Tightening the Campus

Time for action calls for biometrics measures

  • By Caren Bachmann
  • Feb 01, 2011

The IT department at a large, campus-based organization had a minor disruption that could have turned into a major disaster. A new person on the cleaning company’s crew inadvertently spilled a bucket full of water and cleaning fluid in a telco closet that was being used for multiple purposes, and the liquid shorted out a vital piece of equipment. The accident was never reported, and it was only when services were disrupted that the IT department learned there was a problem.

The incident was a wake-up call for the IT department. Its staff realized that, had the spill been larger, it could have taken out systems for the entire building or even the entire campus. Or, even worse, the unsecured rooms could easily be sabotaged and vital data compromised. It was time for action.

The department went on a mission to improve the security of its numerous telecommunications rooms. These facilities housed IP-based networks, voice systems and other equipment needed for campus-wide communications, including some extremely sensitive, mission-critical equipment and research and development labs. The solution had to be flexible enough to cover facilities with a wide range of requirements, from minimal to high security, including video monitoring.

The new security solution had to accomplish two main goals: physical access control and environmental monitoring. After learning about a similar situation at another company, the IT department employed Black Box to provide the security solutions and expertise.

The first goal was to lock down physical access to the telecommunications rooms for traditional security reasons, as well as to protect the network from tampering by unauthorized staff. This included controlling and monitoring who had access to the rooms and restricting the ability of anyone to make unauthorized changes and inadvertently disrupt critical base communications.

The second goal was to have the ability to monitor the environment of the telecommunications rooms. The electronic components in the rooms are very sensitive to power disruption, as well as to excessive heat and humidity. Monitoring would alert staff to conditions that might interrupt communications. Included in the monitoring requirement was video surveillance of particularly sensitive data centers and research and development labs.

The solution for the dual goals of controlling physical access while also monitoring the environment in the rooms was to install an integrated biometric access and remote monitoring solution that included security cameras. The system operated and was managed across the IP network already in place on the campus.

Biometric Access Control
The integrated solution started with a networkable biometric access control system that used fingerprints as an identifier. Unlike a passcode or an RFID card, which may be borrowed, biometric access positively links access to a particular person, meeting the department’s requirements for high security for sensitive installations.

The system enabled legitimate users to gain quick access to secure areas. All they needed to do was to enter their PIN and place their finger on the reader.

Authentication took less than one second. If the fingerprint matched the template perfectly, the system unlocked the door and logged the date and time of entry. The system also could be programmed to allow entry with just a finger scan or just a PIN, enabling different degrees of security for more- or less-secure areas.

The biometric access control system selected consisted of two components: a reader unit and a controller unit. The reader unit was mounted on a wall next to the telecommunications room’s door; the controller unit was installed inside the room. The electronics for opening the secured door were in the controller inside the room, protected from hackers who could cut wires or spoof the signals to open the door. Proprietary encryption protects communications between the reader and the controller, further enhancing security. This two-part architecture was deemed to be more secure than other biometric solutions in which the electronics to open the door were actually mounted next to the door.

The system offered other security features, as well. The duress feature enabled a person forced to enter a room against his/her will to activate a silent alarm. The system also looked for life in the finger and rejected pictures or silicon imprints of a finger. In case of a power failure, battery backup provided up to eight hours of limited use. If the network failed, the system continued to operate normally because network communication was not required for fingerprint verification. The system saved all logging activity and uploaded it to a database once the network connection was restored.

Because of privacy concerns, the IT department required a biometric system that didn’t store actual fingerprints. The system selected operated by creating a multipoint schematic of a user’s biometric fingerprint profile, which it stored as a fingerprint template. Each time that user required access to a secure area, the template was matched to the live fingerprint. The system wasn’t designed to store fingerprint images, and the biometric template couldn’t be used to create an image of the original print.

The biometric access control system was fully manageable from a central location, providing a full audit trail with detailed entry logs to track where and when staff accessed telecommunications rooms. Additionally, a time-banding feature enabled staff to determine when people could be granted access to the rooms. The system also enabled staff and doors to be grouped together for management purposes. For example, members of a department could have access to some doors but not others.

Employees were easily added to the system or deleted in just a few seconds.

Remote Monitoring
The environmental monitoring system selected consisted of hubs installed in the telecommunications rooms. The hubs were linked through the network to a central location for auditing and monitoring purposes and supported a wide range of environmental sensors, dry contacts and even video cameras for surveillance.

Sensors connected to the hubs varied, depending on the requirements at each location. Temperature and humidity sensors ensured that the telecommunications rooms’ environments remained in the optimum range for delicate electronics. Some locations called for additional environmental monitoring and also had sensors for smoke, power disruption, airflow and water leaks. Hubs that supported dry contacts enabled the system to sense when doors to server cabinets had been opened and to report when doors were left open.

For additional security monitoring, the system included hubs that supported IP cameras as well as sensors. This enabled the addition of surveillance cameras, which could be integrated into the same system.

Cameras were placed outside secure rooms to record who approached and who tried to enter. Cameras also were installed inside the doorways of particularly sensitive locations. For versatility in camera installation, the system supported both high-resolution pan/tilt dome cameras and CCD cameras that provided clear, sharp pictures even in low light conditions.

Like the biometric access control system, the environmental monitoring system worked across the network and could be centrally managed. The system collected and graphed data and also could be configured to send alarms if telecommunications room conditions went out of range, endangering mission-critical equipment.

Bringing it All Together
To bring everything together into one cohesive unit, a single software application was used to manage, monitor, record and report data from all aspects of the system, including the biometric remote monitoring system, the environmental monitoring system and the security cameras.

The IT department now has a security system it can centrally control and monitor. Best of all, IT staff have multi-stage security at the telecommunications rooms, they can positively ID who enters, and they can monitor environmental variables such as temperature, humidity, motion, power and airflow.

This article originally appeared in the February 2011 issue of Security Today.

Featured

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events

  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

  • ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

    ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now

    • Industry Events
    • ISC West

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West
Most   Popular

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities