897 by two brothers William and Leon Kenton, and is still located in the heart of Kansas City to this day.  From the beginning, the mission has been to protect people, property, and possessions but locksmithing has changed over the past 120+ years! Today, keys look very different than the skeleton keys of the past. We now have electronic machines that cut keys, and we even have software programs that will keep your master key system organized and in check.

Keying Through Time Keying Through Time

But what else has changed?

Keying Through TimeAs most people remember when growing up, it was not uncommon to see school janitors, maintenance employees, or even property managers walking around with huge rings that looked like they had 250 keys on them and weighed 50lbs. The days of someone carrying around that many keys are coming to a close as keying systems have advanced, access control is becoming ever more prevalent, and keying software has allowed keying systems to be more easily managed. Things change (and a lot of times for the better.) Leon and William Kenton even knew that back in the early 1900’s. They knew that they had to take care of the customer, innovate, offer more than their competitor, and provide remarkable service to continue to grow.

So how does this information benefit you or the company you work for?

With more advanced methods of key control, by knowing who has what keys, by knowing how to properly protect your people, property, and possessions, and by granting access to certain areas, you can cut down costs, reduce the number of keys people have and benefit from a mechanical security system that compliments your access control system. And an advanced method of key control can be its own mechanical access control system.

Even a century ago, William and Leon knew that a good master key system could be designed to incorporate security and convenience for the users. How? By gathering important information at the preliminary ‘keying meeting’ where the details to design the master key system are discussed. One tip for a successful design is to incorporate the company’s organizational layout (users of the keys) with the building layout of where the doors are located. It’s also important to gather information about future changes or potential growth anticipated. A good master key system makes it easy for those that need access to multiple rooms. It also increases security by only granting access to needed areas and not the entire floor.

We’re here to educate.

Keying Through TimeFrom the beginning, Kenton Brothers has worked to educate our customers, help understand their needs, and promote all the offerings in the market place that will properly secure their facilities.  Kenton Brothers may have started as a locksmith who also fixed umbrellas and sharpened mower blades to make ends meet. But as the decades have passed, we’ve developed into more than just a large and growing commercial locksmith in Kansas City. Our other offerings include Access Control, IP Video, Intrusion Detection, and more. These systems all work together to provide a layered approach for securing facilities.

Let the Kenton Brothers team of dedicated employees show you how we can protect your people, property, and possessions and keep you All Secure!

Mechanical Hardware Guru Bill Harris Implements Record Setting Mechanical Sale As He Approaches Retirement

Kenton Brothers Systems for Security: Bill Harris Profile Photo

Bill Harris

The Kenton Brothers headquarters is based in Kansas City, MO but we do work across the United States to take care of our customers. Some of the most rewarding jobs are those close to home.

In 2021, Kenton Brothers was awarded a job for Bartle Hall Convention Center located in Downtown Kansas City, MO. What also makes this job special are two of the gentlemen involved in this project. Bill Harris of Kenton Brothers and David Mullins with Bartle Hall. Both Bill and David have been long standing pillars with their respective companies and both are going to be retiring in the near future. The job itself is being run by Zack Holden, one of Kenton Brothers’ Project Managers.

From left to right: Zack Holden (Kenton Brothers), David Mullins (Bartle Hall) and Bill Harris (Kenton Brothers)

From left to right: Zack Holden (Kenton Brothers), David Mullins (Bartle Hall) and Bill Harris (Kenton Brothers)

The Project

The two main vendors involved in this project are Alarm Lock and Sargent Manufacturing.

The scope of the project is installing door hardware, new power supplies, Alarm Locks, coordinating new door & frame installs, new electrical work, and more across 75+ openings. This job has many tricky facets to it including coordination of sub-contractors, coordination of where we can work (different rooms are in use for events), keeping low voltage wires hidden, and even the coordination of parts being delivered. All of these variables add complexity to the project.

Bartle Hall - Door

No Exposed Cables

This is a door to an event space in Bartle Hall. They initially thought that we would have to bring wire mold down from the ceiling. For a cleaner and aesthetically pleasing install, we were able to design a solution by pulling cable in the drywall instead of having the cables exposed.

Bartle Hall - Door with Exit Bars

Exit Bars

We added exit bars to dozens of doors for this project. This was required to get their facility up to current life safety code standards.

Kenton Brothers loves these types of projects.

Large, complicated projects allow us to show what makes us different than our competition. Kenton Brothers, under one roof, has technicians that understand locksmith work, mechanical door hardware, commercial access control integration, commercial video surveillance and the ability to source and coordinate subcontractors. The end result is that our customers look to us as their single point of contact for large projects.

We want to thank Bartle Hall for trusting us for this project and we also want to give a farewell send off to Bill Harris who has been with Kenton Brothers 17+ years, you picked a great time to sell your largest project!

Keying Systems Part 3: Peace of Mind with Keying Systems

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Keying Systems Series
Part 1: Importance of Master Key Systems and Restricted Keyways
Part 2: Restricted vs. Standard Keyways
Part 3: Peace of Mind with Keying Systems (this story)

BuildingAs a building owner, business owner or manager, you may wonder how the keys for your business are maintained. Are they being properly taken care of? How many copies are floating around? Has anyone lost one? Which of the employees have them? The list of questions goes on. The good news? The answers don’t have to be as complex as you think.

There are several checks and balances you can implement to have peace of mind with your access control systems.

The first step would be to implement a restricted keying system at your location(s).

A restricted keying system comes with many benefits. These include, but aren’t limited to, the following:

  • Keys can’t be duplicated at local hardware stores.
  • There’s a list of authorized users at your locksmith of choice who can get more keys made.
  • If a key is lost or stolen, you’ll know immediately. Why? Because the key holder will have to report it as they can no longer access the doors/areas they need to open.
  • Restricted cylinders are harder to pick/bypass than standard keyways.

Kenton Brothers has run into the first example many times. We’ve had customers come in to request keys. We ask their name, and they weren’t on the authorized user list. So we turned them away. It was later found out that the person in question had been let go earlier in the week.

The next benefit is the checks and balances portion of a restricted key system.

KeyAs mentioned above, there is an authorized user list associated with all restricted key systems.

What this does is stop employees or individuals from getting keys made, new cylinders created, etc. This is extremely beneficial for employees who’ve lost a key or have bad intentions at the facility.

Understanding how a key system can work to your benefit is also important.

A properly planned master key system can be set up that allows employees specific access to certain areas. This is an important component of securing your facility.

Kenton Brothers has many customers who implement a master key system.

A great example of how this works is for one of our customers that owns a 10 floor building. Each floor has a different tenant, and each tenant should only have access to their floor. We created an overall master key system, created floor masters, and keyed the cylinders to flow traffic properly.

The result? Tenants knew they had secure spaces.

Kenton Brothers has been designing key systems since 1897.
Let us help you find peace of mind with your keying and security needs.