Arindam Bhadra

Friday, December 28, 2018

Pune CCTV makes revenue from traffic violators

Pune city police is the law enforcement agency with jurisdiction over 790 km2 comprising Pune and Pimpri-Chinchwad cities in Maharashtra. The city police are a division of Maharashtra police. The current Pune commissioner ate came into existence on 1 July 1965. Pune city police operates from 33 police stations. It also has the responsibility of traffic policing the city roads.

The police commissioner-ate is divide into two regions, North Region and South Region. Each region is headed by an Additional Commissioner of police. Each region is divided into two zones; hence there are four Zones in Pune City vitz. Zone – 1, zone – 2, Zone – 3, Zone – 4.

Each Zone is headed by a Deputy Commissioner of Police (DCP). Each Zone is further divided into two or three sub-division. Each Zone is further divided int two or three sub-divisions. Each sub-division is headed by an Assistant Commissioner of Police (ACP).

Pune city surveillance, referred to as PCS, is a holistic and integrated video surveillance system for the city of Pune. The PCS System of IP based outdoor security cameras across various locations in the city of Pune. The Video surveillance data from various cameras deployed is stored at data centre and monitored at all police stations, command control centers at CP office, PMC office, PCMC office and Collectorate.

The system consists of total 1363 cameras
Fix Box Cameras are 1068
Pan-Tilt-Zoom (PTZ) cameras are 217
Automatic Number Plate Recognition (ANPR) cameras are 78

These Cameras are spread across 418 Locations along with 22 Locations for ANPR Cameras.

The live video feed from all these cameras is continuously saved and stored in the data centre which has the capacity to store the video from all the cameras up to 90 days and 180 days storing capacity for ANPR Cameras.

Following command control and viewing centers are setup for viewing the live feed from the system.

Command and Control Centre at Commissioner of Police office with a viewing capacity of 150 cameras at time.
Viewing centre of PMC with viewing capacity of 60 cameras at a time.
Viewing centre of PCMC with viewing capacity of 25 cameras at a time.
Viewing centre of Collectorate with viewing capacity of 10 cameras at a time.
Viewing centre at each of the two Regional offices with capacity to view 10% of total cameras in the respective region, at a time.
Viewing centre at each of the four Zonal offices with capacity to view 10% of total cameras in the respective zone, at a time.
Viewing facility at each of the 40 police stations, with capacity to view 50% cameras in the respective police station jurisdiction.

Description of Components :

Network and connectivity – All the surveillance equipment is connected in network, so that the video feeds are available at data centre as well as viewing centers 27X7.
Data centre and applications – A data centre with high end servers with large storage facility is established, along with application servers. This center holds all the recordings from all the cameras, as well as all the monitoring applications.
Command and viewing centers – the command centre is established in the CP office. Additional CP office, Zonal DCP offices, PMC, PCMC, Collectorate and Police stations have viewing centers for viewing the live video feeds from respective regions. The command centre at CP office also has video-wall for viewing. Other viewing centers have TV sets as well as workstations for effective monitoring of live video.
Collaborative monitoring - The existing surveillance systems of Public and private establishments will also be integrated into PCS systems, so that in case of any incidence at these places, the video feeds will be available.
Help desk and facility Management system – A system is established along with man power, to monitor and maintain the entire infrastructure. A responsive help desk with ticketing system is established so that, any fault in the system is resolved in time and the system is resorted in normal state as soon as possible.

Optimum Utilization :

Maintaining Law and Order – Local commotion, Riots, Crowd gathering, Public festivals, Pubic gathering, Fire incidents.
Crime investigations – Burglary, Robbery, theft, identifying people/vehicles, Harassments to shop-keepers/local people, fights, Tracing of Murders.
Traffic controlling – Flow of Traffic, Density of traffic at junctions, Traffic congestion, Violation of traffic rules, Hit-and-Run cases, and Road accidents.

Support Pune Police to Maintain Law & Order - The live video feed, 24×7 along with automatic various alerts, will enable police to understand the situation on the ground early, so that police can react in-time.

Act as an aid to investigation - Entire video feed is recorded 24×7. So, any historical or past situation can be easily viewed by police.

Improve Traffic Management - Built-in video analytics will generate automatic alerts for traffic violation.

Help in deterring, detecting and thus dealing with criminal activities - Continuous display of live video, automatic alerts for crowd gathering, suspicious objects, suspicious loitering, automatic number plate recognition, will all help police to detect and deal with criminal activities efficiently.

The city traffic police collected Rs 7 crore more in 2018 as compared to the previous year after implementing the CCTV-drive e-challan system. In 2018, 2.5 lakh more violators were fined as compared to 2017, according to the information released by the Pune traffic police department.

The department took action against 18 lakh residents for traffic violations in 2018. Of these, 6.33 lakh cases were registered through the CCTV (closed-circuit television) surveillance system.

“Apart from active traffic policing, the major reason behind higher number of cases in 2018 are the CCTV’s installed across the city that captures the violations,” said Tejaswi Satpute, deputy commissioner of police (DCP), traffic.

A CCTV system captures the image of violators at traffic junctions and transmits it to the command and control centre of the traffic department through which a case is registered and fines are collected by the traffic personnel.

Residents who have violated the traffic norms can also go to the web portal (punetrafficop.net/) and pay the fines by filling the required details of the vehicles. The website provides details of the case, including the photograph of the vehicles violating the traffic rules.

In 2018, the traffic department generated a revenue of Rs 44 crore in fines, higher by Rs 7 crore than collected in 2017.

Out of the total 18 lakh cases, maximum numbers of fines were imposed on those vehicles that were found violating zebra crossings. Such violations amounted to 6.12 lakh cases out of the total 18 lakh cases where people were fined Rs 200 each.

“Zebra crossings are marked with black and white stripes on the road and zigzag lines on either side warning drivers that there may be pedestrians crossing or waiting to cross the road. They also tell drivers that they must give way to pedestrians on the crossing. However, people still violate these basic rules which results into taking actions against them,” said Satpute.

Due to the use of technology, we have the past records of traffic violations which have helped us to fine the offenders. We are now in a position that we can give the exact time and details about the traffic violations. Every day between 3 pm and 7 pm we conduct a drive across the city where we collect pending fines from violators using the records that we have with us – said traffic constable.

At Nagpur, From October 6, 2016 and April 2, 2018, as many as 4,49,568 motorists were caught on mobile cameras breaking traffic rules. Of them, e-challans were already issued to 4,15,024 and fines too were recovered from them. The move has actually gone well as many motorists started following rules. The number of two-wheelers using helmets too have increased manifold.

Read Artical: ANPR

Friday, December 7, 2018

Top 8 BMS Companies in the 2018

Top 8 Global BMS Companies in the 2018

This is 2nd post in this blog regarding BMS - Building Management Systems. The rising need for integrating smart automation systems with the modern infrastructure is encouraging various building management system companies across the globe to offer superior and premium quality solutions for the evolving audiences. The objective of the Intelligent Buildings Management Systems (IBMS) is to centralize the monitoring, controlling operations with innovations, technological and skilful management of facilities within the building (From BMS Room). This system helps to achieve more efficient building operations at reduced energy and labor costs while providing a safe and quality working environment to the occupants. IBMS include wide range of variety of products, such as general light control, access control, security control, communication protocol, HVAC control, outdoor controls and others. Intelligent building is one of the emerging concepts in which modern infrastructure is being equipped with a variety of automated and manned control systems and monitoring devices.

Global Integrated Building Management Systems Market Analysis

Flexibility offered by various open integrated building management systems is one of the key factors fuelling the global IBMS industry to witness a CAGR of more than 12% by 2021. The ability of open systems to function as fully interoperable control systems and define protocols enabling the co-existence of multiple systems on the same platform make them the most viable choice for the modern companies willing to create automated or intelligent buildings. Furthermore, manufacturers are also leveraging these open systems as they allow the conversion of dissimilar products into seamlessly networked systems offering low cost and enhanced features often unavailable in proprietary systems.

Moreover, The Indian economy has shown steady growth in the last decade, despite the global economic meltdown. With the growth of income levels and more than one earning members households, the Indian average disposable income is growing fast resulting in enhanced demand for goods and services. Therefore several companies are trying to leverage this opportunity by establishing new plants in this country In 2017. The market seems to be quite fragmented and is going to result in intense competition in the next few years as various international players are focusing on increasing their customer base by acquiring or forming strategic partnerships with local or regional players.

Honeywell

Headquartered in the US, the company has been making a variety of commercial and consumer products since its inception in 1906. Honeywell, with the help of over 131,000 employees across the globe has been able to operate through key business units including Honeywell Aerospace, Home and Building Technologies (HBT), Safety and Productivity Solutions (SPS), and Honeywell Performance Materials and Technologies. Honeywell is a Fortune 100 software-industrial company. Revenue‎ ‎US$40.534 billion (2017). The company offers a wide product and service portfolios for the building management systems including the building automation systems, software and controls, construction and maintenance services and solutions, commercial combustion controls, and security and fire protection services. In June 2018, Honeywell introduced the Honeywell Vector Space Sense, a software solution which shows when, where, and how building spaces are being used at any given point in time. The software analyzes data from multiple sources across a building for delivering actionable insights which help facility managers in utilizing, optimizing, and prioritizing building spaces.

Johnson Controls

Johnson Controls has been manufacturing electronics, and HVAC equipment for buildings as the primary business since 1885 in Ireland. With employee strength of over 121,000 employees, the company operates in key business units including the Building Efficiency, Power Solutions, Global Work Place Solutions, and Automotive Experience. Johnson Controls annual revenue for 2018 was $31.4B, a 4.07% increase from 2017. Johnson Controls’ Building Automation System, Metasys has been contributing significantly to the continuously growing global next-generation building energy management systems market. According to Technavio, this market is expected to witness a CAGR of over 11% by the end of 2020. The company has been launching building automation systems for commercial buildings. For instance, in November 2017, it launched the BCPro, a smart building automation system providing simple and powerful tools for fast and easy set-up, and a new graphic display with editing, illumination and customization functions, allowing building operations to quickly access and view data.

Schneider Electric

Founded in 1836, Schneider Electric was headquartered in France. Employee strength of over 144,000 employees, Revenue‎: ‎€24.74 billion (2017). The company has been offering various products and services including building automation, switches and sockets, industrial safety systems, home automation, electric power distribution, Smart Grid, critical power & cooling for datacenters. Schneider Electric announced next generation of EcoStruxure Building in April 2018. It is one of the first open innovation platform for buildings with end-to-end IP architecture enabling quick connectivity of IoT devices to improve building value offering. Furthermore, the company has been engaging in strategic partnerships with other companies to ensure high quality products are offered in the market. For instance, in March 2018, Schneider Electric, Danfoss, and Somfy announced a partnership for creating a Connectivity Ecosystem aiming to accelerate adoption of connectivity in residential, mid-size building and hotel markets. Such strategic moves of the company are aiding it to gain a significant position in the top 10 building management system companies in the world.

United Technologies

Headquartered in the US, and founded in 1934, United Technologies has been focusing on researching, developing, and manufacturing products for varied industries including aircraft engines, HVAC, building systems and other industrial products. The company has a dedicated business segment named UTC Climate, Controls & Security segment focusing on offering fire safety, security, building automation systems, HVAC and refrigerating systems and services. Revenue‎ US$59.837 billion (2017) with total number of employees‎: ‎202,797 (2017). Furthermore, to show the global customers about the possibilities and potential in the building technology space, the company opened a state-of-the-art innovation and technology experience center for intelligent buildings in Palm Beach Gardens, Florida. The 224,000 square-foot UTC Center for Intelligent Buildings also meets the highest standards for green design and operations.

Siemens

Siemens is a German conglomerate founded in 1847. The company is involved in offering various products and services including power generation technology, project engineering and construction services, industrial and building automation, water treatment systems, and other automation and control software. The company has been actively involved in the development of building automation systems with its offerings including Desigo, Synco, and GAMMA portfolio of products. Furthermore, Siemens has been also promoting the integration of advanced technologies for meeting the evolving needs of the customers. For instance, the Desigo Control Point is an emerging concept for simplifying the operation and monitoring of HVAC, lighting, and shading in small or medium-sized buildings.

Cisco

Founded in 1984, Cisco has been headquartered in the US. The company specializes in the technology market by offering a wide range of networking hardware, high-technology products and services, and telecommunications equipment. The company offers the Digital Building Solution for making the building smarter through optimized lighting, building automation, and Internet of Things (IoT) technology. For instance, Cisco’s Catalyst Digital Building Series Switches offer smart and highly secure access in a compact and rugged standalone form factor.

Bajaj Electricals

Founded in 1938, Bajaj Electricals is an Indian electrical equipment manufacturing company diversified with product offerings including lighting, luminaires, LPG based generators, fans, appliances, and others. The company’s core business is classified into consumer products, EPC, illumination, and exports. Bajaj Electricals has also been promoting the adoption of smart building offering real-time control from lighting, waste management and HVAC to access, video analytics, and other critical systems. In July 2017, Bajaj Electricals announced embarking on a new journey in digitization by offering Integrated Building Management System (IBMS) to help the customers upgrade to the next level of lighting. With its inception in the building management system market in 2008, Bajaj Electricals has been continuously innovating with its products assortment for retaining its significant position in the top building management companies of the world.

Building Logix

Building Logix has been offering a wide range of building management solutions including access control & video control, building energy management, smart building, system integration and other services. The company has also involved in offering effective building analytics software to help the companies leverage their present infrastructure and produce a better performing environment. Building Logix is further focusing on offering customized building analytics platforms for achieving cost savings and increased efficient-buildings.

Ref: Global Integrated Building Management Systems Industry Report.

Ref: http://www.smartbuildingsmagazine.com/

Friday, November 23, 2018

Difference of Closed and Open Circuit

Difference of Closed and Open Circuit

Hello Engineers, let us come from basics. A system in which the output quantity has no effect upon the input to the control process are called open-loop control systems, and that open-loop systems are just that, open ended non-feedback systems. But the goal of electronic control system is to measure, monitor, and control a process and one way in which we can accurately control the process is by monitoring its output.

We call flow of charge is called current. And in order to create the flow, we need a force. That we are achieving the positive charge and negative charge.

As positive charge and negative charge attract each other we create a circuit and make it flow.

Consider the diagram:

Here in order to glow the bulb, we need current (flow of charge) So we connecting a source, here battery.

Closed circuit.

Once we make the circuit complete +ve charge and -ve charge attracts each other. Thus creating a flow of electrons i.e. current. This complete circuit is called closed circuit.

Open Circuit

If you disconnect any side of the source or anywhere along the line the +ve charge and – charge cannot have any kind of attraction between each other resulting from an absence of flow of electrons. This incomplete circuit is called open circuit.

An electronic control system with one or more feedback paths is called a Closed-loop System. Closed-loop control systems are also called “feedback control systems” are very common in process control and electronic control systems.

In a closed-loop system, a controller is used to compare the output of a system with the required condition and convert the error into a control action designed to reduce the error and bring the output of the system back to the desired response. Shown Relay work some time closed and open based on signal input in coil side.

Saturday, November 3, 2018

Video Security Dual Responsibility GDPR

Video Security Organizations’ Dual Responsibility Under GDPR

GDPR - the EU General Data Protection Regulation - is now in effect (on May 25th, 2018). The regulations are designed to protect the data privacy of European Union (EU) residents, but because the rules affect any company handling EU data, the true influence of the GDPR is international in scope.

GDPR affects security technologies like video surveillance systems. Here’s what you need to know to improve your GDPR compliance.

GDPR is a regulation set forth to protect personal data and ensure the privacy of individuals within the European Union (EU), which is deemed to be a fundamental human right. The primary driver behind the regulation is to give individuals greater control over their personal data and how it is used. Despite its roots in the EU, GDPR also addresses the collection or storage of personal data from any EU citizen, as well as the export of data outside the region. Therefore, given the scope of GDPR, compliance is a global concern.

Because cybersecurity was a main driver behind GDPR, one of its mandates is that in the event that a data breach occurs, companies that collect personal data are mandated to report it in to the supervisory authority within 72 hours. Failure to comply with this regulation could result in penalties equaling 4 percent of a company’s global annual revenues or 20 million euros, whichever is greater.

Given the importance of individuals’ privacy and the potential penalties for non-compliance, these are important discussions; however, this focus is not enough for those of us in the security industry, who have a dual responsibility under GDPR. Why is that?

In practical terms of protecting individual privacy, GDPR places much of the responsibility and obligation on businesses and other organizations that deal with personal data. One of the key features of the new regulation is that those who are being monitored need to be fully informed about what data is being held on them and how it is being used.

Under GDPR, this “personal data” is defined very broadly as “any information relating to an identified or identifiable natural person,” referred to as the “data subject.” Naturally, the first types of personal data that come to mind are the classic examples such as name, physical address, phone number and email address, all of which meet the criteria. But these are only starting points, as the range of personal data types is expansive, encompassing more than simply text-based data.

As security professionals, we must recognize the reality that video in which a person can be identified is also considered personal data and is therefore subject to GDPR guidelines and requirements. Therefore, as organizations, we need to determine how best to become compliant with how we handle customer and employee data, including surveillance video. This dual responsibility must come into play when we consider how we design and operate security systems and collect video data through surveillance, including how we store and manage that video data after collection.

To do so, it is important to explore how many of the steps organizations must take to become GDPR compliant are also necessary to ensure that video surveillance data is compliant as well. These steps surveillance operators must take – and how they can be applied to collected video – are outlined below.

Administration

In general, the first step in ensuring GDPR compliance is to choose an administrator and record data processing activities. As an organization seeking to become GDPR compliant, it is essential to have a person on staff – known as a data processing officer – who will ultimately be responsible for data integrity. Each company providing video surveillance must choose an administrator.

In a security environment, choosing this administrator allows for an open way to publicly identify the person who is responsible for data collected from the surveillance systems and provide that detail to anyone who is monitored by video upon their request. In doing so, it is key to also make the name of this data processing officer available to every person who requests data as prescribed under GDPR.

Every organization should also have a procedure in place for when an individual chooses to exercise their right of access to personal data or request its deletion, which allows them to stay within the monthlong window within which GDPR requires them to comply with these requests. When making such a request, it is reasonable to expect an individual to provide adequate information in order to locate this data – for example, an approximate timeframe, and the location where the footage was captured.

Documentation

GDPR also recommends that record of processing activities (ROPA) documentation be maintained and the following information be made available upon request:

Category of individuals that processed personal data relates to
Purpose for which collected data is used
Whether personal data will be transferred (to whom and for what reason)
How long personal data will be stored
Description of technical and organizational measures to ensure privacy

According to GDPR, administrators should take all appropriate measures to provide this information concerning the processing of their data by surveillance systems to monitored individuals in a brief, transparent, comprehensible and easily accessible manner.

ROPA documentation must also include a risk assessment for individuals’ rights and freedoms and planned measures to address these risks, which include safeguards and mechanisms to ensure the protection of personal data and compliance with GDPR. This should take into account the rights and legitimate interests of individuals and other affected persons.

In a surveillance environment, these items are equally important. Focusing for a moment on purpose and extent of surveillance, it must be clear why and how much video is being collected, and for what reason. One thing to discuss with potential solution providers is the concept of privacy by design and “GDPR-ready” product features. In evaluating solutions, organizations should look for those that will help them more easily become GDPR compliant. An example would be technology supporting defined view of a specific perimeter. By leveraging solutions to define the perimeter, organizations adhere to GDPR in that they can more easily specify the extent of video surveillance.

Data Processing Inventory Assessment (DPIA)

Once an administrator has been chosen and ROPA documentation is complete, a DPIA is required for cases of “extensive systematic monitoring of publicly accessible premises.”

This requires specifying in writing why and for what purposes the camera system is recording. For example, a city needs to manage electrical and water utility stations and must ensure the utilities provide residents with dependable service. Therefore, the perimeter of these utility stations must be protected against crime and theft. Under GDPR, the city can specify that the surveillance is provided for this purpose. Another example would be to ensure the safety of citizens during public events, as surveillance video may be used by the police to provide real-time situational awareness for officers in the field. In this case, it can be specified, in accordance with GDPR guidelines, that video is being collected to support public safety.

This information directly correlates to ROPA documentation, so again we can see the connection between becoming compliant as an organization overall, as well as ensuring compliance for GDPR with information and data collected in a surveillance environment.

Data Security

Cybersecurity has been a major topic within the security industry for some years now. The importance of a surveillance system being cyber secure extends to compliance with GDPR, with tight control of video data being another key recommendation. It is vitally important when specifying a system that these critical measures are taken into account. The less data that is readily accessible to those outside the scope of an organization’s video data management procedures, the less risk there is of becoming non-compliant. The same philosophy applies to data breaches; administrators must report any leaks within 72 hours of notification.

To ensure GDPR compliance, companies should employ strong measures to prevent unauthorized access to the personal data they store, including video. The specific tools and tactics used by each company will be unique to the challenges they face. In all situations, however, companies must employ robust security controls, stay up to date with cybersecurity best practices and ensure they are working with trusted partners that provide secure hardware and software, as well as thorough aftercare. Therefore, organizations must work with security professionals and partners to better understand potential cybersecurity risks and talk about ways they can harden their systems to ensure GDPR compliance.

From a compliance perspective, the processes that must be put in place to ensure the “right to be forgotten” in an organization are very similar to those necessary to ensure a surveillance system is also in compliance. This requires taking a systematic approach to how video data is stored, transferred and deleted. These methodologies will ensure that if an individual requests his or her video footage be deleted, business systems and organizational structure will be in place to adhere to this request in an efficient manner. The concept of “right to be forgotten” is a significant part of the GDPR guidelines, and as we are just months into this new guideline, the impact on organizations and system operators after requests are submitted still remains to be seen.

Data audit

The first step toward cybersecurity risk management knows what data your company is collecting and how it is stored. A comprehensive data audit is fundamental because you’ll need to discover what information your company handles that could create liability under the GDPR. The GDPR is very inclusive in its scope, so a data audit should look at all platforms, device types and departments.

Risk assessment

Once you've done a data audit to establish a clear picture of how your company’s data management works, you’ll be in a position to make a risk assessment:

What cyber-threats could your company face?
Where are the security weak-points in your technology infrastructure?
Do you have effective cybersecurity measures in place?

End-to-End Compliance

It is important to consider the full scope of video surveillance. As a surveillance operator collecting video about living individuals, an organization will fall under the category of data controller and be held responsible for data management in accordance with GDPR. Anyone having access to video data, including subcontractors and hosted service providers, must meet requirements as well. These companies or individuals who have access to recorded video on behalf of an organization, such as hosting providers, fall under the category of data processors. In terms of company compliance, when reviewing contracts to ensure all companies comply in the same way as an organization has planned. In terms of surveillance, be sure to check that any persons or organizations who have access to video are also compliant and that contractual relationships reflect these obligations.

Ultimately, it is the surveillance system user (i.e., data controller) who is responsible for GDPR compliance and safeguarding the rights of individuals whose personal data the user collects and processes. While the data controller has ultimate responsibility to follow GDPR, data privacy is a team effort. Remember: We are all in this together.

Therefore, for users of surveillance equipment, solutions and services, it is important to partner with suppliers that are committed to respecting and safeguarding individuals’ privacy and protecting personal data. Users should also be able to rely on suppliers and vendors for the support and technical assistance necessary to facilitate GDPR compliance.

Due to its intent, the onset of GDPR is a positive one. It will allow data processors and controllers to use data in appropriate ways and have clear guidelines/procedures in place for data collection, management and surveillance. Many companies follow guidelines such as the UN Global Compact when it comes to sustainability and environmental responsibility. The UN Global Compact provides 10 clear principles to help guide companies in their sustainability efforts. GDPR provides similar clear direction to companies looking to protect individual privacy, a fundamental human right.

Information on individuals is a valuable asset and needs to be properly protected. Apart from making good business sense, the reputation and success of your organization can be under threat if personal information isn’t managed appropriately. Organizations can demonstrate effective management of personal information with BS 10012 from BSI.

It helps you:

Identify risks to personal information and put controls in place to manage or reduce them
Demonstrate compliance with data protection legislation and gain preferred supplier status
Gain stakeholder and customer trust that their personal data is protected
Gain a tender advantage and win new business
Safeguard your organizations reputation and avoid adverse publicity
Protect you and your organization against civil and criminal liability
Benchmark your own personal information management practices with recognized best practice.

Basic Principles of the GDPR

Clearly Justified Purpose

All organizations must have a valid lawful basis for collecting and processing personal data

Privacy by Design

The GDPR mandates that privacy must be a priority throughout system design and commissioning. The approach taken with respect to data privacy must be proactive, not reactive. Risks should be anticipated and the objective must be preventing events before they occur.

Right to Access

Under Article 15, the GDPR gives individuals control over their personal data including the right to see that data.

Right to be Forgotten

Under Article 17, the GDPR gives individuals control over their personal data including the right to have their personal data erased if it is no longer necessary for the intended purpose of the system.

Security

The GDPR requires organizations have comprehensive policies and procedures ensuring personal data remains within control of the organization at all times. Additionally, personal data breaches must be reported within 72 hours to the competent supervisory authority appointed by their country’s government.

Reference:

Sunday, October 28, 2018

Intrusion Detection and Prevention Systems

Intrusion Detection Systems (IDS) vs Intrusion Prevention Systems (IPS): What’s What?

An Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) have very similar acronyms by which they are commonly known, yet they perform very different tasks within the network security process. So what exactly do they do, how do they do it, and does your organization need either, neither, or both as part of your overall security posture?

Intrusion Detection System

Definitions are important in the security world—you have to understand what you are dealing with before you can accurately determine if it's a good fit for the needs of your organization. So what exactly is an Intrusion Detection System (IDS)? Simply put, an IDS can be either a hardware device or software application that monitors network traffic, incoming and outbound, for any malicious activity or security policy violation. Think of it as an intruder alarm, sounding an alert if it spots any activity that could lead to network and data compromise. It does this by inspecting the packets that flow across the network in order to detect known indicators of compromise and traffic patterns that suggest suspicious activity. In other words, an IDS is a passive system used to bring real-time visibility into potential network compromises.

How the IDS achieves this will depend on the type of system being deployed. They can be either network based, or host based. Network-based Intrusion Detection Systems (NIDS) will have sensors strategically placed within the network itself, sometimes at multiple locations, to monitor the most traffic without creating performance bottlenecks. Host-based Intrusion Detection Systems (HIDS) do things differently, and are run on specific hosts or devices, only monitoring the traffic associated with them. Either type can take different approaches to detecting suspicious traffic. Some might use signature detection, comparing packets against a database of known threats. Some might use an anomaly-based approach, comparing traffic patterns against an established network “normality” baseline. Some will combine both methods. All are known for generating false positives, at least initially. The IDS will need configuration to fine-tune it for the particular “norms” of your network and the devices attached to it.

Intrusion Prevention System

An Intrusion Prevention System (IPS) is like an IDS on steroids. Not only can it detect the same kind of malicious activity and policy violation that an IDS does, but as the name suggests it can execute a real-time response to stop an immediate threat to your network. Like an IDS, the IPS can be NIPS-based with sensors at various points of the network or HIPS-based with sensors on the host to monitor individual devices. Unlike the IDS, an IPS has the ability to configure policy-based rules and actions to be executed when any anomaly is detected. Think of it as being an active defense system, tailored to best suit your business needs in terms of security posture.

Although often considered a firewall, this is an erroneous assumption about an IPS. If anything, an IPS is a firewall in reverse: The firewall applies a rule-set to allow traffic to flow; an IPS applies a rule-set to deny and drop traffic. That said, there are Unified Threat Management (UTM) devices, which do both and therefore act as firewall and IPS simultaneously. These might appear to offer the best of both worlds, in that they can actively allow “good” traffic while also blocking known “bad” traffic. However, UTMs can be hard to manage optimally, and tend not to enable the same granularity of control over IPS protections as a stand-alone IPS can offer.

Which do you need?

Now you know the differences between an IDS and IPS, which does your organization need as part of its network security implementation? Truth be told, the stand-alone IDS has pretty much been replaced by the IPS as far as the IT security industry is concerned. That's not to say intrusion detection is a busted flush, but rather that detection has to be accompanied by prevention technologies in today’s increasingly frantic threat climate. For most organizations, the notion of administering an IDS as a separate solution alongside other reactive solutions makes little sense. What makes more sense is to adopt a layered approach to detection and prevention while working with a managed service provider (MSP) able to make better sense of the complexities of the security function and respond to alerts more effectively.

Friday, October 5, 2018

.MDB File Format in Access Software

.MDB File Format in Access Software

MDB is the default file format used in Microsoft Office Access, up to Access 2003. In the 2007 and 2010 versions, however, Access uses the newer ACCDB file format as the default.

The file extension for the MDB file format is .mdb.

Data, in the context of databases, refers to all the single items that are stored in a database, either individually or as a set. Data in a database is primarily stored in database tables, which are organized into columns that dictate the data types stored therein.

A database (DB), in the most general sense, is an organized collection of data. More specifically, a database is an electronic system that allows data to be easily accessed, manipulated and updated.

In other words, a database is used by an organization as a method of storing, managing and retrieving information. Modern databases are managed using a database management system (DBMS).

Microsoft Office Access is Microsoft’s answer to providing a small database engine. It enables users with little knowledge of database administration to quickly set up their own database. The following versions of Access use the MDB file format as default: Access 95, 97, 2000 and 2003.

In 2007, Microsoft introduced a new file format (the ACCDB file format) with the 2007 version of Access. Access 2010 continues to use the same format. However, the 2007 and 2010 versions are also compatible with the older MDB format.

Earlier Access control Systems manufacturer uses this extension to design Access Management software. Like Syris use cardV3.mdb for master database.

MS Access software allows users to create, manage and query a database using its GUI controls and features, without having to write programming queries.

Saturday, September 22, 2018

Role of IT in Access Control System

Role of IT in Access Control System

It is a fact that IT is becoming more involved in the physical security world. In a small minority of companies, these two departments are actually merging, although this is a mammoth task fraught with problems, not only in terms of technology, but primarily in terms of culture.

In the access control world, one could say it’s normal for IT to be involved in networking (assuming the access systems make use of the corporate network and/or the IP protocol), but the scope of IT has slowly been creeping into more of the access control functions. In smaller companies, for example, it’s not unusual for the service provider responsible for the company’s IT to also take the responsibilities of physical security.

So how far has IT made inroads into the access control world in general? HID Global broadcast arrange a webinar in October 2018 in which it revealed some new research into the increasing role IT departments and personnel are playing in the physical access control world. The webinar was hosted by HID Global’s Brandon Arcement and Matt Winn. After discussing the findings of the research, they went on to advise physical security operators as to how they can embrace their IT colleagues further, with the goal of improving the holistic security posture of their organisations.

The survey was conducted by The 05 Group, sponsored by HID and was completed in March 2018. As the title of this article notes, the research found that IT departments are now more involved than ever in organisations’ physical access control decisions and implementation, and that trend is set to increase.

The 05 Group surveyed 1 576 individuals from more than a dozen industries, including education (19%), information (16%), government (11%), manufacturing (8%), health services (8%), and security, professional and business services (8%). Of the respondents, 35% were IT managers, 26% were IT directors, 13% were IT staff, 8% were CIO/CTO, and 3% were VPs of technology. The survey also spanned companies of different sizes, with 24% having less than 100 employees, 22% 101-500 employees, 11% have 501-1000 employees, 17% have 1001-5000, 6% have 5001-9999, and 6% have 10 000-24 999 employees. The results therefore cover a broad spectrum of companies and industries.

The numbers tell a story

The research offers a significant amount of data about the role of IT in access control, however the webinar brought out a few pertinent facts (a link to the white paper written by HID from the research is at the end of this article). When asking the organisations being surveyed “Who is primarily responsible for physical access control in your organisation”, the responses were as follows:

• 29% said both IT and physical security.

• 26% said IT only.

• 25% said facility management handles the job.

• 12% said physical security only.

• 8% said the property management company was tasked with access control.

With a quarter of the respondents already saying IT is responsible for access control, and a further 29% saying it is shared between the two departments, it’s clear that the divide between IT and physical security is rapidly vanishing – and in some cases, altogether gone. And this is a trend that will continue; in organisations where IT is not involved in access control, 36% of the respondents said it will be within the next five years.

For those organisations where access control responsibilities are shared, 47% of the respondents report it had been shared within the past five years. Similarly, where IT owns the responsibility, 42% of the companies say they were given this task within the last five years. Once again we see that IT/physical security convergence in the access world is an expanding reality.

We mentioned IT’s influence in access control above in terms of the networking of access systems, however, this is an old function. The webinar showed that both IT professionals as well as physical security professionals see IT being involved in all areas of access control. When it comes to physical security professionals:

• 66% of physical security professionals see IT involved in influencing the decision-making process.

• 48% see IT’s involvement in integrating access and other systems.

• 37% see IT involved in implementation.

• 22% see IT involved in managing the systems.

From the other side of the table, IT professionals have a similar view:

• 76% expect to influence decision making.

• 72% will be involved in integration.

• 59% will be involved in implementation.

• 39% expect to be involved in managing systems.

Not all wine and roses

Of course, as these different cultures work together, there are bound to be some issues. It is in the field of integration where IT sees problems. Half of the IT people surveyed have issues with the lack of integration of access systems with other IT systems. This is an area in which the access control industry could make significant changes in the short-term to ensure their software and hardware can be more easily integrated with existing business management and security systems.

When it comes to new access control systems, the IT school has a few things it wants to see on the vendors’ to-do list. They want improved ease of use (71%), the ability to support or add new technologies (68%), mobile access (59%), and integration with existing security platforms (54%).

It’s also clear from the survey that IT is not all that comfortable with access control technology. Areas such as credential management, decision making with respect to access control systems, how system components work and also individual features within access systems can cause a bit of nervousness among the IT folk. These are areas in which physical security professionals can make their mark, as they are more skilled in dealing with these issues as well as others unique to their industry.

Helping IT in access

The driver behind this convergence is not a technical issue, but is itself a convergence of a number of separate drivers. HID notes the primary drivers are:

• Converged threats that impact both physical and logical infrastructure. If you have a physical vulnerability it puts your logical systems at risk, and vice versa.

• Proliferation of networked devices in the age of IoT (the Internet of Things) which all require both physical and logical security. Interestingly, the webinar held its own real-time survey of the attendees and this topic was selected as having the biggest impact on access control’s shift to IT with half of the audience selecting it.

• Compliance to new regulations, which again rely on both sides of the table.

• Budget consolidation, which we are all suffering through.

• A shift in reporting structures as executives try to get a handle on the seemingly endless threats companies face on all fronts.

When it comes to the role of physical security professionals and how they can assist in the convergence between the two sides and help improve organisational security, 80% of the respondents said they play a role in establishing best practices, while 50% see physical security having a role in preventing unauthorised access in general, and 49% say they can help in achieving compliance. In order to streamline collaboration, the HID webinar suggests, among other issues, that both sides need to work on aligning project priorities and determining responsibilities, and balancing the technical acumen of IT when it comes to access products and management.

A converged example

The webinar went on to provide an example of how the two divisions could work together in an access control installation. When it comes to the physical access control host, HID advises organisations to integrate physical access control systems (PACS) with an IT source of identity such as LDAP. Furthermore, administrators should ensure there is a set policy around regular software updates and patches, while they should also take advantage of IT’s experience (and equipment) to ensure high availability.

When it comes to the controller, HID advises organisations to settle some of the issues raised above by requiring an open controller platform that can be integrated with other technologies and other vendors’ products. Preventing vendor lock-in is a costly lesson IT departments have learned. It also suggests considering an ‘IP-at-the-door’ topology, keeping controller firmware updated to the latest versions, using strong passwords and encrypting communication between controllers and hosts (and using OSDP – Open Supervised Device Protocol – for encrypted reader communications).

Another strong warning was to take care when selecting access credentials as many of the card and fob technologies available are easy to replicate, making it simple for the wrong people to easily gain access. There are secure card technologies out there and these should be used as a standard. A business benefit of these more advanced credentials is that they can also be used for additional business functions, such as secure printing, vending machines and network logon.

The webinar presenters also touched on the benefits of using users’ mobile devices as credential holders. These can offer higher levels of authentication, easier administration and more user convenience that does not come at the expense of the company’s security.

Whether you are on the IT or physical security side, the most important part of the research (depending on your biases) can be seen in the answer to the question “Do you believe that increased collaboration between physical security and IT can improve the overall security of your organisation?” An overwhelming 95% of all the respondents said “yes”.

While the full convergence of physical and logical security is still some way off, people in the access control sector obviously understand that IT and physical security working together is critical to develop a successful security defence strategy for their organisations. In the access control industry this may be easier to achieve, but as noted in the introduction, it is often a question of culture (or ego, to be blunt) that prevents collaboration and results in organisations being vulnerable to the ever-increasing threats they face from well-organised criminal syndicates, as well as unhappy teenagers with too much time on their hands.

End of the article thanks to Mr. Andrew Seldon, for valuable time to us & security sa team.