Tightening the Campus -- Security Today

Tightening the Campus

Time for action calls for biometrics measures

By Caren Bachmann
Feb 01, 2011

The IT department at a large, campus-based organization had a minor disruption that could have turned into a major disaster. A new person on the cleaning company’s crew inadvertently spilled a bucket full of water and cleaning fluid in a telco closet that was being used for multiple purposes, and the liquid shorted out a vital piece of equipment. The accident was never reported, and it was only when services were disrupted that the IT department learned there was a problem.

The incident was a wake-up call for the IT department. Its staff realized that, had the spill been larger, it could have taken out systems for the entire building or even the entire campus. Or, even worse, the unsecured rooms could easily be sabotaged and vital data compromised. It was time for action.

The department went on a mission to improve the security of its numerous telecommunications rooms. These facilities housed IP-based networks, voice systems and other equipment needed for campus-wide communications, including some extremely sensitive, mission-critical equipment and research and development labs. The solution had to be flexible enough to cover facilities with a wide range of requirements, from minimal to high security, including video monitoring.

The new security solution had to accomplish two main goals: physical access control and environmental monitoring. After learning about a similar situation at another company, the IT department employed Black Box to provide the security solutions and expertise.

The first goal was to lock down physical access to the telecommunications rooms for traditional security reasons, as well as to protect the network from tampering by unauthorized staff. This included controlling and monitoring who had access to the rooms and restricting the ability of anyone to make unauthorized changes and inadvertently disrupt critical base communications.

The second goal was to have the ability to monitor the environment of the telecommunications rooms. The electronic components in the rooms are very sensitive to power disruption, as well as to excessive heat and humidity. Monitoring would alert staff to conditions that might interrupt communications. Included in the monitoring requirement was video surveillance of particularly sensitive data centers and research and development labs.

The solution for the dual goals of controlling physical access while also monitoring the environment in the rooms was to install an integrated biometric access and remote monitoring solution that included security cameras. The system operated and was managed across the IP network already in place on the campus.

Biometric Access Control
The integrated solution started with a networkable biometric access control system that used fingerprints as an identifier. Unlike a passcode or an RFID card, which may be borrowed, biometric access positively links access to a particular person, meeting the department’s requirements for high security for sensitive installations.

The system enabled legitimate users to gain quick access to secure areas. All they needed to do was to enter their PIN and place their finger on the reader.

Authentication took less than one second. If the fingerprint matched the template perfectly, the system unlocked the door and logged the date and time of entry. The system also could be programmed to allow entry with just a finger scan or just a PIN, enabling different degrees of security for more- or less-secure areas.

The biometric access control system selected consisted of two components: a reader unit and a controller unit. The reader unit was mounted on a wall next to the telecommunications room’s door; the controller unit was installed inside the room. The electronics for opening the secured door were in the controller inside the room, protected from hackers who could cut wires or spoof the signals to open the door. Proprietary encryption protects communications between the reader and the controller, further enhancing security. This two-part architecture was deemed to be more secure than other biometric solutions in which the electronics to open the door were actually mounted next to the door.

The system offered other security features, as well. The duress feature enabled a person forced to enter a room against his/her will to activate a silent alarm. The system also looked for life in the finger and rejected pictures or silicon imprints of a finger. In case of a power failure, battery backup provided up to eight hours of limited use. If the network failed, the system continued to operate normally because network communication was not required for fingerprint verification. The system saved all logging activity and uploaded it to a database once the network connection was restored.

Because of privacy concerns, the IT department required a biometric system that didn’t store actual fingerprints. The system selected operated by creating a multipoint schematic of a user’s biometric fingerprint profile, which it stored as a fingerprint template. Each time that user required access to a secure area, the template was matched to the live fingerprint. The system wasn’t designed to store fingerprint images, and the biometric template couldn’t be used to create an image of the original print.

The biometric access control system was fully manageable from a central location, providing a full audit trail with detailed entry logs to track where and when staff accessed telecommunications rooms. Additionally, a time-banding feature enabled staff to determine when people could be granted access to the rooms. The system also enabled staff and doors to be grouped together for management purposes. For example, members of a department could have access to some doors but not others.

Employees were easily added to the system or deleted in just a few seconds.

Remote Monitoring
The environmental monitoring system selected consisted of hubs installed in the telecommunications rooms. The hubs were linked through the network to a central location for auditing and monitoring purposes and supported a wide range of environmental sensors, dry contacts and even video cameras for surveillance.

Sensors connected to the hubs varied, depending on the requirements at each location. Temperature and humidity sensors ensured that the telecommunications rooms’ environments remained in the optimum range for delicate electronics. Some locations called for additional environmental monitoring and also had sensors for smoke, power disruption, airflow and water leaks. Hubs that supported dry contacts enabled the system to sense when doors to server cabinets had been opened and to report when doors were left open.

For additional security monitoring, the system included hubs that supported IP cameras as well as sensors. This enabled the addition of surveillance cameras, which could be integrated into the same system.

Cameras were placed outside secure rooms to record who approached and who tried to enter. Cameras also were installed inside the doorways of particularly sensitive locations. For versatility in camera installation, the system supported both high-resolution pan/tilt dome cameras and CCD cameras that provided clear, sharp pictures even in low light conditions.

Like the biometric access control system, the environmental monitoring system worked across the network and could be centrally managed. The system collected and graphed data and also could be configured to send alarms if telecommunications room conditions went out of range, endangering mission-critical equipment.

Bringing it All Together
To bring everything together into one cohesive unit, a single software application was used to manage, monitor, record and report data from all aspects of the system, including the biometric remote monitoring system, the environmental monitoring system and the security cameras.

The IT department now has a security system it can centrally control and monitor. Best of all, IT staff have multi-stage security at the telecommunications rooms, they can positively ID who enters, and they can monitor environmental variables such as temperature, humidity, motion, power and airflow.

This article originally appeared in the February 2011 issue of Security Today.

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West
Live From ISC West 2024: Post-Show Recap

ISC West 2024 is complete. And from start to finish, the entire conference was a huge success with almost 30,000 people in attendance. Read Now
- Industry Events
- ISC West
ISC West 2024 is a Rousing Success

The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules, ZeroEyes

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3
FEP GameChanger

Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3
QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3