Tightening the Campus

Time for action calls for biometrics measures

  • By Caren Bachmann
  • Feb 01, 2011

The IT department at a large, campus-based organization had a minor disruption that could have turned into a major disaster. A new person on the cleaning company’s crew inadvertently spilled a bucket full of water and cleaning fluid in a telco closet that was being used for multiple purposes, and the liquid shorted out a vital piece of equipment. The accident was never reported, and it was only when services were disrupted that the IT department learned there was a problem.

The incident was a wake-up call for the IT department. Its staff realized that, had the spill been larger, it could have taken out systems for the entire building or even the entire campus. Or, even worse, the unsecured rooms could easily be sabotaged and vital data compromised. It was time for action.

The department went on a mission to improve the security of its numerous telecommunications rooms. These facilities housed IP-based networks, voice systems and other equipment needed for campus-wide communications, including some extremely sensitive, mission-critical equipment and research and development labs. The solution had to be flexible enough to cover facilities with a wide range of requirements, from minimal to high security, including video monitoring.

The new security solution had to accomplish two main goals: physical access control and environmental monitoring. After learning about a similar situation at another company, the IT department employed Black Box to provide the security solutions and expertise.

The first goal was to lock down physical access to the telecommunications rooms for traditional security reasons, as well as to protect the network from tampering by unauthorized staff. This included controlling and monitoring who had access to the rooms and restricting the ability of anyone to make unauthorized changes and inadvertently disrupt critical base communications.

The second goal was to have the ability to monitor the environment of the telecommunications rooms. The electronic components in the rooms are very sensitive to power disruption, as well as to excessive heat and humidity. Monitoring would alert staff to conditions that might interrupt communications. Included in the monitoring requirement was video surveillance of particularly sensitive data centers and research and development labs.

The solution for the dual goals of controlling physical access while also monitoring the environment in the rooms was to install an integrated biometric access and remote monitoring solution that included security cameras. The system operated and was managed across the IP network already in place on the campus.

Biometric Access Control
The integrated solution started with a networkable biometric access control system that used fingerprints as an identifier. Unlike a passcode or an RFID card, which may be borrowed, biometric access positively links access to a particular person, meeting the department’s requirements for high security for sensitive installations.

The system enabled legitimate users to gain quick access to secure areas. All they needed to do was to enter their PIN and place their finger on the reader.

Authentication took less than one second. If the fingerprint matched the template perfectly, the system unlocked the door and logged the date and time of entry. The system also could be programmed to allow entry with just a finger scan or just a PIN, enabling different degrees of security for more- or less-secure areas.

The biometric access control system selected consisted of two components: a reader unit and a controller unit. The reader unit was mounted on a wall next to the telecommunications room’s door; the controller unit was installed inside the room. The electronics for opening the secured door were in the controller inside the room, protected from hackers who could cut wires or spoof the signals to open the door. Proprietary encryption protects communications between the reader and the controller, further enhancing security. This two-part architecture was deemed to be more secure than other biometric solutions in which the electronics to open the door were actually mounted next to the door.

The system offered other security features, as well. The duress feature enabled a person forced to enter a room against his/her will to activate a silent alarm. The system also looked for life in the finger and rejected pictures or silicon imprints of a finger. In case of a power failure, battery backup provided up to eight hours of limited use. If the network failed, the system continued to operate normally because network communication was not required for fingerprint verification. The system saved all logging activity and uploaded it to a database once the network connection was restored.

Because of privacy concerns, the IT department required a biometric system that didn’t store actual fingerprints. The system selected operated by creating a multipoint schematic of a user’s biometric fingerprint profile, which it stored as a fingerprint template. Each time that user required access to a secure area, the template was matched to the live fingerprint. The system wasn’t designed to store fingerprint images, and the biometric template couldn’t be used to create an image of the original print.

The biometric access control system was fully manageable from a central location, providing a full audit trail with detailed entry logs to track where and when staff accessed telecommunications rooms. Additionally, a time-banding feature enabled staff to determine when people could be granted access to the rooms. The system also enabled staff and doors to be grouped together for management purposes. For example, members of a department could have access to some doors but not others.

Employees were easily added to the system or deleted in just a few seconds.

Remote Monitoring
The environmental monitoring system selected consisted of hubs installed in the telecommunications rooms. The hubs were linked through the network to a central location for auditing and monitoring purposes and supported a wide range of environmental sensors, dry contacts and even video cameras for surveillance.

Sensors connected to the hubs varied, depending on the requirements at each location. Temperature and humidity sensors ensured that the telecommunications rooms’ environments remained in the optimum range for delicate electronics. Some locations called for additional environmental monitoring and also had sensors for smoke, power disruption, airflow and water leaks. Hubs that supported dry contacts enabled the system to sense when doors to server cabinets had been opened and to report when doors were left open.

For additional security monitoring, the system included hubs that supported IP cameras as well as sensors. This enabled the addition of surveillance cameras, which could be integrated into the same system.

Cameras were placed outside secure rooms to record who approached and who tried to enter. Cameras also were installed inside the doorways of particularly sensitive locations. For versatility in camera installation, the system supported both high-resolution pan/tilt dome cameras and CCD cameras that provided clear, sharp pictures even in low light conditions.

Like the biometric access control system, the environmental monitoring system worked across the network and could be centrally managed. The system collected and graphed data and also could be configured to send alarms if telecommunications room conditions went out of range, endangering mission-critical equipment.

Bringing it All Together
To bring everything together into one cohesive unit, a single software application was used to manage, monitor, record and report data from all aspects of the system, including the biometric remote monitoring system, the environmental monitoring system and the security cameras.

The IT department now has a security system it can centrally control and monitor. Best of all, IT staff have multi-stage security at the telecommunications rooms, they can positively ID who enters, and they can monitor environmental variables such as temperature, humidity, motion, power and airflow.

This article originally appeared in the February 2011 issue of Security Today.

Featured

  • The Next Generation

    Video security technology has reached an inflection point. With advancements in cloud infrastructure and internet bandwidth, hybrid cloud solutions can now deliver new capabilities and business opportunities for security professionals and their customers. Read Now

  • Help Your Customer Protect Themselves

    In the world of IT, insider threats are on a steep upward trajectory. The cost of these threats - including negligent and malicious employees that may steal authorized users’ credentials, rose from $8.3 million in 2018 to $16.2 million in 2023. Insider threats towards physical infrastructures often bleed into the realm of cybersecurity; for instance, consider an unauthorized user breaching a physical data center and plugging in a laptop to download and steal sensitive digital information. Read Now

  • Enhanced Situation Awareness

    Did someone break into the building? Maybe it is just an employee pulling an all-nighter. Or is it an actual perpetrator? Audio analytics, available in many AI-enabled cameras, can add context to what operators see on the screen, helping them validate assumptions. If a glass-break detection alert is received moments before seeing a person on camera, the added situational awareness makes the event more actionable. Read Now

  • Transformative Advances

    Over the past decade, machine learning has enabled transformative advances in physical security technology. We have seen some amazing progress in using machine learning algorithms to train computers to assess and improve computational processes. Although such tools are helpful for security and operations, machines are still far from being capable of thinking or acting like humans. They do, however, offer unique opportunities for teams to enhance security and productivity. Read Now

Most   Popular

Featured Cybersecurity

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3