Posts Tagged Security Technology

The use of shielded category Ethernet cable for IP Video

It comes up from time to time from customers and vendors when and where to use shielded category twisted pair cable for Ethernet.   Most vendors hate it.  It’s hard to terminate, doesn’t flex well and nobody ever seems to agree on how it should be grounded.    For the most part, it wasn’t much of a problem for CAT3 or even CAT5 cable.  But with higher and higher bandwidth (and thus frequency) demands on the cable, using CAT6A cable in certain environments for network applications becomes important.   And while there’s a decent argument for why you may not need CAT6A cable for IP video (see this article for more information), many of our clients are using it as a corporate standard, regardless of the application.

Although CAT6 cables have improved the cable twist to handle gigabit Ethernet and reject noise, this by itself is not enough for environments that have high electromagnetic interference (EMI).  What is EMI?  Think of EMI as gremlins that are trying to attack the signal of your network cable.  EMI is generated as electromagnetic waves in the radio frequency (RF) spectrum, and can come from many sources.  The most logical is an RF transmitter, like a radio station tower or even HAM radio antenna; but other sources can be harder to spot, such as a nearby computer, high voltage power lines, a leaky transformer, or fluorescent light fixture that’s going bad.   Running network cables in your ceiling or plenum space could potentially put these cables near those kinds of sources, and thus introducing the gremlins to degrade or even interrupt communications over the Ethernet network cable.   Since Ethernet is a collision based network strategy, this usually looks like a slow connection, as the network repeatedly keeps re-transmitting packets that were found to be in error.  Result, poor network performance and potentially bad video.

Most people are familiar with UTP cable (Unshielded Twisted Pair), versus STP (Shielded Twisted Pair), and UTP is commonly used in CAT5e cabling that is predominant for gigabit Ethernet networking in most commercial and residential applications.  STP cables have an additional metallic braid that forms a sort of shield (google “Faraday shield” for how it works) around the conductors, and reduces the amount of interference that can be injected into the cable.   Still, both types of conductors (STP and UTP) have one thing in common, the twisted pair, that by itself reduces interference by its inherent design.

Photo courtesy of Axis Communications.

 

 

 

 

 

 

 

 

 

 

The drawback of STP cables is that they increase the total cost of the installation. STP cables are more expensive due to the shielding (and usually are higher quality), which is an additional material that goes into every foot of the cable.  The shielding also makes the cable heavier and stiffer. Thus, it is more difficult to handle during installation (pulling cable over long distances through a conduit is hard enough with flexible cable).

While most installations can be done effectively using UTP cable, we recommend using STP cable for high EMI environments like manufacturing, laboratory, or research facilities where other high energy or RF generating devices may be in use.  Also, if you’re forced to run category cable in a cable tray that’s shared with power conductors (low or medium voltage), use STP cable even though the cable tray is separated and may have it’s own shielding for the power conductors.   It is also highly recommended to use an STP cable where the camera is installed outdoors or where the network cable is routed outdoors.

Oh, and what to do with that drain wire?  Our suggestion is to use some of the pre-fabricated shielded keystone jacks like this one.

 

 

 

 

 

 

 

 

 

 

 

Posted in: IP Video

Leave a Comment (0) →

Products That Don’t Exist, But Should

While working with a client for a high end residence, he brought up the video door bell gadgets that are all over the internet and in every Lowes or Home Depot. The objective was to have a decorative camera that would recognize video motion and record video and sound for visitors at the doorstep.

There are quite a few of these products available on the market, and for the general consumer they are probably a good fit.   But for our client base, a high end residence will typically have an integrated security and access control system, including video cameras.   Products like Ring and SkyBell must be used with a contract service that stores the video in the cloud, and are typically accessed and viewed via a smartphone app and are proprietary in nature.   This means they don’t support standards like RTSP or ONVIF which would allow off the shelf network video recorders (NVR) to record the video on-site or remotely as part of a comprehensive monitoring service.

To make things worse, these cameras typically operate over WiFi, and do not have any kind of battery backup.   Unreliable wireless communications and unreliable power don’t make for good security.   But at the same time we don’t want to add some industrial looking door bell to the client’s residence.   So what residential products like this are available currently that we can connect to our own NVR?  Nothing.   Really…. nada, zip, zilch.   There are currently no low profile, decorative products commercially available that will support a hardwired video connection and operate as a standard doorbell camera.

Another option was a product with a security camera integrated into the porch light.  Kuna makes some great looking products that would fit most any residential style and decor.  Kuna Maximus Light w/Camera But again, these products lock you into a monthly cloud service contract with proprietary protocols that are not available to 3rd party NVRs.  The Kuna Maximus product almost fits the bill too, providing good looks with security lighting, 720P video and two-way voice communications, but it still requires WiFi and is proprietary.

Someone Please Build This:

Here’s a product idea for high end residential and ornate commercial environments that want additional security.   Take a product like the Kuna Maximus where you have a decorative security light with a built in camera, but instead make it with the following features:

  • Motion Triggered Lighting (two-level lighting for soft accent lighting and full power security lighting when motion is detected).
  • 2 Megapixel IP Camera with Night Vision, H.264 video codec.
  • Two way audio communications with built-in microphone and speaker.
  • Support for HTTP, ONVIF, RTSP, FTP, SMTP, DHCP, DDNS, and SNMP protocols.
  • 10/100 Ethernet via built in powerline adapter, plus 802.11ac Dual Band 2.4G/5G Wireless support

So here’s the thinking behind this.  Almost every residence has a porch light at the front door.  This device would replace the existing wall mounted porch light, using the exact same 2-wire 12o VAC power that already exists.  It operates as any other motion security light, either “off until motion sensed”, or “1/2 brightness until motion sensed and then full brightness”.  It takes any standard Edison bulb.   The good part comes in where we add the camera that can use WiFi (if you must) or the built-in powerline Ethernet interface, allowing you to connect it to your own home network using a powerline module plugged into the wall near your router and then via CAT5 to your router.   From there it can behave as any other network camera on your NVR, or it can operate standalone with video motion detection and send emails when triggered, or upload via FTP to a web server, or whatever.  The powerline Ethernet adapters allow us to avoid WiFi where we can, and use the existing power wiring, eliminating the need for additional CAT5 cabling to the light.  If video is centrally monitored, the remote operator could communicate via IP audio to the person in front of the camera using a video management server.

This product should already exist, and quite frankly I can’t believe it doesn’t.  It would probably cost less than $300 retail, and I’d not only be using them on every executive residence that I was responsible for, I’d have one on my own home too.   And if you really want to have some contract service to store video in the cloud, fine… just don’t make it the only option.

 

Posted in: Reviews

Leave a Comment (0) →

Facial Recognition for Access Control?

Several years ago,  I worked on a project prototype for a major group of sea ports that had an interest to use the state’s drivers license image database for facial recognition/verification of TWIC applicants and the eventual use for identity verification for critical card access points.  The main focus of the project was to ensure that the person applying for the TWIC card was indeed who they claimed to be, and not an imposter.   Neither the CCTV system nor the card access system had the built in software to do this, much less do it together, so we had to write the interface and the software to manage it.  It worked, but not as well as we would have liked.   We used a GPL’d algorithm for the facial recognition, which while good, would have some false positives and false negatives from time to time.   Ultimately to me, it served as a proof of concept.  It did work, and could be made as a serviceable monitoring and investigation tool for security.  (Later we used that same GPL software to create a tool that would scrounge through the card access database and crop the cardholder photos to a uniform size.  THAT worked really well.)

Years later, as far as I know there is still not an off-the-shelf system that provides a true facial recognition monitoring capability for access control violations.  This seems like something very straightforward to do, and as most companies or government branches have an actively maintained photo database of their cardholder personnel, and most often have video cameras monitoring locations where access control is used.

The biggest limitation we found was the quality of the CCTV images against the badge database photos.   Both were of rather poor quality, but if we used the software as just a pre-filtering tool for security operators, the margins of error were more tolerable.  The idea was to still have a security guard doing the verification, but not for every photo, just the ones the software couldn’t handle well.

Cardholder with back to camera.

Poor camera angle doesn’t allow for good facial recognition

With Megapixel IP cameras replacing low resolution analog cameras, the probability improves of having a photo with an acceptable number of unique data points to match against an image database with a high degree of confidence.  This means more information data points to compare, and fewer false positives and negatives.   There are still other considerations such as angle of view, proper lensing, lighting, face concealment/alteration issues, and image database accuracy.  And you must have most, if not all of these considerations to have a usable image.  As shown here, even if you have good lighting and resolution, if you don’t have a good angle and lensing, you will not have a usable image for facial recognition of the cardholder.

Currently, there are about a dozen corporations world wide that offer some type of facial recognition software.   Many of their larger customers are government agencies or the financial industry.  It is used in some border crossings, passport identification, and high profile monuments.   The FBI may be the most famous consumer of this technology, but it is not used in a widespread fashion as far as I know.  Naturally, this isn’t something that is widely advertised by these agencies.

Still, as such a highly technically savvy country as the USA supposedly is, I’ve often wondered why we don’t have facial recognition with a national database at all critical locations like border crossings, airports, bus stations, train stations, embassies, and hospitals.  I realize there’s a modest invasion of privacy, and nobody likes the thought of having “big brother” monitor your whereabouts, especially putting your name to your face in a specific location and time.   It’s kind of creepy.  But the other side of the coin is that if we maintain a central photographic database of active criminals and terrorists (which we do), then having feeds from certain cameras in certain high traffic locations might allow us to not only apprehend said criminals/terrorists in a timely manner, but even allow us to gain intelligence regarding their commuting patterns, associations, and personal habits.  This is beneficial information that can reduce crime and terrorism.

Keep in mind, the government already has a very large database of photos, probably including you, even if you don’t have a mug shot in the NCIC.  Facebook, Twitter, Instagram, LinkedIn, are all repositories available that most likely link your face with your name.   The FBI has said that by 2015, it plans to have 52 million photos in its NGI facial recognition database.   The FBI will include non-criminal information as well as criminal.  Where’d they get those?!    So, you may already be in the database, and maybe me too.  Obviously, some people will object to this idea, some even quite profusely.  But the genie is already out of the bottle.  Getting him stuffed back in is going to be difficult, if not impossible.

So the natural progression on this “big brother” concern just may be to license the database.   For a fee, allow vetted customers to have access to the database via an API to use this centralized database for government and limited private commercial purposes.  Want to know if your daughter or son is in the NGI database?  Maybe there’s a background check service company that can tell you.   But for financial institutions, or the port authority I mentioned in the beginning of this article, it would be a boon of intelligence data.   Not only would they have their own employees and contractors in their own database, they could also have access to a national database of “persons of interest” that could assist them in determining if a potential applicant is a criminal, or maybe even just a high risk.  That has the simultaneous possibility of reducing their own risks, and providing timely information to Homeland Security about a potential threats whereabouts and possible intentions.

Facial recognition of employees at work

Facial recognition in the workplace.

I think the future of this technology is already headed in this direction, and there may already be entities that are doing exactly what I’ve described, but I believe the technology will become more pervasive as some of the technological (and sociological) barriers are broken down.

Posted in: Access Control, Company News, Security Technology

Leave a Comment (0) →

Digital Video Forensics: Analog and IP Video Cameras

While time-lapse video recorders (TLR) using videocassettes remain in use in many smaller video surveillance systems, digital video recorders (DVR) and network video recorders (NVR) continue to be the preferred choice for larger and more complex systems. The video cameras that provide the images to these recording systems may be either analog or IP (internet protocol). For TLRs, analog cameras are almost invariably required, though it is technically possible to use IP cameras in a TLR system. For DVRs and NVRs, either analog or IP cameras, or a mixture of the two types, may be used. For the purpose of video forensics, knowing the type of camera that originally captured the video is critical to an understanding of several important aspects of the video material to be examined.

In North America, analog video cameras are almost certain to be compliant with the NTSC video system. (In other parts of the world, cameras may comply with PAL, SECAM, or other video system standards, which differ from NTSC in many crucial aspects. For the purpose of this discussion, we shall limit ourselves to the NTSC system.) The NTSC (National Television System Committee) standards for video systems were developed primarily to ensure the compatibility of broadcast television signals with consumer television sets.  The first standard was published in 1941, with subsequent revisions to accommodate advances such as color TV, and all of the standards are readily available from many sources for reference purposes.  The NTSC system standard is perhaps most important because it describes the way in which a video image is created on the “old-fashioned” CRT (cathode ray tube) television sets we used for well over 50 years. It should come as no surprise that analog video surveillance cameras of that period were designed and manufactured to provide a video picture that would display in an identical manner on video monitors using CRTs. Therefore, we can safely assume that an analog NTSC camera produces a signal that complies with the relevant sections of the NTSC standards.

Why is it important for a video forensics analyst to know if video material originated from an NTSC camera? Regardless of the method used to transmit and record the video images, the use of an analog NTSC camera places certain limitations and restrictions on the original video source and, consequently, on the recorded video images. We are frequently presented with digital video files that are known to have originated from an NTSC camera and, in many cases, can point to attributes of the video images that are inconsistent with an NTSC source. In some cases, there are anomalies that can be readily explained in no other way. In the following paragraphs, we will discuss a few of the most relevant features of the NTSC video system and the analog video cameras that employ it.

First, the aspect ratio of an NTSC video image is 1.33, or 4 units (wide) by 3 units (high). This aspect ratio is specified by the NTSC standards, but may vary slightly from system to system through minor variations in CRT scanning or other equipment variations. However, a DVR that produces a video file that is 720 pixels (wide) by 480 pixels (high) from an analog NTSC camera is either substantially distorting the image or cutting off portions of the image when recording since the aspect ratio of the digital video is 1.5 and definitely not 1.33. This is a common problem and once that we see in many cases.

Second, the standard frame rate for NTSC video is 29.97 frames per second. A new frame (complete image) is presented from the camera to the recorder every 33.4 milliseconds on a continuous basis. The consequences of this fixed, predictable frame rate can make a dramatic difference if the purpose of the analysis is to ascertain the exact time interval between any two frames in the digital video material. Since accurate and reliable time intervals are critical to establishing such basic data as the velocity of vehicles or other moving objects shown in the video, we are often asked to render an opinion on this specific aspect of the material. We will discuss this topic in more detail in a subsequent post. Ironically, “old-fashioned” videocassette recorders are often much better at providing accurate and reliable time interval measurements, as they were originally designed to record and play back video at precisely the same rate at which it was recorded (29.97 frames per second).

Third, NTSC video images are interlaced and each frame actually consists of two separate fields. A CRT monitor creates a visible image by scanning an electron beam horizontally across the inside face of the tube. The electron beam, guided by a strong magnetic field, starts at one side of the tube and scans to the other, then returns to the starting side and scans another line below the first.   This continues until the entire face of the tube has been scanned from top to bottom, creating a visible image. During the development of consumer television, it was discovered that creating an entire image every 33 milliseconds was not fast enough to prevent a noticeable and objectionable lag when objects in the image are moving. To compensate, the NTSC standards require that the electron beam scans the odd-numbered lines of an image and then returns to scan the even-numbered lines, thus requiring two complete scans of the screen to create what is a single interlaced frame. (Scanning just the odd or even-numbered lines is called a “field.” It takes two fields to create a frame. A single field takes approximately 16.7 milliseconds to create.) When a DVR or NVR records an analog camera, it must employ some technical method to convert the interlaced video signal to a digital video format, most of which are not interlaced. (A video image that is not interlaced is called “progressive.”) Some digital systems simply ignore one of the fields, recording just the odd or even-numbered field as if it was a complete frame. Other systems may combine both fields into a single progressive image. Each method creates slight anomalies that may have an impact on video analysis.

Fourth, NTSC video images are composed of discrete horizontal lines, but the horizontal lines themselves are continuously variable from side to side. A complete video image requires 525 horizontal lines to create (262.5 per field). Of these, only 483 lines are actually visible. The remainder are used for timing and control purposes and do not normally appear on the visible portion of the CRT screen. (Early closed captioning for broadcast television embedded the caption information in the non-visible lines.) Therefore, the maximum number of discrete picture elements in the vertical portion of an NTSC video image is limited to 483. Any other number of vertical elements is a result of interpolation by the recording device, or by omitting one of the fields (see paragraph above). The horizontal scan lines themselves do not have discrete elements. The intensity of the electron beam that scans the inside of the CRT varies continuously over a fixed range as it moves from one side to the other. (Other techniques are employed to render color.) Since the signal varies continuously, there is no standard number of picture elements specified by NTSC for the horizontal dimension. The ability of a specific camera or monitor to resolve in the horizontal dimension is normally measured by the number of vertical lines it can successfully display on the screen. Both video cameras and CRT monitors vary tremendously in the number of vertical lines they can produce or display. It is not at all unusual for a system to have cameras which are only capable of producing a video image of fewer than 360 vertical lines connected to high-quality CRT monitors that can display more than 525 vertical lines. Again, understanding and interpreting the implications of the way in which NTSC video images are created plays an important part when reviewing digital video material.

So far, we have discussed analog NTSC cameras exclusively. We will now turn our attention to IP video cameras.

Many consumers confuse digital video cameras with IP video cameras. Some analog NTSC video cameras use digital technology to capture and process video images, and these cameras can certainly be considered to be digital. However, the video is then converted to NTSC standards to be transmitted on coaxial cable, twisted pairs, or some other transmission media. The conversion to an NTSC signal necessarily means that the video is then subject to the NTSC requirements discussed in previous paragraphs. IP video cameras do not comply with NTSC standards, though some units may simultaneously provide both an IP and an NTSC output.

IP video cameras transmit video images to the recording device using the internet protocol. At the most basic level, this requires the image to be digitized (or “encoded”) and then converted into data packets that can be transmitted over a data network. The variety of methods for digitizing and transmitting video from a camera are far too numerous to describe in this paper, so we will limit ourselves to describing some of the key differences between IP cameras and NTSC cameras.

Unlike cameras that comply with NTSC standards, IP cameras are not required to provide video at a standard, uniform frame rate. (When dealing with digital video, many analysts prefer to use the terms “image rate” or “images per second,” rather than “frame rate” or “frames per second.” For the purposes of this paper and to make comparison easier, we will use the “frame” terminology for both types of camera.) There are two major reasons for this: First, most IP cameras can be programmed to provide individual frames either at specified intervals or upon request. This prevents overloading the data network by transmitting video data that are not needed or cannot be recorded by the system. Second, digitized video is often encoded using methods that permit variable frame rates. For example, many MPEG-4 encoding methods embed information on the presentation time of an individual image and the length of time that it should be shown on the display monitor. This is in sharp contrast to the NTSC system, where video frames are presented continuously and at fixed intervals. As a consequence, it can be extremely difficult to ascertain the actual time interval between two events (or frames) in a digitized video sequence unless we have extremely high confidence in both the camera and the recording system.

Another major difference between NTSC systems and IP systems is that the aspect ratio of the images may vary significantly depending on the equipment used and the recording settings. It is not unusual for an IP camera to transmit video images with one aspect ratio (for example, 1.5, or 720 pixels by 480 pixels) that is subsequently altered either in recording or when it is played back on a monitor. This is further complicated for both NTSC and IP cameras by the fact that individual pixels on NTSC monitors are of a slightly different shape than those found on most computer monitors. Ascertaining exactly what aspect ratio the original image had can be very challenging, but critical for measuring the velocity or position of moving objects.

Finally, the digitizing process that encodes the digital video at the camera can introduce some significant anomalies. Because of technical limitations and the desire to reduce bandwidth usage on the data network, many decisions have to be made about the acceptable frame rate, image size, and image quality for any individual IP camera. (This is also a major consideration when the video signal from an NTSC camera has been digitized for recording or transmission.) The encoding process that digitizes and compresses the video images necessarily introduces artifacts and anomalies into the images. Perhaps the best known and most easily recognized artifact is macroblocking, the appearance of block-like structures in some portions of the video image. But there are a number of other characteristics of the encoding process that can produce more subtle alterations in the image that are easily missed by the typical viewer.

This is not to say that IP video cameras are inferior to NTSC video cameras. One area in which IP video cameras excel is image resolution. It would not be possible, for example, to transmit video images with megapixel resolution using NTSC technology. As we have seen, there are hard limits on the number of horizontal lines in an NTSC signal and even economical IP video cameras far exceed these limits by producing images with two and three times this vertical resolution limit. There are excellent reasons for users to select video surveillance systems that use modern IP cameras.

We have attempted in this paper to identify some of the important characteristics that distinguish NTSC video cameras from IP video cameras and to describe the importance of identifying which type of camera was used to create a digital video file that is subject to analysis. In subsequent papers, we will discuss some of these topics in more detail and introduce new topics of interest.

Posted in: Video Forensics

Leave a Comment (0) →

Hacking Sony – Corporate culture broken from the top down

One of the questions I keep asking myself as I keep reading the dozens of recent articles about how Sony got hacked by “North Korea” is, why does Image left on screens for 2014 Sony HackSony KEEP getting hacked?

The short answer is “because they can”.  But the longer answer points to a corporate culture that doesn’t understand the need for protection of information assets, or the people who are constantly after those assets.

On November 24, Sony discovered that its corporate network had been hacked. The attackers took terabytes of data, deleted the original copies from Sony computers, and left messages threatening to release the information if Sony didn’t comply with the attackers’ demands.  But it was really much worse, not only was work disrupted as Sony’s IT professionals scrambled to recover lost data and restore data services, much of the proprietary information of Sony Corp. was released into the public domain for everyone to see.  Unreleased movies, private email conversations, celebrity contact information, social security numbers, passwords, and salary information were released into the wild.  The damage will be felt for years to come.

I’m uncertain of the actual number of cyber attacks on Sony (and only Sony knows the real number), but this latest attack has to put it somewhere in the high teens.  This attack was the latest of a string of attacks that has been happening since 2003, mostly related to Sony’s DRM policies and certain lawsuits over “hacking” the Sony PS3 platform.  At least, that’s where I think it all began.  Since then, it’s become the “hip” thing to do for black  hats, Hack Sony.  The notion that North Korea is behind this latest attack as claimed seems pretty thin to us, and also to the FBI in their official statements so far.

But what really is the cause of this?  From what I have read, it looks like it stems from a top down culture of a lack of respect for information security.   Their IT security department is woefully thin, understaffed for a company of Sony’s stature, security equipment and software was not properly installed, policies not enforced, and even simple things like compartmentalization of data, like keeping performer contracts or salary information separate from other data sources, were apparently not properly implemented.   This seems odd, since much of the technology Sony has developed (or bought) for DRM and copyright protection is fairly sophisticated, and expensive to develop.

Skipping the technical aspects of what Sony should have done or should now do to protect itself from cyber security, I will just propose in simple layman’s terms what a company in Sony’s position should consider across their corporate footprint.

  1. A top down philosophy of information security starting with corporate officers.
  2. Increased IT security staff and technology solutions to better identify, insulate and protect from cyber threats.
  3. Corporate wide training in information security, compartmentalization, best practices for data security and user authentication.
  4. Mandatory periodic password audits for all personnel (no Prima donnas who can’t remember a password).
  5. Two step authentication for most or all access, especially to sensitive information repositories.
  6. Regular security audits for physical and IT security.
  7. Personnel background checks, exit interviews with binding nondisclosure agreements.
  8. Active content filtering for incoming and outgoing internet traffic, strict VPN use for remote sites, and GEO IP security filtering at the desktop level.
  9. Active enforcement of corporate policies and legal prosecution for data breach events by employees or contractors.

Meanwhile, the media will be poring over mountains of sensitive information they shouldn’t have, hoping to find the next juicy bit of “Sony Dirt” to release in it’s next news cycle.

 

 

Posted in: Security Technology, Vulnerability Analysis

Leave a Comment (0) →

Do You Know Where Your Power Supply Is?

Altronix Eflow16 Low Voltage Power SupplyWe’ve all had it happen: either a bad battery or a blown fuse in a security power supply.   It causes cameras to fail, a card access door to stop working, or a whole panel to fail.

Power supplies in their simplest sense do a very basic thing:  They turn 120 volts AC power to low voltage DC power for low voltage security devices such as cameras, card readers, alarm panels, or detection devices.   And while they have become more sophisticated, adding fused outputs, relay contacts for fire alarm disconnects (life safety egress for maglocks), and smart battery chargers, until recently it was up to the security integrator or maintenance staff to maintain the power supply by testing power and replacing batteries periodically.

In the IT world, just about everything is monitored – Computer servers, network switches, server room air conditioning and filtration units, UPS battery backup systems, even cameras in the data closet monitoring temperature, humidity, and noise levels.  Much of this information is sent via the Simple Network Management Protocol (SNMP).  This protocol is monitored by software that notifies console operations of the exact conditions or problems that may arise with hardware or software in the footprint.

Enter the power supply network module.  The Altronix LINQ2 is a new product that offers the same kind of monitoring capability used in the computer industry.

The Altronix LINQ2 network module is designed to interface with eFlow and MaximalF power supply/chargers. It enables power supply status monitoring and control of two (2) eFlow power supply/chargers over a LAN/WAN or USB connection. LINQ2 provides values on demand for AC fault status, DC current and voltage, as well as Battery fault status and reports conditions via SNMP.

Now security operations can be notified of potential problems and critical failures as they happen, or maybe even before.

For more information visit http://www.altronix.com/products/product.php?name=LINQ2

Altronix linq2 SNMP module

The Altronix LINQ2 SNMP Network Module

Posted in: Fire and Life Safety, New Equipment and Gadgets, Security Technology

Leave a Comment (0) →

Layers – Not just for Onions and Ogres

Security has been thought of and taught to others as a “layered approach” for centuries, and as such is not a new concept.   The Romans used layered concepts in their infantry tactics as well as their defensive fortifications.   With all due respect to “Shrek“, security is like an onion, and is a complex layer of countermeasures that make up a suite of hurdles that, presumably, are so confounding or problematic that the opponent gives up, gets caught, or never attempts anything in the first place.

The layers of security

Layers of security are a simple concept, but the concept is often overused by security professionals in discussion and even trivialized as not very important.  As Americans, we tend to rely very heavily on technology.  We understand technology, and we’re pretty good at it.   But while having thermal night vision cameras, fiber optic sensing cables, and CCTV drones flying over your campus are an impressive security posture, sometimes just a plain old chain link fence or dense thornbush hedge are enough to deter the would be criminal.  The most effective barrier I ever saw was a dense hedge of thorns called a  “living wall”.   It was 6 feet tall (and still growing), and you couldn’t climb it, cut it, or burn through it.

We once worked with a client that had installed a $4500.00 bullet proof door with a card access proximity reader installed behind Lexan (to protect it too) on the wall.  It we very impressive, until we learned that the wall it was installed  in was only sheetrock and metal studs, and you could kick through it and completely bypass the door.

Security layers mean from the outside in, with each layer adding to the increased security profile.   But security profiles are different for different companies, buildings, or campuses.  It depends upon the corporate philosophy, culture, and threat profile.  What may be reasonable for a chemical company manufacturing DOD explosives may not be suitable for a quarry.

Start with the outside, what are the threats from the street, the site perimeter, or even from the air?  Then work to the building perimeter, where are points of entry, access control weaknesses, or blind spots?  Internally you should look at the lobbies, common areas, break rooms, stairwells, and vestibules.  Then finally to policies and procedures relating to security, safety, and employee awareness.  Each of these areas will generate questions, to which you should generate answers in the forms of layers of security to add to your security profile.

Posted in: CPTED, Security Consulting

Leave a Comment (0) →

PINs Matter

scramblepad

Hirsch Scramblepad

When working with a client once, they asked us to help harden their biological research labs by recommending additional security measures they could install. We did an initial and very casual walkthrough with them of the labs and how they were used. They were particularly proud of the Hirsch Scramblepads they had installed for access controlled doors. For those unfamiliar with these, they are an ingenious type of PIN pad where the numbers change each time you begin to enter your PIN sequence. This way, someone cannot peek merely at where your fingers were and assume that if you were at the bottom right of the pad, it was a 9. Anyway, they were (and still are in some circles) the Cadillac of PIN pads for access control.

As we began interviewing some of the lab staff, we asked how well they liked the keypads and how they were used. Most responded that they felt the keypads worked very well and were kind of “Star Wars” like because of their technology. We soon learned however, that the PINs used were 4 digit pins, and that there were a couple of hundred people who had access to these labs. To make it worse, departmental policy was that the individual was allowed to select their own PIN.  Yikes.

So, I promptly walked up to a PIN pad, and entered “1234”.

“Click”.  The door opened.

Okay, “1379”.  “Click”.

Yep.  Hmmm, one more, “2468”.  “Click”.   Okay, I see the biggest problem…

The good news, is it was a cheap fix.  That doesn’t mean easy, it was just cheap.  The long term fix was to add card access with CARD+PIN readers to enhance security; but in the mean time, we just increased the number of digits in the PIN, and assigned the PINs to the staff instead of letting them pick their own.  That’s why it wasn’t easy.  Some of the staff complained because now they had to learn a new PIN, and sometimes they forgot it, locking themselves out of the lab until they could remember it or get it reset.   Memorizing a new number (don’t we have enough numbers, passwords, etc. to learn already?!) is not fun and shouldn’t be necessary just to get into work.

Reading this now, this all probably seems like common sense to you, and it is.  It’s just that sometimes common sense isn’t used in practical applications the way we would always expect.  Security is a hassle, an inconvenience.  So, someone decided to make it easier on people and let them pick their own PIN.   This is were Security Policy and Procedures come into play.  They should be developed, implemented, maintained, and tested.  Had a proper policy been conceived and applied to the issuance of access control PINs, our job wouldn’t have been so easy.

PINs Matter

Just like passwords, a weak PIN is worse than NO PIN at all, because it gives you a false sense of security when there really is none.  If you still use only PINs, pick unique PIN of at least 8 digits, and ensure that they are unique for each user.  But better still, couple a PIN with an additional level of access control such as card access or biometrics.  After all, two levels of security are always better than one.

 

 

Posted in: Access Control, Security Technology

Leave a Comment (0) →

Analog to IP Camera Technology Migration

In a recent project, PR was contracted to assist a client in the migration of a multi-campus, traditional analog closed circuit TV system to a modern IP digital network based camera and recording system. This is a growing trend in the industry as clients realize the benefits not only increased camera resolution and recording capabilities, but also leveraging corporate infrastructure costs to reduce the overall total cost of ownership for their company.

It goes like this:

Traditional CCTV systems use analog NTSC (or PAL in some countries) cameras which connect via coaxial cable or fiber optic cable to an analog recording device, matrix switcher, and/or monitor. Sometimes the recorders are digital video recorders, but there are still alot of VCRs out there recording to plain old VHS tape. All of the equipment is still using or manipulating an analog video signal in some way.

The conversion requires new field devices, new infrastructure, new recording equipment, and new monitoring equipment. It can be expensive to install. However, the paybacks are big. With the advent of megapixel IP cameras, it is now possible to get very high resolution images that can be recorded and monitored anywhere your corporate network can go, and beyond. Factor in digital PTZ technology that allows for continuous monitoring of 360° from a single camera in high resolution, and you can now replace multiple cameras with only one. There are some limitations however, as outdoor PTZ cameras in parking lots or on poles aren’t necessarily good applications for IP PTZ cameras just yet. But eventually technology will catch up.

Hybrid compromises are available too, where analog cameras can be converted to IP encoded H.264 streams and sent to network video recorders (NVR) which record network video streams. The resolution is only as good as the analog camera (usually no more than about 500 lines, or 704 x 480 resolution). This pales in comparison to 1080p cameras or even higher resolution megapixel cameras on the market today, but it is a good way to leverage some legacy hardware with new recording and transmission technology.

The biggest advantage of digital IP video is the flexibility it affords. Need to move a video stream to a different recorder? Just change the IP settings. Need to monitor the video in multiple locations? Just pull down multiple streams from different PC workstations. Need to move the monitoring to a remote location or disaster recovery site? No problem, just connected to the video servers from the alternate location. All of these features were MUCH more difficult with legacy analog video.

In short, digital IP camera technology affords a suite of new and enhanced features that give security operations response and investigation tools that previously were nonexistent or too expensive to implement. There is a cost to this technology, but the power and flexibility is well worth the price.

Posted in: Security Technology

Leave a Comment (0) →