electronic access control

SALTO Systems: Unique Access Control Solutions for a 100+ Year Old Building

By Ryan Kaullen, Field Services Manager at Kenton Brothers

SALTO Systems: Unique Access Control SolutionsIn late 2023, Kenton Brothers was approached by a property management company about adding access control to a local, 100+ year old tenant-based building in Kansas City, MO. The building has more than 16 floors and multiple elevators needed access control. As you can imagine, when the building was being built access control was not in the minds of the architect nor builders. So, the task became how does Kenton Brothers provide access control for this unique situation while keeping costs in-line with the customer’s budget?

SALTO Systems

The answer was an access control platform that supports both online and offline locks while at same time being able to take care of access control for the elevators. The system is made by a company called SALTO Systems. Their array of lock solutions allowed Kenton Brothers technicians to install cable where it was accessible to connect to the server and have some of the locks being online, while also being able to install locks at doors where cable wasn’t an option. All while still granting access or denying access depending on the credential presented.

Here is the interesting feature of this system: Online readers re-program each card as they are presented, and then the new information is carried to the offline locks the next time they are used. This allows the system to be centrally managed without running wires to every lock. (Remember, this building is over 100 years old.) Pretty cool, right?

Our solution allows the property management company to grant access to individuals with the correct credentials into certain spaces like the gym, pool area, rooftop, etc. And they can deny individuals who should not have access to those spaces. Without the SALTO access control system, this is almost impossible to control.

SALTO Systems: Unique Access Control Solutions SALTO Systems: Unique Access Control Solutions

The next phase of the project was the elevators.

To accomplish getting readers to work with the elevators, and the readers needing to be offline readers, Kenton Brothers worked closely with the elevator company whose software and the access control software would work in tandem to take tenants to the correct floors while still allowing the property management company to program proper access to the readers. This was a close coordination between our team and the elevator company to accomplish our customer’s goals. And this was crucial to the success of the project because it again helps keep the flow of traffic of people going to the correct floors where they are allowed to be.

Projects like these are what Kenton Brothers loves to take on. These kinds of projects make us think outside the box, deliver one-of-a-kind systems, and come up with unique and customizable solutions to take care of the customer.  This is the type of work that has made Kenton Brothers stand out for over 127 years.

To see how Kenton Brothers can help with your unique needs, please give us a call.

SALTO Systems: Unique Access Control Solutions SALTO Systems: Unique Access Control Solutions

Dual Technology Credentials

By Ryan Kaullen, Field Services Manager at Kenton Brothers

Dual Technology CredentialsAccess Control has been around for a few decades now, and during that time the technology has evolved. A lot of customers have older access control equipment and can’t afford to change out equipment every time technology and security solutions change. What are ways that a company can increase security but not have to change out everything all at once? How can they avoid impacting large portions of the their current access control solution? One way is by using Dual Technology Credentials.

Proximity Technology

The industry standard at the beginning of development of access control solutions was called proximity technology.

Proximity is a non-encrypted technology. As technology has advanced, and those who wish to hack or break through the security have advanced, the industry adapted. More advanced types of technology were required to combat those new threats. These advanced defenses include solutions like multi technology, new readers with encryption, advanced card formats, and more.

This is where Dual Technology Credentials come into play.

Changing your credential to dual technology allows you to use older technology readers along with the newer options. All while enjoying the benefits of having an encrypted credential for higher security.

Over time, you will be able to upgrade your readers to a newer type of encrypted reader. (In other words, spreading out the investment timeline for doing the reader upgrades.) You will still be able to use your dual technology credentials, but once all the readers have been updated, you can switch from a dual technology credential to an encrypted credential. This will lower the cost of your credentials moving forward while still keeping the correct standard of credential security.

Individuals who intend to cause harm to a location often try to go for the low hanging fruit… which includes access control credentials. A repeater is used to try and reveal the card or FOB’s credentials. This allows them to re-create the card and allow entry. This is where dual technology credentials can really make a difference.

If you are interested in learning more about Dual Technology Credentials, please contact us and we would be happy to see where we can help heighten security and protect your people, property, and possessions.

Credential Technologies: You may not be as protected as you think

By Neal Bellamy, IT Director at Kenton Brothers

Credential TechnologiesToday, I want to talk about credential technology. While not an extremely exciting topic, it can be, and often is the weakest link in many organization’s access control system. Remember that an attacker doesn’t need to get through every defense in your system, most often they just need to get past the weakest one (or two).

Let’s start with how cards and readers work.

Any RFID reader, including the ones used for access control, puts out an electromagnetic field around the reader. This field is usually measured in inches, but in special readers like a Nedap long-range reader, fields can be measured in feet.

When a credential (card, fob, wristband, sticker, etc.) passes through the field, it electrifies the antenna giving the chip on the credential enough electricity to transmit the data stored on the chip. Most often the data that is stored is the “Card number”. I put it in quotes because that “Card number” could be many things.

Next, we need to talk about card numbers or more specifically card formats.

Unfortunately, most card formats are simple and relatively easy to guess. The most common card formation is 26 bits in length. HID calls this H10301. The first 8 bits designate the facility code and the next 16 bits designate the card number itself. The facility code is a way to group the cards together and in theory, verify that the card belongs to the access control system.

The low bit count means that there are only 256 possible facility codes and 65,535 card numbers. For those people paying attention to the details, the extra 2 bits are used for error checking.

Most people start with card number 1 and work their way up. There are other card formats like 33-bit, 37-bit, 40-bit, and so on. Each increases the possible facility code and card number options. The important takeaway is that once an attacker has the card format, facility code, and card number of a person who has access, they can gain access to your facility.

Encryption

Like most things in commercial security, encryption is a way to combat the wrong people seeing the real card number. Encryption and card formats are independent of each other. You can have a 26-bit card that uses encryption and a 26-bit card that does not use encryption. That is based on the card technology.

Card technology like Prox and Indala are not encrypted. This means that almost any card reader can read the actual card format, facility code, and card number, it just has to get close enough to a card that has access.

Some technologies are encrypted but have already been cracked. Examples of these are Mifare Classic, HID iclass Classic, etc. Because the technology is already cracked, there are several ways of reading the encrypted data, and then applying the workaround to get to the actual card data again. Using a cracked technology is better than unencrypted, but it is still not advised.

Some technologies are not yet cracked like Mifare EV3 and HID iclass SEOS.

Encryption Usage

Credential TechnologiesWhen an encrypted technology is in use, both the card and reader must be using the same set of keys. Public/Private key is a long topic, but effectively a matching pair of keys are used to encrypt and decrypt data. (More information here.)

This means that readers and credentials are matched for the different manufacturers. If you are using HID readers, you almost always need to use HID credentials. Even with an encrypted, uncracked, card technology, the most commonly sold readers and credentials use the same key pair across all readers and credentials. This means that anyone can buy the latest HID reader to read almost every HID card ever sold.

There are special programs where a business can “own” its own set of keys. Another option is to use a system that generates a unique key and then can use that key to encrypt the cards specifically for a given system like Gallagher.

I know this was a lot of information, so let’s distill it a bit.

First, make sure you are using encrypted card technology.

Second, use the latest technology when you are using encryption. This will be based on the card readers you are using.

Finally, if at all possible, own your public/private keys. Sign up for a unique key system like Corporate 1000, or use a system like Gallagher to generate a unique key for your system.

If you have more questions or need help with your current/future commercial security solution, please give us a call.

CPTED Part 3: Territorial Reinforcement and Maintenance

By Kevin Whaley, CPP, Sr. Security Consultant at Kenton Brothers

Welcome to Part 3 of our discussion about Crime Prevention Through Environmental Design (CPTED).

In Part 1, I introduced the concept of CPTED and the importance of ensuring CPTED principles are considered when developing or enhancing your security program. In Part 2, we dove into greater detail on the concepts of Natural Surveillance & Natural Access Control. In Part 3 of the series, we will be looking at Territorial Reinforcement and Maintenance.

As a quick recap: in the first part, we touched on the four key overlapping concepts of CPTED which include:
  1. Natural Surveillance
  2. Natural Access Control
  3. Territorial Reinforcement
  4. Maintenance
In the second installment, we went into greater detail about the in’s & out’s of Natural Surveillance & Natural Access Control such as;
  • Natural Surveillance – the placement of physical features, activities and people in a way that maximized visibility from the surrounding environment.
    • WHY? It increases the threat of apprehension by taking steps to increase the perception that people can be seen.
  • Natural Access Control – Natural access control means controlling access to a site. People are physically guided through a space by the strategic design of streets, sidewalks, building entrances, and landscaping.
    • Clearly defines entryways and guides personnel to specific entrances that are well lit and overlooked by surrounding areas.
Just as a reminder, the overall goal in the successful implementation a CPTED plan of action, we must understand that all human space:
  • Has some designated purpose.
  • Has social, cultural, legal, or physical definitions (such as expectations or regulations) that prescribe the desired and acceptable behaviors.
  • Is designed to support and control the desired and acceptable behaviors.
With that understanding in mind, our approach should focus on:
  • Manipulating the physical environment to produce behavior effects that reduce the fear and incidence of certain types of criminal acts;
  • Understanding and modifying people’s behavior in relation to their physical environment
  • Redesigning space or using it differently to encourage desirable behaviors and discourage illegitimate activities; and
  • Reducing the conflicts between incompatible building users and building uses, with the goal of eliminating “no person’s land” that no one takes ownership of.

There are various controls that can be implemented that can supplement or support the approaches listed above.

CPTED Part 3: Territorial Reinforcement and Maintenance

Territorial Reinforcement and Maintenance of your CPTED program.

Territorial Reinforcement:

Territorial reinforcement involves establishing a sense of ownership and belonging in a specific space, which can be achieved through various design elements and strategies. When a space appears to be clearly defined and “owned” by a particular group or individual, it may discourage potential criminals by making them feel like trespassers or intruders and that the potential for detection is high.

Importance in CPTED: By implementing territorial reinforcement, CPTED aims to deter criminal activity by promoting the perception of active ownership and surveillance. A well-defined and cared-for area signals to potential offenders that their presence is likely to be noticed and that there is a higher risk of detection and apprehension. This may lead to a decrease in the opportunities for criminal acts to occur, as criminals tend to avoid spaces where they feel more vulnerable and exposed.

Examples of Territorial Reinforcement:
  1. Clear boundaries and property lines demarcated with fences, hedges, or other physical barriers.
  2. Well-maintained landscaping and exterior areas, indicating active use and care.
  3. Signage and symbols that represent community ownership or surveillance, such as neighborhood watch signs.
CPTED Part 3: Territorial Reinforcement and MaintenanceThese examples of territorial reinforcement can (and should be) enhanced with other physical security measures including but not limited to:
  1. Surveillance cameras
  2. Speakers with pre-recorded messages stating that the person is being watched or that authorities have been called.
  3. Sufficient illumination
  4. Security officers
  5. Access Controls
  6. Active/Passive intrusion sensors

However, no matter how advanced or intricate your CPTED program is, it can deteriorate and become obsolete without proper care and maintenance.

CPTED Maintenance:

CPTED maintenance involves sustaining a sense of ownership and control over a space through ongoing upkeep and community involvement. Neglected or poorly maintained areas can attract criminal activity as they signal a lack of guardianship and a reduced risk of detection.

Importance in CPTED: Regular maintenance of public and private spaces is critical to the success of CPTED. Well-maintained environments foster a sense of pride, ownership, and responsibility among community members. It reinforces the idea that residents are actively invested in their surroundings and are vigilant against criminal behavior. This collective effort makes it less attractive for criminals to target such areas, as they are more likely to be noticed and reported by the community.

Examples of Territorial Maintenance:
  • Prompt repair of broken windows, damaged fences, or graffiti.
  • Adequate lighting to ensure visibility and reduce hiding spots.
  • Community engagement and participation in the upkeep of shared spaces.

CPTED Part 3: Territorial Reinforcement and Maintenance

 

The image to the right is an example of POOR CPTED maintenance. As you can see, the vegetation is growing through the fence line, damaging it significantly and there are various areas where intruders have cut and recut through the fence line. The lack of prompt repair, landscaping maintenance, and lack of illumination, make this industrial facility a tempting target.

In conclusion, territorial reinforcement and maintenance are essential components of Crime Prevention Through Environmental Design. By creating a sense of ownership and responsibility within a community and ensuring that spaces are well-cared for, CPTED aims to discourage criminal activity and promote a safer environment for residents and visitors alike. These proactive measures empower communities to take control of their surroundings and play an active role in crime prevention.

I hope you will watch out for the final installment where we will review the concepts we’ve discussed and how they all can be tied together.

Have more questions about CPTED or would like an assessment? Give us a call at 816-842-3700 and our board certified security professionals will get you taken care of!

Chain of Custody in Commercial Security

Chain of CustodyBy Ryan Kaullen, Field Services Manager at Kenton Brothers

Many of you know that our goal is to protect people, property, and possessions. Something that comes up related to this goal is Chain of Custody.

You may be wondering what Kenton Brothers has to do with Chain of Custody and how we would be involved. Unfortunately, part of the work we do in the commercial security industry is capturing evidence. This evidence comes in many forms. Evidence may include video surveillance recordings, security system audit trails and more. We capture this information to help protect companies from theft, fraud, and work place incidents. There are plenty of scenarios that result in law enforcement being involved.

What is Chain of Custody?

Chain of Custody is the documentation of chronological events related to an incident. Protection of how the evidence is handled, who handles it and more matters. The idea is that law enforcement needs to be able to review and use video and other forms of documentation as evidence in a trial or hearing.

A Recent Example for a Banking Client

Chain of CustodyWe recently received a Chain of Custody request from one of our banking clients. They had an event that they deemed legally significant and requested our help in documenting what had happened. They needed our help to get the video segments exported properly. They wanted footage from all of the cameras at one of their locations over the past 30 days. (That’s a good amount of video data!)

Our first step was to download the footage locally to external hard drives. The video data had to have password encryption. And the video footage had to be time stamped. We also had to fill out Chain of Custody paperwork.

On top of those requirements, the equipment and external drives couldn’t be left unsecured while we were downloading the video segments. We also had to be in an access-controlled room for audit purposes. It was crucial that we followed every step correctly to make sure their case against the accused is rock solid. We had to make sure the evidence we helped provide would not get thrown out due to Chain of Custody problems.

Once the video had been downloaded onto the drives, our technician had to hand deliver the hard drives to the bank’s lawyer and provide the Chain of Custody paperwork.

We Take Chain of Custody Seriously

Chain of CustodyChain of Custody is something Kenton Brothers takes extremely seriously for many reasons. One, we want to make sure we are providing our customers with a level of service and reliability they can count on. We also want to make sure law enforcement has what they need to support or refute claims. This is also a great example of how the commercial security systems we sell and support do what they’re supposed to do.

The reality is that you hope you never have to use footage, audits, etc. against someone working for you or coming in to your place of business. But when something does happen, you want to make sure you have the right systems in place to protect the people, property, and possessions of those who work there.

To learn more about how Kenton Brothers Systems for Security can protect you and your business, please give us a call.