Making physical access easier, more flexible with IP-based tech
01 May, 2015
category: Contactless, Corporate, Government, Library, Smart Cards
Broadening security
Given the high-profile hacking cases that have made headlines in the past year, critics have questioned whether network-based physical access systems are at more risk than their older counterparts.
Szczygiel contends that twisted-pair cables are less secure than IP cables because they have no method to secure or monitor themselves. “The only security they have is that they’re buried in a wall, and the assumption is that no one knows how to find the wire,” he says.
He suspects that IP is subject to more public scrutiny because high-profile hacking cases like last year’s Target breach garner media attention. “You did not hear about someone hacking wires and unlocking doors because it’s not big enough to make the 5 o’clock news,” he says.
Software House’s Focke says that IP access control systems reside behind firewalls, so they are not exposed to internal network or Internet attacks. The use of virtual private networks can help corporate managers keep access control devices away from their employees as well. They typically feature standard encryption protocols, and some meet more complex standards for advanced encryption.
As far as vulnerability goes, XTec’s Helbock says users need to be aware that because a system is IP based, it will need to have the proper controls and protections put on it. XTec has set up its access systems to grant login access through a smart card, a username and password, a biometric or a combination of two or more.
XTec system development manager John Schiefer says most of the security threats to IP-based systems that he has seen have come in the form of attempted, albeit unsuccessful, breaches.
As far as a Jack Bauer-style breach where a hacker is sitting hiding in front of a building with a laptop, Schiefer has yet to see that happen. He has, however, seen other hacking efforts. “We’ve seen significant attempts to penetrate the systems, though a lot of times, they’re just feeling around,” he says.
Standards emerge
IP has spawned a whole new set of rules for monitoring and protecting physical access points.
Security used to be run out of an organization’s guard shack. Now with IP-based systems, the security requirements come out of the IT department. It is often a matter of speaking with a tech person rather than a security guard. That change alone has created stumbling blocks in the transition from old to new systems.
One of the challenges in migration has been to work with the resources inside of an organization to open the correct ports and assign IP addresses for controllers to talk to hosted services.
“In the old days, it was a guy with a ladder running a cable down the hall,” Schiefer says. “Now you’re depending on the resources of the IT groups. It’s a learning process.”
Traditionally, physical access control has been a proprietary market with little standardization. But standards have emerged in recent years, including the Physical Security Interoperability Alliance, the Open Network Video Interface Forum (ONVIF) and the Open Supervised Device Protocol Standard.
In March, ONVIF released the current IP access control standard, known as Profile C, in an effort to achieve interoperability between clients and devices of physical access control systems and network-based video systems.
The industry is trying to build more standards around device-to-device protocols, but the challenge is to standardize the setup without curtailing innovation. “If you make it too vanilla, you might not get some of the high-end features people want,” Schiefer says.
Migration picks up pace
Despite early hurdles, industry leaders say that IP technology is becoming the norm. “There really is no option to not have IP-enabled systems. That is the way the world is going,” Szczygiel says.
Focke says that there are pros and cons to IP-based systems, and it’s important to consider the needs of end users on a case-by-case basis. “Does the end user already have access control systems in place? What kind of budget do they have? What are the future plans for the location and possible expansion, or closure?” he asks.
For some customers with large existing infrastructures, the benefits to migrate to IP may not yet compelling enough to justify the cost. Focke says there is no real integration between IP and the old Wiegand system, so adopting IP technology involves a nearly complete replacement of the existing access control system. This includes everything from running new cable to installing new edge devices or readers.
Still some of these users are seeking a higher rate of security than they feel Wiegand can provide, and are moving to IP systems to address this in spite of the migration expense.
“We’re seeing an overall industry transition to IP technology, but how we educate the customer on the benefits really is the cornerstone of increased adoption,” says CEM Systems’ Donaghy.
For Ponderosa Management, the IP-enabled system has helped raise customer satisfaction levels because managers correct problems quickly and residents can use their cards immediately.
They can also run activity log reports to see who is entering facilities after hours. If there is damage to the property, a manager can trace the incident back to a person based on their access card.
The old system had the activity log capability, but Basilicato says it was time consuming to upload data and generate reports. “Now we get an immediate report with just a few clicks,” she adds.
She points out that the when the infrequent problem with the new system does arrive, it can typically be solved with a simple reboot. “I miss nothing about the old system,” she says.
