electronic access control

Getting Back to School Safely

By Will Zurcher, Installation Manager at Kenton Brothers

ClassroomSecuring the front entrance of any facility can be challenging. Securing a school’s front entrance is possibly the most challenging project a company like ours can be asked to provide.

Schools present unique obstacles.

  • Parents don’t want to drop their children off in the morning to a building that resembles a prison. It makes sense to make sure people on the inside are safe from external threats. But we have to remember that a facility that is harder to get into is also harder to get out of.
  • In the design phase, we have to always keep in mind that the majority of the users are going to be children and visitors. And they aren’t necessarily familiar with the facility, so the systems put in place have to be easy for them to use.
  • There are situations when the systems we put in place will need to be bypassed to accommodate large groups of people to pass freely in and out of the building.

Realistically, with the budgets that schools are faced with, creating a 100% secure front entrance is often not possible.

When starting the design process, we must first work on funneling all of the traffic to the front entrance in order to control access to the building. This can be done with fencing to deter trespassing and limit access to secondary entrances. Cameras monitor perimeter entry points and notify staff of any unknown traffic around the facility. The cameras can double as monitoring tools for recesses and transition periods. Door “position” switches can also be installed to notify staff of any unlocked entry points.

With these options in place, any unauthorized people would need to proceed to the office in order to gain entry into the building.

Recently, front entrances have been designed or remodeled to have a double door style entrance which allows visitors free entrance into a secured vestibule area. This allows front office staff to clearly identify visitors.

In the vestibule area, there’s a second set of access controlled doors that lead into the school. There’s also a single access control door that leads into the office. These doors will be outfitted with locking mechanisms that are “fail secure”. This means that if the school loses power, the doors will remain locked.

Outside the office entry door there is an intercom system for the visitor to communicate with the office staff. If no threat is detected, the staff has a button to release the door lock, allowing the visitor entry into the office to sign in. This process allows the office staff to keep track of everyone in the building. It also allows the office staff to notify the authorities of any threats with a duress / panic button while securely delaying the threat long enough for the authorities to get there.

Kenton Brothers understands all of these situations. We help schools implement easy-to-use and reliable solutions while working with the staff to put procedures in place for emergency situations. Give us a call to learn more.

K.I.S.S. with SimpleK

Kenton Brothers: SimpleK Key Management SystemOne of the many things we do for our clients is help them with the complicated task of managing their keys.

At some point, we’ve all heard the acronym K.I.S.S. (Keep it simple, stupid!) Managing master key systems and keys for a large facility can be a challenging task. The number of keys, doors, and people involved requires a powerful and efficient tool.

We keep it simple for you with SimpleK!

SimpleK is the most advanced key and master key systems management software available. It provides a large set of features for physical security and facility management, and relies on a strong relational SQL Database.

With SimpleK, we can efficiently manage master key systems, keys, key rings, key holders, buildings, doors, requests, work orders, and floor plans. We’re able to maintain a database of all types, sizes, and details of all door hardware throughout your entire facility.

Kenton Brothers: SimpleK Key Management SystemOur technicians gather all your door information (including photos) with a mobile application while doing site surveys. Once this information is collected, we’re able to put it all into a master key system and database. This allows us to quickly gather information for specific locations when repairs and additional keys are needed.

All you have to do is provide the location of your doors.

At Kenton Brothers, Service Quality and Customer Focus are two of our core values.  We believe that using SimpleK is another way to achieve those goals. If you have any questions about the SimpleK system, please give us a call!

Project Update: Salvation Army Centralized Management System

Salvation ArmyWe’ve had a relationship with the Salvation Army for many years from a locksmith perspective. Over time, we began to do more of their technology based applications for access control and video at locations around the city.

About two years ago, we approached the Salvation Army about implementing our centralized management system. This system uses IP based technology that allows their headquarters to see all of their locations, while allowing autonomous administration at each location.

The cost savings would be substantial because of standardizing their systems and sharing the IT investment in servers and switches across their locations. We’ve helped them through many iterations of the design while facilitating meetings with decision makers and their board of directors. We’re excited to announce that we’ve won the business!

Their ultimate goal is to incorporate not just the IP video and IP intercom systems, but to also include access control.  There are approximately thirteen locations we’ve included in our project planning. The Linwood location is the first facility to get the upgrades.

Salvation ArmyOur installation crew began the project by pulling new CAT 6 cable for each new camera and intercom location. This was no easy task because it’s a four-story building. We installed eight exterior cameras ranging from Pan/Tilt/Zoom models to 270-degree and interior dome cameras. We also installed a 2N intercom system with three Grandstream desk stations. We installed PC based viewing stations that communicate with video servers at each location.

We’ve really enjoyed our experience working with Salvation Army and their staff. We’ve delivered a solution that makes their work for the community easier, safer and more productive!

The Benefits of Integrated Security VS Physical Security Guards

integrated-security-graphic_215x263Security comes in all shapes and sizes—sometimes literally. Determining what type of security system you should implement depends on multiple factors, including your location, industry, staff size, and more. Not to mention that the two can sometimes be like apples and oranges, serving entirely different functions depending on the need.

So how do you compare benefits of physical security guards versus a fully-integrated system? Let’s start with security guards.

Regardless of the reasoning behind your search for a security system, it’s important to consider the size of your location, the amount of locations you have, the type of industry you’re in, the surrounding businesses, as well as business hours and general visibility as you begin looking at your options.

According to Tory Brownyard, there are many benefits to physical security guards depending on these variables.

“Officers are usually more effective for live events, special events, schools during school hours, retail facilities while they are open and wherever the threat of bodily injury is a concern,” says Brownyard. “In fact, some ask their officers to perform only “observe and report” functions, a choice that can lower the cost of the guard firm, as well as the guard firm’s liability.”

Unfortunately, in terms of cost, security patrol can range anywhere between $10 dollars an hour to $100 dollars an hour, not to mention the sheer massive liability that comes with human error.

And those rates can increase to untenable overhead costs at your business’ expense. According to an article from CostHelper.com, simply, “the time of day also affects pricing. Security guards working at a late-night party in the city may cost $30-$50 per hour, for example. An off-duty police officer typically costs $40-$60 per hour for security guard services. Interested clients can contact a local police department for availability and rates, which can be expensive because the officer is working overtime.”

From a cost perspective, integrated security systems are more of an up-front investment, but it pays back in the long haul.

According to Security Info Watch, “Security personnel, when deciding if managed security was the way to go for them, examined a number of factors and, in many instances, acknowledge they no longer have the manpower, infrastructure, capital or time to stay on top of all the moving parts needed to run and maintain an access control system.”

And without manpower to act as a deterrent to break-ins and other issues, your business is looking at a loss of data, equipment, an impact on the public perception of your location, possible harm to your staff and your clients alike.

In a recent study of 1,500 people conducted by Eagle Eye Networks, more than 70 percent of adults favor using video surveillance in schools.

“An overwhelming majority of survey respondents also felt that parents should be able to view video of their children at preschool and daycare (77 percent) as well as in K-12 schools (72 percent) …another 59 percent of respondents said that video should be used to provide real-time insights during emergencies and 57 percent said cameras should be used to deter crimes. Nearly 8 in 10 respondents believed it was important that first responders be granted real-time access to school surveillance cameras.”

The benefits of a custom-made, integrated security system far outweigh the alternatives, and it makes sense, too. In a time where technology rules our every day lives, it has outsmarted the possibilities of human error and can detect a variety of system errors without breaking a sweat.

This article originally appeared in Security Today Magazine and is written by Phil Lake

The Security of Your Security System

The Security of Your Security System

by Brian Carle

security-265130_960_720Ironically, not much attention has been paid to the security of most security systems. Anecdotal reports of video security deployments seem to indicate that more often than not, passwords are left at defaults, default accounts are left enabled, firewalls are not configured, and other best practices of proper information security are commonly not adhered to.

In the past two years several high profile data breaches, namely the Target data breach in 2014, have put greater focus on the data security of all network connected devices. More recently, prominent video security brands have had significant vulnerabilities exposed that could allow for malicious network attacks for organizations that have deployed the affected equipment.

Although attention is paid when a corporation suffers a major data breach, or a product vendor has an unintended vulnerability exposed, many “everyday” security deployments would benefit greatly from some basic IT best practices for securing network connected systems.

Default Passwords

Without question, changing default passwords on network connected devices should be standard practice. Although this practice should be in place for all network connected devices, in video security often camera passwords for default user accounts are not altered. Some camera vendors force a password to be set for the administrative account when first logging into the web interface, but if installers connect the cameras to the corresponding NVR without ever using the web interface, this step could be overlooked. Creating passwords that are difficult to guess may involve incorporating special characters, numbers and capitalization.

To take password security to the next level, use different passwords for all devices. It is quite common for all cameras to share the same password, even if the password has been changed from its default. In the event the new password becomes known to unauthorized individuals, all the camera devices become compromised.

Some organizations will go as far as removing default user accounts, so accounts can be created in their place without the default usernames. This is typically an effort to reduce the possibility of ‘brute force’ attacks, where combinations of passwords are attempted on a known user name. Not all video security products support this capability so if policy dictates this level of configuration, verify products support this function.

Locking Down Unused Services and Ports

server sphereCameras and NVRs often ship with all features and methods of access turned on by default. Once deployed, only subsets of these functions are ever used.

Leaving unused features and protocols turned on, exposes the camera and NVRs to methods of access that are not intended, and no additional system functionality is gained by leaving these settings turned on. Using a software firewall on an NVR and turning off unused services should be considered part of the basic configuration when deploying systems.

Some examples of services and protocols which should be turned off in most deployments include FTP, SSH or telnet, remote desktop, file sharing, UPnP and other discovery methods (after setup).

Network Segmentation and 802.1X

Deploying IP cameras means access to switch ports will be exposed in public locations. It’s possible a camera enclosure could be opened to access the network cable connecting the camera to the internal network, providing relatively easy physical access to other networked systems. This is particularly a concern for cameras mounted outdoors, on a rooftop or in a parking lot, because network access is available outside the physical protection of the building.

A first step to protecting unauthorized physical access to the network is to connect cameras to a switch that is not physically connected to the organization’s main computer network. This is commonly done by using an NVR with two or more network ports. One network port of the NVR connects to the camera-only network and the other side connects to the main network, allowing access to the video feeds. VLAN configuration can be used to segment ports on the same physical switch which prevents direct communication with other devices on that switch that are not defined as part of the VLAN, providing the same end result.

Some cameras and network switches offer 802.1X, which is a network switch level authentication protocol. In short, this functionality ensures only the device authorized to connect to a particular switch port is able to. If another device is plugged into an 802.1X protected switch port, it will not be able to communicate on the network. For deployments where cameras are located outside a building or in publically accessible locations, 802.1X capable switches and cameras should be strongly considered.

Encrypted Communications

Encryption of communications is what most people think of first on the topic of security. Using a network sniffing tool, account credentials and data can be recorded by an unauthorized device. Without encryption, captured data can be easily used by someone other than the intended recipient.

It is more common for encrypted communications to be considered for data being transmitted over a public network, such as the internet, however more network security professionals consider it necessary for internal network communications to prevent security breaches by unauthorized employees and contractors with network access.

Ongoing Patching and Management

Devices marketed as an “Appliance”, which may apply to an NVR or an IP camera, may not get the same level of IT attention that a standard Windows workstation or server deployment would, potentially leading to systems with known security vulnerabilities connected to the network. Some organizations have policies that require various departments to pay IT for support of newly connected Windows systems, or there may be a policy preference against using systems with a full Windows deployment in favor of ‘appliance’ devices due to a perception of reduced need for software updating and patching.

This is generally a mistaken perception. Devices marketed as ‘appliances’ are still running operating systems, generally Windows Embedded or Linux, and still connected to the network. An older version of an operating system on an appliance could present a security risk in the same way an unpatched and unsecured Windows computer would.

When considering an ‘Appliance’ best practice would dictate verifying the underlying Operating System used, the version and patch level of the OS. Also, ask the vendor how OS security issues are resolved when vulnerabilities are uncovered. A delay between a known OS vulnerability and the corresponding patch becoming available for the appliance should cause concern.

Post Installation Auditing

Consumers that are concerned over the configuration of deployed systems should consider third party or internal security auditing following the installation of a video security system. Adding this procedure is a simple and effective way to validate the installation is configured according to security policies and meets a minimum standard of security hardening.

Free scanning tools, such as Nmap, can be used to generate reports on what ports are open on a network connected device, providing for simple and fast verification of whether unused protocols are enabled. In addition, verifying password strength and other configuration mentioned herein should provide a basic means of validation system security post-installation.

When valuable data is compromised, there are significant risks to any organization. In the case of data belonging to a third party or a customer, the cost of the associated legal liability can be huge. Furthermore, the impact to an organization’s brand can have lasting consequences. Having a strong set of security best practices will minimize these risks and can differentiate integrators who educate consumers on the risks and technologies.

 

Originally posted by Brian Carle in the February 2016 issue of Security Today magazine.  As Director of Product Strategy for Salient Systems, Brian manages Salient’s CompleteView Video Management Software and CompleteView Cloud VSaaS product lines. Brian has over 13 years of experience working with network cameras and video management products. Prior to his current position, Brian worked for Axis Communications as ADP Program Manager, Technical Trainer & Sr. Sales Engineer.