Wednesday, March 15, 2023

Camera Ban Due to Zero Cyber Security

 Camera Ban Due to Zero Cyber Security

Since what some experts considered a password-free engineering hack was found between firmware layers in HikVision cameras around 5 years ago, CCTV cameras manufactured in China have been squeezed from Australian federal government contracts, despite the fact no Chinese-made video surveillance camera in Australia (or anywhere else in the world) has been found transmitting video streams to the Chinese Government. 


The US communications regulator singled out tech giants Huawei and ZTE and surveillance camera makers Hikvision and Dahua. Spy chiefs have warned that the US could be vulnerable to economic espionage or digital sabotage.

The UK Government departments have been told to stop installing surveillance cameras made by Chinese companies on "sensitive sites" because of security concerns.

Both the UK and Scottish governments have banned Hikvision plus other PRC providers from certain government usage for national security reasons, in a sea change for UK video surveillance.

The Governor of New Hampshire has banned products from certain PRC companies including Dahua, Hikvision, and TikTok for use on state networks or devices in an executive order.

Security threat accusation is made against the Smart City project. The Mangaluru City Corporation (MCC) has installed Hikvision brand CCTV cameras in the city. This company is of China origin.

The Indian government has restricted PRC manufacturers such as Dahua and Hikvision from bidding on Indian government projects.


At this point, it’s worth noting that almost all professional CCTV cameras are installed on secure subnets supported by dedicated switches, servers, and video management systems, or they are installed standalone on DVR and NVRs. These systems log network actions from authorised users, including camera views, saves, searches and applications of analytics functionality, where this applies.

It goes without saying that no pro-grade network intrusion detection system could fail to alert network engineers to the transmission of big band video signals from secure network ports to an external network location. It would generate an immediate alert, remedial action and public condemnation.

While IP cameras can upgrade firmware automatically over public networks and will undertake handshakes with a manufacturer’s servers, these actions are ubiquitous across network devices of all types and, in the case of CCTV cameras, can be deactivated, with devices either left using original firmware, or upgraded manually.

Typically, network-based electronic security systems are updated manually by security teams managing system maintenance. These Australian security techs are highly integrated with an end user’s security operations team and will respond at a moment’s notice to issues of camera performance, network failure, or network breach.

Further, in compact applications, such as in the suburban high street offices of MPs, 3-4 CCTV cameras are installed in a basic star configuration that revolves around a PoE NVR/DVR supported by a dedicated keyboard, mouse and monitor. They are not connected to local data networks, let alone hooked to out of country servers – unlike a significant number of other manufacturers, neither Hikvision nor Dahua offers VSaaS in Australia.

Typically, the basic turret cameras used in such applications are mid-wide angle, have modest resolutions, fixed lenses, and are installed with an outward-facing angle of view covering front and rear entrances, car spaces and foyers to allow recording of events for police investigation after an incident.

Recordings are undertaken on local hard drives and written over after 30 days. Viewing of footage and event searches can only be undertaken by a person with access control rights to the location, and who is authenticated with a password issued by a nominated system administrator – typically an admin assistant or office manager who works on-site.

These cameras are installed for safety and security, not to ‘spy’ on MPs. Nor are these cameras being ‘found’ by shocked staffers in third-tier government applications, as if the cameras crept in at night and hung themselves onto walls, as some news websites have implied.

These CCTV systems were installed in plain sight by professional Australian security technicians using products supplied and supported by professional Australian security distributors with technical support from suppliers’ local operations, after an official government tender process.

These cameras and related systems were chosen by government decision makers because they offered the best performance for the least cost. This is not an imperative that will change when government agencies next take locations with modest security requirements to tender.

Similar strictures around installation and governance apply to the 11 Hikvision cameras at the Australian War Memorial, which are likely external bullet cameras installed to view choke points and entries, and are entirely governed by local subnet rules and managed and viewed using an over-arching video management system provided by a third party.

This server-based VMS brings together all the cameras across the site onto a video wall for monitoring by a dedicated security team. It’s normal for a major site like the Australian War Memorial to have multiple camera brands and camera types installed for different reasons at different times with different priorities of budget. Expensive upgrades are undertaken in stages.

Milestone has discontinued technology partnerships with "mainland China" companies, including mega-manufacturers Dahua and Hikvision, the company confirmed to IPVM.

Ambarella, a major supplier of AI chips for IP cameras, has stopped selling to Dahua, Ambarella confirmed to IPVM.

Western Digital and Seagate are no longer selling to Dahua due to US semiconductor export controls imposed on Nov 2022, IPVM has confirmed with WD directly and from sources for Seagate.

ADI has stopped relabeling Dahua, a year after the company secretly started selling relabeled Dahua gear as an ADI house product, despite the NDAA ban, human rights sanctions, and the FCC designation of Dahua as a threat to national security.

The most cyber secure IP surveillance camera is Mobotix, however, the Australian government rarely uses this brand, despite its enormous operational flexibility and impeccable cybersecurity credentials. Bosch, Axis and iPro are also highly regarded, and tier 1 offerings from everyone else – including HikVision and Dahua, which put considerable effort into cybersecurity and transparency to correct early issues that impacted all CCTV camera makers – are close behind.

Unsurprisingly in the current geopolitical climate, Chinese CCTV cameras are by far the most examined network devices when it comes to cyber security, and their camera firmware and supporting management solutions are constantly trawled through by experts looking for issues in devices that, despite their ‘surveillance’ function, are static edge sensors, governed by the settings of the network switches and servers that manage them.

It’s impossible to believe the Australian government’s highly qualified cybersecurity experts are not perfectly aware that edge devices, like CCTV cameras, when properly commissioned and installed on well-designed and secure data networks, are impossible to access remotely, and can’t be infected by ‘spyware’ in the way a mis-managed workstation or laptop might be.

Instead, they must be acutely aware the greatest security threats to security systems are posed by errors in network application, a failure to activate camera cybersecurity settings during installation and pre-commissioning, and weaknesses in the physical security around network components. And cybersecurity experts must know such risks apply to every networked device across a department’s topology – phones, switches, wired and wireless routers, laptops, servers, apps – not just to devices offering click-worthy headlines.

In our opinion, given the highly evolved state of cybersecurity in professional CCTV cameras (and intercoms), the possibility edge devices in secure subnets from any camera manufacturer, could suddenly breach network security settings and start operating unilaterally is so vanishingly small that cybersecurity can’t be the problem.

Instead the government’s core issue seems to be one of uncertainty and misunderstanding around a technology that, when properly installed and managed, leaves virtually no room for uncertainty at all.

Ref:
IPVM Portal
Sen network
US, UK web pages

Wednesday, March 1, 2023

Fenced for Perimeter Protection

Fenced for Perimeter Protection 

Securing a private or public building is a complex issue, right from any perimeter and entrance point to internal asset management. Instead, optimal security solutions can only be achieved by going back to basics, understanding individual environments and integrating security systems to achieve unique requirements.

The 2022 Crime Report from the Association of Convenience Stores (ACS) shows that, in the past year, 89% of store staff faced abuse in their job, with 35,000 incidents of violence, 9% those resulting in personal injury.

The perimeter is the first line of defence. It inhibits and delays intruders. Unfortunately, history has taught us that even the most impenetrable perimeter can still be breached.

Therefore, sensitive sites should not be on the fence when it comes to investing in the right security technology for the right application. A genuinely intelligent system is key to a successful security solution.

Delaying the intruder is essential. If it takes a security team five minutes to deploy intervention, but the time to target is three minutes, then a security solution needs to create a delay of at least two minutes. If there are layers in place that take three minutes to penetrate, then the response team will have time to apprehend the perpetrators before they reach their target.

In terms of physical perimeter security, layers of technology should be applied starting with the outer perimeter, such as the fence line; the inner zone perimeter, such as specific buildings or key infrastructure; the building face perimeter, such as the external building shell; and finally, the internal perimeter, such as internal space where restricted access is necessary. Solutions within each layer should help delay, deter, and detect intrusion.

There are a wide range of technologies that make up an intelligent outer perimeter. To deter people from attempting to gain unauthorised access, a site can use signage or physical barriers. Sites requiring a more secure perimeter typically “harden” the physical barrier using high security palisade or welded mesh products. These barriers are designed to delay intruders and serve as a physical deterrent by preventing unauthorised access. Additionally, perimeter fences ensure the safety of the public – protecting people from entering sites where they may unwittingly expose themselves to risk, injury or even death.

However, while many businesses use gates, fencing, and other structures to keep intruders out, these only delay an intrusion. That is why highly secure sites should look to include elevated detection technologies such as monitored pulse, energised fences. A monitored pulse fence both deters and detects criminals or trespassers. A grid of energised wires is often enough to prevent someone from attempting to climb or break through the fence. Monitored pulse fences comply with international safety standards and are designed to deliver a short but safe shock and acts as a highly effective deterrent.

Additional technologies such as full integration with video management systems provides a visual record of events that can be viewed as a live stream and later used as evidence if required. Designing an effective perimeter security solution is a significantly more complex process than it appears at first glance. The consultant, architect, or engineer has many factors they need to consider in the process, including understanding the site requirements and environment, and selecting which technology or combination of technologies will have a direct impact on the success of the system.

For example, a highly secure yet discrete site, where the customer doesn’t want to “advertise” what they do by way of a visually intimidating perimeter, may use discrete technologies such as buried sensors, laser curtains and microwave. The possible intrusion risks balanced against the requirements of the site will determine the type of sensors used – these risks can range from vandalism or protests by activists to criminal theft, espionage, and terrorism.

One of the main requirements from customers when it comes to an intelligent perimeter solution is a high probability of detection and low false alarm rate. For sites requiring higher levels of perimeter protection, like prisons, it is crucial that perimeter security is as sensitive to tampering on the fence line as possible to prevent and detect perimeter breaches. However, a highly sensitive fence line can be subject to false alarms due to factors such as disturbances from wildlife and environmental extremes.

In recent years, there has been a shift to intelligent, integrated perimeter solutions where detailed reporting and configuration can be carried out on the performance of the perimeter technology. While perimeter security is an organisation’s first and arguably best, line of defence, integration with other technologies is key in effectively securing a site. Essentially, a security management system that brings everything together can provide a truly intelligent multi-layered perimeter solution.

An integrated approach provides the control room operator with all the information associated with an attempted attack to their fence line, ultimately assisting with faster response times. On top of that, cyber security threats are becoming a very real risk to perimeter protection and are forcing a rethink in how and what technologies are installed, with a shift towards more intelligent and integrated solutions. An end-to-end approach is vital. A cyber security vulnerability can occur along any of the communication channels, from the fence detector to the device that displays the alarm to the security guard.

Gallagher considers each communication link and device to assure the complete security of a perimeter protection system. Their security solutions are engineered to meet stringent standards that define how high security sites around the world should be protected and are backed by the implementation of government standards to validate their effectiveness. Gallagher undertakes internal and external penetration testing of their products to ensure they are hardened and secured to mitigate the risk of cyber-attacks.

During pandemic, Gallagher supplied perimeter security solutions to ensure protection. Gallagher’s intelligent deterrent and detection technologies continue to be utilised across small to medium commercial and industrial facilities, right through to larger correctional, utility, and high-profile government sites.


Tuesday, February 14, 2023

Trends at the intersection of video and AI

Trends at the intersection of video and AI 

Installation and use of CCTV Cameras for security & surveillance is a no-brainer. Cameras are considered a fundamental commodity for setting up any surveillance infrastructure, but at the same time, 24×7 monitoring of hundreds or thousands of video feeds by operators doesn’t serve the purpose of providing proactive surveillance and quick response to breaches.

2022, where most security cameras deliver HD performance, with more and more models offering 4K resolution with 8K on the horizon. Advanced processing techniques, with and without the use of infrared illuminators, also provide the ability to capture usable images in total darkness; and mobile devices such as drones, dash cams, body cams, and even cell phones have further expanded the boundaries for video surveillance. Additionally, new cameras feature on-board processing and memory to deliver heightened levels of intelligence at the edge.

But video has evolved beyond the capabilities of advanced imaging and performance to include another level:  Artificial Intelligence. Video imaging technology combines with AI, delivers a wealth of new data, not just for traditional physical security applications, but for a much deeper analysis of past, present, and even future events across the enterprise.

This is more than a big development for the physical security industry; it is a monumental paradigm shift that is changing how security system models are envisioned, designed, and deployed. Much of the heightened demand for advanced video analytics is being driven by six prevalent industry trends:

 

1) Purpose-built performance

Several video analytics technologies have become somewhat commoditised “intelligent” solutions over the past few years, including basic motion and object detection that can be found embedded in even the most inexpensive video cameras. New, more powerful, and intelligent video analytics solutions deliver much higher levels of video understanding.

This is accomplished using purpose-built deep learning, employing advanced algorithms and training input capable of extracting the relevant data and information of specific events of interest defined by the user. This capability powers the automation of two important workflows: the real-time monitoring of hundreds or thousands of live cameras, and the lightning-fast post-event search of recorded video. Vintra video analytics, for example, accomplishes this with proprietary analytics technology that defines multi-class algorithms for specific subject detection, classification, tracking, and re-identification and correlation of subjects and events captured in fixed or mobile video from live or recorded sources.

 

2) Increased security with personal privacy protections

The demand for increased security and personal privacy are almost contradictory given the need to accurately identify threatening and/or known individuals, whether due to criminal activity or the need to locate missing persons. But there is still societal pushback on the use of facial recognition technology to accomplish such tasks, largely surrounding the gathering and storage of Personally Identifiable Information (PII).

The good news is that this can be effectively accomplished with great accuracy without facial recognition, using advanced video analytics that analyse an individual’s whole-body signature based on various visual characteristics rather than a face. This innovative approach provides a fast and highly effective means of locating and identifying individuals without impeding the personal privacy of any individuals captured on live or recorded video.

 

3) Creation and utilisation of computer vision

There are a lot of terminologies used to describe AI-driven video analytics, including machine learning (ML) and deep learning (DL). Machine learning employs algorithms to transform data into mathematical models that a computer can interpret and learn from, and then use to decide or predict. Add the deep learning component, and you effectively expand the machine learning model using artificial neural networks which teach a computer to learn by example.

The combination of layering machine learning and deep learning produces what is now defined as computer vision (CV). A subset but more evolved form of machine learning, computer vision is where the work happens with advanced video analytics. It trains computers to interpret and categorize events much the way humans do to derive meaningful insights such as identifying individuals, objects, and behaviours.

 

4) Increased operational efficiencies

Surveillance systems with a dozen or more cameras are manpower-intensive by nature, requiring continuous live or recorded monitoring to detect and investigate potentially harmful or dangerous situations. Intelligent video analytics, which provides real-time detection, analysis, and notification of events to proactively identify abnormalities and potential threats, transform traditional surveillance systems from reactive to proactive sources of actionable intelligence. In addition to helping better protect people, property, and assets, advanced video analytics can increase productivity and proficiency while reducing overhead.

With AI-powered video analytics, security and surveillance are powered by 24/7 technology that doesn’t require sleep, taking breaks, or calling in sick. This allows security operations to redeploy human capital where it is most needed such as alarm response or crime deterrence. It also allows security professionals to quickly and easily scale operations in new and growing environments.

 

5) A return on security investment

The advent of advanced video analytics is slowly but surely also transforming physical security systems from necessary operational expenses into potential sources of revenue with tangible ROI, or as it is better known in the industry, ROSI – Return on Security Investment. New video analytics provide vast amounts of data for business intelligence across the enterprise. Advanced solutions can do this with extreme cost-efficiency by leveraging an organization’s existing investment in video surveillance systems technology.

This easy migration path and a high degree of cost-efficiency are amplified by the ability to selectively apply purpose-built video analytics at specific camera locations for specific applications. Such enterprise-grade software solutions make existing fixed or mobile video security cameras smarter, vastly improving how organizations and governments can automatically detect, monitor, search for and predict events of interest that may impact physical security, health safety, and business operations. For example, slip-and-fall analysis can be used to identify persons down or prevent future incidents, while building/area occupancy data can be used to limit crowds or comply with occupancy and distancing guidelines. In this way, the data gathered is a valuable asset that can deliver cost and safety efficiencies that manual processes cannot.

 

6) Endless applications

The business intelligence applications for advanced video analytics platforms are virtually endless including production and manufacturing, logistics, workforce management, retail merchandising and employee deployment, and more. This also includes mobile applications utilising dashboard and body-worn cameras, drones, and other forms of robotics for agricultural, oil and gas, transportation, and numerous other outdoor and/or remote applications.
An added benefit is the ability to accommodate live video feeds from smartphones and common web browsers, further extending the application versatility of advanced video analytics.


Indian Army to be equipped with AI-based threat assessment software linked to national databases
The Indian Army will soon get help from artificial intelligence to analyse threats during operations, especially in sensitive areas like Jammu and Kashmir. The ministry of defence is planning to equip the army with an AI-based threat assessment software that can be linked to national databases such as UIDAI and MoRTH.
According to an official communication, this software will be used to “track vehicular movement, monitor online presence of individuals, including on social media platforms, and derive linkages and patterns”.
The software will help the army in tracking and predicting incidents and the reason behind acquiring such a software is that operations require a detailed threat assessment. As of now, details of threat assessment are not available with either security forces or law enforcing agencies but only restricted information is available in the form of registers, both at company operating base (COB) levels and with other headquarters.
“Since the data is either non-existent or is recorded in legacy formats (documents and registers), no methods are available with SF for historic correlation of incidents due to which incidents cannot be tracked or predicted,” the official communication states.
The solution: “an AI-based networked solution that will enable storage and analysis of data to track and predict incidents. Details can be linked with national databases such as UIDAI, MoRTH in order to track vehicular movement, as also monitor online presence of individuals including on social media platforms and derive linkages and patterns”.
The software will have the ability to import data available with other agencies. It will enable central collation of details from various patrols with real-time data visibility at all outstations. According to the MoD, this software will be able to integrate legacy unstructured data available in different formats and provide actionable intelligence by combining different databases through the use of AI and data analytics techniques.
The software application is designed to integrate AI and machine learning (ML) aspects with existing known datasets, thereby giving commanders and staff a comprehensive and common picture with regard to operations intelligence, including the capability to carry out data processing in terms of staff checks, query management, use of business intelligence and visualisation to arrive at a course of actions and also assist in ruling out less viable options.
“As the system is being planned keeping in mind the automation requirements of the Indian Army for intelligence generation, the system will be designed for exploitation by AI and ML aspects,” the MoD said. The software will facilitate display and exchange of information over encrypted and secured internet connection and facilitate day-to-day functioning of operations and intelligence gathering and collating at various headquarters, and also facilitate commanders in decision making by incorporating appropriate inputs.
Adequate security measures will be ensured as per the latest guidelines or policies of army cyber group (ACG) system. It will have NLP (natural language processing) models in English, Hindi, Pashto, Arabic, and Urdu to automatically extract intelligence from generated reports, inputs, open source documents and memos.
It will be capable of conducting video and image analytics for raw camera footage from CCTV cameras, social media videos, images among others. The whole idea is to generate actionable intelligence and ability to do dark and deep web monitoring and analysis.

Wednesday, February 1, 2023

Access Control Commissioning Checklist

Access Control Commissioning Checklist 

All customers are not knowledgeable to understand Access control system. When we are getting order it’s our responsibility to commissioned in proper way. In India maximum system integrator do not follow their own check list and as a result after few month call logging is started. Some call forward to OEM and System Integrator with customer’s blame on products are not good. But no one drilldown about commissioning report. Ultimately system integrator don’t know commissioning also a part of BOQ, yes they put importance only installation. I hope this checklist helps end users, integrators and consultants verify that access control installation and commissioning is complete. Take print edit as per your projects and fill all point. After that attached this with handover documents.

It covers the following sections:

  • Door Hardware Checks
  • Reader Checks
  • Controller Checks
  • Fire Alarm Loop Confirmation
  • Backup Power Compliance
  • RTE and 'Free Egress' Confirmation
  • Door Timing Checks
  • Turnstiles or Gate/Door Operator Checks
  • Credential Enrolment
  • Credential Issuance
  • Database Migration
  • Management Software User Creation
  • Access Levels and Schedules
  • Access Event Notifications
  • Door Held Open / Forced Open Troubleshooting
  • Anti-Passback Troubleshooting
  • Mapping and Custom Reporting Creation
  • Viewing Clients Installation 
  • Integration with VMS and Other Systems
  • Workstation Setup
  • Network Setup
  • Cable Verification

We recommend each person using this customize the list for their own needs / situations. There is no 'one size fits all' checklist but this list is meant to serve as a starting point to make it easier and quicker to build your own.

Door Locks and Hardware

This section covers commissioning of doors and opening locks, strikes, or other electro-mechanical hardware, including mounting and physical considerations.

Physical Operation, For every controlled opening:

  • Check all lock / hardware fasteners or mounts are secure and without play, slack, or gaps exceeding tolerances on installation instructions.
  • Ensure operation of lock is free of binding, grinding, or interference for door or frame features or other components.
  • Close and open door, or operate several cycles, the opening to ensure that no binding or warping is affecting operation. 
  • If Exit Devices are used, confirm appropriate 'Push to Exit' signage is displayed.
  • If Door Closers or Operators are used, confirm electronic access devices do not interfere with operation.
  • Confirm secure installation and function of Door Position Switches/ Contacts/ DPS.
  • Weatherproof and lightly apply grease per specification to mechanical hardware like hinges
  • Ensure any cabling or system wiring is hidden, tucked behind raceway or frames, and is not being pinched or cut by features like hinges.
  • Confirm that accessibility clearances are satisfied and any additional access control devices comply with codes.
  • If standalone, battery powered locks are used, confirm remaining battery life is strong and document commission date of batteries for future reference.

Door Controller Install Checks

  • Confirm that all terminated wiring at controller is secured and terminated without short for each device.
  • If kept in a metal enclosure, ensure panel tamper contacts and panel locks are used.  Gather panel keys for central, secure management.
  • If controllers are located at the door, confirm they are installed on the secure/locked side of the opening and located behind a tamper-resistant or semi-obscured location, such as above tiles at the door.
  • For wireless locks, confirm that all hubs or repeaters are clearly labeled as companions to the separate system readers or controllers.

Free Egress and Fire Alarm Loop Check

  • Confirm that upon fire alarm activation, all door maglocks release and are not powered.
  • Confirm that upon fire alarm activation, all emergency exit doors and openings can be freely opened and are not locked for any reason.
  • Confirm that during normal operating conditions, all 'Request To Exit' devices are located in code compliant arrangements and function properly.
  • Check that any delayed egress openings have specifically been approved by the AHJ, and delays do not exceed 15 seconds, unless specifically excepted by AHJ.
  • Confirm that all Pushbutton style RTE switches are properly labeled and displayed per local code requirements, and directly interrupt power to locks and not controller, unless specifically excepted by AHJ.

Credential Reader Checks

  • Confirm that reader device is securely anchored without gaps to the wall, frame, post, or bollard.  Seal or install trim guards where needed.
  • Confirm 'normal operation' status lights are displayed per intended behavior. (On/Off/Red/Green/Blue, etc.)
  • Confirm audible beep or siren registers when credential is read.
  • Check that reader tamper device is connected and configured.
  • If contactless type reader, present test card to confirm read range meets spec.  
  • If biometric type reader, confirm unit positioning will not be interfered with by environmental features (ie: sun movement, HVAC downdrafts, etc)
  • Confirm that accessibility clearances are satisfied and any additional access control devices comply with codes.

Credential Enrolment

  • Confirm that the only credentials to be immediately carried/used by cardholders are activated, and no batched activation of unissued/ stored credentials is done.
  • Check that each user issued a credential is accurately classified and identified in the access control software.  Include Picture ID images if possible.
  • If credentials are being renewed or exchanged, confirm physical possession, disposal, and deactivation of old credential in system.
  • If biometric credentials are enrolled, confirm multiple digits or templates are enrolled.
  • If multi-factor credentials are issued, confirm that all factors are recorded, active, and valid in the system.

Access Management Software Servers

This section covers commissioning of Management Software servers and appliances, including both hardware/network setup as well as OS and software. Some of these items may not be used depending on OS and access platform. For example, appliances typically do not require OS updates. OEM to OEM process are slight different.

Access Management Software Configuration

  • Configure Unlock, Extended unlock, Door Hold Open, and Relock event periods, as appropriate.
  • Configure user access schedules (e.g., 24/7, 8am-5pm, off-hours, holidays, etc.)
  • Configure user access levels (e.g., Managers, Workers, Visitors, Temporaries, etc.)
  • Confirm Polling Interval, or settings update push duration as prompt and as close to real-time to be accurate as recorded in system.
  • Configure any Maps or floorplans used to display and manage system control points.
  • Confirm successful integration and configuration of features like 'Video Verification', or integration with video surveillance, intrusion, fire alarm, and intercom systems.
  • Configure alarm or event notifications (email, text, etc.)
  • Download and retain copies of all door/controller configurations
  • Confirm any imported databases are clean and without problems if populating access management system.
  • For 'Anti-Passback' rules, ensure that users will not unwittingly or inadvertently cause alarms if they use atypical or uncontrolled openings.

Hardware/Security

  • Document MAC address(es) (often more than one if using multiple network cards), or if hosted/cloud access is used, document hostnames of all remote servers.
  • Assign and document IP address(es) of every networked device, endpoint, or server.
  • Apply latest OS updates (unless not recommended by manufacturer);
  • Create secure admin password
  • Create additional users as specified
  • Test UPS operation and runtime (if supplied);

Network/Security Settings

  • Document Controller and other ethernet-based devices MAC address;
  • Assign and document Controller and other ethernet-based device IP address
  • Update firmware to latest version (or manufacturer recommended/tested if different)
  • Change Controller admin password from default
  • Create multiple users if required (by specification or manufacturer recommendation)
  • Set NTP server and verify time and date;
  • Disable unused services/close unused ports (FTP, telnet, SSH, etc.);

General Server Settings

  • Confirm any requisite services or policies are free to operate and will restore automatically after reboot events.
  • Change access management admin password from default
  • Create operator/user logins
  • If LDAP or Active Directory is used, confirm valid implementation and provisioning of service.
  • Confirm and document any external database connections or dependencies by the access software.

Workstations

This list involves client workstations, including hardware, OS, and access client setup and commissioning. Some of these steps may be omitted if appliances are used. OEM to OEM process are slight different.

  • Document MAC address(es) of each workstation
  • Assign and document IP address(es)
  • Apply latest OS updates (unless not recommended by manufacturer)
  • Create secure admin password
  • Create additional users as specified
  • If dongles or hardware keys are required for client access, document location of key on workstation (e.g., Port Location, Key Serial Number)

Network

This section outlines commissioning of network hardware, including switches, routers, firewalls, etc. Some of these devices may not be used in all systems, or managed by the installing integrator.

  • Document MAC address(es) of each device
  • Assign IP address and document
  • Update switch/firewall/router firmware to latest version
  • Change admin password from default
  • Configure VLAN(s) as required; 
  • Configure QoS as required;
  • Disable unused switch ports as specified
  • Configure SNMP monitoring if required;
  • Configure MAC filtering if required
  • Download and retain configuration for each switch
  • Test UPS operation and runtime for each endpoint, if supplied

Cabling

This section covers commissioning of the access control cabling system, including labeling, supports, aesthetic concerns, and testing. OEM to OEM process are slight different.

  • Label all cables, patch panels, wall outlets, etc., as specified
  • Ensure cables are secured to supports (J-hooks, ceiling truss, etc.)
  • Conceal cables where possible/required
  • Leave properly coiled and dressed service loops at Controller or Switch location and head end as required;
  • Test all terminations and document results as specified
  • Document cable test results as specified (if certification is required)


 If need any expert comment on your projects we can help you free of cost over voice or text.