Friday, July 1, 2022

Security Assessment Vs Security Audit

Security Assessment Versus Security Audit 

It is not often that security organizations purchase professional security services.  Perhaps once every five to ten years.  As such, consumers may not know exactly what service to request to best align to their physical security needs.  This article is intended to clarify the difference between a security audit and a security assessment for organizations trying to validate the effectiveness of their security program to enable the appropriate choice to be made when the time comes.

Let’s start with two questions managers should ask themselves about their security program:

1.   Are we doing the right things to protect our people, assets and information?

2. For the things we are doing in our security program, are we meeting the commitments we have made to security and are we doing things in a way that achieves desirable outcomes?

The security audit answers the second question, and the security risk assessment answers the first.  Let’s start with a view of the many things that should be looked at to determine security adequacy. The following formula illustrates the three areas of security risk that are typically analyzed.

Risk = Threat + Consequence + Vulnerability

A security audit is only going to be focused on one of these elements of the security risk formula as shown below.  An audit is not necessarily designed to diagnose criminal and terrorist risk, but certainly mitigates non-compliance risk.

Risk = Threat + Consequence + Vulnerability (or effectiveness of security)

Security Audit Focus

Security Audit By comparison, a security audit is probably the easiest methodology to execute for the consultant as it is simply a verification that all security measures which are supposed to be in place are in fact in place, functioning and documented correctly.  The security audit will focus on the effectiveness of security or confirm whether vulnerability is being properly mitigated.  This as opposed to a security risk assessment which is intended to be much more diagnostic and predictive into the future, typically five years or more.  The security audit is a point in time check only.  If the basis of design for the security program is incorrect, the audit may not shed light on this.  However, the security audit is an important tool in the toolbox as an agent of positive change to protect people, assets and information.  Refer also to Physical Security Audit for a video discussion by a Certified Security Professional and Certified Security Consultant.

The challenge when organizations ask for an audit and have no established security standard, what is the security professional using as the benchmark against which the security audit results will be measured?  Some considerations if you face this common scenario:

·        If your organization does not have a set of security standards, you must ask your prospective security professional what methodology will be used to audit your organization. Ask to see the methodology so that you can review it and ensure you will be satisfied with the outcome.  Will it cover all the necessary elements of your physical security program?  For instance, at a minimum, a proper physical security audit should include within its scope thee following (note this list is by no means all inclusive):

o   Governance

o   Access control – site perimeter, building perimeter, restricted internal areas

o   Security systems installation, operation and maintenance

o   Security related policies and procedures

o   Security awareness training and education

o   Information protection

o   Asset protection

o   Security officer utilization (if applicable)

o   Competency of non-security persons in key security roles

o   Crisis and emergency management protocols

o   Security change management

·        If you are going to request an audit from an outside security professional without having organizational security standards, you will want to ensure that the security professional has some experience in the following areas:

o   Prior similar work within your industry (for example, if you are a chemical plant, the consultant should have some level of experience in the oil, gas or chemical arena).

o   Setting up corporate or global security programs for organizations.

o   Reporting out on audits with a methodology that supports a stratification of the findings. Some findings are going to be more important than others.  There should be a means to classify gaps.  For instance, the following definitions for high and lower priority observations and findings is shown below.

Findings – represent clear departures from, or exceptions to, existing applicable federal or state laws or established audit security standards, where such departures or exceptions can be confirmed.  Exceptions may include any issues that were previously discovered in prior audits that are still open or were improperly or incompletely closed.

Suggestions – represent options for enhancing the plan and/or plant security to reduce the possibility of any exceptions or vulnerability to a security incident in the future.

Another caution is the type of audit that conducted as this will have a direct correlation to the validity of the outcome.  Two types of audits are discussed below.

First-Party Audits

First-party audits are often called self-audits. This is when someone from the organization itself will audit a process or set of processes to ensure it meets the expectations set forth in the audit protocol.  This person would typically be an employee of the organization.  In some cases, particularly under some counter-terrorism regulations such as the Marine Transportation Security Act (MTSA), first party audits are prohibited and persons with any affiliation with the security program may not audit the program.

A first party audit might be appropriate as a rehearsal for a more robust audit conducted by a third party.  Otherwise it could be argued that there could be a potential conflict of interest by auditing oneself.

I would consider an audit by an internal audit group to be a step up from the self-audit as the internal auditors are typically strict and objective.  The problem with internal auditors doing physical security audits is the lack of knowledge of the subject matter.  If internal auditor is going to be involved in physical security audits, it is important to carefully script what will be their scope so that they are looking at things they can fairly judge that are simple and high impact.

Third-Party Audits

A third-party audit occurs when a company hires an independent entity to perform an audit to verify that the company is executing a security program consistent with regulatory expectations, internal standards or the methodology agreed with the auditor up front.  Some would argue that this is the best and most stringent means of conducting an audit to ensure objectivity.  But it also comes with a cost.

To close out the audit discussion, this type of physical security review is intended to answer the question, “For the things we are doing in our security program, are we meeting the commitments we have made to security and are we doing things in a manner that achieves the desired outcomes?”  You state that you do A, B, C and D in your security program and you have or pay someone to come in and verify that you are doing A, B, C and D.

The Security Risk Assessment

Continuing with the A, B, C, and D discussion, the audit will not necessarily tell you if A, B, C, and D are the right things to be doing in your security program.  To get this type of diagnostic insight, organizations need to be asking their consultant for a security risk assessment versus a security audit.

Risk = Threat + Consequence + Vulnerability

The security risk assessment is going to analyze all elements of the risk formula shown above.  The predictive nature of the risk assessment is borne out of the threat assessment and pairing threats with critical assets to formulate future security scenarios that will be analyzed for consequences (how bad would it be if it occurred) and vulnerability (how susceptible is the organization to a criminal or terrorist attack or conversely, how well prepared is thee organization to prevent a security incident).  Risk assessments are forward looking, but of course will take into account historical security incidents which are one of the best predictors for future incidents.  Security risk assessments can nicely inform a security master plan versus the security audit which may generate some findings and corrective actions to remediate shortcomings in existing security measures.

There are many benefits of a security risk assessment:

·        Prevent incidents and criminal activity.

·        Compliance with the OSHA General Duty Clause.

·        Identify to all stakeholders what needs to be protected, why and from whom.

·        Learn where you can be victimized by criminals or terrorists.

·        Identify holistic mitigation strategies to reduce security risk to people, assets and information.

·        Stage implementation of recommendations at your own pace rather than hastily responding or overreacting after a security incident.

·        Secure funding for security improvements by making a compelling business case. (Management will sometimes react more rapidly to third party recommendations or those that are well supported with crime and other data analysis).

·        Implement many improvements without a capital investment. There are always easy, inexpensive and impactful recommendations that can be implemented at a low or even no cost.

·        Identify emergency scenarios and calibrate emergency response and business continuity plans accordingly.

·        Defend against frivolous litigation.

The illustration below shows how scenarios can be analyzed and scored to identify the highest concerns to an organization.

Security Audit

·        Point in time assessment

·        Verifies security commitments are being met

·        Leads to potential action items where gaps are identified

·        Less expensive typically that a risk assessment

·        Does not validate that the security program is aligned with risk

·        Does not provide a basis of design for an organizational security program

Security Risk Assessment

·        Forward looking methodology

·        Verifies security commitments are being met

·        Leads to a long-term security master plan and cost staging

·        More expensive than a security audit

·        Validate that the security program is aligned with risk

·        Provides a better defense of conformance to the OSHA General Duty Clause

·        Provides a better defense against frivolous premises liability claims

·        Provides a basis of design for an organizational security program

·        Enhances crisis management and resiliency

Saturday, June 18, 2022

Entrance Gate safety

Entrance Gate safety 

One of the best-known brands in the realm of electrical and electronic equipment isn’t a manufacturer, a distributor or a dealer. It’s UL – formerly known as Underwriters Laboratories, recognized by users across the globe by the small symbol which appears on many of the devices you own today, such as toasters and children’s toys. UL is a certification organization that verifies the safety of the products it tests.

For users, the UL symbol communicates trust. When a product has been UL-certified and listed as such, it means that it has been thoroughly tested by 3rd-party engineers to verify that it meets relevant standards and has been deemed safe for use in its intended conditions. With this assurance, users have confirmation that the product is safe to use and it will perform properly -- they can trust in its quality.

Why is a Listing Important for Entrance Gate?

There are good reasons to make sure that every electrical or electronic product used within a facility is UL-listed. That said, when you are purchasing a security product, there is a standard of responsibility that is even higher than that for other electronics. There are negative consequences for any non-functioning element in a building; however, a non-functioning security product introduces the potential for a greater level of risk.

Nowhere is this more true than for security doors and turnstiles. Installed at the perimeter of a facility and at any entry points which need to have controlled access, security entrances permit only authorized individuals to enter. With available technology such as anti-piggybacking, anti-tailgating, touchless entry and, facial recognition to verify the identity of the credential-holder, these high-tech doors are a vital piece of an organization’s security planning and risk mitigation strategy.

For anyone directly or indirectly responsible for security within an organization, it is important to ensure that all of your security doors and turnstiles are UL-listed. UL is one of a limited number of nationally-recognized testing laboratories (NRTL), a designation given to those labs allowed by the Occupational Safety and Health Administration (OSHA) to perform certification of products to ensure they meet general industry, construction, and electrical standards.

What is the UL 325 Standard

The UL 325 standard allows all applicable products to be tested at a nationally recognized testing laboratory. The new standard also:

1.   Contains the basic qualifying factors with which products must comply in order to be documented (listed) and marked (labeled) under the requirements of the UL 325 voluntary listing and labeling program.

2.   Pertains to methods for testing products for safety.

3.   Cover installation of products under the requirements of the National Electrical Code & NBC 2016.

4.   Address fire and electrical safety, as well as safety of the public.

The heart of the UL 325 provisons for gate operators and entrapment protection is section 32 and tables 32.1 and 32.2. These parts of the UL 325 standard outline the options for different means of protecting against entrapment and state the minimum quantities of entrapment protection sensors for each type of gate operator.

Section 32.1.1 states: "A vehicular gate operator or vehicular barrier (arm) operator shall:

a. Have provisions for or be supplied with, a minimum of two independent entrapment protection means as specified in Table 32.1 for each entrapment zone.

b. Operate only after installation and enabling of the minimum number of acceptable entrapment protection means, as specified in Table 32.2…"

Gate Definition and Classifications

UL 325 defines a gate as “a moving barrier such as a swinging, sliding, raising, lowering, rolling, or the like, barrier that is a stand-alone passage barrier or is that portion of a wall or fence system that controls entrance and/or egress by persons or vehicles and completes the perimeter of a defined area.” The main types of gate operators/systems addressed in UL 325 are barrier, vertical pivot gate, horizontal slide gate, swing gate, and vertical lift gate. It is important to note that all gate operators included in UL 325 are defined to be used with vehicular gates and NOT PEDESTRIAN GATES. Property owners must provide a separate entrance for pedestrian access because pedestrian gates provide a safe way for pedestrians to enter or exit a property and help to keep people away from vehicles and automatic vehicular gate systems.

Four distinct types of classifications have been established:

Class I - Residential Vehicular Gate Operator
A vehicular gate operator (or system) intended for use in a home of one to four single family dwellings, or garage or parking area associated therewith.

Class II - Commercial/General Access Vehicular Gate Operator
A vehicular gate operator (or system) intended for use in a commercial location or building such as a multi-family housing unit (five or more single family units, hotel, garages, retail store or other building servicing the general public.

Class III - Industrial /Limited Access Vehicular Gate Operator
A vehicular gate operator (or system) intended for use in an industrial location or building such as a factory or loading dock area or other locations not intended to service the general public.

Class IV - Restricted Access Vehicular Gate Operator
A vehicular gate operator (or system) intended for use in a guarded industrial location or building such as an airport security area or other restricted access location not servicing the general public, in which unauthorized access is prevented via supervisions by security personnel.

Installation Effects

The UL 325 gate operator provisions have an effect on gate and fence dealers:

1. Gate and fence dealers should look for an indication of the class of each operator, which will be specified by the gate operator manufacturer.

2. Fence dealer sales personnel must match the site application with the class of operator. The gate operator manufacturer should be contacted if there is any question about the site application.

3. Ensure that all potential entrapment zones are protected as required in Tables 32.1 and 32.2, which must be described in the instruction manual for the gate operator. For most automatic gates, external entrapment protection sensors will be required. The expertise of dealers is required to apply the provisions of the standard to the wide variety of site specific conditions that are encountered in the field.

4. The gate operator manufacturer will provide extensive guidance and instructions which must be followed at all times. Any questions should be directed to the gate operator manufacturer.

5. A minimum of two (2) warning signs must be displayed in the area of the gate. UL 325 includes specific requirements on the format, content, and placement of these signs. 

Factors Related to Automatic Gate Construction and Installation

• Vehicular gate operators can ONLY be used on vehicular gates and never pedestrian gates.

• A separate pedestrian gate must be provided for all sites where pedestrain access is likely.

• The design and construction of all automatic gates and the adjacent fence must conform to ASTM F2200.

• Adequate clearance should be provided between a swinging gate and adjacent structures to reduce risk of entrapment.

• A sliding gate should work smoothly with easy rolling/movement in both directions prior to the installation of the operator.

• All gate activation controls should be as far away from the gate as possible and must be at least 6 feet from the gate to reduce the opportunity for “reach-through” injury.

• Warning signs and placards must be installed and be must visible in the area of the gate opening from both sides of the gate.

• See ASTM F2200, Standard Specification for Automated Vehicular Gate Construction for information about gate construction.

Device-Specific Installation Instructions There are also specific installation requirements for each type of external entrapment protection sensor. These specific requirements emphasize the care and attention that each device must be given prior to and during installation.

All external entrapment protection sensors must be monitored, and the operator must verify the presence of every device at least once during each open and close cycle. According to the standard, "Upon monitoring, should any device not be present, or a fault condition occur that precludes the sensing of an obstruction, including an interruption of the wireless signal to the wireless device or an open or short circuit in the wiring that connects the external entrapment device to the operator and the device’s supply source, the operator shall function with constant pressure…for the direction of travel being protected, or shall only be able to be moved manually…."

There shall be no modification made in the field to bypass, interfere with, or otherwise defeat the monitoring function by adding, suppressing, or changing, either on the operator or on external entrapment protection device(s) by the connection of wires; terminals; switches; jumpers; or components supplied with the operator or with the external entrapment protection device.

For gate operators utilizing non-contact sensor devices (Type B1), instructions should be consulted for placement for each application and care should be exercised to reduce the risk of nuisance tripping. One or more of these devices must be installed in all potential entrapment zones.

For gate operators utilizing contact sensor devices (Type B2), several requirements are spelled out in UL 325. One or more contact sensors shall be located in all potential entrapment zones.

A wired contact sensor shall be located, and its wiring arranged, so that communication between the sensor and the gate operator is not subjected to mechanical damage. A wireless contact sensor shall be located where the transmission of the signals is not obstructed or impeded by building structures, natural landscaping, or similar obstructions, and shall function under the intended end use conditions.

For gate operators utilizing a continuous pressure activating device (Type D), controls must be placed so that a user has full view of the gate area when the gate is moving. A placard must be placed adjacent to the controls, and no other activation device shall be connected. If you’re not sure, which is perfect for you, SSA Integrate can help. We have Certified Access Control & Entrance Control experts that can help you determine the best solution to meet your security needs while keeping you compliant with all the relevant codes. Contact SSA Integrate today to learn more with free Consultancy.

REF:
https://www.ul.com/wp-content/uploads/2014/04/UL_Gate-Operator-11.pdf

https://usautomaticgateopeners.com/store/information/ul325.html

https://www.gatedepot.com/amfilerating/file/download/file_id/49072/


30A1.2  

A gate operator installed in accordance with the manufacturer’s instructions utilizing entrapment protection designated Type A in Table 30A.1 to comply with 30A.1.1 shall upon sensing an obstruction in any direction:

a)      Stop and initiate the reversal of the gate within a maximum of 2 seconds. The gate operator shall reverse the gate a minimum of 2 inches (50.8 mm). The gate operator shall require a renewed, intended input (via wired or wireless control or integral control, a loop sensor, a card reader, or similar device) prior to enabling any automatic actuation devices such as a timer or any other maintained input that was present when the reversing function occurred.

 

b)    Stop the gate upon sensing a second sequential obstruction. The gate operator shall require a renewed, intended input (via an integral control or a wired remote intended to be in the line of sight of the gate) prior to enabling any automatic actuation devices such as a timer or any other maintained input that was present when the reversing function occurred. An alarm shall comply with paragraph 30A.1.1A.

30A.1.4 

A gate operator utilizing entrapment protection designated Type B1 in Table 30A.1 by having provision for connection of, or providing with the operator, a non-contact sensor (photoelectric sensor or equivalent) to comply with 30A.1.1 shall, when the sensor is actuated:

a)      Stop or reverse the gate within a maximum of 2 seconds of sensing an obstruction in both the opening and closing directions.

b)      Stop the gate upon sensing a second sequential obstruction in the opposite direction while in the process of reversal as described in (a).

c)      Result in a gate at rest remaining at rest unless a Type D device is actuated, and

 

d)      Return to normal operation when the sensor is no longer actuated.

30A.1.5 

With reference to 30A.1.4, a non-contact sensor is required to function only to protect obstructions in the gate’s direction of travel.

30A.1.6 

A gate operator installed in accordance with the manufacturer’s instructions utilizing entrapment protection designated Types B1 and B2 in Table 30A.1 as the primary device to comply with 30A.1.1 by having provision for connection of such device, or providing such device with the operator, shall monitor for the presence and correct operation of the device, including the wiring to it, at least once during each open and close cycle. The operator shall function as required by 30A.1.15 in the event the device is not present or a fault condition occurs which precludes the sensing of an obstruction. A fault condition includes an open or short circuit in the wiring that connects the external entrapment protection device to the operator and the device’s supply source.

30A.1.7 

A gate operator utilizing a non-contact sensor for entrapment protection in accordance with 30A.1.1 shall be supplied with instructions in compliance with 51.8.4.

30A.1.8 

A non-contact sensor (photoelectric sensor or equivalent) supplied with, or separately supplied for, a gate operator that is intended to reduce the risk of entrapment or obstruction shall comply with the applicable requirements in All Devices, Section 32, and Photoelectric Sensors, Section 33. A separately supplied sensor shall comply with 53.3.3, 53.3.4 and 53.3.5.

a)      Stop and initiate the reversal of the gate within a maximum of 2 seconds of sensing an obstruction in any direction. The gate operator shall reverse the gate a minimum of 2 inches (50.8 mm).

b)      Stop the gate upon sensing a second sequential obstruction in the opposite direction, while in the process of reversal as described in (a).

c)      Result in a gate at rest, unless a Type D device is actuated, and

d)      After the sensor is actuated no more than 2 times during a single closing cycle, or once in a single opening cycle, require a renewed intended input (via wired or wireless control or integral control, a loop sensor, a card reader, or a similar device) prior to enabling any automatic activation devices such as a timer or any other maintained input that was present when the reversing function occurred.

30A.1.9A 

With reference to 30A.1.9, a contact sensor is only required to sense obstructions in the gate’s direction of travel.

30A.1.10 

A gate operator utilizing a contact sensor for entrapment protection to comply with 30A.1.1 shall be supplied with instructions on the placement of the sensors for each Type of application in compliance with 51.8.4.

30A.1.11 

A contact sensor (edge sensor or equivalent) supplied with, or separately supplied for, a gate operator that is intended to reduce the risk of entrapment or obstruction shall comply with the applicable requirements in All Devices, Section 32, and Edge Sensors, Section 34. A separately supplied sensor shall comply with 53.3.3, 53.3.4, and 53.3.5.

30A.1.12 

A swing-gate operator utilizing entrapment protection designated Type C in Table 30A.1 to comply with 30A.1.1 shall, upon sensing an obstruction in any direction, stop the gate and:

a)      Not result in a force after 100,000 cycles of operation under rated load of more than 10 percent higher than the initial setting to stop the gate. When adjustable, the initial setting is to be at the setting for maximum force, and

b)      Be readily accessible for inspection and repair and not readily rendered inoperative.

30A.1.14 

A gate operator utilizing entrapment protection designated Type D in Table 30A.1 by having a provision for connection of, or providing with the operator, a continuous pressure actuation device to comply with 30A.1.1 shall be constructed so that a wireless control shall not operate the gate. Also see paragraph 51.8.4 (e), 52A.1.5, and 52A.1.6.

 30A.1.15 

A gate operator installed in accordance with the manufacturer’s instructions utilizing entrapment protection designated Type D in Table 30A.1 to comply with 30A.1.1 shall require constant pressure or actuation to initiate and continue movement of the gate in either the opening or closing direction. Upon removal of pressure, movement of the gate shall cease. Unless supplied with separate Open and Close buttons, each subsequent pressing of the control button shall reverse direction of the gate.

30A.1.16 

A gate operator utilizing entrapment protection designated Type E in Table 30A.1 by having a provision for, or providing with the operator, audio alarms to comply with 30A.1.1 shall:

a)      Initiate actuation of the alarm(s) a minimum of two seconds prior to movement of the gate, and 

 

b)      Continue actuation of the alarm(s) throughout the entire opening and closing cycle of the gate.

30A.1.17 

An audio alarm for a Type E device shall comply with 30A.1.18 and the applicable requirements in All Devices, Section 32, and Audio Alarms, Section 34A.

30A.1.18 

The audio alarm signal for a Type E device shall be generated by devices such as bells, horns, sirens, or buzzers. The signal shall have a frequency range of 700 to 2800 Hz, a cycle of the sound level pulsations of 1 to 2 per second, a sound level at least 100 dB1 foot (305 mm) in front of the device, and not vary more than ±8 dB over the voltage range of operation. When the audio alarm is not supplied with the operator, instructions specifying the signal criteria shall be supplied with the operator.

30A.1.19 

A Class I or Class II horizontal slide-gate or vertical lift-gate operator (or system) shall not result in a gate movement of greater than one foot per second with the operator exerting a pull force of 74 pounds (333.6N) and when connected to a supply circuit of maximum rated voltage and rated frequency. 

30A.1.20 

A vehicular gate operator shall have a means for manual operation so that the gate is capable of being moved independently of the operator. For a Class I, II, or III vehicular gate operator, the means for operation shall be supplied as an integral part of the operator and the operator shall be marked with instructions for manual operation. For a Class IV vehicular gate operator, the use of a nearby keyed release or a remotely located non-keyed release to release the operator from the gate meets the intent of this requirement.


Wednesday, June 1, 2022

IPv6 and IPv4

IPv6 and IPv4 

Many engineers called to get know about IPv6 & IPv4. IP (short for Internet Protocol) specifies the technical format of packets and the addressing scheme for computers to communicate over a network OR, An IP (Internet Protocol) Address is an alphanumeric label assigned to computers and other devices that connect to a network using an internet protocol. This address allows these devices to send and receive data over the internet. Every device that is capable of connecting to the internet has a unique IP address.

There are currently two version of Internet Protocol (IP): IPv4 and a new version called IPv6. IPv6 is an evolutionary upgrade to the Internet Protocol. IPv6 will coexist with the older IPv4 for some time.

What is IPv4 (Internet Protocol Version 4)?

IPv4 (Internet Protocol Version 4) is the fourth revision of the Internet Protocol (IP) used to to identify devices on a network through an addressing system. The Internet Protocol is designed for use in interconnected systems of packet-switched computer communication networks. IPV4 header format is of 20 to 60 bytes in length, 

IPv4 is the most widely deployed Internet protocol used to connect devices to the Internet. IPv4 uses a 32-bit address scheme allowing for a total of 2^32 addresses (just over 4 billion addresses).  With the growth of the Internet it is expected that the number of unused IPv4 addresses will eventually run out because every device -- including computers, smartphones and game consoles -- that connects to the Internet requires an address.

A new Internet addressing system Internet Protocol version 6 (IPv6) is being deployed to fulfill the need for more Internet addresses. IPV6 header format is of 40 bytes in length

IPv6 (Internet Protocol Version 6) is also called IPng (Internet Protocol next generation) and it is the newest version of the Internet Protocol (IP) reviewed in the IETF standards committees to replace the current version of IPv4 (Internet Protocol Version 4). 

IPv6 is the successor to Internet Protocol Version 4 (IPv4). It was designed as an evolutionary upgrade to the Internet Protocol and will, in fact, coexist with the older IPv4 for some time. IPv6 is designed to allow the Internet to grow steadily, both in terms of the number of hosts connected and the total amount of data traffic transmitted.

IPv6 is often referred to as the "next generation" Internet standard and has been under development now since the mid-1990s. IPv6 was born out of concern that the demand for IP addresses would exceed the available supply.

The Benefits of IPv6

While increasing the pool of addresses is one of the most often-talked about benefit of IPv6, there are other important technological changes in IPv6 that will improve the IP protocol:

·        No more NAT (Network Address Translation)

·        Auto-configuration

·        No more private address collisions

·        Better multicast routing

·        Simpler header format

·        Simplified, more efficient routing

·        True quality of service (QoS), also called "flow labeling"

·        Built-in authentication and privacy support

·        Flexible options and extensions

·        Easier administration (say good-bye to DHCP)

The Difference Between IPv4 and IPv6 Addresses

An IP address is binary numbers but can be stored as text for human readers.  For example, a 32-bit numeric address (IPv4) is written in decimal as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.

IPv6 addresses are 128-bit IP address written in hexadecimal and separated by colons. An example IPv6 address could be written like this: 3ffe:1900:4545:3:200:f8ff:fe21:67cf.

Did You Know...? IPv6 in the News: (April, 2017) MIT announced it would sell  half of its 16 million valuable IPv4 addresses and use the proceeds of the sale to finance its own IPv6 network upgrades.

Monday, May 16, 2022

Tamper Proof Security Intrusion System

Tamper Proof Security Intrusion System / Burglar Alarm Tamper Proof Wiring

Information on Normally Closed vs. Normally Open circuits and
EOLR (Single End of Line Resistor) & DEOLR (Double End Of Line Resistors).

Normally Open vs. Normally Closed

While no wiring can be completely tamper proof, there are a couple of things you can do to make disabling your alarm system more difficult. These methods may not be enough to protect a business like a jewellery store, but they are more than adequate to protect your home from a common thief.

The first thing to do is to use normally closed (NC) circuits when possible. Most alarms and sensors by default are configured this way. To understand why you should first understand how a common window sensor works. An open circuit is a broken, interrupted, or incomplete circuit. For alarm systems, a normally open (NO) circuit is in the open state when the alarm has not been tripped. Closing the circuit sets off the alarm. A closed circuit is a connected and complete circuit. A normally closed circuit is closed when the alarm is not active. Opening a normally closed circuit sets off the alarm.

The circuit below is an over simplified example of a Normally Open alarm circuit. When the switch is open under normal conditions the circuit is incomplete and the siren will not sound. When the switch is closed then the circuit becomes complete. The connection from the battery to the siren is complete and this activates the siren.

Window sensors are the best way to show a real alarm circuit in action. A window sensor consists of 2 parts. The first is a magnet that is attached to the part of the window that moves. The second part has the wire connections and should be mounted to the frame around the window or to the part of the window that doesn't move. When the window is closed, the two parts of the sensor should be right next to each other.


The wired part of the sensor contains a switch that can connect to two different contacts. When the magnet is near this switch, the magnet will attract the switch toward the normally closed contact. When the magnet is removed (because the window has been opened), the spring pulls the switch toward the normally open contact. You will connect the common contact and either the Normally Closed (NC) or Normally Open (NO) contact to your alarm system.

When using the normally open (NO) contact, the connection between the common (C) and NO contacts is broken when the window is closed. When the window is open the magnet is removed and the spring pulls the switch toward the Normally Open contact which closes the circuit and activates the alarm.

One of the drawbacks with Normally Open circuits is that cutting the wire will deactivate the window sensor. With a Normally Closed circuit, cutting the wire will set off the alarm. With a Normally Closed circuit, opening the circuit will activate the alarm and opening the window or cutting the wire has the same effect.

 

Single and Double End Of Line Resistors

Adding resistors to the sensor circuit path allows the alarm panel to determine more than if the circuit is simply open or closed. It can be used to differentiate between an active alarm, alarm tampering by cutting a wire, and a short in a wire. Note that End Of Line Resistors (EOLRs) can only be used if the alarm panel has been designed to use them. Consult your alarm manual before using any resistors. The diagrams below and resistance values may not apply to your alarm panel.

Single End Of Line Resistors (EOLR) are common with monitored alarms so that the monitoring company can differentiate between a cut wire and a tripped sensor. Some installers will place the resistor in the alarm panel but this not correct. The resistor should be placed at the sensor to better detect cut wires.

In an alarm system without resistors, a thief can bypass a sensor by cutting the wire on a normally open circuit, or by shorting the wires in a normally closed circuit. Using normally closed circuits with properly placed resistors makes it harder to bypass the sensor.

Below are diagrams indicating where to place Single End Of Line Resistors. The Normally Open and Normally Closed items in the diagrams represent the sensor and how it was wired.

Note: These diagrams show a simplistic version of wiring a sensor. Typically, 2 conductor wire is used to wire window/door sensors and 4 conductor wire is used on motion or glass sensors. It is not a simple loop of single conductor wire as shown above.

Tables below assume 5600Ω resistors are used.

Resistance

Normally Open Meaning

Normally Closed Meaning

0Ω

Zone violated. Sensor tripped - Alarm Activated

Zone fault. Wire shorted - Alarm Activated

5600Ω

Zone secure.

Zone secure.

Infinite Ω

Zone fault. Wire shorted - Alarm Activated

Zone violated. Sensor tripped - Alarm Activated

Double End Of Line Resistors (DEOLR) can also indicate if a wire has been cut. DEOLR only works with one Normally Closed sensor per zone. Do not use DEOLR for fire, supervisory and keypad based zones. For this to work properly, both resistors should be with the sensor - not in the alarm panel. Otherwise, tampering with the sensor by shorting it as shown above will successfully bypass the sensor. See below alarm wiring for examples.

Resistance

Meaning

0Ω

Zone fault. Wire shorted - Alarm Activated

5600Ω

Zone secure.

11200Ω

Zone violated. Sensor tripped - Alarm Activated

Infinite Ω

Zone tampered with. Wire cut - Alarm Activated

Other Security Measures

The last security measures to take are with the alarm panel itself. If an intruder is able to get to the alarm panel and disable it before the siren goes off or before it alerts the monitoring company, then the alarm is useless. Remember that opening a door doesn't automatically set off the alarm. By default you will have 30 seconds to enter the code to deactivate the alarm before the siren sounds. An intruder will also have 30 seconds to find and disable the alarm.

Purchase a lock for the alarm panel box if it did not come with one. Keep the alarm panel locked at all times. Do not store the keys on or near the alarm panel.

All alarm systems have a battery backup, but the battery might not be included with your system. Get the backup battery and keep the battery locked in the alarm box.

The alarm panel should not be visible through any windows (including small basement windows). It should not be placed near any entrance to the home. For example, don't place the panel in the mud room - the room off of the garage entrance. The room containing the alarm panel should be protected by sensors, or if there are no windows to that room, then the adjacent room could also be protected preferably by a motion detector.

Many alarm systems allow each zone to be configured differently. The door to the garage can be configured for a 30 second delay before activating the alarm to give you time to enter the code, while the motion detector that protects the alarm panel can be configured to activate the alarm immediately.

Be sure to change all default passwords for the alarm system - not just the master code, but the installer codes also. These default passwords are well documented and can be found by anyone.

If possible, hide the wires as they enter the alarm panel. For a basement installation I like to vertically mount two 2x4s to the concrete wall, and then mount a 2'x4' sheet of plywood to those studs. That gives me a good working area that I can easily drill screws into without having to deal with concrete. You can then run the wires behind this sheet of plywood and enter the alarm panel box through a hole in the back of the box. The sheet of plywood should cover up the wires near the top of the basement wall. From there I tuck the wires under the insulation that surrounds the exterior of the home above the concrete wall. Remember that this does not need to be perfect. You only need to slow the intruder down for a couple of seconds.

For first floor / drywall mounted alarm panels, try to run all of the wires hidden through the drywall and then through the back of the alarm panel box. You will not be able to hide the power connection (it would be a code violation to hide an outlet in the drywall), but this is OK since the battery backup should be locked inside of the panel.

Consider getting motion detectors or a glass break sensor. Window sensors only detect if the window is opened. Breaking the glass and going through the broken window doesn't set off the alarm.