Tightening the Campus
Time for action calls for biometrics measures
- By Caren Bachmann
- Feb 01, 2011
The IT department at a large, campus-based organization had a minor
disruption that could have turned into a major disaster. A new
person on the cleaning company’s crew inadvertently spilled a bucket
full of water and cleaning fluid in a telco closet that was being used
for multiple purposes, and the liquid shorted out a vital piece of
equipment. The accident was never reported, and it was only when services were
disrupted that the IT department learned there was a problem.
The incident was a wake-up call for the IT department. Its staff realized that,
had the spill been larger, it could have taken out systems for the entire building or
even the entire campus. Or, even worse, the unsecured rooms could easily be sabotaged
and vital data compromised. It was time for action.
The department went on a mission to improve the security of its numerous
telecommunications rooms. These facilities housed IP-based networks, voice systems
and other equipment needed for campus-wide communications, including
some extremely sensitive, mission-critical equipment and research and development
labs. The solution had to be flexible enough to cover facilities with a wide
range of requirements, from minimal to high security, including video monitoring.
The new security solution had to accomplish two main goals: physical access
control and environmental monitoring. After learning about a similar situation at
another company, the IT department employed Black Box to provide the security
solutions and expertise.
The first goal was to lock down physical access to the telecommunications
rooms for traditional security reasons, as well as to protect the network from tampering
by unauthorized staff. This included controlling and monitoring who had
access to the rooms and restricting the ability of anyone to make unauthorized
changes and inadvertently disrupt critical base communications.
The second goal was to have the ability to monitor the environment of the
telecommunications rooms. The electronic components in the rooms are very sensitive
to power disruption, as well as to excessive heat and humidity. Monitoring
would alert staff to conditions that might interrupt communications. Included in
the monitoring requirement was video surveillance of particularly sensitive data
centers and research and development labs.
The solution for the dual goals of controlling physical access while also monitoring
the environment in the rooms was to install an integrated biometric access
and remote monitoring solution that included security cameras. The system operated
and was managed across the IP network already in place on the campus.
Biometric Access Control
The integrated solution started with a networkable biometric access control system
that used fingerprints as an identifier. Unlike a passcode or an RFID card, which
may be borrowed, biometric access positively links access to a particular person,
meeting the department’s requirements for high security for sensitive installations.
The system enabled legitimate users to gain quick access to secure areas. All
they needed to do was to enter their PIN and place their finger on the reader.
Authentication took less than one second. If the fingerprint matched the template
perfectly, the system unlocked the door and logged the date and time of entry. The
system also could be programmed to allow entry with just a finger scan or just a
PIN, enabling different degrees of security for more- or less-secure areas.
The biometric access control system selected consisted of two components: a
reader unit and a controller unit. The reader unit was mounted on a wall next to
the telecommunications room’s door; the controller unit was installed inside the
room. The electronics for opening the secured door were in the controller inside
the room, protected from hackers who could cut wires or spoof the signals to open
the door. Proprietary encryption protects communications between the reader and
the controller, further enhancing security. This two-part architecture was deemed
to be more secure than other biometric solutions in which the electronics to open
the door were actually mounted next to the door.
The system offered other security features, as well. The duress feature enabled
a person forced to enter a room against his/her will to activate a silent alarm. The
system also looked for life in the finger and rejected pictures or silicon imprints
of a finger. In case of a power failure, battery backup provided up to eight hours
of limited use. If the network failed, the system continued to operate normally
because network communication was not required for fingerprint verification. The
system saved all logging activity and uploaded it to a database once the network
connection was restored.
Because of privacy concerns, the IT department required a biometric system
that didn’t store actual fingerprints. The system selected operated by creating a
multipoint schematic of a user’s biometric fingerprint profile, which it stored as
a fingerprint template. Each time that user required access to a secure area, the
template was matched to the live fingerprint. The system wasn’t designed to store
fingerprint images, and the biometric template couldn’t be used to create an image
of the original print.
The biometric access control system
was fully manageable from a central location,
providing a full audit trail with
detailed entry logs to track where and
when staff accessed telecommunications
rooms. Additionally, a time-banding
feature enabled staff to determine
when people could be granted access
to the rooms. The system also enabled
staff and doors to be grouped together
for management purposes. For example,
members of a department could
have access to some doors but not others.
Employees were easily added to the
system or deleted in just a few seconds.
Remote Monitoring
The environmental monitoring system
selected consisted of hubs installed in
the telecommunications rooms. The
hubs were linked through the network
to a central location for auditing and
monitoring purposes and supported a
wide range of environmental sensors,
dry contacts and even video cameras
for surveillance.
Sensors connected to the hubs varied,
depending on the requirements at
each location. Temperature and humidity
sensors ensured that the telecommunications
rooms’ environments
remained in the optimum range for
delicate electronics. Some locations
called for additional environmental
monitoring and also had sensors for
smoke, power disruption, airflow and
water leaks. Hubs that supported dry
contacts enabled the system to sense
when doors to server cabinets had been
opened and to report when doors were
left open.
For additional security monitoring,
the system included hubs that supported
IP cameras as well as sensors. This
enabled the addition of surveillance
cameras, which could be integrated into
the same system.
Cameras were placed outside secure
rooms to record who approached and
who tried to enter. Cameras also were
installed inside the doorways of particularly
sensitive locations. For versatility
in camera installation, the system
supported both high-resolution pan/tilt
dome cameras and CCD cameras that
provided clear, sharp pictures even in
low light conditions.
Like the biometric access control
system, the environmental monitoring
system worked across the network
and could be centrally managed. The
system collected and graphed data and
also could be configured to send alarms
if telecommunications room conditions
went out of range, endangering
mission-critical equipment.
Bringing it All Together
To bring everything together into one
cohesive unit, a single software application
was used to manage, monitor,
record and report data from all aspects
of the system, including the biometric
remote monitoring system, the environmental
monitoring system and the
security cameras.
The IT department now has a security
system it can centrally control
and monitor. Best of all, IT staff have
multi-stage security at the telecommunications
rooms, they can positively
ID who enters, and they can monitor
environmental variables such as temperature,
humidity, motion, power and
airflow.
This article originally appeared in the February 2011 issue of Security Today.