Role of IT in Access Control System

Role of IT in Access Control System

It is a fact that IT is becoming more involved in the physical security world. In a small minority of companies, these two departments are actually merging, although this is a mammoth task fraught with problems, not only in terms of technology, but primarily in terms of culture.

In the access control world, one could say it’s normal for IT to be involved in networking (assuming the access systems make use of the corporate network and/or the IP protocol), but the scope of IT has slowly been creeping into more of the access control functions. In smaller companies, for example, it’s not unusual for the service provider responsible for the company’s IT to also take the responsibilities of physical security.

So how far has IT made inroads into the access control world in general? HID Global broadcast arrange a webinar in October 2018 in which it revealed some new research into the increasing role IT departments and personnel are playing in the physical access control world. The webinar was hosted by HID Global’s Brandon Arcement and Matt Winn. After discussing the findings of the research, they went on to advise physical security operators as to how they can embrace their IT colleagues further, with the goal of improving the holistic security posture of their organisations.

The survey was conducted by The 05 Group, sponsored by HID and was completed in March 2018. As the title of this article notes, the research found that IT departments are now more involved than ever in organisations’ physical access control decisions and implementation, and that trend is set to increase.

The 05 Group surveyed 1 576 individuals from more than a dozen industries, including education (19%), information (16%), government (11%), manufacturing (8%), health services (8%), and security, professional and business services (8%). Of the respondents, 35% were IT managers, 26% were IT directors, 13% were IT staff, 8% were CIO/CTO, and 3% were VPs of technology. The survey also spanned companies of different sizes, with 24% having less than 100 employees, 22% 101-500 employees, 11% have 501-1000 employees, 17% have 1001-5000, 6% have 5001-9999, and 6% have 10 000-24 999 employees. The results therefore cover a broad spectrum of companies and industries.

 The numbers tell a story

The research offers a significant amount of data about the role of IT in access control, however the webinar brought out a few pertinent facts (a link to the white paper written by HID from the research is at the end of this article). When asking the organisations being surveyed “Who is primarily responsible for physical access control in your organisation”, the responses were as follows:

• 29% said both IT and physical security.

• 26% said IT only.

• 25% said facility management handles the job.

• 12% said physical security only.

• 8% said the property management company was tasked with access control.

With a quarter of the respondents already saying IT is responsible for access control, and a further 29% saying it is shared between the two departments, it’s clear that the divide between IT and physical security is rapidly vanishing – and in some cases, altogether gone. And this is a trend that will continue; in organisations where IT is not involved in access control, 36% of the respondents said it will be within the next five years.

For those organisations where access control responsibilities are shared, 47% of the respondents report it had been shared within the past five years. Similarly, where IT owns the responsibility, 42% of the companies say they were given this task within the last five years. Once again we see that IT/physical security convergence in the access world is an expanding reality.

We mentioned IT’s influence in access control above in terms of the networking of access systems, however, this is an old function. The webinar showed that both IT professionals as well as physical security professionals see IT being involved in all areas of access control. When it comes to physical security professionals:

• 66% of physical security professionals see IT involved in influencing the decision-making process.

• 48% see IT’s involvement in integrating access and other systems.

• 37% see IT involved in implementation.

• 22% see IT involved in managing the systems.

From the other side of the table, IT professionals have a similar view:

• 76% expect to influence decision making.

• 72% will be involved in integration.

• 59% will be involved in implementation.

• 39% expect to be involved in managing systems.

Not all wine and roses

Of course, as these different cultures work together, there are bound to be some issues. It is in the field of integration where IT sees problems. Half of the IT people surveyed have issues with the lack of integration of access systems with other IT systems. This is an area in which the access control industry could make significant changes in the short-term to ensure their software and hardware can be more easily integrated with existing business management and security systems.

When it comes to new access control systems, the IT school has a few things it wants to see on the vendors’ to-do list. They want improved ease of use (71%), the ability to support or add new technologies (68%), mobile access (59%), and integration with existing security platforms (54%).

It’s also clear from the survey that IT is not all that comfortable with access control technology. Areas such as credential management, decision making with respect to access control systems, how system components work and also individual features within access systems can cause a bit of nervousness among the IT folk. These are areas in which physical security professionals can make their mark, as they are more skilled in dealing with these issues as well as others unique to their industry. 

Helping IT in access

The driver behind this convergence is not a technical issue, but is itself a convergence of a number of separate drivers. HID notes the primary drivers are:

• Converged threats that impact both physical and logical infrastructure. If you have a physical vulnerability it puts your logical systems at risk, and vice versa.

• Proliferation of networked devices in the age of IoT (the Internet of Things) which all require both physical and logical security. Interestingly, the webinar held its own real-time survey of the attendees and this topic was selected as having the biggest impact on access control’s shift to IT with half of the audience selecting it.

• Compliance to new regulations, which again rely on both sides of the table.

• Budget consolidation, which we are all suffering through.

• A shift in reporting structures as executives try to get a handle on the seemingly endless threats companies face on all fronts.

When it comes to the role of physical security professionals and how they can assist in the convergence between the two sides and help improve organisational security, 80% of the respondents said they play a role in establishing best practices, while 50% see physical security having a role in preventing unauthorised access in general, and 49% say they can help in achieving compliance. In order to streamline collaboration, the HID webinar suggests, among other issues, that both sides need to work on aligning project priorities and determining responsibilities, and balancing the technical acumen of IT when it comes to access products and management. 

A converged example

The webinar went on to provide an example of how the two divisions could work together in an access control installation. When it comes to the physical access control host, HID advises organisations to integrate physical access control systems (PACS) with an IT source of identity such as LDAP. Furthermore, administrators should ensure there is a set policy around regular software updates and patches, while they should also take advantage of IT’s experience (and equipment) to ensure high availability.

When it comes to the controller, HID advises organisations to settle some of the issues raised above by requiring an open controller platform that can be integrated with other technologies and other vendors’ products. Preventing vendor lock-in is a costly lesson IT departments have learned. It also suggests considering an ‘IP-at-the-door’ topology, keeping controller firmware updated to the latest versions, using strong passwords and encrypting communication between controllers and hosts (and using OSDP – Open Supervised Device Protocol – for encrypted reader communications).

Another strong warning was to take care when selecting access credentials as many of the card and fob technologies available are easy to replicate, making it simple for the wrong people to easily gain access. There are secure card technologies out there and these should be used as a standard. A business benefit of these more advanced credentials is that they can also be used for additional business functions, such as secure printing, vending machines and network logon.

The webinar presenters also touched on the benefits of using users’ mobile devices as credential holders. These can offer higher levels of authentication, easier administration and more user convenience that does not come at the expense of the company’s security.

Whether you are on the IT or physical security side, the most important part of the research (depending on your biases) can be seen in the answer to the question “Do you believe that increased collaboration between physical security and IT can improve the overall security of your organisation?” An overwhelming 95% of all the respondents said “yes”.

While the full convergence of physical and logical security is still some way off, people in the access control sector obviously understand that IT and physical security working together is critical to develop a successful security defence strategy for their organisations. In the access control industry this may be easier to achieve, but as noted in the introduction, it is often a question of culture (or ego, to be blunt) that prevents collaboration and results in organisations being vulnerable to the ever-increasing threats they face from well-organised criminal syndicates, as well as unhappy teenagers with too much time on their hands.

End of the article thanks to Mr. Andrew Seldon, for valuable time to us & security sa team.

Biometrics Systems usage and Advantages

Biometrics Systems usage and Advantages

Biometrics Systems are spreading its limbs in almost every sector, as it ensures security to the top most level. Looking at its multidimensional features, biometric systems are used for various applications. 

In today's technologically modern era, the biometric systems are replacing other conventional methods for different purposes. Biometrics Systems can be used to-- Manage Attendance, Access Control, Leave Management, Payroll Processing and many more. This really helps to optimize the solutions according to one's requirement. These solutions help to reduce the chaos of work and also reduces administrative costs.

How secure Biometric Systems are?

Biometric features of each individual are unique in itself, which cannot be tampered or manipulated. Though there are few possibilities to break the security, so to manage optimum security level, biometric systems can be secured with passwords and PIN codes.

How Biometrics Systems are beneficial?

Biometrics systems are useful in many ways, and its benefits depend on the application. Following are the most important benefits of biometrics systems which can help any firm to streamline the work force:-

Reduces Time and other paper works
Biometric solutions can easily reduce the time consumed in hectic calculations and paperwork required in salary processing or other processes. Now these solutions generate reports easily. The reports can be generated monthly or weekly or daily; depending on the requirements.

Accurate Identification

While traditional security systems are reliant on passwords, personal identification numbers (PINs) or smart cards, you can achieve a high level of accuracy with biometrics systems. If you have set up the system correctly, you can use biological characteristics like fingerprints and iris scans, which offer you unique and accurate identification methods. These features cannot be easily duplicated, which means only the authorized person gets access and you get high level of security.

Reduces Human efforts and administrative costs
Since each report is easily generated, so there is no requirement of involvement of more than one employee. Also, each and every detail of each employee is managed easily, thus there is no chance of any kind of manipulation. This reduces the administrative costs.

Restricts unauthorized access
The Access Control Solutions are generally used to restrict the unauthorized movements of any person. It basically works on biometrics of an employee. It also allows to limit the access of employees to a certain range of the office premises. 

Accountability

Biometric log-ins mean a person can be directly connected to a particular action or an event. In other words, biometrics creates a clear, definable audit trail of transactions or activities. This is especially handy in case of security breaches because you know exactly who is responsible for it. As a result you get true and complete accountability, which cannot be duplicated.

Helps to maintain attendance and other records
The Biometric Systems can be used to maintain the attendance of each employee and also manages other records, including OTs, Leaves, etc. A report of records can be generated according to the requirements.

Different solutions based on biometrics for different purposes
Biometric systems can be linked with different solutions like leave management system, canteen management system, payroll software and time office software to solve different purposes.

Security

Another advantage these systems have is that they can’t be guessed or stolen; hence they will be a long term security solution for your company. The problem with efficient password systems is that there is often a sequence of numbers, letters, and symbols, which makes them difficult to remember on a regular basis. The problem with tokens is that they can be easily stolen or lost – both these traditional methods involve the risk of things being shared. As a result you can’t ever be really sure as to who the real user is. However that won’t be the case with biometric characteristics, and you won’t have to deal with the problem of sharing, duplication, or fraud.

Scalability

Biometrics systems can be quite flexible and easily scalable. You can use higher versions of sensors and security systems based on your requirements. At the lowest level you can use characteristics that are not very discriminative; however if you are looking for a higher level of security for large scale databases then you can use systems with more discriminable features, or multi-modal applications to increase identification accuracy.

Convenience

It’s considered to be a convenient security solution because you don’t have to remember passwords, or carry extra badges, documents, or ID cards. You are definitely saved the hassle of having to remember passwords frequently or changing cards and badges. People forget passwords and ID cards are lost, which can be a huge nuisance with traditional security methods.

Versatility

There are different types of biometrics scanners available today and they can be used for various applications. They can be used by companies at security checkpoints including entrances, exits, doorways, and more.

Moreover you can make the most out of the biometric solutions to decide who can access certain systems and networks. Companies can also use them to monitor employee time and attendance, which raises accountability.

Anti-Passback in Access Control Systems

Anti-Passback in Access Control Systems

The anti-passback (APB) feature is designed to prevent misuse of the access control system. The anti-passback feature establishes a specific sequence in which access cards must be used in order for the system to grant access.

The anti-passback (APB) feature is most commonly used at parking gates, where there is both an “in” reader at the entry gate and an “out” reader at the exit gate. The anti-passback feature requires that for every use of a card at the “in” reader, there be a corresponding use at the “out” reader before the card can be used at the “in” reader again. For the typical user of the parking lot, this works fine, because the user would normally swipe their card at the “in” reader to get into the lot in the morning, and swipe it at the “out” reader to get out of the lot in the evening. So long as the sequence is “in – out – in – out – in – out”, everything works fine. However, if a user swipes his card at the “in” reader to get in, and then passes his card back to a friend, the card would not work the second time when it was swiped by the friend. The attempt to use the card a second time would create an “in – in” sequence that is a violation of the anti-passback rules, and this is why access would be denied.

Picture Left: (1.) First the cardholder enters into the area and then the system will allow them to (*2.) exit.

Picture Right: If a cardholder has already (1.) entered and then before they exit they try (or someone else with their card tries) to enter again, the will be (3.) denied because there is an anti-passback violation because it is impossible to Enter and area when the system thinks you are already Inside.

Anti-passback can also be used at employee entrance doors. This requires that a card reader be installed on both the inside and the outside of the door. Employees are required to both "card-in" when they enter the building and "card-out" when they leave the building. The anti-passback feature is also commonly used with turnstiles.

There is an expanded version of the anti-passback feature called “regional anti-passback”. This establishes an additional set of rules for card readers inside of the building itself. Basically, this rule says that unless a card is first used at an “in” reader at the building exterior, it cannot be used at any reader within the interior of the building. The theory is that, if a person did not enter through an approved building entrance, he or she should not be permitted to use any of the readers within the building.

Depending on the access control system manufacturer, there may be additional anti-passback features in the system. Some of these features could include "timed anti-passback", which requires that a designated amount time pass before an access card can be used at the same reader again, and "nested anti-passback" which requires that readers be used in only designated sequence to enter or leave a highly-secured area.

Denying access when a user attempts to use a card out of sequence is sometimes called "hard" anti-passback. Hard anti-passback means that when a violation of the anti-passback rules occurs, the user will be denied access. Some access control systems also offer a feature known as "soft" anti-passback. When a system is using this option, users who violate anti-passback rules are permitted access, but the incident is reported to the person managing the access control system so that corrective action can be taken - most often notifying the offending employee that the access card should be used in the proper sequence in the future.

The anti-passback feature can also be integrated with the corporate computer system, preventing users from logging on to the network at their desktop computer unless they have properly entered the building using their access card. This feature can also temporarily disable the users remote log-on privileges while the user is in the building - the theory being that if the user is at work, there is no reason for someone from off-site to be logging on to the network using his or her user name and password. When the user leaves the building at the end of the day, his or her remote log-on privileges are turned back on.

Some Typical Situations

A. When someone enters the entry gate following others without his own authentication, he or she cannot get through the exit gate through his own authentication even his authentication is a valid one. It’s the same when someone gets through the entry gatefollowing others without his own authentication, he or she cannot get through the entry gate through his own authentication.

B. When someone gets through the gate, and then he or she “passes back” that card, say through a window or another door, to an unauthorized user, who then uses the same card to access the building, he or she cannot get through. The password authentication is the same.

C. When someone get through the Fingerprint/Card/Password authentication, he or she doesn't access, then he or she cannot get through the gate even the authentication is a valid one.

Set up an Anti-passback SYRiS Controller Exp:-

Set up an Anti-passback Suprema BioStar V1.62 Software Exp:-

Anti-passbackis a security mechanism that prevents a person from passing back her access card to the next person. It is designed to prevent the next person from verifying herself with another person's access card. When using BioStar, you can set up an Anti-pass back zone, which requires users who've already entered an area to leave the zone first before entering the area again. For instance, if the zone consists of two devices (let's call them Device A and Device B here), the user who's been already verified on Device A must verify herself on Device B before verifying herself on Device A again.

You can set up an anti-passback zone by performing the following steps:

1. On the Doors page, click Add New Zone.

2. Enter a name for the Anti-passback zone and choose Anti-passback Zone from the Type drop-down list.

3. Configure the settings of the Anti-passback zone and add devices to the zone by clicking Add Device.

·  APB Type

§  Soft - A user who has broken the Anti-passback rule can enter the area without the administrator explicitly releasing the alarm.

§  Hard– A user who has broken the Anti-passback rule can't enter the area without the administrator explicitly releasing the alarm.

·  In case of Disconnected

§  Door Open– Doors in the zone will get opened when the communication between the master and member devices is disconnected.

§  Door Close – Doors in the zone will get closed when the communication between the master and member devices is disconnected.

4. Choose the devices you want to add to the zone as In Device and click the right arrow button. Perform the same for Out Device.

5. Click Apply to transfer the settings to the devices.

Biometricization of systems in India

Heading towards “Biometricization” of systems in India

Biometrics Technologies are searching new ways to spread its limbs in recent technology driven era. Every system within the public domain is proposed to be made transparent, secure and safe in its operation. Looking at these demands, Government of India is trying to implement Biometrics Technology in their system under Digital India program. This initiative from Government is really appreciable and needs an applaud. This will really help to curb corruption, larceny, and truancy. Also, the implementation of biometric technology will help layman gain the services in more effective ways. 

We all know biometrics technology is one of the most secure, safe and reliable way of human identification. So, it is quite necessary to implement this technology in every process under Government of India. This will bring a fruitful result in comparison to other conventional methods. Through this blog, I would like to throw some light on a few sectors where Biometrics Technology has been implemented or are proposed to be implemented in the coming days.

Attendance System: As the new Govt took the charge at the center, they firstly implemented Biometric Attendance System in Government offices. Also, they launched an attendance portal www.attendance.gov.in where the attendance of every employee is monitored. Its implementation has really proved fruitful and now they are showing up at offices right in time. As a result, Govt. Officials are found in their workplace.

E-PDS Scheme: Slowly and steadily, every state governments are implementing biometrics technology in the Public Distribution System at different levels. This will show a drastic change in the whole process of ration distribution. The poor people who usually are kept aside from govt. aides now will be directly benefited. The mediators will vanish and e-ration card holder can enjoy their right to the food.

Skill Development: Under the skill development program, the implementation of Biometric technology is really an effective state. Each and every student's attendance is marked in biometric devices with its location and uploaded to the central server. This has reduced larceny and made the process more transparent and effective.

Passport system: Also, the government has proposed to make biometric characteristic a mandatory  verification during passport issue. This step has been taken to reduce the crime and illegal immigration. Effective implementation will lower down, the rate of crimes under different circumstances.

For Criminal Records: National Crime Record Bureau (NCRB) has decided to launch a software which will identify the criminals. The implementation of Biometrics will help officials to know whether the criminal had ever been previously prosecuted for any other crime. This will help in the faster procedure of judgments and other trials.

National ID for Fishermen: The major setback of fishermen is their identification. This also leads to prosecutions of fishermen and they are sent behind the bars without any charge. So to resolve this issue, the government has decided to issue National ID cards with biometric for fishermen.

The rapid implementation of Biometrics Technology in different fields is definitely going to solve major common issue every citizen faces into their day-to-day life. Biometrics Technology has a tendency to change the approach of Government officials towards safe, secure and transparent systems. So, Star Link India, being the largest Indian manufacturer of Biometric Attendance Systems, endorses the step of Govt. and promises full support from their side.

Fingerprint vs.Facial recognition

Biometric technology and ID identification has greatly reduced the possibilities of buddy punching and unauthorized access for businesses. Yet there are different types of biometric technology on the market as a business owner has to decide which will work right for their building.

Fingerprint recognition:
Door fingerprint locks rely on scanning the unique ridges and valleys on the tips of a worker's finger. These fingerprints are used to match the fingerprints on file in the system to identify the worker.

Facial identification:
Facial identification works by taking pictures of a worker's face at different angles during the enrollment program. These pictures are stored in the system's database. When a worker uses the facial recognition system, they show their ID card as the system scans their face through the camera and matches it to the pictures in the system.

How To Choose A Biometric System? 
Both facial and fingerprint biometric recognition systems have their advantages and disadvantages. Yet the benefits should convince most business owners to invest in one of these security and time clock attendance systems. To decide which biometric identification system to pick, use these factors based on the type of business:
* How much can you invest in a biometric system?
* How many biometric systems will you need?
* Where will the biometric systems be placed (interior or exterior)?
* What environmental issues may affect the biometric system operations (i.e. dirty work areas that will affect fingerprint scans or lighting that may affect facial recognition)?