After all the work to install and configure security system software and then network the devices, you’d think a facility would be safe. Sure, the building is protected against burglars, fires and unauthorized employee access, but what about the systems protecting against those dangers? No burglar alarm, glassbreak sensor, motion detector, access control system or CCTV camera can thwart the threats to networked security systems. Hackers, viruses and worms that plague cyberspace are invisible to the naked eye and attack vengefully without making any noise.
No network is safe, says Thom Helisek, vice president of information technologies for Pittsburgh-based Vector Security. “Whether you have 10 computers, if you have access to the Internet or any kind of remote access, or 1,000 computers, it really doesn’t matter. Proper protection against those bad things is necessary on a daily basis.”
While most of the actual protection — often in the form of technologies like firewalls, anti-virus software, encryption and data backup — falls under the responsibility of the end user or IT professional, it’s imperative that security systems installers know the basics of these threats and how to protect against them.
Security Networks Remain Vulnerable in a Variety of Ways
A key to understanding how to protect networked security systems involves comprehending the many ways networks are vulnerable to attack.
For example, remote login allows someone to connect to a computer from anywhere in the world and run programs or simply view the stored information. In the same vein, some applications and operating systems have backdoors, which also allow for remote access. Backdoors can either be intentionally placed or the result of a programming error — or bug. Hackers can exploit these access points to gain access to another network’s information.
Computers connected to the Internet are also prone to attack by computer viruses and worms. Viruses attach to computer programs, reproduce themselves and cause problems each time that program is used. They can infect computers through a variety of means, especially through E-mail or other Internet conduits.
While similar to viruses, worms differ in their means of attack, says Greg Young, technical services manager for San Jose, Calif.-based integrator RFI Communications & Security Systems. Instead of using software applications to propagate its species, a worm exploits computer networks by examining machines on a network for security holes. Once it finds one, the worm uses it to replicate itself and then infects that machine.
Another form of computer exploitation — and perhaps the most frightening — doesn’t come from a pimply-faced 16-year-old hacker, evil virus or slimy worm. Instead, this threat unassumingly sits in a cubicle and uses the network everyday as an employee at a company, school or other institution. If you can’t trust your own people, who can you trust? Even trusted workers can unscrupulously use their employer’s network for their own advantage.
Firewalls Provide Protection Against Internal, External Threats
One way to protect against external and internal threats to a network is to employ a firewall— a combination of hardware and software on a network’s server that protects that network’s resources from users of other networks. Essentially, it blocks and filters information coming into a network.
A less abstract way to understand a firewall is to think of it as a moat around a castle. Without the “moat,” every computer with Internet access within the “castle” walls is vulnerable to attack by hackers or viruses. To bolster security, a firewall can be set up at each of the castle’s drawbridges — or connections to the Internet. Additionally, computers within the castle might have individual firewalls built around them as well.
“We have clients who build firewalls around their own internal systems because their enemy could well be in their own organization,” says Keith Ladd, president and CEO of the Protection Bureau, a security integration business in Exton, Pa.
Once a firewall is in place, it can use several methods to control the information entering the network. Packet filtering puts packets, or small sections of data, through certain filters and allows appropriate information through the system and tosses the rest. With proxy service, the firewall retrieves information from the Internet and sends it to the system.
Another version analyzes data coming from inside the “moat” to the outside for special characteristics. Information traveling in the opposite direction is compared with these qualities. If it matches, the information is allowed into the “castle.” If it doesn’t — off with its head! This method is referred to as a stateful inspection.
The characteristics these three methods search for come in several varieties. Broadly, firewalls can search for specific words and phrases and filter out any information containing them. In some ways, such a filter can be like looking for a needle in a haystack. Eliminating materials with certain words or phrases can often censor valid information.
Firewalls can screen against certain protocols— how two devices will communicate with each other. A specific protocol for which a firewall can screen information is an Internet Protocol (IP) address, which identifies every user. A firewall can then also filter information coming from specific domain names, like www.securitysales.com.
Anti-Virus Software, Encryption Combat the Creepy-Crawlies
Unfortunately, firewalls can’t stop everything, so anti-virus software protects against any viruses that might be able to swim the “moat.” Software packages are available from many different companies and are generally installed on every computer within the “castle.” The programs scan new files for viruses before downloading and toss the ones that are infected.
While most security integrators leave the installing and updating of this software to the end user, Young cautions that anti-virus software, if not configured properly, can wreck havoc on some security devices.
“With DVRs, for example, that are Windows™-based, the manufacturer has certain requirements about how anti-virus software is deployed on those devices,” he explains. “If they’re put on like you’d normally put it on your PC, it can cause problems with performance.”
Young says manufacturers test their products with certain brands of anti-virus software, and integrators should check with them about their anti-virus configurations.
Another way to protect against viruses and worms is to put all security devices on a dedicated network without Internet access, reserved only for security devices, says Steve Thompson, director of marketing, fire and security, for Johnson Controls, headquartered in Milwaukee. Simply put, if a network has no Internet access, intruders can’t get in and firewalls and anti-virus software are no longer necessary.
Another layer of security some end users might choose to adopt is encryption, or the translation of data into secret code. Basically, this method scrambles a message, which then cannot be read until it’s descrambled by a decoder key.
Manufacturers sometimes offer encryption as an option on their security systems, Thompson explains. If it’s not an option and the end user wants it, many third-party companies offer encryption packages. Whether or not a customer decides encryption is a go “typically depends on the value of the content you’re protecting,” he says.
This form of security is used in several ways with security devices, Young explains. &
ldquo;Some methods encrypt communication between a server and panels, panels and field devices, or clients and servers,” he explains.
Encryption isn’t frequently used in security applications, Thompson says, simply because it’s not always necessary. As the communication protocols used between security systems are not typically published and are generally pretty difficult for a hacker to understand.
At any rate, encryption isn’t an afterthought: The integrator must determine if encryption is something the end user wants right away, perhaps even as soon as the site survey, Young warns. Because encryption is manufacturer-dependent, the technology must be considered when putting together bid packages.
System Design Should Take Into Consideration Potential Outages
System outages are another area of concern for integrators and end users alike. Any time security systems ride a general-purpose network, Thompson says, outages are more common simply because more devices are using bandwidth.
IT departments generally have plans to combat outages because, with repairs or maintenance, they happen sporadically. “Some systems have dialup backups so they can use phone lines as a backup if the network is down,” Young explains.
While such a method is dependent on the end user, the integrator can work to protect against the effects of a system outage, generally caused by power failures or harm to the physical network.
“The network should be designed so that a system outage would not immediately cause a loss of control of the security,” Thompson asserts. “That would mean I ought to be able to get alarms locally, I ought to be able to have card access continue to work.”
In a today’s world, integrators and end users cannot afford to be lackadaisical about network security. “It always comes down to carelessness, the attitude of, ‘It hasn’t happened yet, so it won’t happen today’,” Ladd says.
