The Kenton Brothers Retail Counter [Video]

/in , , , /by

By Ryan Kaullen

Kenton Brothers can trace its customer service roots back to 1897. Our Retail Counter, customer-facing environment is at the forefront of service for our customers. Every day, our customers are coming in with various needs as a result of their businesses growing and evolving. That’s where the Kenton Brothers Retail Counter comes in. It’s a resource for their overall facilities physical security needs. Those needs come in the form of keying, part repairs, parts ordering, security needs, and knowledge database.

Our customers rely on the Retail Counter to be the gatekeepers for physical security at their facilities. Our internal database of records is guarded by checks and balances specifically outlined by our customers. Approvals must be followed every time. The Retail Counter staff works tirelessly to make sure requests are correctly followed and delivered on time.

Over the years, the Retail Counter has grown from a key shop to a full service solution for our customers.

The Retail Counter can help customers create and manage key systems, duplicate keys, re-key, order parts, repair parts and the list goes on. We welcome local walk-ins every day, but not all of our customers are local. We have customers across the country that rely on our knowledge and products to protect them. One day the Retail Counter Staff is cutting keys for a customer in Texas and the next they’re working with a customer in Arizona. We have thousands of key blanks and cylinders on hand, thousands of lines of in-stock product, as well as thousands more available through our vendors, and decades of experience to back it up.

From the entire Kenton Brothers staff, we invite you to allow Kenton Brothers and the Retail Counter Staff to help protect the people, property, possessions, you hold dear.

Partnering with Homebase to offer Multi-Family “Smart Home” Technology

/in /by

By Neal Bellamy, IT Director at Kenton Brothers

Smart home technology has been around for a few years. It’s the ability to control lights, thermostats, locks and more in your home using an app or a remote control. It’s building automation for your home. If you own a condo or an apartment complex, how can you offer the smart home experience to your tenants? Can you use the same products as a single-family home or a commercial building?

Let me show you how partnering with the right people can make smart home tech another bonus for your complex.

First of all, the typical smart home and commercial products aren’t a great fit for multi-family buildings. Most of the building is made up of individual “homes” with each home needing to have their own control over locks, lights, etc. However, there are also common areas in a commercial building including a gym, pool or front entrance that every tenant will need access to.

Kenton Brothers: Homebase LogoYou may need an intercom system to call a tenant if they have a visitor. To accomplish the task, you need two experts. One in Smart Home and the other in commercial security systems. Partnering with Homebase, Kenton Brothers has helped several multi-family facilities offer smart home tech to their clientele.

Homebase offers a tenant all of the smart home features like automatic locks, lights and thermostats. However, they also solve the problems associated with an apartment or condo like move in/move out, demo unit access, dog walker or cleaning service access through the front and tenant doors. They also offer a maintenance ticketing system and shared space access for all tenants.

Kenton Brothers: Smart Home SolutionsKenton Brothers makes sure that the right locking hardware and other security systems are in place and integrated.

Not every “smart” lock is ready for this application. Different doors will have different needs for intercom, access control, and/or smart home. An electrified lock on the front door of the complex will be very different than the door to a unit, but both need to be compatible with the building automation, or smart home system. The intercom system needs to call tenants wherever they are because many people no longer have land lines.

For more information, click here to download our guide for “Top 11 Solutions for Multi-Family Properties”

If you want to offer smart home functionality for your tenants, give us a call. We’ll partner with you and Homebase to integrate the different systems and features to create the right environment for you and your tenants.

How does a security integrator design their own security systems? Part 3

/in , , /by

By Neal Bellamy, IT Director at Kenton Brothers

In the last couple of months, we’ve been designing our intrusion system, network infrastructure, and video surveillance systems. Now it’s time to design the access control system.

Access Control

There can be lots of advantages to Access Control.

Because the doors are controlled electronically, we can:

  • Automate the open and close time of the business or areas
  • Stop handing out keys that might not be turned back in or lost
  • Track who goes where, etc.
  • Use access control doors for business reasons, not just for security.

Kenton Brothers: Access Control and LocksFirst, let’s talk about the components of access control. A couple of the components are obvious, but others are misunderstood. Today we’ll talk about card readers, locks, door position sensors, request to exits, and credentials. Exciting, right? Maybe not, but these are incredibly important details for a commercial security system.

Card Readers

Card readers are the most obvious component required in an access control system. The card reader is what reads your access control card and identifies you to the system. Your card is unique to you within your access control system. However, a card reader doesn’t have to be just a card reader.

There are lots of ways to identify yourself to the system. Fingerprint readers, vein readers, pin pads, iris scanners, and face scanners are all possible ways that you could be identified. Some of these are more secure than others. Pin numbers can be shared, so we highly suggest not using them, or make sure that whatever you have behind the door is not valuable.

Fingerprint readers are more hackable (YouTube Video about that here) than a vein, iris or face scanners. The highest level of security is two-factor authentication. You would use two of these kinds of credentials to enter the door at the cost of being less convenient.

Locks

Kenton Brothers: LocksLocks are the next most obvious component. You need to be able to lock and unlock the door electronically. Common electronic locks are Electrified Panic, Electrified Levers, Strikes and Mag (magnetic) locks.

All electronic locks can be broken into two categories, “Fail-Safe” or “Fail-Secure”.

Fail-Safe locks unlock when there is no power going to them. When the power “Fails” the lock is “Safe”. In this case, “Safe” means someone can get out. Unfortunately, that also means that the door is unlocked, so someone could come in if the power fails.

Fail-Secure is the opposite; when the power fails, the lock is secure or locked. There are times when codes require a Fail-Safe lock, like in a stairwell of a large high rise, however, at Kenton Brothers we prefer fail secure locks.

Electrified Panic, Electrified Levers, Strikes can all be Fail-Secure or Fail-Safe, but mag locks are always Fail-Safe. Mag locks usually require two forms of egress, meaning that there are two ways to leave the building through a mag lock. Mag locks generally are also required to be connected to the fire alarm. Although Mag locks themselves can be cheaper than other types of locks, by the time you connect the two forms of egress and the fire alarm, you could have installed a Fail-Secure lock.

Door Position Switches

Now you can authenticate at the door with a reader and unlock the door with an electrified lock. But how do you know if someone propped open the door, or forgot to shut it? That’s where the third component at the door comes in, the door position switch.

This switch is generally a magnetic switch mounted in or on the door that tells the system if the door is open or closed. You can use this information to drive alerts if a door is left open too long, which circumvents the security that you are trying to establish with access control.

Wouldn’t it be nice to know if someone opened the door that was unauthorized?  With the door position switch, we can tell the door opened without a card read, but it would also alert us when anyone leaves the building.

Request to Exit

We use a second type of switch to tell us when someone is leaving the building called a “Request to Exit”. This can be a motion detector that triggers when someone gets near it, or it can be built into a lever or exit bar. That way, if the doors opens, but the request to exit was not triggered and the reader was not used, we know someone came in from the outside and was not authorized. This is called a “Door Forced”. The door was forced open with key or crowbar.

Credential

The last component is a credential. We say credential, not card, because we can use a key fob, iris, face, fingerprint or other identifying feature to authenticate to the system. Most systems use a card or key fob, because of cost and ease of use. However, not all cards and key fobs are the same.

There are dozens of technologies that can be used to store and transmit the credential number to the system. Some are proprietary, some are open, some are not-encrypted and some are. Generally, we advise clients to use a “Smart Card” technology that is encrypted, but not proprietary. It provides the security of encryption while allowing the technology to be compatible with most access control systems. Some options even guarantee that your exact credential number will never be available to any other company in the world, while also being non-proprietary and encrypted.

So What Will Kenton Brothers Be Using?

Whew, that was a lot of info! Now let’s talk about the solution we’re going to use at Kenton Brothers.

Our exterior doors need to be secure, while some of our interior doors are really just for traffic control. We will control our space while also controlling the tenant space. There’s an overhead garage door leading from our space to a space shared with the tenants. We also have an overhead garage door for loading and unloading material that we don’t want to have to get out of the truck to open.

For the exterior doors, we’ll install an electrified exit bar with a built-in request to exit. The exit bars are heavy duty and allow a large number of people to get out of the building. The built-in request to exit also gives less false triggers than motion detectors, because instead of triggering when someone gets close, it only triggers when someone actively leaves the building by presses the bar down. These doors will also get a door position sensor.

The interior doors will be strikes or electrified levers. Although these locks are still rated as “Heavy Duty” they are a little less expensive and won’t see as much use.  We will still use request to exits in the electrified levers, for the same reason as the exit bars. We’ll still use a door position sensor to make sure the doors are closed.

The overhead doors will be controlled by door operators, kind of like your garage doors at home. We’ll tie those into the access control system.

For the readers, we’ll use HID iclass SE. These are non-proprietary, encrypted readers, which can also be used with Bluetooth credentials. Right now, they will connect with the Weigand protocol, an open standard communication between readers and access control systems. They can also use a newer, more secure OSDP protocol when the access control systems are ready.

For the long range reader at the exterior overhead door, we’ll use a Nedap reader that can read a special credential at distances up to 33 feet away. That way, the door can be opened without leaving the comfort of the truck.

Thanks for joining me on this physical security journey for our new building. We are really excited to create a showpiece of security layers and technologies.

Please stop by this summer to see everything we’re integrating to create a holistic security stance!

How does a security integrator design their own security systems? (Part Two)

/in /by

By Neal Bellamy, IT Director at Kenton Brothers

In our last story, we designed an intrusion system for the new building. Now we need to design the other security systems including the network infrastructure security and capacity. Then we’ll look at different camera technologies and their uses.

You’re only as strong as your foundation:

All of our systems use the IT network as a foundation. It can often be overlooked and can easily be the weakness of any security system. We need to design a good, solid foundation so that the rest of the security systems can do their job.

VelociraptorThere’s been a lot of press lately about systems being hacked. Multiple companies and products are continually being tested (like an electric fence in the velociraptor cage). The easiest and most secure way of protecting the devices from testing is to separate them from the herd. By taking all the security devices and giving them their own network, and then channeling all network access through computers of your choosing, you seriously limit the devices that can be attacked. The IT Security industry called this idea the “Attack Surface”.

Limiting Access with Network Configuration

We’ll accomplish separating the network with VLANs, or Virtual LAN. A separate physical network is also acceptable. After we separate the networks, we will place rules into effect in our firewall between the networks to prevent anyone from the internet getting directly to the cameras or access control controllers. While we’re at it, we’ll prevent the computers inside Kenton Brothers from getting directly to those devices too. If you need to get to the cameras, you have to go through the Video server. As a result, the attack surface has been reduced to just the video and access servers. Of course, you still need to use best practices for security on individual devices. All of your camera passwords should be unique and strong, firmware should be updated, etc., but we’ve added another layer of defense.

Network Speed

Now that the network is secure we need to make sure it is fast enough. Most people take for granted that their network is fast enough. Most office activity is relatively slow and not much strain on the network. Every business is different, but our servers range from .2 Mbps to 3 Mbps of network utilization throughout the day.

A single 5MP camera, depending on the frame rate and compression, might run close to 7-12 Mbps and that traffic might be used all the time. It doesn’t take too many cameras to bottleneck a gigabit switch or a server with only one network connection. By the way, like the speedometer on your car, just because the top speed is 1 Gigabit, or 1,000 Mbps, doesn’t mean your switch will actually go that fast. Real world results will vary.

Testing your network and server is always advised. I estimate that our 27 cameras will consume about 150-200 Mbps of bandwidth and will need about 20TB of storage based on 40% motion. A couple of 24 port gigabit switches will work for us. I’ll still make sure the server has at least two network cards, one to receive the camera streams, and one to serve video to the clients. While our access controllers will also be on the network, bandwidth is hardly ever a concern for them. They can comfortably ride on the same network as the video.

The right tool for the job

Next, we need to start picking cameras. We always believe you should pick the best camera for the job. While that might mean all of your cameras come from the same manufacturer, it’s not always the case. There are a few challenges we need to overcome in the new building. One is Wide Dynamic Range.

Wide Dynamic Range Cameras

We’ve talked about WDR before, it’s the ability of the camera to see where there is both bright light and dark shadows in the same view. This impacts us the most when the camera is inside, but looking outside. Overhead doors, glass entrances, and parking garages all fit into this category. We need to make sure that the cameras that are looking outside have strong WDR. Most manufactures offer multiple tiers of WDR. Typically the better WDR cameras are on the higher end.

Thermal Cameras

We also have an area behind the building that is hidden from view. It’s pretty dark out there, so it might be a good application for some thermal imaging. Thermal cameras use temperature rather than light for the image. It is great at detecting things, but not so great for identification. In our case, we’ll use it to sound an alarm when there is activity after hours. Adding lighting is just as important as picking a good camera, so we will do that as well. The lights won’t hinder the detection of the thermal camera, and will give other cameras a better image, so it’s a win/win.

Analytic Cameras

In areas that no one should be in after hours, we’ll deploy some analytic cameras. There are various levels of analytics, some detect groups of pixels in an area or crossing a line, but Avigilon actually classifies the object into categories like Person, Vehicle and other. This makes it easier to reduce false alarms due to swaying trees or a random cat walking into our field of view.

We’ll deploy those cameras in the back of the building and high-value areas inside where we want to be notified of unusual activity.  Analytic cameras can also be connected to monitoring centers, who can receive notifications and respond to any events.  It’s worth noting here that analytics are awesome, but you have to have a good procedure to follow too. Having an area where no one should be is much easier to manage than “only if the guy looks suspicious”

This gives us a good start on our security infrastructure and video security. Next time, we’ll talk about access control and intercoms!

Do we eat our own cooking? How the experts approach physical security. (Part One)

/in , /by

By Neal Bellamy, IT Director at Kenton Brothers

How does a security integrator design their own security systems?

Kenton Brothers: Eating our own cookingMost people are familiar with the phrase, “Do you eat your own cooking?” This is a casual way to ask a company if they implement the same products and services they’re selling their customers in their own business.

I think that most companies do a far better job of providing their services to their customers better than they do for themselves for lots of reasons. But the most common reason is that they’re too busy doing a great job for their customers. They just don’t have time, because the customer comes first… right?

Over the next couple of months, we have the opportunity to do it differently. Since we are moving into a new office, we can design our systems from the ground up. It’s an opportunity to showcase what’s possible in a real world application. Today, we’re going to be looking at an intrusion system, also known as a burglar alarm.Kenton Brothers: New Building Sketch

Our new space is a much larger building. (Yay!) We will sublease space to at least one tenant, but maybe more. There are office, warehouse and common spaces with lots of windows and overhead doors.

The main challenges we need to address are:

  • How do we keep the tenant space operating like it has its own system and provide for future expansion
  • How do we protect the different areas of the building?
  • How do we do it as cost effectively as possible?

The first issue can be solved by many different alarm manufactures, most of the larger systems have a feature called areas, or partitions.

Areas allow a keypad and related sensors to act as a self contained alarm system. It’s also possible to have a “Common” area that disarms with the first related area and arms with the last related area. Honeywell provides a good explanation of a common area here (PDF). We will have multiple areas defined that can monitor our own space, the tenant space and any common space that’s shared. We just need to make sure that the panel we choose will have enough partitions for future expansion.

Next on the list to tackle is how to protect the different areas.

We will certainly need to place door contacts on all the doors into the various spaces, but the type of contact and how they’re wired is important as well. To maintain the aesthetics of the personnel doors, we’ll use recessed contacts that are only visible when a door is open. They also come in different colors to closely match the color of the door frame.

We can help protect damage of the overhead door contacts by providing rail mount door contacts, which keep the contact higher and out of the way. One example is an interlogix 2300 series. Motion detectors come in all shapes and sizes, but using a motion detector with multiple technologies keeps the false alarms at a minimum. Bosch, for instance, has a whole line of Tri-tech motion sensors. We’ll also use glass break detectors for the larger glass areas. Glass break detectors provide more reliability than motion detectors alone.

Just as important as the sensors that we use, is how they’re wired.

Most alarm panels supervise the detectors that are connected to it. This supervision circuit monitors the wire that is connected by adding a small resistor to the end of the wire. If the resistor can be measured, all is good, if the resistor is missing, or the wire is not connected at all, it will send an alarm. No method is foolproof, but it adds another layer of security to the alarm system and will alert us if a wire is damaged before we find out the hard way.

As with any system that we design and install, we want the best bang for our buck.

We want to maintain the sensor quality because it would be worthless to have multiple false alarms or to miss an important event. However, there are good ways to save money on an installation.

One way is to wire efficiently. Traditional or smaller alarm panels need to have a separate wire from the sensor to the alarm panel or input module. However, several systems allow loops of wire to be installed with many sensors on each loop. Since the new facility is much larger, having loops will save over 1,000 feet of wire and the labor to install it.

Older and smaller panels also used to require a POTS (Plain old telephone system) line to report to the monitoring stations. Not only is the reporting slower, but who has a telephone line anymore? We will use the IP network to communicate with a central station and pocket the $20 – $30 month that a phone line would have cost.

Last, while not a cost-saving measure, but something we will get for free by choosing the right system, is integration with access control. Since the Access control system and intrusion system are on the network, they can talk to each other. With integration, we can see the status of the areas through the access control system, we can turn off the alarm through the access control system when they enter the building, and we can prevent access control from unlocking side doors when the alarm is armed. All of the integration is designed to give more visibility into the system and to reduce false alarms in the intrusion system.

We’re all excited about the new building. Some are excited about more space, some are excited about fresh paint, but I’m excited to showcase our capabilities and to redesign the security systems from the ground up. Next month, we’ll talk about the network layout that all the systems use as a foundation and a the video system design.