Combating the cyber criminals

June 2004 Cyber Security

When access control systems were first introduced, they consisted of control panels, readers, electrically controlled door strikes, cards, and a personal computer. That part has not changed much. In the late '70s and early '80s semiconductor technology was in its infancy and still relatively expensive. As a result, the realm of access control was limited to governments and large businesses. It was not a practical or affordable security solution for mid-size to small companies. And it was still a relatively unknown commodity. Unlike today, controllers were slow with limited memory. The interval between a card swipe at a reader and the response to unlock the door could take as long as 30 seconds depending on how much activity was going on in the building. Compare that to response times of less than 1 second nowadays. Readers were pretty much limited to magnetic stripe and Wiegand swipe technology.

Integration, integration and more integration

Much has changed in the ensuing years. Although they still primarily consist of control panels, readers, electrically controlled door strikes, cards and personal computers, the dynamics of access control has undergone a radical transformation.

Access control systems have grown more sophisticated expanding well beyond their original intention of merely managing doors. Advancements in semiconductor technology have given rise to faster and more intelligent controllers and readers. And the evolution of personal computers with more powerful microprocessors and the advent of networks have spawned greater integration with other building systems and business systems. With a marked reduction in the costs of components, access control has become a much more affordable security application. And it is the end-user who has driven these changes and will continue to drive the changes as manufacturers are compelled to react to market demands. Access control systems, besides doors, now regulate elevators and parking garages, too, interface with building maintenance and alarm systems, connect with closed circuit television systems, integrate with photobadge ID card systems, have the ability to e-mail alarm messages to Internet connected wireless devices, and the access control software applications offer a full range of site management tools and report capabilities. Perhaps the greatest significant development in access control is the capability of interfacing with LAN/WAN technology allowing the interconnection of multiple buildings, regardless of their proximity to one another, and integrating those buildings into one system with multiple points of monitoring and control. The benefits of harnessing all these features into one integrated system has obvious benefits for the end-user, but manufacturers must constantly modify their products and it places greater and greater demands on dealers and installers. Dealers must be versatile and have an understanding of electrical and electronic concepts, understand access control systems, building maintenance systems, alarm systems, CCTV systems, as well as having computer skills and some knowledge of network technology. And if that is not enough, they must also know various manufacturers' products and those that are best suited to their clients' needs.

CCTV integration

Closed circuit television systems have been around for a long time. But CCTV systems were generally self-contained. With the development of video capture boards for PCs a decade ago and as PC processor speeds have increased exponentially over the past few years, it is now practical for access control systems to integrate with CCTV systems. The access control software can monitor live video feeds, initiate camera actions in response to an alarm condition while still controlling, monitoring and recording site activity. The integration of CCTV with access control provides end-users with a big economical advantage. Amalgamating the two platforms eliminates the cost of redundant equipment and gives security personnel efficient control of both systems from a single PC. And just to demonstrate that we are not resting on our laurels, access control systems are currently re-tooling to interface with digital video recorders and Web-based cameras as CCTV technology strides forward.

E-mailing alarms

In the past, to be apprised of an alarm condition, someone had to be at a fixed position at a PC or monitor. As the Internet has become a revolutionary communication tool, you can virtually go anywhere on the planet in seconds, access control has been given a new dynamic in security management. The access control software can be programmed to e-mail alarm conditions or critical building maintenance messages to any Internet e-mail address including wireless devices such as cellphones and PDAs. For the small business owner who does not have the luxury of security personnel, equipped with a cellphone or PDA, the access control system automatically e-mails a message so the recipient is quickly alerted and can respond accordingly to an emergency.

LAN/WAN

The advent of local area networks/wide area networks and modems have given access control systems the ability to regulate multiple buildings whether they are in proximity to one another or on the opposite sides of a continent. Property management companies, governments, major corporations or other organisations with multiple buildings can maintain total control of all buildings from one central office or give staff within each building full or partial control over their own building or the entire system, or, as may be the case with security guards, restrict usage to just monitoring the system for alarms. And with all buildings under one system, individuals can access any or all buildings with one access card. Imagine the benefits of an access control system integrated with a CCTV system that controls and monitors a building in Seoul from another building in Hong Kong or vice versa.

Access control software as a management tool

As access control systems have grown more sophisticated, the software, too, has grown not only in sophistication, but in functionality as a management tool, offering a wealth of report formats. With a self-contained database that records every system transaction, an access granted or access denied at a door, an alarm event, or a system administrator entry, management can tap into this vast pool of data collected by the database. Reports can range from cardholder information, site activity, time and attendance, site evacuation, alarms, and site structure with wide latitude in filtering the contents. Some access control software can import and export database contents in CSV file format. This saves on duplication of information common to other departments such as personnel records that can be converted to access control cardholder records. Many access control systems offer ancillary applications such as photobadge and guard monitoring software.

These software applications are designed to integrate with the access control software and share the database. Photobadging allows end-users to design templates and incorporate specific database fields in the template. When the ID card is printed it is personalised for the individual cardholder based on the parameters specified in the template. This could include the company logo, a photo, first and last name, and department of the cardholder. Cards can also be colour-coded to distinguish authorised access clearance for various areas in a building or imprinted with a bar code for other third-party applications.

For companies that employ security personnel or contract out to third-party security services, dedicated guard monitoring software is available. The advantage of a guard monitoring application is it provides management with a tool to direct and report on security personnel activity and excludes them from having direct contact with the access control software. The range of functionality with the guard monitoring application can be regulated at the discretion of management.

Guard monitoring software gives management the ability to format guard tours based on system controlled points and report the results of each tour, set alarm messages to specific readers or inputs. The monitoring application will also allow security personnel to monitor multiple site activity and with the ability to lock and unlock doors at any site under the jurisdiction of the software.

Price vs security

A common misperception is that all readers are the same, all access controllers are the same, and all cards are the same. To many end-users, and in some cases even dealers, the only perceptible difference, other than the names of manufacturers, is the price. The price is not necessarily indicative of the quality, reliability, and the level of security offered by the system. Not all access control components embrace proven technologies that provide adequate security and offer longevity of service. Does the access control system have an open architecture? If the system requires expansion, open architecture allows integration of other manufacturers' systems. Proprietary architecture does not. Can the cards be easily duplicated or compromised? Different card technologies do not all offer a high level of security.

Do the readers use proven technology and will they operate reliably in their environment. Are they susceptible to damage? Does the access control system use fully-intelligent distributed processing or is it host-dependent? With fully-distributed intelligent processing, each access control panel continues to operate without any degradation to performance or security. Is after-sales technical support available? With the complexity of today's systems, end-users are gratified to know they can make a phone call and receive help for any technical difficulties.

These are just some of the factors that buyers should be aware of when considering the selection of an access control system. Obviously different clients require different needs and do not necessarily require a premium system with all the incumbent ancillary devices, software applications, or the integration other systems. But if the access control system fails in offering a reliable and efficient security platform, then the end-user's investment is at risk.

Where is it all leading?

No one has a crystal ball to predict the future, but based on history, access control systems will continue to integrate with other business systems and with wireless communication technology. We are almost there now, and one can envision not only being informed of alarm or other critical messages but having complete control of the system with the use of a cellphone or PDA. With the digital transmission of images, someone with a cellphone that is connected to the access control system could from a remote location see who is at the door via a camera feed, converse with that individual, and use the keypad to unlock the door. Like we said, no one has a crystal ball but it is certainly foreseeable in the not too distant future.

Where do we go from here? As is the case for all businesses, access control manufacturers will continue to be confronted with assessing the market potential of new technologies and constantly adding product enhancements to their systems. But on the flip side of the coin, they must be sure that their products remain cost competitive in the market place. It is a fine balancing act to be sure.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Industrial control systems under attack
News Cyber Security
According to Kaspersky ICS CERT statistics, from January to September 2022, 38% of computers in the industrial control systems (ICS) environment in the META region were attacked using multiple means.

Read more...
OSINT: A new dimension in cybersecurity
Cyber Security
The ancient Chinese strategist Sun Tzu noted, you should always try to know what the enemy knows and know more than the enemy.

Read more...
Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.

Read more...
Building a holistic application security process
Altron Arrow Cyber Security
Altron Arrow asks what it means to build a holistic AppSec process. Learn what’s involved in a holistic approach and how to get started.

Read more...
Managing data privacy concerns when moving to the cloud
Cyber Security
While the cloud offers many business benefits, it can also raise concerns around compliance, and some organisations have taken the approach of staying out of the cloud for this reason.

Read more...
Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.

Read more...
The democratisation of threats
Cyber Security
Bugcrowd looks at some of the primary vulnerabilities the world faced in 2021, and the risks moving forward with growing attack surfaces and lucrative returns on crime.

Read more...
Protecting yourself from DDoS attacks
Cyber Security Security Services & Risk Management
A DDoS attack, when an attacker floods a server or network with Internet traffic to prevent users from accessing connected online services, can be costly in both earnings and reputation.

Read more...
Exploiting Android accessibility services
Cyber Security
Pradeo Security recently neutralised an application using Android accessibility services that exploits the permission to perform fraudulent banking transactions.

Read more...
Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Read more...