MINIMIZE VULNERABILITIES IN YOUR IP SECURITY CAMERA

MINIMIZE VULNERABILITIES IN YOUR IP SECURITY CAMERA 

A security consultant can act as an adviser for a building owner, occupant or property developer in relation to the design and incorporation of the security solutions. Clients typically require security consultants to advice on potential security threats and potential breaches, and to create contingency protocols to safeguard their organisation or assets. Every security consultant should guide about Camera vulnerabilities to there customers.

Internet Protocol (IP) cameras are an important component of state-of-the-art video surveillance systems. Unlike analog closed-circuit cameras, IP security cameras, which send and receive data through a computer network and the Internet, offer businesses a number of benefits. These benefits include the ability to monitor and control their video surveillance system remotely and a significant cost savings by allowing cloud storage of video files. However, like any device that is plugged into the Internet, without proper attention to cybersecurity, the same IP security cameras you have installed to improve security in your business may, in fact, be making it more vulnerable to physical and network attacks.

What are Hackers Looking For?

Hackers look for vulnerabilities to exploit, usually for malicious purposes. There are plenty of reasons why hackers might want to break into your IP security camera surveillance system, including some that promise potentially huge rewards:

·        They may be planning a burglary or a physical attack on your building or its occupants. If they can break into your network cameras, they can observe your physical security practices, including when guards come and go and where there are opportunities to enter the building. Once they know where and when to break in, your entire facility and all of its occupants are at risk.

·        They may want to take advantage of your business computing resources, such as your network’s processing power, for the purpose of stealing large data sets or more recently, mining cryptocurrencies.

·        To steal high-value trade secrets to sell to your competitors on the black market.

·        To steal personal information for the purposes of conducting phishing attacks to obtain credit card and banking information from individuals.

·        To install malware, such as keyloggers, to capture passwords as they are entered or ransomware that takes your system hostage until you pay the hacker to release it.

Are Your IP Security Cameras Vulnerable?

The short answer is yes. All security cameras are vulnerable to hacking. The unfortunate reality is that in today’s cybersecurity environment, the question is not whether your system will be hacked but when, which makes ongoing and proactive cybersecurity measures a must.

Hackers can break into your video surveillance system in a variety of ways. In addition to hacking the cameras themselves, they can get into your network through:

·        The computer operating system you use (e.g. Microsoft Windows, Linux, etc.)

·        The software your system uses, including digital video recording (DVR), network video recording (NVR), or video management system (VMS) software

·        Any firewall ports you may be using to access the system controls

Given these additional entry points, the security of your IP cameras depends not only on the cameras you use but also on the network technology and configuration of your system. In general, the relative security the system provides depends on how access is configured:

Most Secure — The safest system uses the local network equipped with a network firewall and virtual private network (VPN) software for access. With this type of system, the only way to get through the firewall is through a secure, encrypted connection.

An alternative to this would be to use a cloud-managed IP security camera. With this type of system, rather than opening the firewall and relying on a password to gain access to the camera on a local network, cloud-managed IP cameras are configured to communicate with a secured server in the cloud over an encrypted connection, and users gain access by linking up their devices with those servers. Cloud-managed devices offer a good alternative to locally networked systems because most cloud services monitor their servers continuously.

Least Secure — The least secure type of IP security camera is used in conjunction with a system that relies on port forwarding (China based OEM propose) for access, which allows users to access the camera through a network firewall with nothing other than a password. With this type of system, the only thing keeping a hacker out is the strength of the password used.

How to Protect Your IP Security Cameras

One of the most important things you can do to protect your IP security cameras is to know what you have and whether there are any known vulnerabilities. The CVE Security Vulnerabilities Database is a great place to start. This site tracks the vulnerabilities of all kinds of Internet of Things (IoT) devices and is searchable by the vendor (manufacturer), product and version, specific vulnerabilities and their severity. When checked regularly, this information can help you identify and address new issues with your IP security cameras so that you can address them more quickly.

A comprehensive set of cybersecurity best practices can go a long way to improving the security of your IP security cameras and your video surveillance system as a whole:

·        Contain and compartmentalize your internal networks. Creating separate networks for your video surveillance system and your information systems not only saves on bandwidth, but also minimizes risk should any part of your system be compromised.

·        If you are not already using a firewall, implement one as soon as possible.

·        Use a unique, long, and non-obvious password for each camera. This is critical if you are allowing access with a port forwarding system. If your system employs a VPN, however, having a single strong password for all cameras will suffice.

·        Change all passwords every 90 days at a minimum.

·        Enable two- or multi-factor authentication for your system, which requires the user to provide another piece(s) of information unique to the user, such as a code sent via text or phone, secret questions, etc. This is critically important if you are using a port forwarding system.

·        Develop and document cybersecurity guidelines and provide cybersecurity training to all employees who will have access to your video surveillance system.

·        Establish a cybersecurity incident response team so that you can swiftly and effectively respond to any breaches.

·        Stay on top of the operating system and software updates and apply them promptly when they come out.

·        If you use a cloud-based system, make sure you use a trusted provider.

·        Stay up-to-date with the latest cybersecurity standards.

 

Cybersecurity concerns are a long-standing issue for Hikvision, e.g., it was US government federally banned by the 2019 NDAA and the US government is planning to ban FCC authorizations for Hikvision, so this admission comes at a critical time for the company.

Researcher describes only access to the http(s) server port (typically 80/443) is needed. No username or password needed nor any actions need to be initiated by camera owner. It will not be detectable by any logging on the camera itself. This is the worst Hikvision vulnerability since Hikvision's backdoor was discovered in 2017 where Hikvision included a magic (ostensibly secret) string that allowed anyone with that string to perform admin operations, without having the device's admin credentials.

The attack can be executed via HTTP (port 80) or HTTPS (port 443). Once a camera has been compromised, the attacker can use it as a starting point to explore the rest of a victim’s network. Past attacks on connected cameras have also sought to enlist the devices into botnet armies capable of launching massive DDoS (distributed denial of service) attacks or spam campaigns.

This vulnerability is about as serious as they come, rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).

IPVM estimate 100+ million devices globally are impacted by this vulnerability making it, by far, the biggest vulnerability to ever hit video surveillance. The combination of its critical nature (9.8 / "zero-click unauthenticated remote code execution") and Hikvision's massive market size make this risk unprecedented.

For background, back in 2016, Hikvision said they manufactured "more than 55M cameras" and the annual output has grown substantially since. Hikvision has therefore shipped a few hundred million cameras and tens of millions of recorders during the time frame the vulnerability covers.

The end-users who buy these cameras are responsible for the data/video footage they generate. They are, in other words, the data custodians who process the data and are in control of the video footage, which is required to be kept private by law (under the GDPR). Secret access to video footage on these devices is impossible without the consent of the end-user.

Dahua is another in Ban list. Watch above video. https://youtu.be/MtkeaoS3jBc

Keeping Up with Cybersecurity Threats Can be Daunting

Hackers are relentless in their attacks and there is not a single industry today that is immune to them. Almost half of all cybercrimes are committed against small businesses, and it has been predicted that a business will fall victim to a ransomware attack every 14 seconds by 2019.

If you need help with your video surveillance system, SSA Integrate can help. Our security experts stay on top of the technology and all the best practices in cybersecurity so you don’t have to. We give importance of our customer data security.

If you are installing a new video surveillance system, we can help you select the right technology to meet your needs and ensure it is properly configured to provide the top level security you expect. We can also look at your current system to identify and eliminate any vulnerabilities and provide the monitoring and updates you need to keep your system secure. Whether you need five cameras or 500, SSA Integrate can help. Contact us today to learn more.

Ref:

https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/?sh=138e83062f31

https://ipvm.com/reports/hikvision-36260

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36260

https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html 

Selecting Right Security Consultant

 Selecting of Right Security Consultant

To find the right person or organization for your project, check references, create a good request for proposal and learn whether or not they will be contracting out some of the work.

If you have ever considered using a security consultant and found yourself a bit confused by the topic, don’t feel alone. Finding the right consultant, one who will save you money and benefit your campus requires a little understanding. Here are some tips that should help clear up some of the confusion.

1. What is a security consultant?

A security consultant is an individual or group of individuals who have specialized knowledge in some facet of the security industry. A consultant should serve only the interest of his or her client. Persons who work with, for or receive compensation from a vendor, integrator or anyone else who may directly benefit from your project fall into a separate category.

Some vendors may offer to provide security planning free of charge. They may even do a competent and ethical job. The problem remains that in-house experts will always have conflicting priorities: 1. to maximize company profit, and 2. to save money and work solely in the interest of their client (the vendor or integrator). A true consultant works only in the interest of their client (the hospital, school or university) with no potential conflicts.

2. How do security consultants learn their trade?

Security consultants usually begin their career in one of the many disciplines in the security industry. They may start their careers as police officers, electronic engineers, installers, integrators or manufacturers. Individual work with MNCs last 10-12Yr can show appreciation letter from there customer. The list can be extensive. 

Knowing how and from where they developed their consulting career can be helpful in judging their compatibility with your project. The area where they began will often indicate the area(s) where they are most knowledgeable.

 
3. What activities are covered by security consultants?

One of the many difficulties in choosing the right consultant is that the field is incredibly broad. Security is made up of hundreds of individual disciplines, all of which must fit carefully together like pieces of a large jigsaw puzzle. Unfortunately, no one can be an expert in all of the related topics. Here is just a partial list of specialties: perimeter fences, exterior access control, workplace violence, emergency planning, security force management, security policy and procedure, training, video surveillance, logical access control, intrusion detection, systems integration, key management, door and window hardware, building design issues, crime prevention through environmental design. The list could keep right on going. 

Some projects can be handled by an individual, while others may require a team to ensure the proper depth of knowledge in each critical subject area.

 
4. Should I look for depth or breadth of knowledge in a consultant?

Some security consultants know a little about everything, others may know a great deal about a few things. Your needs will help you determine which is most important. 

Consultants with great breadth of knowledge are valuable in seeing the overall picture, identifying all of the puzzle pieces and figuring the best way to fit them together. Consultants with depth of knowledge may be better at providing specifications for specific electronic hardware that will best fit campus requirements and compatibility needs. Finding a specialist with relatively good general security knowledge can be a real plus.

The ASIS International management credential (CPP) was designed to help specialists gain a broad understanding of the other security disciplines that must fit with their specialty. Having a CPP is not a guarantee of competence, but it is a means for a specialist to broaden his or her understanding of overall security.

5. How can security consultants benefit my campus?

Security consultants can provide a variety of services that can be quite valuable. They can:

·        Provide an unbiased view of your security needs

·        Bring knowledge from solving problems in different environments

·        Save money by resolving problems with cost effective solutions

·        Bring a fresh pair of eyes to review campus problems

·        Provide recommendations that may have more credibility than experts from the campus security department offering the same thoughts and ideas

·        Assist in negotiating lower bids by knowing what the labor time and charges should be for individual tasks

·        Write comprehensive specifications that make it difficult for unscrupulous vendors to add charges during the construction period

·        Provide post construction services to ensure that all aspects of the job have been completed properly as detailed in the specifications

·        Help recruit and select a truly qualified vendor

·        Provide other assistance

Not all consultants offer these advantages, but they are all possible when the right consultant is selected.

 

6. Should a consultant specialize in one type of campus?

If, for example, you currently manage security for a hospital, should your consultant specialize only in hospitals? Too much emphasis on specificity is reasonable but may also serve to eliminate the strongest contenders. Hospitals, high rise buildings, university campuses and schools all have unique security requirements. It is beneficial to choose consultants who have worked with and understand these requirements. 

On the other hand, consultants who also have experience outside that specific client type of institution may bring a greater breadth of ideas and experience.

7. What should I know about my consultant?
There are many things you will need to know about your consultant before signing the contract, including:

    ·        Their reputation by talking directly to their clients
·        The types of projects they work on, particularly those with similar complexity to yours
·        He / She self is member of (Security part) ASIS, SIA etc. Also check OEM contacts how is.
·        The strengths of all team members who will be assigned to your project
·        That the team will be committed to your project.
·        If they have the breadth to understand your overall security needs, and where and how a specific countermeasure must fit within the overall security program
·        If they have the depth of knowledge to write detailed specifications that will avoid extra construction period charges
·        Whether or not they have the capacity to handle your project without unreasonable delays. Companies with too many existing projects can result in delays or shortcuts that result in cost overruns.
·        Whether the contractor has any direct relationship with or receives compensation from any product or service that might relate to your project
 

8. What should I know about outsourcing and partnerships?
Some consulting organizations rely on partnerships to complete their tasks. This can be normal and beneficial to your project. Consultants who lack the required depth of knowledge in some area of your project can reach out to another consulting organization that has the requisite skill set.

It is critical that all partnerships and outsourced work be given the same scrutiny as the primary contractor. You will need to know their reputation, talk to their clients and have all team members listed along with their background and expertise.

9. How can I learn about a consultant’s reputation?
There are several things that can help in selecting the right consulting firm:

·        Develop in-house security knowledge. The broader your understanding of security, security countermeasures and how they fit together, the better you will be at selecting the right consultant.
·        Talk directly to former clients. Determine how close their project is to the one you anticipate. Ask about problems with their overall performance, including unanticipated cost overruns and delays in their service delivery. Ask how satisfied they are with the final result.
·        Get detailed information on all individuals who will be assigned to your project alongwith appreciation letter from his customers.
·        Check the information are true or falls.

10. How do I improve my chances in finding the right consultant?

·        Construct a well written request for proposal (RFP)

·        Take all prospective members on a job walk at least two weeks prior to the submittal due date 

·        Give them a good feel for your needs, areas of concern and project details 

·        Allow a period for them to submit questions prior to the proposal due date. The questions they ask may hint at their expertise. Share questions and answers with all potential vendors.

·        Have all competing vendors give a presentation on their approach and areas of emphasis that they would use in handling your project. Ensure that all evaluators fully understand the details of the RFP. 

·        The RFP should include mandatory disclosure of any monetary or other link between the consultant and any vendor that may be considered for the proposed work

·        Look beyond the low bid to your confidence in the organization and its ability to deliver what you need.

Thanks to Mr. James L. Grayson, CPP is a senior security consultant for Summers for support.

IoT is future of Video Technology

IoT is future of Video Technology 

The Internet of Things is about connecting network-enabled devices and exchanging data between them. This offers great potential for improving processes wherever information needs to be exchanged securely and quickly. It enable devices and add much more value than they have had so far. For this, there is no better example than security cameras. With IoT we’re able to push and pull nuggets of intelligence from sources we never considered before: environmental sensors, pressure plates, door lock timers and much more. It’s helped us break through the constraining mindset that security systems are strictly single-purpose.

Acting alongside other sensors, such as motion or smoke detectors, security cameras have been in use for a long time, however without being connected to each other through data networks. Growing demands for smart video surveillance in public spaces, commercial buildings, public transport and other areas and the rise of IoT will drive for the further integration of these cameras systems. Let's see how video surveillance has evolved to this day and where the journey is heading.

The past: standard security surveillance systems

Closed-circuit television systems (CCTV) have demonstrated that they can do what they're supposed to: give humans a better eyesight on the security situation in order to reduce security incidents. CCTV cameras can only show and record video footage and not much more beyond that. As they do not understand what they are watching, they are also unable to do anything about it.

To fight theft, violence, vandalism or fire effectively, cameras must be able to detect and interpret such incidents by themselves. They must also have the capability to cooperate with other systems, such as alarm systems.

This is where the Internet of Things comes into play. It connects network-enabled cameras with other devices and systems that perform other tasks and turns security surveillance into smart safety and security management.

Video surveillance systems built the largest segment in our country. That’s why today modern camera systems are widely used in many areas of life, retail, commercial buildings, stadiums, transportation and public spaces in cities.

Security cameras frame the next technological step in the security surveillance evolution…

The future: smart security surveillance

The times when video surveillance systems only deliver video that must be continuously observed by humans are over. Machines able to record and analyse video data in one go are already available, and they can provide security managers with deep insights instead of single pieces of information.

This will significantly improve security and security-related processes in many areas and industries by enabling faster and more insightful response to any sort of incidents.

Future security surveillance essentially combines 3 technologies that will completely change the game: computer vision, automation and deep-learning, driven by powerful processors and apps on cameras in the IoT. Let's take a quick look at these technologies.

Data is the new digital oil

All these devices at their most basic, simply collect data. This information is used to streamline, manipulate and measure the way you interact with the world. From your online habits to your physical day-to-day routine – every single thing you do or don’t do is, or will very soon be, monitored.

In the case of connected ‘things’ – now known as ‘smart devices’ due to their ability to collect and transmit information – each one sends bytes of data over the internet to an application that interprets and collates that data into valuable insights. Your service provider and the product manufacturer can then use those insights to achieve a variety of objectives – from improving the device’s performance, and your experience of using it, to identifying how or when they should be selling you extra services or products.

What precisely is connecting all of these IoT things

2G, 3G and 4G are terms that we all know and understand well but how about radio, Wi-Fi, NB-IoT or LPWAN? There are various types of connectivity that can underpin the Internet of Things and these latter ones are arguably the most widely used outside of pure cellular connectivity.

When we talk about the ‘internet of things’ it’s not immediately clear which type of ‘internet’ connectivity we’re referring to because many devices are now being designed to intelligently select the connectivity that best suits its needs, based on the following three things:

Power consumption – How much power does the device or sensor need to operate?
Range – Does it need to connect and send data over great distances?
Bandwidth – Will it transmit small or large amounts of data e.g. low bandwidth and high bandwidth?

Two of the most commonly utilised connectivity networks are:

Cellular

Most of us are very familiar with cellular connectivity as it is used around the world to connect our mobile phones to the internet. IoT devices also use cell towers to connect to a cellular network. Cellular connectivity is prolific, has excellent range and the capacity to send high volumes of data over the network but uses a lot of power and, therefore, is not ideal for IoT devices which don’t have access to an immediate power supply and need a long battery life to operate over long periods of time, for instance in rural or agricultural areas.

LPWAN

‘LPWAN’ stands for Low-Power Wide-Area Network, which is a type of radio technology and is so far one of the most ideal connectivity networks available to IoT sensors that are deployed in areas where there is a lack of range. These devices are usually battery-powered and send very small packets of data over the network. This connectivity is ideal when it comes to monitoring utilities such as water, gas and electricity using smart meters and for farming and agriculture to check on water quality, sensing soil moisture and tracking livestock.

Computer Vision

Computer vision is becoming smarter because of more sophisticated algorithms, faster devices, larger networks and access to a wider range of data sets through IoT. This allows machines to “see” and analyze in real time.

“Deep Learning and general AI techniques within computer vision, makes possible what would be impossible to do by the naked eye.” - Matt Candy, Global leader for IBM’s iX creative solutions.

Example: Detect fire and smoke within seconds

Many threats, such as smoke, are difficult for the human eye to detect in videos, especially in poor lighting conditions. Seconds later, however, a fire may have broken out. Security cameras equipped with smoke and fire detection can alert at an early stage and activate the proper safety measures without any human assistance.

Source: Bosch Security Systems

Automation

Speed plays an important role in safety and security. The faster you react to security incidents, the greater the chance of preventing or at least reducing damage. In case of theft in a store, every second counts, because criminals may disappear before security personnel can intervene.

Standard security surveillance via CCTV wastes valuable time because reaction paths between machines and human operators are too long. Smart cameras take a shortcut by saving staff from interpreting videos. They immediately deliver notifications or initiate appropriate actions themselves.

Example: Detect and catch thieves in retail

The "AI Guardman" security camera helps shopkeepers identify potential thieves in time. Software installed on the camera scans live video streams and analyzes the poses of any person it can see. This data is automatically matched against predefined "suspicious" behavior. When it sees something remarkable, it alerts onsite personnel via app for double checking.

Deep learning

“Cameras capture the video, but video analytics captures the value.” (IBM)

Using computers for video analysis is not a new idea. However, there is a problem that slows the development of video analytics: mobile video made on drones or vehicles is full of dynamic variables that can confuse even the most intelligent computers. That's why many companies and startups are working on smart systems using self-learning algorithms.

Deep learning is a machine learning method based on artificial neural networks. Video analytics, which gives security cameras the ability to analyze video data on board, is one application of deep learning. Another application is automation, which embeds video analysis into processes.

The good thing about deep learning is that developers of video analytics apps for security cameras don't have to reinvent the wheel themselves. There are already sophisticated frameworks that simplify developing deep learning models, such as Google's Tensorflow, Microsoft’s Custom Vision and IBM’s PowerAI Vision.

Example: Training object recognition using IBM’s PowerAI Vision

To determine whether workers are complying with safety regulations such as wearing helmets, security cameras need to know what helmets look like. In case a person is not wearing a helmet, a camera could react and alert. This is what a simplified training process looks like…

Source: IBM

Flood Management Assistance

As recent hurricanes and floods have shown, water damage can be devastating to a community. That’s why some municipalities are using their city surveillance cameras in conjunction with water sensor to proactively address the problem.

Water sensors collect data from multiple sources such as rain gutters, sewer systems and pump stations, in order to monitor fluctuations in water levels and water quality. If an alert triggers, having a network camera in proximity to visually verify the situation helps responders determine the best course of action. For instance, if multiple water detection sensors trigger alerts simultaneously or sequentially over a large area it’s probably due to natural runoff from recent rainfall. But without eyes on the scene, how can you be sure?

Network camera adds another dimension and timeliness to flood management by helping responders investigate and identify the cause of a trigger remotely. It might be a fire hydrant spewing water, a water main break or even a chemical spill. With video streaming live to the command center, staff can remotely inspect the area, determine the cause of the trigger and decide whether remediation is required, thus avoiding the expense of dispatching an investigative crew to a non-event.

Environmental Control Assistance

Data centers house the lifeblood of a business so it’s no wonder why companies work hard to protect them. We’re all familiar with the integration of network cameras with access control systems to visually verify who is actually using the credentials. 

But there’s another aspect to protecting data centers and that’s environment control. Data centers need to maintain optimum humidity and temperature for the racks of electronics. When environmental sensors in the facility detect out-of-norm ranges technicians can remotely command a network camera to zoom in on the gauges and help them determine whether remediation might be necessary.

Coupling network cameras with other sensors in the data center can provide visual confirmation of other conditions as well. For instance, every time a data rack door-open-close sensor detects an event it can trigger the camera to pan to the location and stream video to security. Some data centers employ weight sensors at the doorway to weigh personnel and equipment as they enter the room and when they exit to ensure no additional hardware is being taken out of the facility or left inside without permission. Any discrepancy would trigger the camera to zoom in for a close-up of the individual’s face and send a visual alert and ID information to security.

Roadway Management & Parking Assistance

Network cameras have long played a part in city-wide traffic management. Adding video analytics and integration with network sensors, makes those cameras that much smarter and versatile. They can detect cars driving in bike lanes or driving in the wrong direction and capture license plates of offenders. Their ability to detect anomalous traffic flow patterns can be integrated with car counting sensors, networked electronic road signs and traffic light systems to automatically redirect vehicles to alternate routes.

They make great, intelligent parking lot attendants, too. Working in conjunction with weight sensors network cameras can count vehicles coming into and leaving a lot or garage and verify when the facility has reached capacity. License plate recognition and video analytics can be used to ascertain that a vehicle entering a reserved parking space doesn’t match the credentials and vehicle attributes in the database.

With the addition of noise sensors and audio analytics, network cameras can improve roadway and parking facility safety by detecting and identifying specific sounds – breaking glass, car alarms, gun shots, and aggressive speech – and triggering a visual alert to first responders.

Shopper Experience Assistance

In the early days of online shopping, e-tailers designed their sites to replicate the in-store customer experience. In an ironic turn of events, today brick-and-mortar stores are trying to mirror the online shopping experience. To do so, they’re turning their security systems into adjunct sales assistance. With network video and audio system automation they can recognize and acknowledge loyal customers with personal greetings.

With heatmapping analytics they can measure how much time a customer spends in a specific department or observe how they walk through the aisles of the store. They can track shopping behaviors such as items looked at that made it into the cart or didn’t, or whether a customer actually checked out or left the merchandise behind. By capturing these shopping patterns and trends retailers can shape a more positive, more profitable customer shopping experience.

For instance, integrating video analytics with point of sale systems and RFID sensors on merchandise tags can result in timely alerts to sales associates to recommend additional merchandise. This is a case of emulating how e-tailers let the customer know that other customers who bought X often also purchased items Y and Z. Or to avoid disappointing customers due to stock outages, retailers are linking weight sensors and video analytics to make sure their shelves are well-stocked and if not, quickly alert associates to what items need to be restocked.

Capturing Business Intelligence

Retailers are also using video cameras to monitor checkout queues and trigger automated announcements over the public-address system, closed system such as smartphones or other wireless communications devices that checkers are needed rather wait for a person to call for backup.

They’re applying people counting video analytics to checkout activity to create rules-based consistency in customer service. While retailers will always use their surveillance camera for loss prevention, they’re finding that integrating traditional technology in new ways can yield even bigger returns.

Linking network video surveillance, video analytics, network communications system and sensors with point-of-sale systems and customer loyalty databases, retailers are capturing the business intelligence they need to get back in the game and make brick-and-mortar a greater overall experience than online shopping.

A Natural Cross-Over Technology

This trend towards integration has forever changed how organizations view their investment in security technology. The intelligence and versatility of a tool that can see, verify and analyze what’s happening in real-time is spurring users to tap its cross-over potential for a host of other tasks that could benefit from more astute situational awareness – everything from manufacturing and equipment maintenance to logistics, inventory control and beyond.

IoT laid the groundwork for network security solutions to seamlessly integrate with other IP-based technologies, sensors and programs. How we capitalize on that connection is only limited by our imagination.

ELECTRIC STRIKE LOCKS AND MAGNETIC LOCKS

 ELECTRIC STRIKE LOCKS AND MAGNETIC LOCKS

Access control locks on doors have come a long way in the past 30 years or so. They contribute more than you might think to our safety and security while at work, or while spending time in public buildings such as schools, government buildings, and healthcare facilities.

There’s a lot more than meets the eye when it comes to electronic door locking hardware. Because of their importance to safety and security, we thought we’d spend some time exploring two of the most common types of access control locks in use on buildings today — electric strike locks and magnetic locks — and discuss their different features, benefits, and potential drawbacks.

If you own or manage any kind of commercial building, healthcare facility or school, this post will give you a better understanding of these two very popular locks, including some of the advantages and disadvantages of each.

 

You’ll often see the terms “fail-safe” and “fail-secure” when looking at different access control systems. These are important terms to understand because they tell you how the lock will function in the event of a power failure:

·        “Fail-Safe” requires power to lock the door. If power is lost, then the door will become unlocked. (Typically Mag Locks)

·        “Fail-Secure” requires power to unlock the door. If power is lost, then the door will remain locked. (Typically Door Strikes)

It’s also important to have a basic understanding of the different parts and how they function together. Most door locks have three major components that work together to keep the door secure. They include the handle and the latch (the small metal bolt that sticks out of the side of the door when open), which together make up the lockset, and the strike. The strike, or “strike plate” is the metal plate or assembly installed on the inside of the door frame and is aligned to receive the latch and hold it secure.

Electric strikes are electromechanical door locking devices, meaning they are mechanical locks with electronic devices that provide additional functionality.

Electric strikes are used in combination with another form of locking devices, such as a lock set or a panic bar. They are installed in place of the conventional lock strike plate on the inside of the door frame. Electrical power is supplied to the strike, which holds the latch or lock bolt in place, keeping the door locked until the release system is activated.

The type of release system chosen will vary based on the application. Examples of release systems for electric strikes include reception release buttons, a keypad for entering passcodes, electronic key card or fob readers, etc. Once the release system is activated, a hinged piece of metal inside the electric strike will pivot to allow the door to open without having to turn the door handle.

The lock or panic hardware functions independently of the electric strike. Therefore, while the electric strike plate functions to keep the door locked from the outside, even if the power is out, you can still open the door from the inside by turning the door handle or pushing the touchpad of the panic hardware. This is an example of a fail-safe function. However, depending on the application, most electric strikes can be set to either fail-safe or fail-secure using an integral switch.

Magnetic or “Mag” Locks

Mag locks are electromagnetic door locking devices. A mag lock consists of a large electromagnet installed along the top of a door frame and a metal plate on the door that lines up with it. The lock functions by passing an electric current through the electromagnet, creating a magnetic charge that attracts the plate and holds it in place against the door frame. This keeps the door securely locked until the power is removed or interrupted.

Examples of release systems for mag locks include many of the same devices as for electric strikes. When energized, a mag lock can create a retention force greater than 1,000 pounds, making it a very effective lock. That is, until the power is cut. Because mag locks by design require a constant supply of electricity to remain locked, mag locks are fail-safe only — they do not function to keep the door locked from either side when the power is out.

Choosing the Right Locks for Your Building

When comparing magnetic locks to electric strikes, important factors to consider include whether it will be used on an interior, exterior, or fire rated door; the purpose of the door; and the relevant life safety regulations.

Budget concerns, while also important, should be considered secondary to these. Choosing a lock based solely on cost often leads to higher costs in the end when it is discovered that the lock is not code-compliant or that it does not work for the application for which it was intended.

The following table provides a summary of some of the features of each type of lock and some of the advantages and disadvantages that you may want to consider when choosing a locking mechanism for your doors.

Features	Electric Strikes	Mag Locks
Functionality	Electromechanical	Electromagnetic
	Works in combination with a mechanical locking mechanism by replacing the standard fixed strike of the lock with an electronically controlled strike.	Works independently of the mechanical door latch by means of an electric current passed through an electromagnet installed on the door frame creating a magnetic charge that bonds to a metal armature plate on the door.
	An access control device is used to trigger the strike plate and release the lock bolt or latch.	An access control device is used to cut power to the electromagnet to trigger the release of the lock.
Power Fail Modes	Can be fail-safe or fail-secure.	Only available fail-safe.
Installation	Mounted in the frame, and its wires are typically inside the frame.	Installed on the face of the door and frame, it can be installed relatively easily by most contractors.
Advantages	An electric strike is much less likely to delay egress because it can be easily operated from the inside of the building.	One of the most effective types of hardware for securing both sides of a door.
	Lockset can stay locked but the strike releases to allow the power operator to freely swing the door open.	Easy to install with no interconnecting parts.
	Acts as a release — Can be used on a door with an automatic opener.	Reliability — with no moving parts, they suffer less damage in an attempted forced entry.
	Availability as either fail-safe or fail-secure allows for a wider variety of uses.	Quick release — unlock instantly when the power is cut, allowing for quick release compared to other locks.
Disadvantages	Visible to the door user, which can make it more susceptible to tampering	Potential safety hazard — can slow egress in the event of an emergency.
	Complexity of devices typically requires skilled installers	Can fail in the event of a power outage, disabling security.
	Must be precisely matched to the hardware on the door, or they will not work	Can become difficult to open the longer the mag lock is continuously locked.
		Requires battery backups to be secure during a power outage, which requires routine inspection and replacement of batteries.
		Can be easily tampered with.
Relative Costs	$$-$$$	$$$-$$$$

It is important to remember that door locks in public buildings must meet applicable regulations based on the type of door on which the lock is to be used. Most safety codes pertain to egress doors — those that provide occupants a way to escape the building in the event of an emergency. This includes a number of different types of interior doors and exterior doors.

In most cases, door hardware is required to provide for free egress at all times with hardware that is readily openable from the egress side without a key, special knowledge or effort; and depending on the code, may also require the ability to open in one action. Relevant regulations regarding means of egress can be found in:

·        Chapter 10 of the International Building Code (IBC) and International Fire Code (IFC)

·        Chapter 7 of the National Fire Protection Association (NFPA) 101 Life Safety Code

·        Chapter 11 of the NFPA 5000 Building Construction and Safety Code

Additional regulations regarding the use of locks on fire rated doors can be found in Chapter 6 of the NFPA 80 Standard for Fire Doors and Other Opening Protectives.

You may need one or both types of locks on the different doors within your building. Hopefully, this post has provided you with the information you can use to determine if the locks you currently use for access control are adequately meeting those needs and are compliant with all the relevant codes. If you’re not sure, SSA Integrate can help. We have Certified Access Control & fire experts that can help you determine the best solution to meet your security needs while keeping you compliant with all the relevant codes. Contact SSA Integrate today to learn more.