The security week that was: 11/18/11 (Secure physec systems)

A weekly view of the news shaping your profession


Avoiding a false sense of security

Earlier this year, we published a story about how an arson incident at a medical office building resulted in the death of an Asheville Fire Department firefighter, leaving behind a wife and child. This was an incident in my own town, a place that’s normally fairly sleepy other than the regular drug and robbery crimes that occur in every city. A number of local businesses are stepping up to the plate tomorrow to hold a small charity event that will raise money for the firefighter’s family, but I hope that’s not the end of this story.

Just this week, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), the city of Asheville and Asheville-Buncombe Crime Stoppers teamed up to offer a $20,000 reward for information leading to the arrest and conviction of the arsonist(s). This usually happens when an investigation agency has run out of clues, and is struggling with a case that could grow cold. What’s known about the arson is that the suspect is believed to have applied fuel to multiple locations in the office, and had accessed the facility using a key card. The fire, besides killing a fire captain, caused over $10 million in damages to the structure and its contents. The ATF is holding the investigation information close to its chest on this one, but I find it really interesting that we have a case where a key card used to open a door didn’t immediately link the ATF to a suspect.

The reality of access control cards is that like the keys they were designed to replace, the cards can be passed around. Some of the cheapest systems don’t even offer audit trails, so investigators can’t find out whose card was being passed around. The reason I point you to this incident -- in some town you’ve probably never visited or even heard of – is that it directly reminds us that technology does not equal security. Rather, good security involves the intelligent selection of the appropriate technology, coupled with appropriate policies. Otherwise, we fool ourselves with blinking LEDs and digital readouts that things are better when they’re not.

Hacker-proofing your physical security systems
IT penetration tester Kevin Beaver on what is often wrong with physical security system installs

We invest in video surveillance, access control and physical security equipment to make sure our facilities and people are kept secure, but are those systems themselves actually secure? Information security consultant and penetration tester Kevin Beaver addresses this question in a webinar on Nov. 30, along with experts from Microsoft and Arrow Electronics. In his work with his own clients, Beaver often finds that systems deployed without direct IT oversight often miss the patches, updates and proper network security requirements (like changing default passwords) that other business systems normally receive. He’ll walk integrators and end-users through some of the basics so that your security systems aren’t the least secured items on your corporate network. Registration is recommended for security managers, CIOs, systems integration firms, installers and specifiers.

Mobile video ramps up
With Milestone making an app offering, mobile video access grows quickly

Earlier this week, mobile video surveillance took a leap forward with one of the VMS market leaders, Milestone Systems, announcing the launch of its XProtect Mobile app that allows remote connectivity to recorded and live video. We’ve seen mobile apps coming out of the VMS industry, and with one of the biggest players now offering an app, it’s a sign that mobile access to video surveillance is no longer a futuristic vision of our industry. In a column on this subject, I address the needs of the end-users and the operating system power struggles that still have to be fought.

Stopping retail fraud
As holiday shopping picks up, arm yourself and your LP team with knowledge

This content continues onto the next page...