Showing posts with label Proximity Reader. Show all posts
Showing posts with label Proximity Reader. Show all posts

Thursday, August 15, 2024

3 Cybersecurity Steps to Reduce Threats to your Electrical System

 3 Cybersecurity Steps to Reduce Threats to your Electrical System

When anyone mentions cybersecurity, you may automatically think they are referring to IT systems. That is because protecting IT networks – and their associated personal, financial, and other proprietary data – has been the responsibility of IT professionals for an exceptionally long time. But what about your operational technology (OT) infrastructures? Are they also at risk from cyberattacks? How can you protect them? In this post, we’ll discuss these questions, and three specific recommendations for protecting your electrical systems.

The electricity subsector cybersecurity Risk Management Process (RMP) guideline was developed by the Department of Energy (DOE), in collaboration with the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC).

OT Cyberattacks: An Increasing Threat

The Ponemon Institute emphatically states that, “Cyberattacks are relentless and continuous against OT environments.” In a survey of over 700 organizations from six countries they found that 50 percent had experienced a cyberattack against their OT infrastructure within the last two years that resulted in downtime. For large and critical operations, this can be devastating.

All you need to do is follow the news to see frequent examples of such attacks. For example, in early 2021, the fast action of a technician narrowly avoided the risk of thousands of people being poisoned due to a hacker gaining access to a Florida city’s water treatment plant. Going back a few years, a breach that came through the HVAC system caused international retailer Target to have 40 million credit and debit card accounts compromised, costing them $290 million.

 

The latter example is just one of many that show why building systems are now widely recognized as OT attack targets. The evolution toward smarter buildings is causing an explosion in the numbers of connected devices – already an estimated 200+ million in commercial buildings alone. With more devices comes more data that needs to be protected, but for facility and business management teams to extract the maximum value, data must be aggregated and shared across OT and IT systems.

This OT/IT interconnection means that a cyberattack on an OT system can:

·        Compromise operational safety or the health of building occupants

·        Impact productivity by taking down production lines or other equipment and processes; more about the relationship between Cybersecurity and Productivity.

·        Ultimately cause an IT threat by passing malware or a virus from the OT to IT infrastructure

The Attack Surface is Now Larger

Essentially, connected OT infrastructures have increased the ‘attack surface’ for hackers and, in many cases, have acted as an organization’s Achilles heel. Clearly, it is not enough anymore to focus attention only on protecting IT and data systems integrity. All organizations must ensure strong OT cybersecurity is in place.

But what OT systems are we talking about? Depending on your type of operation, these can include industrial automation systems (e.g. SCADA) and smart building systems like a building management system (BMS), building security, lighting systems, and the energy and power management system (EPMS) overseeing your facility’s electrical distribution. Navigant Research notes, “Cybersecurity issues are expected to grow in tandem with the digital transformation of real estate through intelligent building technologies.”

In this post, we will consider cybersecurity specifically for your EPMS and electrical distribution system. However, these recommendations and practices equally apply to other OT systems.

Connected Power Means Greater Vulnerability

Energy and power management systems are helping organizations boost efficiency and sustainability, optimize operating costs, maximize uptime, and get better performance and longevity from electrical assets. When combined with BMS, an EPMS can also help make the work environment healthier and more productive for occupants.

Enabling these EPMS benefits is a connected network of smart metering, analysis, control, and protection devices that share data continuously with onsite and/or cloud-based EPMS applications. The application provides extensive monitoring and analytics while providing mobile access to data and alerts to all facility stakeholders. Connection to the cloud also opens the door to expert power and asset advisory support that can augment a facility’s onsite team with 24/7 monitoring, predictive maintenance, energy management, and other services.

All these onsite, cloud, and mobile connections offer a potential target and entry for hackers so you can read our facility managers guide to building systems and cybersecurity.

 

Securing Your Electrical System: A Holistic Approach

A hacker only needs to find one ‘hole’ in one system, at one point of time, to be successful. What you need is a holistic approach to ensure that all potential vulnerabilities are secured. For new buildings, cybersecurity best practices should be a part of the design of all OT systems. For existing buildings, cybersecurity should be addressed when OT systems are starting to be digitized. For both scenarios, the following are three key considerations:

1. Seek Specialized, Expert Assistance

The priorities for IT systems are confidentiality, integrity, and availability. For OT, the top priorities are safety, resilience, and confidentiality. This means that OT security upgrades or problems need to be addressed in a different way from IT, with careful planning and procedures. For these reasons, you need to choose a cybersecurity partner who has proper OT experience, to help you comply with all relevant cybersecurity standards and best practices.

OT systems also use different communication protocols compared to IT systems, such as BACNet, Modbus, etc. If you had your IT team attempt to perform OT security system scans, those scanning tools might cause serious conflicts, risking an OT system shutdown.

Cyberthreats are also constantly evolving, so you should seek a partner who offers ongoing OT monitoring services, updates, system maintenance, and incident response. All of these should be available remotely.

2. Put the Right Controls in Place

An OT cybersecurity specialist will help audit your EPMS and electrical systems to assess the current vulnerabilities and risks, including the gaps in any procedures and protocols.

You and the specialist must determine how secure your electrical system needs to be. The IEC 62443 standard helps protect IoT-enabled OT systems by defining seven foundational requirements (e.g. access control, use control, availability, response, etc.), each of which are designated a security level. Increased security levels offer greater protection against more sophisticated attacks. Your cybersecurity partner will help you determine the level of security you need for each requirement.

An example of one technique for securing networked systems is to break up systems into ‘zones,’ with each secured individually. OT will be separated from IT, and within OT there may be further segregation. A special ‘demilitarized’ zone is typically included, which is a perimeter subnetwork that sits between the public and private networks for an added layer of security. This makes it harder for hackers to find a way in from one system or zone to another. Where required, connections between networks are provided by specially secured data ‘conduits.’

Your electrical system should also be physically secured, with no access by unauthorized personnel. This same strategy applies to EPMS communications network security by means of controlled, multi-tiered permission-based access.

3. Train your Staff

Many cyberattacks are successful because employees have caused unintended errors. It is important that your people become aware of, and vigilant against, cyberthreats. This includes giving your operations team specialized OT cybersecurity training.

This training will typically include multiple steps, including training all individuals to spot social engineering cues, such as phishing attempts or attempts to access protected areas using pretexting (i.e. someone pretending to be a vendor to gain access). This will also include establishing protocols around the use of passwords, multi-factor authorization, policies around WiFi access (e.g., guest network that remains isolated from OT networks), regular auditing of user accounts and permissions, etc.

While the horizontal cybersecurity framework provides a solid basis, specific characteristics of the energy sector such as the need for fast reaction, risks of cascading effects and the need to combine new digital technology with older technologies necessitate specific legislation.

Thanks to Felix Ramos & Khaled Fakhuri to write this article.


Thursday, October 15, 2020

Contactless Access Credentials & Egress

Contactless Access Credentials & Egress 

THE business landscape changing so dramatically over the past few months — possibly irrevocably — the task for many in security, including for consultants, integrators, dealers and manufacturers. As businesses and organizations begin to reopen, many are rethinking the way they budget for security, including access control, video surveillance and intrusion Alarm.

It’s amazing that a microscopic virus from China could virtually bring the world to a standstill. The 2020 global pandemic has reshaped the way people work, learn and play on every conceivable level. In addition to the devastating impact on global health and safety, COVID-19 has infected the health of the global economy.

The growing call to return to work will surely accelerate many of the physical (not social) distancing, sterilization and occupancy issues that we are currently facing. Hopefully, modern medicine will rise to the challenge sooner than later with a COVID-19 vaccine, but this may take some time even with accelerated testing and approvals.

Commonly touched items that can cause the spread of coronavirus (and other infectious disease) can include things like elevator buttons, ATM and checkout keypads, door knobs and handles, keyboards and mice, and door/entry access control panels — just to name a few. When you think about all of the “touchable” items that you interact with each day it becomes a daunting task to stay away from them and feel safe, clean and virus-free. Well, it's no surprise that right now, businesses are feeling the need to provide solutions and upgrade their safety and security as the workforce begins to come back to the office or plan for that to happen soon.

Contactless credentials are the most common component used in an access control system and while many look alike externally, important differences exist. “Contactless credentials and touchless access control can help reduce the number of surfaces that people touch on campus and can help reduce contact transmission” said Arindam Bhadra founder SSA Integrate.

Credentials Overview

While other credential options exist, the most common choice is RFID 'contactless' types. Nearly 90% of systems use contactless cards or fobs built as unpowered devices that are excited and read when brought close to a reader unit. This 'wireless power' process is called resonant energy transfer.

In Proximity Reader technology the reader itself emits a field collected by the card, eventually reaching enough of a charge that temporarily powers a wireless data transfer between the two. The image below details typical internal components of the type, where the wire antenna collects energy, the capacitor stores it, and when full discharges ICC chip (credential) data back through the antenna to the reader:

In general, all contactless credentials work this way but the exact parameters like operating frequency, size of credential data, encryption, and format of the data greatly vary in the field. In the sections that follow, we examine these parameters in depth.

Contactless Credentials Dominated by Giants

One of the biggest differences in contactless credentials is the format of the data it contains, typically determined by the manufacturer. Upwards of three-quarters of contactless credentials use formats developed or licensed by HID Global and NXP Semiconductor.

HID Overview

Since the market began migrating away from 'magstripe' credentials in the early 1990's, HID Global gained marketshare with its 125 kHz "Prox" offerings. Now part of ASSA ABLOY, HID has become the most common security market credential provider, and OEM of products for access brands including Lenel, Honeywell, and Siemens. The company's best-known formats include:

·     "Proximity": an older 125 kHz format, but still regularly used and specified even in new systems

·      iClass: an HID Global specific 13.56 MHz 'smartcard'

HID is the most common choice for credentials in the US. Because of commanding market share, HID is able to license the use of its credential formats to a variety of credential and reader manufacturers. Even when marketing general 'ISO 14443 compliant' offerings, HID strictly follows "Part B" standards (vs Part "A" - described in more detail later).

NXP Overview

Formerly Phillips Semiconductor, Europe-based NXP offers a number of 'contactless' credential components used in a number of markets - security, finance, and industrial. With widespread adoption of ISO standards in credential specifications, NXP offers a catalog of types built to spec, including:

·    MIFARE PROX: NXP's 125 kHz format built on early drafts of ISO standards, but not as widely adopted as HID's "Proximity" lines

·  MIFARE/DESFire: an ISO Standards-based NXP 'smartcard' format, also operating on 13.56 MHz the 'DESFire' moniker was introduced in the early 2000s to distinguish the format from 'MIFARE Classic' credentials. DESFire credentials feature stronger encryption that required higher performing chips. The 'Classic' format fell under scrutiny for being vulnerable to snoop attacks, and DESFire countered this threat. Because these improvements were made only to credentials, and existing MIFARE readers could still be used, the new format became known as 'MIFARE/DESFire'.

Unlike HID, NXP's credential formats are 'license-free' and the according standards are available for production use for no cost. NXP manufacturers all ISO 14443 product to "Part A" standards. NXP's market share is largest outside the US, mostly attributed to the early (starting in ~1990's) adoption of HID Global formats inside the US, but the brand's formats are often the primary ones used in Europe and Asia for physical access control.

US vs the World

Because of NXP Semiconductor’s strength in EMEA and the lack of licensing, MIFARE, DESFire, and the associated derivatives are popular outside the US.

However, HID Global's strongest markets are in the Americas, especially in the US. Despite the additional cost of licensing compliant credentials and readers, the company also produces products that use the unlicensed NXP formats and has equal or greater operability as a result.

125 kHz vs 13.56 MHz

The credential's RF frequency factors a key role in its performance. Because readers can only scan credentials operating at specific matching frequencies, this attribute is the first to consider. If frequency and format do not match, credentials are simply not read. The chart below shows the frequency of popular formats:

Perhaps the biggest difference between 125 kHz and 13.56 MHz frequencies is credential security. 125 kHz formats do not support encryption and are easily snooped or spoofed. However, 13.56 MHz formats are encrypted (usually 128 bit AES or greater) and credential data can only be read by a device that is specifically given the key to do so. 

Deciphering Credential Types

One of the most challenging jobs for integrators and end users alike is simply identifying which credential a system is using. The market is crowded with hundreds of options with no guarantees of compatibility for items that all appear to be a blank white card. The image below details four different credential types with dramatically different performance and security characteristics, yet they all look the same to the untrained eye:

For contactless types, you must know three attributes that are not typically clearly printed or overtly labeled on the credential:

·     Format Name: This designates how and how much data the credential transmits, usually defined by an ISO standard for Wiegand formats. For example H10301 is the typical 26 bit format, H10304 is HID's Wiegand 37 bit, and so on. The best way to confirm the format used by a card is to locate a box label of existing cards (See image below 'Card Format Details') to interpret the raw hexadecimal output as a specific format. If card boxes are not available, researching the credential type used by checking the format used in the Access Control Management Software application, typically in the cardholder and reader configuration settings.

·       Facility Code: This attribute is NOT printed on the card in most cases. This piece of information is also typically found on box labels but can be decoded using the same online calculators for format name. In certain cases, access systems must be configured to accept specific facility codes and some low-end systems may limit acceptable codes to one specific number. Without knowing this code, credentials are not sure to work.

·       Card ID/Serial Number (CSN/UID): In many cases, the ID number is embossed or printed on the card. This number is the 'unique ID' that ties a user to a specific badge. While concurrent numbers are not an issue, redundant numbers are, and the same Card ID and Facility Coded credential cannot be issued twice in the same system. The image below shows.

Interestingly, the Sales Order/Batch Number information printed on the card is often not used by the access system at all and is only printed to assist in researching the origin of the card as shipped to a specific distributor, end user, or dealer.

In some cases, a card vendor or distributor will 'read' an unknown card for a fee, but turn around times may take several business days.

Often, the box for cards currently in production is often the quickest, easiest way to gather all three pieces of this information, if not a reordering part number, as shown below:

The ISO/IEC 14443 Division

Very little separates HID's iClass from NXP's MIFARE offerings, and if not for ambiguous interpretation of an ISO standard, they would 'look' the same to most readers. However, because early versions of the standard left room for differentiation, HID and NXP designed their 'compliant' standards with a different encryption structure.

The end result is both versions of credential claim 'ISO 14443 Compliance', but are not entirely interchangeable. To reconcile this difference, ISO revised 14443 to include parts 'A and/or B' to segregate the two offerings. The default, basic serial number of cards is readable in both A & B parts, but any encoded data on the card is unreadable between the two because the original standard left room for implementation ambiguity.

In general, because there is no licensing cost in using 'Part A' standards, many low-cost, non-US target market, and new reader products start here. However, readers marketed specifically in the US or from vendors with a broader global market license use 'Part B' compliance common to HID.

For example, this TSDi reader supports 14443-A, but not 14443-B, meaning in practical terms in does not support HID's 13.56 MHz iClass formats, but does support NXP's 13.56 MHz MIFARE/DESFire formats:

In contrast, HID iClass readers support both 'A' and 'B' along with the non-ISO specific 'CSN' such that either type of credentials will work with these readers:

13.56 MHz Smartcard Interoperability

While the 'Part A & B' division in ISO 14443 separates formats from being the same, it does not always mean they are unusable with each other. Portions of ISO 14443 are the same in both parts, including the 'Card Serial Number'. For some access systems, this is the unique number that identifies unique users, and because this number is not encoded, it will register in 'non-standard' readers:

·    CSN/UID String: Essentially the card's unique identifier is readable because it is not stored in the deep 'encrypted' media. Many simple EAC platforms use only this number to define a user, and instead use the internal database to assign rights, schedules, and privileges.

·    Encoded Read/Write: However, the vast majority of storage within the card is encrypted and unreadable unless compliant readers are used. Especially for access systems using the credential itself for storage (e.g.: Salto, Hotel Systems) and for multi-factor authentication (e.g.: biometrics) high security deployments, the simple CSN is not sufficient.

The CSN Loophole

In terms of security, not all credential details are encrypted. The 'Card Serial Number' (defined by ISO standards) for 13.56 MHz cards can often be read regardless of underlying format, modulation method, or encryption. The CSN may be usable as a unique ID by the system, but the full data set of the credential will not be available.

For smaller systems with only a few doors and a hundred or fewer cardholders, using the CSN as the primary ID is common due to the ease of enrollment in using CSNs as unique badge numbers. However, for high-security sites where access identity encryption is required by standard or when credentials are used for multiple integrated systems, using CSNs to identify issued cardholders is often not approved. Rather, the card's encrypted data is required instead.

Form Factor

Credential shapes are not just limited to cards or fobs. The size and method of hosting a credential can include stickers, tokens, cell-phone cases, or even jewellery.

The form factor of the credential often is an important consideration in overall durability and service life. For example, while a white PVC card may be ideal to print an ID badge on and hang from a lanyard, it can easily be bent or broken in a rough environment. A key fob, while unsuitable for printing a picture on, is designed to be durable enough to withstand abuse, harsh environment exposures, and even submersion in water.

The right form factor choice should be dictated by the user and the user's environment, and generally, all major credential types have numerous form factor options to suit.

Touchless Switches

Touchless wall switch makes opening a door simple and germ free. Blue LED back-lighting highlights the switch at all times, other than during activation. This provides a visual reference of the switch’s location in low light conditions. Its low-profile design makes it blend into your wall.



Tuesday, September 22, 2015

RS-232 cable Wiring & Testing

COM Port (OR) RS-232 cable Wiring & Testing


As A technical background eSecurity Professional, many time got call “my Access Controller communication has RS232 enable How we connect with Computer (COM Port), is there any layout” Sometime “Successfully testing via my Laptop but Customer computer not responding, any distance or new programming is there”. I remember in year 2006 me also facing this type of problem with an Access Controller; I would be like to share the myth.

Com Port (Com1 / Com2 etc)= Serial Port = RS232 = Consol.

The wiring of RS232 has always been a problem. Originally the standard was defined for DTE (data terminal equipment) to DCE (data communication equipment connection), but soon people started to use the communication interface to connect two DTEs directly using null modem cables. No standard was defined for null modem connections with RS232 and not long after their introduction, several different wiring schemes became common. With Digital Equipment Corporation tried to define their own standard for serial interconnection of computer devices with modified modular jack connectors. This interfacing standard became available on most of their hardware, but it wasn't adopted by other computer manufacturers. Maybe because DEC used an non-standard version of the modular jack.


Very interesting is the RS232 to RJ45 wiring standard proposed by Dave Yost in 1987, based on earlier wiring schemes used at Berkeley University. He tried to define a standard comparable to DEC, where both DTEs and DCEs could be connected with one cable type. This standard was published in the Unix System Administration Handbook in 1994, and has since that moment been a wiring standard for many organizations. We will discuss this standard in detail here.
The RS-232 standard 9600bps port will drive 13 metres of shielded cable. RS232 standard is an asynchronous serial communication method. The word serial means, that the information is sent one bit at a time. Asynchronous tells us that the information is not sent in predefined time slots. RS232 sending of a data word can start on each moment. If starting at each moment is possible, this can pose some problems for the receiver to know which is the first bit to receive. To overcome this problem, each data word is started with an attention bit. This attention bit, also known as the start bit, is always identified by the space line level. Directly following the start bit, the data bits are sent. Data bits are sent with a predefined frequency, the baud rate. Both the transmitter and receiver must be programmed to use the same bit frequency. After the first bit is received, the receiver calculates at which moments the other data bits will be received. It will check the line voltage levels at those moments. With RS232, the line voltage level can have two states. The on state is also known as mark, the off state as space. No other line states are possible. When the line is idle, it is kept in the mark state. For error detecting purposes, it is possible to add an extra bit to the data word automatically. The transmitter calculates the value of the bit depending on the information sent. The receiver performs the same calculation and checks if the actual parity bit value corresponds to the calculated value. The stop bit identifying the end of a data frame can have different lengths. Actually, it is not a real bit but a minimum period of time the line must be idle (mark state) at the end of each word. On PC's this period can have three lengths: the time equal to 1, 1.5 or 2 bits. 1.5 bits is only used with data words of 5 bits length and 2 only for longer words. A stop bit length of 1 bit is possible for all data word sizes.
Goals of the Yost device wiring standard
The mess with RS232 wiring is widely known. It was the reason for starting this website. Dave Yost wanted to solve that mess once and for all, reaching as much as possible of the following goals:
  1. All cable connectors should have the same connector type (RJ45)
  2. All cable connectors should have the same connector gender (male)
  3. DTEs and DCEs should have the same connector wiring
  4. All cables should be identical (except for length)
  5. No need for null modems or other special cables for specific situations
These goals are very close to the goals DEC wanted to achieve. The Yost standard has however one basic advantage. Because RJ45 connectors are used, eight pins are available which makes it possible to transfer almost all RS232 signals. Therefore the Yost standard can be used with much more equipment.
Yost DTE adapter wiring
Now we know how the cables are wired, it is time to define the adapter wiring for various equipment. Depending of the type of equipment, DB9 or DB25 connectors are used. Layouts for both connectors to a RJ45 socket for DTE equipment is shown here. The colors are defined by the Yost standard. The DTR to DSR connection is optional. Please use the manual of the device or software to decide if this loop is necessary. It doesn't harm most of the time if you connect both lines, even with systems that don't use the DSR input signal.
Test COM port by using HyperTerminal.
The HyperTerminal application has been distributed with the Windows operating system versions for a long time now, and for administrators and technical support Representatives, it can be a very useful tool. HyperTerminal allows a user to make a connection to a "host" system from a Windows computer using an available COM port. This will enable you to verify whether or not a port is active and open.  If you have never looked at HyperTerminal, take a couple of minutes to read through the following and see how it can make your life easier.
The HyperTerminal application is started by default from the Start | Programs | Accessories | Communications | HyperTerminal location. When you start HyperTerminal, you are asked to name the connection you are about to configure. This is useful as once you have configured your connection, you can then save all the settings to a configuration file of the same name. This configuration file can be used to implement equivalent settings for subsequent connections. After selecting a connection name, click OK.
On the Connect To dialog box, you are introduced to the different types of connection that HyperTerminal offers. By default, a dial-up connection using a modem is selected (assuming you have a modem present). If you have installed an external modem in addition to an internal modem that modem should also be present in the drop down menu as a choice.
 If you click the downwards arrow on the Connect Using field, you may see one or more COMx (where x is the number of the COM port. i.e COM5) options depending on the number of serial ports available on your computer. The COMx options are typically used for attaching to something like a UNIX computer via serial cable or to a router via its serial console cable. 

To test a specific COM port select that COM port you wish to test. Once the COM port is selected you will not be able to access the other options on this dialog box. They will appear grayed out.

Click OK and select these options:
9600 Bits Per Second, 8 Data Bits, No Parity, 1 Stop Bit, and Hardware Flow Control.
Before clicking OK on the COM3 Properties Dialog Box look at the lower left corner of the HyperTerminal Window. Notice it says "Disconnected" See graphic Below.
Now click the OK button on the COM3 Properties Dialog box. Watch the lower left corner of the HyperTerminal Windows. If the COM port is available and can be opened you will see the status change to Connected. See graphic below.
 If you select OK and get an error saying "Unable to open COMx (where x is the COM port number). Please check your port settings". The COM port you are testing is being used by some device or is not functioning correctly.
Start at the beginning of the COM port test and test another available COM port.
If you receive the error we discussed on every port you select then there are no available ports and you will need to either troubleshoot further or speak to your hardware manufacturer and ask your manufacturer to recommend a hardware solution appropriate for your situations.

Test COM port by using Loopback tester
This is a simple and useful tool for testing RS-232 ports in DTE equipment are working working or not. This plug is connected so that every sent character is echoed back.
 If you Short DB9 (Com Port / RS232) Pin 2 & 3, & Press any Word via Keypad, you can get Eco of that Key. IF you got replied then your Com port is Working Normal, IF not then need to either troubleshoot further or speak to your hardware manufacturer and ask your manufacturer to recommend a hardware solution appropriate for your situations.

Differences between RS-232 and full-duplex RS-485

From a software point of view, full-duplex RS-485 looks very similar to RS-232. With 2 pairs of wires -- a dedicated "transmit" pair and a dedicated "receive" pair (similar to some Ethernet hardware), software can't tell the difference between RS-485 and RS-232.
From a hardware point of view, full-duplex RS-485 has some major advantages over RS-232 -- it can communicate over much longer distances at higher speeds.
Alas, a long 3-conductor cable intended for RS-232 cannot be switched to full-duplex RS-485, which requires 5 conductors.
RS-232 is only defined for point-to-point connections, so you need a separate cable for each sensor connected to a host CPU. RS-485 allows a host CPU to talk to a bunch of sensors all connected to the same cable.

Differences between RS-232 and half-duplex RS-485

But a lot of RS-485 hardware uses only 1 pair of wires (half-duplex). In that case, the major differences are
  • Each RS-485 node, including the host CPU, must "turn off the transmitter" when done transmitting a message, to allow other devices their turn using the shared medium
  • The RS-485 hardware generally receives on the receiver every byte that was transmitted by every device on the shared medium, including the local transmitter. So software should ignore messages sent by itself.
A long 3-conductor cable intended for RS-232 can often be switched to half-duplex RS-485, allowing communication at higher speeds and at higher external noise levels than the same cable used with RS-232 signaling.
RS-232 is only defined for point-to-point connections, so you need a separate cable for each sensor connected to a host CPU. RS-485 allows a host CPU to talk to a bunch of sensors all connected to the same cable.
Alas, half-duplex RS-485 networks are often more difficult to debug when things go wrong than RS-232 networks, because
  • When a "bad message" shows up on the cable, it is more difficult (but not impossible) to figure out which node(s) transmitted that message when you have a shared-medium with a dozen nodes connected to the same single cable, compared to a point-to-point medium with only 2 nodes connected to any particular cable.
  • Transmitting data bidirectionally over the same wire(s), rather than unidirectional transmission, requires a turn-around delay. The turn-around delay should be proportional to the baud rate -- too much or too little turn-around delay may cause timing problems that are difficult to debug.

Differences between RS-232 and both kinds of RS-485

RS-485 signal levels are typically 0 to +5 V relative to the signal ground.
RS-232 signal levels are typically -12 V to +12 V relative to the signal ground.
RS-232 uses point-to-point unidirectional signal wires: There are only two devices connected to a RS-232 cable. The TX output of a first device connected to the RX input of a second device, and the TX output of the second device connected to the RX input of the first device. In a RS-232 cable, data always flows in only one direction on any particular wire, from TX to RX.
RS-485 typically uses a linear network with bidirectional signal wires: There are typically many devices along a RS-485 shared cable. The "A" output of each device is connected to the "A" output of every other device. In a RS-485 cable, data typically flows in both directions along any particular wire, sometimes from the "A" of the first device to the "A" of the second device, and at a later time from the "A" of the second device to the "A" of the first device.

Wednesday, March 17, 2010

About ACCESS CONTROL SYSTEM

ACCESS CONTROL SYSTEMS
This door won't open for everyone-that's the idea behind Door Access Systems. In other words, through these systems only authorized persons are allowed access to a particular area / or areas of a building.
Door Access Systems are extremely cost effective way to provide a high level of security in homes and offices.

PROXIMITY ACCESS CONTROL SYSTEMS
The core of Proximity system is the Proximity Reader and Proximity Card. There are two types of readers in the market - One that has an inbuilt controller with capability to authorize access with or without being connected to a PC. The other kind requires a PC to be connected at all times.

Depending upon the configuration of the premises, one or more readers may be used. If more than one reader is used then it is called a Networked system, which is usually connected to a PC. Some systems use a 8 core or a 16 core wire for connecting all the Readers while some systems use only 2 core wire, thereby reducing the cost of wiring and maintenance.

The better systems have readers that can be used interchangeably in a standalone or a networked configuration. Also, some systems have bulky controllers attached to the readers that require a separate source of power as well as add to the cost. The current day readers have built-in controllers and can be directly connected to a PC.

Another use of Proximity systems is to record attendance for employees. For recording attendance, minimum two readers are required - one for IN and one for OUT. The employees are supposed to show their cards to the appropriate Reader upon arrival or exit. These transactions of IN and OUT are recorded in the attached PC. From the PC various reports can be printed.

Most of the Access control systems come with ready made attendance software as an option.

The advanced Proximity Based systems come with inbuilt Password Based system too. It is possible to specify if the employees can enter using Password alone or Proximity Card alone or Both are required. Such an option gives additional flexibility to define the Access Policy for the organization. Some other features of such systems are:

* Possible to define times of the day when the card is valid. Access granted if a valid Card is flashed and/or correct password is entered, provided the access is being attempted during the pre-authorized hours of the day.
* If an employee is under Duress to open the door then the Duress Entry option allows the opening of the door with alarm on the PC (if connected)
* Powerful software based on Windows OS that does not require a dedicated PC.
* Each Reader (one for each door) can be designated as an Incoming Door or an Outgoing door or an Internal door or Exit on Duty door.
* Capacity Upto 1000 users (employees)
* Each user can be assigned a Password and/OR a Proximity Card
* Users are assigned to groups and privileges are declared at Group level for easy administration
* Possible to define IN/OUT time for a Group on the day of the week basis. Beyond the defined times the Controller will not grant access and will record the event in the PC as Access denied to .
* User Groups can be restricted to certain Controllers and the valid time zones can be defined for each day of the week
* Special alarm events (e.g. Forced entry) can be monitored on the PC
* Option to lock out Controller for one minute if three wrong attempts are made in one minute
* Changes in configuration settings can be easily downloaded to all Controllers easily for the PC.
* Even after Power failure, the Controller retains the last properties defined/downloaded on it.
* Even in case of PC failure, the Controller can continue to operate the Access control system using the last properties defined/downloaded for that Controller. However, recording of events in not possible in such a case
* Access denied events (e.g. employee trying to enter at odd hours) can also be recorded
* Duress entry option allows entry like normal entry but logs an alarm event on the central PC.

GENERAL FEATURES
* Relay output for connection to door strikes/latches
* Independent NO/NC (programmable) input for connection to a switch for opening the door from inside.
* Elaborate Audio and Visual signals in response to commands
* Programmable duration for Time to open the door and Time to close the door, if connected with a magnetic switch
* Tamper switch output separately available
ADDITIONAL REQUIREMENTS
The Readers/Controllers have to be connected with electromagnetic latches/strikes to control the doors. Also, wiring could be a significant cost.

Magnetic Swipe Card System
Here one has to insert a tamper-proof photo ID card into a reader, which scans it, and only then the person can enter the premises. These systems can work with or without computer connectivity and can be further used for Time Attendance with Pay Roll Accounting facility.

SEMI PROXOMITY DOOR ACCESS STSTEM
Functionality same as the proximity door access system, except that here the range is up to 6 inches (approx).

NUMERIC LOCK WITH PIN FACILITY
These locks which are used widely in brief cases, can also be installed at the door. Here the person has to enter a particular code like 123 and only then the can opened.

BIOMETRIC FINGERPRINT ACCESS CONTROL SYSTEMS
In recent times, there are large number of Biometric Systems that are commercially available. Such Biometric systems are based on unique characteristics of human being. The most common, reliable and successful system is the one based on Finger Prints. Users are supposed to put their thumb/index finger (or any specified finger) in the finger reader. The system then compares the finger print that is read with that in the central database for authentication.

Most of the Biometric Systems do not keep an image of the fingerprint but a template. A template is basically a number that is calculated based on various characteristics of the fingerprint. Such an approach is desirable so that unauthorised persons may not sneak in unauthorised images of finger print in the database. When a Finger print is to be matched, it's 'template' number is computed and compared with that stored in the database. Most systems allow for dry, greasy, chaffed and minor cuts on the fingers.

RETINA BASED DOOR ACCESS SYSTEM
A biometric security system isn’t limited to reading only an individual’s fingerprints, it could also read that person’s retina. A retinal scan involves analysing the blood vessels at the back of the eye. Low intensity light is used to scan the unique patterns of the retina. This is a very accurate system if the individual being scanned cooperates properly with the technology and focuses on the given point.

BIOMETRIC FACIAL RECOGNITION SYSTEM
Facial recognition, a further biometric characteristic which can be employed as the basis for an entry system, analyses facial characteristics. A digital camera will develop a file of a user’s face for authentication. This type of recognition is still quite complex and thus reserved for a niche market. It has become quite popular in casinos where it has been employed to create a facial database of scam players for quick detection by security personnel.

VOICE RECOGNITION SYSTEM
A voice recognition system is based on a voice-to-print authentication. Technology transforms voice into text which is then compared with a stored sample. This identity system requires a microphone and could shortly be seen to have replaced security systems used currently such as pins and passwords. Although it is quite an accurate technology, people feel safer if this authentication method is combined with finger-scan technology in their identity systems as this is believed to be much more accurate.

PALM BASED DOOR ACES SYSTEM
Here the person has to place his palm over the reader which on finding it similar to the one stored allows the person's entry.

AUTOMATIC SLIDING GATES BARRIERS OR AUTOMATIC SLIDING DOORS
These are used I airports, railways and big hotels and in those industries where sanitized and dust free environment is very essential e.g. pharmaceutical, software, food packaging etc.

PC BASED ACCESS CONTROL SYSTEMS
The systems currently being offered in the market come in with variety of features to cater to different types of requirements. Along with the basic security functions of validating and controlling access, the PC based systems offer optional features like Time and Attendance, MIS Reporting etc., providing the management with a lot of value- added benefits. Some of the most useful features include:

Multiple entrance/exit monitoring. The capacities ranging from a few users to hundreds of users - easily configurable for organization of any size.

The system can interface with the personnel information files that may be there already in a computerized environment. This makes the installation quick and reduces the data-entry errors.

Flexible Time zones - highly useful for controlling entry / exit as per shift timings; Basically, the PC based systems offer the possibility of programming the rules of entrance and exit.

PC based systems are very user friendly and offer unmatched flexibility in setting up various parameters.

PC based systems also keep the record of the transactions on the hard disk for extended periods of time.
User selectable personal identification numbers - provides additional security.