PSIJanuary2018

More documents

Recommendations

Info

ACCESS CONTROL (from previous page) organisations with access control systems that feature outdated protocols. It should also remembered that even when biometric devices are used there are hacking tools out there that make these systems equally at risk of attack, unless proper actions are taken. The internal threat should also be considered. For instance, organisations can no longer rely on the transactions on an audit report being acceptable as proof of someone’s activities, as an individual can simply claim it was not them and that their card must have been copied. In addition, many corporate compliance rules can easily be broken by employees modifying their passes to perform actions such as breaking the banking rules on compulsory holidays, engaging in secure document printing, and logging on to unauthorised computer and other IT equipment. The possible consequences of not taking this issue seriously are numerous. According to the UK’s National Crime Agency (NCA) cybercrime has now surpassed all other forms of criminal activity. The NCA’s Cyber Crime Assessment 2016 recommended stronger law enforcement and business partnership to fight cybercrime, with ‘cyber enabled fraud’ making up 36 per cent of all crime reported, and ‘computer misuse’ accounting for 17 per cent. The report also suggested that the problem is likely far worse than the numbers suggest, noting that cybercrime is vastly underreported. On the look out Maybe these figures should not come as too much of a shock considering that infiltrating IT/OT systems simply involves the use the card reader protocol to enter a facility, allowing access to computers. Those computers then act as a gateway to the target’s internal internet, allowing a hacker to access sensitive data that can be used for a variety of purposes including identity theft and industrial sabotage. The amount of personal and corporate information now stored via networks is growing exponentially thanks to the Internet of Things (IoT). Estimates about the amount of connected devices set to be in use over the next few years vary enormously. According to Intel, the IoT is predicted to grow from two billion objects in 2006 to 200 billion by 2020, when there will be around 26 smart objects for every human being on Earth. Meanwhile, IBM claims that every day we create 2.5 quintillion bytes of data – according to the US definition that’s one followed by 18 zeros – and to put that huge number into perspective, it equates to filling up 57.5 billion 32Gb Apple iPads. Data protection is an area where failure is not an option – security, legal and regulatory compliance is vital, while data loss and leakage risks must be mitigated. On 25th May 2018, the General Data Protection Regulation (GDPR) becomes European law. Its primary objectives are to give citizens and residents control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the European Union (EU). It requires any organisation that operates in the EU, or handles the personal data of people that reside in the EU, to implement a strong data protection policy, encompassing access, secure storage and destruction. Action plan Organisations have to be more aware than ever of how to protect themselves against hackers and although it is the IT network infrastructure that is the focus of attention in terms of preventing such attacks, a comprehensive risk evaluation requires Organisations can no longer rely on the transactions on an audit report being acceptable as proof of someone’s activities, as an individual can simply claim it was not them and that their card must have been copied 36 www.psimagazine.co.uk
a meticulous approach to mapping all of an organisation’s IT related assets and processes – including access control. One highly recommended course of action is to carry out a penetration review that will identify whether credentials can be cloned or copied, and whether a system is vulnerable to a ‘sniffing’ attack. A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Many access control card readers are not fitted with tamper devices and even those which are tamper protected may not be removed and checked after a tamper to see if a sniffer has been fitted. In the event that any weaknesses are discovered, a security option that not only secures the cards and readers but also uses the latest Open Supervised Device Protocol (OSDP) should be implemented to ensure that sniffing devices can’t be installed behind the reader or along the communications path. OSDP also allows peripheral devices such as card readers and biometric readers to interface with control panels One of the reasons that hacking has become so widespread is that the chances of getting caught are close to zero. Prosecutions are disconcertingly rare or other security management systems. It is also possible to upgrade as many old readers as required, depending on a risk evaluation. Those readers that are upgraded will securely read a new card and those left as less important readers will simply read the old part of the card, and can be upgraded when budget is available. Staying vigilant One of the reasons that hacking has become so widespread is that the chances of getting caught are close to zero. Prosecutions are disconcertingly rare and by the time the alarm is raised the culprit has usually covered their tracks to evade detection. In a world where 100 per cent protection can’t be achieved, every organisation, no matter its size, is a target and like most other aspects of successful security strategy operation, access control should be reviewed and tested on a regular basis. Digital Surveillance & IP CCTV Specialists Security PANOVU Full 360 Degree coverage from a single camera Up to 16MP Ultra High Definition resolution Integrated 1080p autotracking PTZ dome Award Winning Design both iF & GIT Security Safety THERMAL Unique Imaging sensor High resolution images unhindered by environmental challenges Incorporated Intelligent Analytics Engine Perfect for boundary protection applications Monitoring VIDEO WALL Integrate Multiple sites into a single centrally monitored solution Complete scalable Solution 4K Ultra High Definition Camera Support Unit 4, Iceni Court, Icknield Way, Letchworth, Herts SG6 1TN Tel: 01462 708 820 Email: sales@ezcctv.com ONLINE STORE: www.ezcctvonline.com
Page 1 and 2: January 2018 - £4.00 @SecurityDrum
Page 3 and 4: January 2018 January 2018 - £4.00
Page 5 and 6: Texecom Connect App New smartphone
Page 8 and 9: CCTV ACCESS FIRE INTRUDER Mike Caha
Page 10 and 11: VIDECON LTD TRADE ONLY SECURITY DIS
Page 12 and 13: TEST PRODUCT TEST AVTech AVH8516 NV
Page 14 and 15: TEST This NVR is a relatively simpl
Page 16: TEST PRODUCT TEST Synology NVR1218
Page 19 and 20: Visit us at Intersec on stand #S1-F
Page 21 and 22: EDITOR’S CHOICE The security indu
Page 23 and 24: dynamic, collaborative working envi
Page 25 and 26: significant security-related concer
Page 27: Jamie Allam - Amthal Whilst the eco
Page 30 and 31: APPRENTICESHIPS The choice of train
Page 32 and 33: ALERT Amplifiers Compact public add
Page 34 and 35: NOTHING MISSED Independent left and
Page 38 and 39: MOBILE SECURITY Smarter smart syste
Page 40 and 41: PRODUCT FOCUS 180-degree panoramic
Page 42 and 43: PRODUCT FOCUS Multi lens IR camera
Page 44 and 45: APPLICATION Door entry project cont
Page 46 and 47: APPLICATION Essex school improves l
Page 48 and 49: CCTV CCTV Rapid Deployment Digital
Page 50 and 51: SECURITY ANTI-CLIMB SOLUTIONS & SEC
Page 52: APPOINTMENTS APPOINTMENTS Colin Lea

PSIJanuary2018

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?