• Advertise
  • Subscribe
  • Forums
  • Buyer's Guide
  • Contact Us
  • Connect on LinkedIn
    1. Cybersecurity
    2. Information Security

    Convergence Q&A: Wheels or Electrons?

    March 20, 2012
    Network monitoring tools are an essential part of a successful security system
    Ray Bernard, PSP, CHS-III, is a leading security consultant and author, who over 26 years has led many noteworthy security projects for international airports, nuclear disarmament facilities, sports stadiums, water districts, energy utilities, hotels, manufacturing plants and multiple-tower high-rise facilities (www.go-rbcs.com). Follow him @RayBernardRBCS
    Ray Bernard, PSP, CHS-III, is a leading security consultant and author, who over 26 years has led many noteworthy security projects for international airports, nuclear disarmament facilities, sports stadiums, water districts, energy utilities, hotels, manufacturing plants and multiple-tower high-rise facilities (www.go-rbcs.com). Follow him @RayBernardRBCS

    Do you want to roll wheels, or send electrons? This is the convergence question that you must ask yourself with regard to supporting your installed technology. This also relates to the question below, which is one that I am often asked because my colleagues and I are so insistent on establishing meaningful monitoring of electronic physical security systems.

    Q:Why do you insist that tools be installed for network monitoring as part of every security systems project?

    A: Because no networked electronic security system deployment is complete without it.

    Case Study Example
    For a recent security video deployment, we specified the Solarwinds ORION product (an SNMP monitoring product) for network monitoring. On this particular project, when one of the cameras went offline and stopped sending video, ORION sent an e-mail message to our client’s network technician. He sent an e-mail note to the integrator and copied me, asking them to come out and service the camera. Neither the technician nor the systems integrator is in the same city where the camera resides.
    I called the technician and suggested that first he use ORION to cycle the network port that the camera is connected to, as this would cycle the power to the camera (it is a Power over Ethernet installation). He did so, and the camera started sending video again. Not only did the integrator avoid rolling in a service truck for a four-hour service call, the restoration of video took only 10 minutes.
    This reminds me to say that network folks track the uptime records of their systems and devices. Is that something you are doing with your electronic security systems? It is an important metric, and probably a subject for a future column.

    Follow-Up
    We were smart enough not to classify the incident as resolved, because while we did restore the video we did not know what had caused the problem. This is where having a network baseline profile comes in handy. For this particular project, we required that the systems integrator get a baseline picture of the network before putting cameras and servers on it.
    This is a 15-minute step that can be done using the free Wireshark tool or an equivalent. Once you have captured five minutes of network traffic, you can analyze the traffic for evidence of existing network problems, which of course should be resolved before putting any equipment onto the network. Once the security equipment is connected to the network and set up, you take another snapshot and do a comparison.
    Following up on the camera incident, we have stepped up the monitoring of network traffic, and if it occurs again, we will have a better picture of what was going on with the network at the time, and we can compare that with the original baseline picture.

    Get the Full Picture
    You should also examine the workstation and server logs for network related messages — no deployment should be considered sufficiently examined without this step. For example, we once found this printer-related message on a workstation computer connected to a video network:

    Bonjour Service. Client application bug:
    DNSServiceResolve(KodakESP7200+1630._smb._tcp.local.) active for over two minutes.
    This places considerable burden on the network.

    Such problems must be resolved before the deployment can be considered fully operational.
    The printer-related message also illustrates another reason for instituting network monitoring. People can innocently connect computers and office equipment to a network, permanently or temporarily, and introduce problems without being aware of it. All kinds of things can happen — this is just one example.
    Properly qualifying the condition of the network is an important part of deploying networked security systems. Following that, keeping an eye on the network condition is an ongoing requirement, and, whenever possible, send electrons over rolling wheels.

    Write to Ray about this column at [email protected]. Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. He is founder and publisher of The Security Minute 60-second newsletter (www.TheSecurityMinute.com). For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788. Mr. Bernard is also a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com).