Managing your access control systems

1,957 views

Published on

Published in: Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,957
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
123
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Managing your access control systems

  1. 1. WELCOME!Access Control Systems
  2. 2. AGENDAAccess Control Systems The Balancing Act Access Control Defined Key/Credential Management Control Configuration Software Features and Capabilities Controller Hardware Break Peripheral Components Access Controlled Door Hardware Types and Specifications Trends and Convergence Resources
  3. 3. How to get the most… HARVARD RESEARCH STUDYVERBAL COMMUNICATION Approx 100% was what the speaker wanted to say Approx 80% was said Approx 60% was heard Approx 40% was remembered after 3 hours Approx 15% was remembered after 3 days Approx 0-5% was remembered after 3 monthsVERBAL + VISUAL COMMUNICATION Approx 60% was remembered after 3 days Approx 40-50% was remembered after 3 monthsVERBAL + VISUAL + NOTES Approx 80% was remembered after 3 days Approx 60-70% was remembered after 3 months
  4. 4. How to get the most… Why are we here? Gain Knowledge. Asking Questions.
  5. 5. The Balancing Act• Security • Balancing Openness and Public Safety • Applying new technologies and lessons learned • Improving the physical security of buildings • Protecting people and assets while maintaining a pleasant work environment. • The challenge facing government officials, realtors and corporate building owners.
  6. 6. Security….”The Absolutes”• Our world is dangerous and will get more dangerous• We take security for granted till something goes wrong.• Security is inconvenient- and expensive• Paranoid or Prepared? Politics!• Constant vigilance – Almost overwhelming!• 100%, guaranteed security ?? No such thing ! • 100% security = 0% accessibility • 100% security = 0% productivity
  7. 7. Architects and Security• Buildings must be functional, comfortable, inspirational – SAFE• You don’t design a building for security. You secure the design of a building• Rethinking Security – new meaning to architects
  8. 8. Security Elements• Deterrence • Training, Fences, Signage, Lighting, Consequences• Delay • Locks, Doors• Detection • Alarms, CCTV, Metal Detectors, Motion & Sound Sensors• Communication • Voice, Data, Video• Response • Crisis Preparedness, Security Personnel, Police
  9. 9. Access Control Defined• WHO?• WHERE? / WHAT?• WHEN? / TIME?
  10. 10. The WHO• The person, or device, requesting access to an area, or asset, we want to control. • Authentication Methods …something the person / device… • HAS – Physical • KNOWS – Knowledge of • IS / ARE – Biometric
  11. 11. The WHERE / WHAT• The place or process we want to allow authorized persons to get to. • Physical and Logical • Controlled or Restricted area • As it relates to both manual and electronic access controls this is critical to our access management plan • Vending, gas dispensing, copier machine usage, time and attendance, meal plans and more
  12. 12. The WHEN• The time period or interval when access is granted or denied.• Can be managed with both on line and off line systems • Also used for setting events and logic statements for: • Triggers • Time Zones • Timing responses to alarms • Timing for routing of messages to other devices
  13. 13. Access Control Defined• WHO?• WHERE? / WHAT?• WHEN? / TIME?
  14. 14. Access Control is…AS SIMPLE AS A KEY
  15. 15. Ultimate Key Management Unauthorized key duplication remains the most violated security policy and one of the largest problem of facility managers• Knowing exactly who has keys• Knowing areas of access of each key holder• Knowing key blanks are not readily available• Knowing keys cannot be copied without proper authorization• Having a policy on lost keys• When issuing temporary use of keys, keeping record trail
  16. 16. Yesterday’s Key ControlConventional A conventional keyway is one which the manufacturer will sell to anyone, it may most Keyways common, or the most used, or the "standard" or it may be family of keyways D0 NOT Key # 123 DUPLICATE PLAIN STAMPED BOWS BOWS
  17. 17. 5 Steps To Key ManagementCOMPLETE KEYCONTROL STRONG CONTROLLED LEGAL AUDIT ENFORCEMENT UTILITY KEY CONTRACTS CONTROLS PATENT BLANKS Not a Not Agreements Know Must Be Design Available of Where Aware of Patent to all Control Blanks Unauthorized Customers Are Copies
  18. 18. Today’s Key Management 1. Patented keyways Blade Utility patent gives manufacturer exclusive manufacturing rights Security Manufacturer control distribution Ledge Security Leg Patent good for 20 yearsMillings for Imitation manufacturers cannot duplicate Keyway Blade Assures protection to facility / owner
  19. 19. Today’s Key Management 2A. Manufacturer Controls Policy1. Verify all signatures2. Policy and procedures in place3.4 Signature verification Controlled access to product areas Ship key blanks direct to end user Has return key policy Provides specially coined blanks
  20. 20. Today’s Key Management Request for New Key 2B. Facility/Owner ControlsDATE: 07-04-05 Policy and procedures in place supported byTO: Lock shop upper managementISSUE TO: Bill Jones Locksmith administrator on staffNO. OF KEYS: 1 Locked storageAPPROVED BY: C T Smith Supervisor approval of new keys Employee signs for key ISSUE TO : Bill Jones By Lock Shop Should have penalty attachedKEY NUMBER: 123 All keys numbered and logged into system KEY SET: AB15 ISSUE DATE: 07-07-05 Procedure for keys to be returned ISSUED BY: CH DATE ISSUED: 07-07-05 should have penalty attached RECEIVED BY: Bill JonesRETURNED DATE Additional procedures: Cleaning crew Outside contractors
  21. 21. Today’s Key Management 3. Contracts and Agreements Protects facility / ownerWe agree Protects distributor Protects manufacturer Summarizes responsibilities to all parties Provides guide lines Eliminates misunderstanding
  22. 22. Today’s Key Management 4. Audit Controls Keep records – Use SoftwareAB151215 Use manufacturers original blanks 123 Reduce master keying Have employees carry more than one key Stamp keys with code Utilize available forms Use sealed key rings Use a key cabinet; electronic or manual
  23. 23. Access Control is…AS SIMPLE AS A KEY
  24. 24. Access Control is… This is a key! This too!
  25. 25. The Credential• Most visible component of the system• Issued to personnel as “electronic keys”• Several Card Technologies • Badge Construction • Degree of Security Required • Durability • Reader Environment • Convenience and Price • Performance
  26. 26. Card / I D Technology Types• Barium Ferrite• Bar Codes• Magnetic Stripe• Wiegand• Proximity• Smart Card• Hybrid
  27. 27. Biometrics – Another Key• Biometrics and the “Smart Card”• Iris Scan• Finger Print• Facial Recognition• Retinal Scan• Voice Recognition• Hand Geometry• Others on the horizon
  28. 28. Credentials / Smartcards Access PC Login Control Time & AttendancePersonal DataPhoto Cafeteria Vending Free Free
  29. 29. Access Controls more about the “key” • The “Common Access Card” • FIPS 201 / HSPD12 • Database sharing trends • Communications options • Encryption – DES, AES • PINs
  30. 30. HSPD-12 Homeland Security Presidential Directive/Hspd-12Subject: Policy for a Common Identification Standard for FederalEmployees and Contractors(1) Wide variations in the quality and security of forms ofidentification used to gain access to secure Federal and otherfacilities where there is potential for terrorist attacks need to beeliminated. Therefore, it is the policy of the United States to enhancesecurity, increase Government efficiency, reduce identity fraud, andprotect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification issued bythe Federal Government to its employees and contractors (includingcontractor employees).
  31. 31. CONTROL CONFIGURATIONS• Stand Alone Systems• Multi-Door Systems• Enterprise Integrated Systems
  32. 32. STAND ALONE SYSTEMS• Authentication Types; • PIN, Credential / Proximity, Biometric• Battery Operated or Wired• Keypad Programming• Computer Managed / PDA • Entry Automation • 1st Man In • Audit Trail • # Users• Labor vs. Hardwired System
  33. 33. Single-User Multi-Door Systems• Instant Local Notification• Multiple Reader Type• Input Output Linking• Dedicated PC
  34. 34. Multi-User / Multi-Door Systems• Instant Multiple Notification Options• LAN Access• Discretionary Reporting• Mandatory Controls
  35. 35. Enterprise Systems ACCESS CONTROL DIGITAL VIDEO SURVEILLANCE & MANAGEMENT IDENTITY MANAGEMENT INTEGRATED ALARM MANAGEMENTINFORMATION SECURITY MULTI-TENANT PROPERTY MANAGEMENT BUILDING AUTOMATIONVISITORMANAGEMENT ASSETWIRELESS MANAGEMENTACCESS INTRUSION INTERCOM DETECTION COMMUNICATION FIRE ALARM SYSTEMS SYSTEMS
  36. 36. Enterprise Systems Human Access Credential Resources Control Biometric Management Templates Medical VisitorInformation Management Bringing together ERP disparate databases Social Security or information Time and sources IncidentAttendance Reporting Criminal Smart Cards History Active Payroll Directory/LDAP
  37. 37. System Architecture Life Safety Visitor Photo Imaging Management Management POTSCCTV System RS-232 Access Control Ethernet NetworkDial-up Modem LAN/WAN Cellular Direct Connect RS-232 or RS-422 RS-422 Field Panel Door Controller Field Panel Field Panel RS-232Modem HVAC Field Panel Field Panel Readers
  38. 38. SOFTWARE• Integrated solutions sets• Network ready• SQL and Oracle• Linux based embedded solutions• Partition-able database• Windows XP, NT, 2000, Vista Compatibility• Web enabled• Web Embedded
  39. 39. The Application Software• This is the GUI- It should be intuitive easy to train operators and managers• The database manager • Ability to partition and filter views based on passwords • Import and export features • Potential interface to HR database systems• May be Standalone or • Part of a network • Numerous work stations • Redundant emergency backup • Full set of utilities for storage and archiving
  40. 40. Desired Software Features• Migration path (scalability)• Alarm Monitor capacity• Anti-Pass back• Event Triggers• Time zones and Holidays• Clearance (area) controls• CCTV Matrix Switching• Digital Video recorder event linking
  41. 41. Desired Software Features •No limit on system scalability. • Unlimited Card Readers. • Unlimited Inputs/Outputs. • Unlimited Cardholders. • Unlimited Control Panels. • Unlimited Holidays. •Guard Tour application •Elevator Control •Full featured Badging •Real time status monitoring •Multiple reader technology support •Microsoft database •Report Manager •Visitor Management •ODBC and MDAC Compliant •Potential web access/enabled
  42. 42. Access Granted Transactions             
  43. 43. Access Denied Transactions             
  44. 44. Contact Transactions             
  45. 45. Relay Transactions             
  46. 46. Actions that effect Card Readers             
  47. 47. Actions that effect Contact Devices             
  48. 48. Actions that effect Relays             
  49. 49. Card Reader Triggers and Actions             
  50. 50. Integrated Applications• Photo I D Creation• Bio-metric enrollment• Alarm management• Access Management• Air Quality monitoring• Visitor Controls• Digital Video event linking• Event and data base linking• Camera Controls• Virtual CCTV Matrixes• CCTV Analytics• Smartcard Application Support
  51. 51. Access Control Panel Operation• Card is presented data sent to Panel• Panel compares information• Grants/Denies access • Based on Card Status • Time of Day • Cardholder’s access privileges • Other Administrator selected features
  52. 52. Access Control Panels• Contain Microprocessors • On-board Random Access Memory (RAM) • Upgradeable Software stored in Erasable Program Read Only Memory (EPROM)• System Administrator or authorized web client enters all information related to system at host computer or direct to board via web with on board software in panel• Information may be downloaded to Access Control Panel’s RAM
  53. 53. Access Control Panels• Once downloaded/programmed a Panel can process information locally.• “Intelligent” panels inform the Host of all actions taken, including time and date • Often referred to as “distributed processing” • Saves Host processing time
  54. 54. Access Control Panel Operations • May be configured many ways • Can store thousands & some users are requiring Millions of records! • Multiple access levels • Time Zones • Thousands of historical transactions • Quantum leaps in storage abound
  55. 55. Access Control Panel Operations • Can support Inputs • Can detect an input’s change of state, process the information and report it to the host computer/ or web based client on alarm • Typical Inputs include door monitor and request to exit (or bypass) devices • Can support Outputs • Door locking mechanisms • Sound or broadcast alarm devices • Lights, sirens, bells, digital dialers, etc. • Can be programmed so an Input activates or deactivates outputs automatically • Example: Glass break sensor (input) might activate a siren (output)
  56. 56. Access Control Panel Wiring
  57. 57. Access Control Panel Wiring• Three different approaches to cabling of readers • Bus Cabling • Readers can be wired to a common cable that runs back to the panel • Saves wiring costs when readers are close to each other • Star Cabling • Readers can be wired to the panel individually • Combination Bus and Star sometimes is best • Independent IP / Network Drop communications via Network
  58. 58. Access Control Panel Trends• Distributed intelligence• Embedded software – web enabled data management• FIPS- 201 for Federal Employees• Full feature set resident at the local panel• POTS pack up / cellular back up• HiCap memory backup• On line and off line capacity• Bio-metric / Smartcard• Integrated into lock hardware
  59. 59. QUESTIONS?Kevin Klemmer, PSP, CISSPSEE YOU IN 5 Minutes
  60. 60. Access Control SystemsAccess Control Hardware / Peripherals & IT Convergence Kevin Klemmer, PSP, CISSP
  61. 61. First Security Measures
  62. 62. The more things change…• Which one is the lock?
  63. 63. Modern Castle – Corporate Campus
  64. 64. Entrance to the Castle
  65. 65. Entrance to the Castle Often perceived 25 to 50% of theas the first line of cost of access defense. control implementation. The Opening
  66. 66. Systems Building Blocks
  67. 67. Access Control Components
  68. 68. The Basics: Electric Locks Maglocks Strikes Cylindrical Mortise Exits Peripherals
  69. 69. ELECTRIFIED HARDWARE Benefits of Electrified Hardware Safety Security Control & Monitoring Remote Locking Reduces Manpower Convenience ADA requirementsPerforms functions normally executed manually, usually from remote location or automated.Must specify a system with all components compatible. One component will not work without the others.
  70. 70. ACCESS CONTROL HARDWARE Components of a System
  71. 71. ACCESS CONTROL HARDWARE Parts of a Regulated Power SupplyINPUT Reduces Voltage120VA TRANSFORMEC R RECTIFIER Converts AC to DC CAPACITOR Stores needed current FILTER Eliminates “Noise”OUTPUT REGULATOR Keeps Output Constant24VDC
  72. 72. ACCESS CONTROL HARDWARE The power supply must furnish the SAME voltage as required by the load. The current (amps) available from the power supply must be EQUAL TO or GREATER THAN that required by the total load of the system.
  73. 73. ACCESS CONTROL HARDWARE Converts electrical energy into another form I.e., unlocks a solenoid, retracts a latch bolt, etc Performs the work required Electric Lock or Strike Electric Exit Device Closer / Holder Electromagnetic Holders
  74. 74. ACCESS CONTROL HARDWARE TerminologyFAIL SAFE FAIL SECURE• Lock or locking device (non-fail safe) that remains • Lock or locking device UNLOCKED on loss of that remains LOCKED power on loss of power
  75. 75. ACCESS CONTROL HARDWARE Need to Know to Select Power Supply Electrical Characteristics of a Load • Current Draw In Amps • Voltage Required • Fail Safe / Fail Secure
  76. 76. ACCESS CONTROL HARDWARE Switches are used to control a locking device or to signal a monitoring device Key Pad Key Switch Toggle Switch Push Button Stand Alone System Access Control System
  77. 77. ACCESS CONTROL HARDWARE Switches are used to control a locking device or to signal a monitoring device Each switch has one movable contact, the POLE, and one or more fixed contacts, the THROWS Normally open SWITCH SYMBOL
  78. 78. ACCESS CONTROL HARDWARE Switches are used to control a locking device or to signal a monitoring device Each switch has one movable contact, the POLE, and one or more fixed contacts, the THROWS Normally closed SWITCH SYMBOL
  79. 79. ACCESS CONTROL HARDWARE Terminology MAINTAINED MOMENTARY CONTACT CONTACT• A switch designed for • A spring loaded switch applications requiring designed for applications sustained contact; but with requiring constant contact; provision for resetting when pressure is removed,i.e., ordinary light switch reverts back to original position i.e., door bell
  80. 80. ACCESS CONTROL HARDWARE Carries current through system The more distance between the power source and the load, a heavier wire gauge is required # 1 TROUBLESHOOTING PROBLEM
  81. 81. ACCESS CONTROL HARDWARE Need to Know Size of Conductor (Gauge) Length of Conductor (Resistance) The farther the load is from the power supply, the more resistance is experienced; a heavier gauge wire is required
  82. 82. ACCESS CONTROL HARDWARE MINIMUM WIRE GAUGE FOR 24V DC or AC Distance in feet from Power Supply to Locking Device 25 50 100 150 200 250 300 400 500 0.25 18 18 18 18 18 18 18 18 16 0.50 18 18 18 18 16 16 16 14 14 0.75 18 18 18 18 16 16 14 14AM 1.00 18 18 18 16 16 14 14PS 1.50 18 18 18 16 16 14 2.00 18 18 16 16 14 2.50 18 18 16 14 3.00 18 16 14 3.50 18 16 14
  83. 83. ACCESS CONTROL HARDWARE Elements of a System HARDWARE SYSTEMONE LIST THREE WIRING DIAGRAMOPERATIONSNARRATIVE TWO ELEVATION DRAWING FOUR
  84. 84. ACCESS CONTROL HARDWARE REQUIREMENTS 1. 2. • Outside OperationOPERATIONS HARDWARE • At Rest (while locked) NARRATIVE LIST • Electrically Unlock • Mechanically Unlock • Power Failure • LED’s 3. 4. • Inside OperationELEVATION WIRING DRAWING DIAGRAM
  85. 85. ACCESS CONTROL HARDWARE 1. 2. 1. Power SupplyOPERATIONS HARDWARE 2. Key Pad NARRATIVE LIST 3. Power Transfer 4. Electric Exit Device 3. 4.ELEVATION WIRING DRAWING DIAGRAM
  86. 86. ACCESS CONTROL HARDWARE Power 120VAC input Supply 1. 2.OPERATIONS HARDWARE NARRATIVE LIST 3. 4.ELEVATION WIRING DRAWING DIAGRAM
  87. 87. ACCESS CONTROL HARDWARE 1. 2.OPERATIONS HARDWARE NARRATIVE LIST 3. 4.ELEVATION WIRING DRAWING DIAGRAM
  88. 88. CHOICESMaking Hardware Selections Based On Owner’s InstructionsCashiers Door from Drivers Lounge Closed and Locked at all TimesMust Be Entered During Day EmployeesSecretary To Remotely Unlock DoorManagement Always Able To Enter * CASHIER DRIVERS LOUNGE
  89. 89. EXAMPLE1. OPERATIONS 2. HARDWARE NARRATIVE LISTDoor is normally closed, latched andsecure from the outside. Depressing Loadthe push switch will unlock the electric Electric Strikestrike to allow ingress. 712NFS 24VDC Door will relock as soon aspush button returns to normal position. Switch Push Button Loss of power, the door will PBremain locked. Power Supply Enter by key at all times. Transformer Free egress from inside TP-24-2at all times.
  90. 90. EXAMPLE Transformer GAGE AND NUMBER 24VAC output OF CONDUCTORS3. ELEVATION TP-24-2 18 ga TO 120VAC INPUT RISER DIAGRAM 18 ga Rectifier 712NFS Electric PB Strike
  91. 91. EXAMPLE4. WIRING DIAGRAM120VAC Pushbutton Locked Un- Transformer Locked Electric Strike PUSH TO EXIT NC C Non- polarized NO + - Systems Wiring Diagram or Point to Point Wiring Diagram
  92. 92. COMPONENTS & ELEMENTS 4 COMPONENTSPOWER LOAD SWITCH CONDUCTORS SUPPLYOPERATIONS HARDWARE ELEVATION WIRING NARRATIVE LIST DRAWING DIAGRAM 4 ELEMENTS
  93. 93. Access Control TrendsSmaller, Faster, BetterMore Integrated FeaturesEmbedded Web ServerOpen SourceWiFi - Wireless
  94. 94. Access Control Trends Embedded Prox Technology Monitoring Options Request To Exit Door Contact Keyswitch Monitoring Other options…
  95. 95. ConvergenceAnalog to IP (Security to IT)Applications ConvergencePhysical and Cyber“Soon the security industry will move to systems in which there are no analog or proprietary wired devices at all; where alldevices connect to the Ethernet infrastructure. The knowledge of how to design efficient network systems and how to secure those systems is paramount to successful security systems. This is the future of security technology” Thomas Norman, Protection Partners International Integrated Security Systems Design
  96. 96. Threats of Converged Enterprise Targets Physical Attack Physical Security Facilities People Cyber Intrusion Identifies Mode Valued Targets of Attack Physical Attacks Against Cyber Media Computers Information Attack Information Security Information $$$
  97. 97. Convergence MigrationDisparate Building Networks Intelligent Converged Environment IP Communications Fire Lighting Physical Elevator Security Visitor 24 / 7 Access Monitor Energy HVAC WAN
  98. 98. Convergence BenefitsBenefits: Lighting Safety and security Elevator Environmental sustainability Services and Technologies Occupant comfort 24/7 Monitor Organizational flexibility Streamlined operations HVAC Reduced costs Fire Energy savings Managed services Video surveillance Data mining Process Measurement Access Energy
  99. 99. Resources
  100. 100. Resources Reduce security vulnerabilities in all types of facilities. The industrys first-ever guide for exterior and interior security features, NFPA 730: Guide for Premises Security addresses security in all occupancies from residential dwellings to large industrial complexes. Uniform guidelines help you assess vulnerability and design appropriate security plans. Provisions describe construction, protection, and occupancy features and practices intended to reduce security risks to life and property. Topics covered include: General requirements and facility classifications Security vulnerability assessment Exterior security devices and systems Physical security devices Interior security systems Security planning Measures to control security vulnerabilities in educational, healthcare, and other facilities The Guide also addresses protocols for special events, and the responsibilities of security personnel. (Approx. 88 pp., 2006)
  101. 101. Resources Ensure the quality and reliability of security system installationsNFPA 731; Installation of Electronic Premises SecuritySystems is the first Standard developed primarily to define themeans of signal initiation, transmission, notification, andannunciation, as well as the levels of performance and thereliability of electronic security systems.Requirements cover every step of security equipmentinstallation, with provisions for the application, location,performance, testing, and maintenance of physical securitysystems and their components.Detailed chapters are included for: Intrusion detection systems Electronic access control systems Video surveillance systems Holdup, duress, and ambush systems Testing and inspectionRules address the protected premises from the property line tothe interior of the premises. NFPA 731 also references orincorporates provisions from applicable UL, SIA, and otherstandards.(Approx. 43 pp., 2006)
  102. 102. ETHICS IN SECURITYPhysical Security Professionals mustadhere to the Code of ProfessionalResponsibility, agreeing to: • Perform professional duties in accordance with the law and the highest moral principles. • Observe the precepts of truthfulness, honesty, and integrity. • Be faithful, competent, and diligent in discharging their professional duties. • Safeguard confidential and privileged information and exercise due care to prevent its improper disclosure. • Not maliciously injure the professional reputation or practice of colleagues, clients, or employees.
  103. 103. QUESTIONS?Thank You!

×