Tightening the Campus

Time for action calls for biometrics measures

The IT department at a large, campus-based organization had a minor disruption that could have turned into a major disaster. A new person on the cleaning company’s crew inadvertently spilled a bucket full of water and cleaning fluid in a telco closet that was being used for multiple purposes, and the liquid shorted out a vital piece of equipment. The accident was never reported, and it was only when services were disrupted that the IT department learned there was a problem.

The incident was a wake-up call for the IT department. Its staff realized that, had the spill been larger, it could have taken out systems for the entire building or even the entire campus. Or, even worse, the unsecured rooms could easily be sabotaged and vital data compromised. It was time for action.

The department went on a mission to improve the security of its numerous telecommunications rooms. These facilities housed IP-based networks, voice systems and other equipment needed for campus-wide communications, including some extremely sensitive, mission-critical equipment and research and development labs. The solution had to be flexible enough to cover facilities with a wide range of requirements, from minimal to high security, including video monitoring.

The new security solution had to accomplish two main goals: physical access control and environmental monitoring. After learning about a similar situation at another company, the IT department employed Black Box to provide the security solutions and expertise.

The first goal was to lock down physical access to the telecommunications rooms for traditional security reasons, as well as to protect the network from tampering by unauthorized staff. This included controlling and monitoring who had access to the rooms and restricting the ability of anyone to make unauthorized changes and inadvertently disrupt critical base communications.

The second goal was to have the ability to monitor the environment of the telecommunications rooms. The electronic components in the rooms are very sensitive to power disruption, as well as to excessive heat and humidity. Monitoring would alert staff to conditions that might interrupt communications. Included in the monitoring requirement was video surveillance of particularly sensitive data centers and research and development labs.

The solution for the dual goals of controlling physical access while also monitoring the environment in the rooms was to install an integrated biometric access and remote monitoring solution that included security cameras. The system operated and was managed across the IP network already in place on the campus.

Biometric Access Control
The integrated solution started with a networkable biometric access control system that used fingerprints as an identifier. Unlike a passcode or an RFID card, which may be borrowed, biometric access positively links access to a particular person, meeting the department’s requirements for high security for sensitive installations.

The system enabled legitimate users to gain quick access to secure areas. All they needed to do was to enter their PIN and place their finger on the reader.

Authentication took less than one second. If the fingerprint matched the template perfectly, the system unlocked the door and logged the date and time of entry. The system also could be programmed to allow entry with just a finger scan or just a PIN, enabling different degrees of security for more- or less-secure areas.

The biometric access control system selected consisted of two components: a reader unit and a controller unit. The reader unit was mounted on a wall next to the telecommunications room’s door; the controller unit was installed inside the room. The electronics for opening the secured door were in the controller inside the room, protected from hackers who could cut wires or spoof the signals to open the door. Proprietary encryption protects communications between the reader and the controller, further enhancing security. This two-part architecture was deemed to be more secure than other biometric solutions in which the electronics to open the door were actually mounted next to the door.

The system offered other security features, as well. The duress feature enabled a person forced to enter a room against his/her will to activate a silent alarm. The system also looked for life in the finger and rejected pictures or silicon imprints of a finger. In case of a power failure, battery backup provided up to eight hours of limited use. If the network failed, the system continued to operate normally because network communication was not required for fingerprint verification. The system saved all logging activity and uploaded it to a database once the network connection was restored.

Because of privacy concerns, the IT department required a biometric system that didn’t store actual fingerprints. The system selected operated by creating a multipoint schematic of a user’s biometric fingerprint profile, which it stored as a fingerprint template. Each time that user required access to a secure area, the template was matched to the live fingerprint. The system wasn’t designed to store fingerprint images, and the biometric template couldn’t be used to create an image of the original print.

The biometric access control system was fully manageable from a central location, providing a full audit trail with detailed entry logs to track where and when staff accessed telecommunications rooms. Additionally, a time-banding feature enabled staff to determine when people could be granted access to the rooms. The system also enabled staff and doors to be grouped together for management purposes. For example, members of a department could have access to some doors but not others.

Employees were easily added to the system or deleted in just a few seconds.

Remote Monitoring
The environmental monitoring system selected consisted of hubs installed in the telecommunications rooms. The hubs were linked through the network to a central location for auditing and monitoring purposes and supported a wide range of environmental sensors, dry contacts and even video cameras for surveillance.

Sensors connected to the hubs varied, depending on the requirements at each location. Temperature and humidity sensors ensured that the telecommunications rooms’ environments remained in the optimum range for delicate electronics. Some locations called for additional environmental monitoring and also had sensors for smoke, power disruption, airflow and water leaks. Hubs that supported dry contacts enabled the system to sense when doors to server cabinets had been opened and to report when doors were left open.

For additional security monitoring, the system included hubs that supported IP cameras as well as sensors. This enabled the addition of surveillance cameras, which could be integrated into the same system.

Cameras were placed outside secure rooms to record who approached and who tried to enter. Cameras also were installed inside the doorways of particularly sensitive locations. For versatility in camera installation, the system supported both high-resolution pan/tilt dome cameras and CCD cameras that provided clear, sharp pictures even in low light conditions.

Like the biometric access control system, the environmental monitoring system worked across the network and could be centrally managed. The system collected and graphed data and also could be configured to send alarms if telecommunications room conditions went out of range, endangering mission-critical equipment.

Bringing it All Together
To bring everything together into one cohesive unit, a single software application was used to manage, monitor, record and report data from all aspects of the system, including the biometric remote monitoring system, the environmental monitoring system and the security cameras.

The IT department now has a security system it can centrally control and monitor. Best of all, IT staff have multi-stage security at the telecommunications rooms, they can positively ID who enters, and they can monitor environmental variables such as temperature, humidity, motion, power and airflow.

This article originally appeared in the February 2011 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3