Security System Networking 101

Daily conveniences like logging on to the Internet, updating company-shared files and multiple computers sharing one printer are only a few of the benefits of a networked computer system. It makes information widely available and saves time and energy.

The good news is the advantages of networked computers are being extended to the security industry daily. With networked security systems, end users can, for example, delete or add cardholders at one location of an enterprise system and apply it to multiple locales, and link video footage to alarms all with the click of a mouse.

Security systems integrators not providing networking services are passing up increased revenue and a technology growing more and more commonplace everyday. For those who aren’t as computer-savvy, networking — with all its related acronyms, software and hardware — may sound scary. According to experienced industry veterans, however, it doesn’t take Bill Gates to network a security system.

Once you understand the basics, the installation and configurations become more manageable. Integrators have access to a plethora of resources on this technology and commercial and residential markets offer plenty of opportunities to exercise your new capabilities.

Novices Need to Know Networking Nuances Before Starting Jobs
Before taking advantage of security system networking’s vast applications, make sure you know what you’re doing. While networking security devices is not as hard as one would fear, it’s not a piece of cake either. Thus, veteran integrators emphatically recommend that novices have a basic understanding of networks. So, start at the very beginning: A network consists of two or more computers linked together physically and through software to share information and resources.

On a small scale, it’s two computers in an office building or home sharing files and printer access. Much more broadly, it’s the Internet, which connects computers all over the world to access an infinite amount of communal information. In that regard, even one computer with an Internet connection is part of one giant network — the World Wide Web.

Building a network requires several components. Application software facilitates the sharing of information by sending requests from users to the server, or between users. Network software creates rules for how the computers will talk to each other, or protocols. The materials physically connecting computers are called network hardware.

Local-area networks, or LANs, are typically used to connect computers separated by short distances, like those in an office building or school campus. Conversely, wide-area networks, or WANs, connect computers separated by large distances, like those across the country. The Internet is essentially a massive WAN.

The most popular communication system for LANs is Ethernet, typically delivered via Cat-5 wire or fiber-optic coaxial cable, says Steve Thompson director of marketing, fire & security for Milwaukee’s Johnson Controls. Layered on top of that is a communication protocol, or the conventions that computers use to communicate over the Internet. One common protocol is Transmission Control Protocol/Internet Protocol(TCP/IP).

So, using all that technology, if computers can talk to each other and share information, it seems only natural that security systems software could, too, Greg Young, technical services manager for San Jose, Calif., integrator RFI Communications and Security, says.

Establishing IP Addresses Is the First Step in Networking Security
Each security device in a network needs an IP address. Every computer with Internet access and every Web site are assigned an IP address, which is comprised of four numbers ranging from zero to 255, separated by decimals — 100.34.245.178, for example.

Each chunk of numbers represents eight bits of binary data. Essentially, it’s the user’s street address in the World Wide Web. Every computer or device on a TCP/IP network must have an IP address, and security devices are no different. The end user’s Information Technology (IT) department will have a list of addresses they use and organize.

According to Thompson, security devices have two options for addresses: static or dynamic. The former assigns each device an address that doesn’t change — sort of like a house’s address. Still, like neighborhoods, networks change over time. What if a house were built between your and your next-door neighbor’s house? If you live at 2 Elm St. and your neighbor at 3 Elm St., what’s the address for your new next-door neighbor?

Dynamic addressing takes new construction into consideration. By using a Dynamic Host Configuration Protocol (DHCP) server, a PC can assign an IP address every time a device connects to the network. With dynamic addressing, a device’s address might even change while it’s in use! This method makes lives easier by using fewer addresses at any given time, keeping track of the addresses and eliminating the need to manually assign each new device a unique address. (To enable DHCP, follow the steps on the diagram in the September issue.)

DHCP has the capability to issue dynamic addresses as well as static so certain devices always have the same address — a good thing when it comes to security devices. Cameras and network video recorders (NVRs), for example, must be assigned static addresses. Once the devices are assigned an IP address, they must be configured to communicate together. In other words, the NVR must be told to get images from a specific IP address — the camera.

Thus, these devices need consistent IP addresses. Because dynamic addressing could change a camera’s IP address anytime, even when it’s in operation, communication between it and an NVR configured to find images at a now defunct IP address, would cease. Otherwise, the devices would have to be reconfigured constantly.

Default Subnet Masks, Gateways, Domain Name Servers: Oh, My!
Another aspect to keep in mind is the machine’s subnet mask. A portion of a network that shares the same IP address prefix is called a subnet. A subnet mask further breaks down the IP address’ host address to determine to which subnet the device belongs. For example, a device with an IP address of 192.66.172.22 and one with 192.66.172.23 are in the same subnet and thereby communicate much easier, Davitt explains.

Similar to how an integrator must obtain an IP address from the end user’s IT department, the installer should also check with it regarding the subnet mask. According to Davitt, the default subnet mask refers to the first three octets of an IP address-like number: 255.255.255.0. The mask doesn’t have to be the default, and can be adjusted if necessary. A larger company might have 255.255.0.0.

Should the security devices need to be accessed from outside the network, the integrator must take special measures. In this case, a gateway, or a device on a network acting as an entrance to another network, must be configured to allow outside access to the camera, for example.

For added security, the gateway should be configured to allow only machines with specific IP addresses (for example, the security manager’s or president’s home computer) to access the device. The security devices can also be configured to require encrypted passwords.

External access to security devices could require a domain name server(DNS) should somebody prefer to use a text URL rather than an IP address. While typing a string of numbers works just the same, and, with book-marking capabilities, is just as easy, should the end user prefer to use text, a server that converts plain text into numbers must be installed.

Systems Are Vulnerable to Hackers, Viruses, Poorly Designed Networks 
Regardless of all the benefits of a networked security system, there is a flip side: vulnerability. Linking security systems together can set the end user up for a variety of problems, preventable or not.

Anytime a system is connected to the Internet, it’s vulnerable to hackers, worms and viruses. One way to avoid this problem is to install a dedicated network, or one reserved only for the security system, Thompson says.

Infrequently done, dedicated networks are generally reserved for very small jobs or applications requiring high security, integrators say. Thus, other means of protection must be taken. (For more information on this topic, see “Securing Networked Security Systems” on page 90.)

Installing a security system on a shared network also makes that facility’s security dependent on the viability and durability of that existing network, Thom Helisek, vice president of information technologies for Vector Security, explains.

“The biggest con to networking is if the network design was not properly completed and that’s a big, big topic,” he says. “That would encompass things like allocation of bandwidth or not properly securing the network from viruses or worms. Poor system design would encompass all of those things.”

Although only used as a last resort or for temporary installations, a wirelessfidelity (Wi-Fi) network is also a possibility for security systems. An example would be the edge of a parking lot or remote locales like the top of a mountain, where wiring would require considerable expense and labor or be nearly impossible, Davitt explains.

Such networks have their own brand of issues as well. For instance, because there’s no switch to isolate bandwidth on a wireless network, bandwidth issues are amplified, especially if the network is used for other purposes.

Eavesdropping, or snooping on messages sent within a network, is easy because anyone with a cheap and easily available transceiver can “hear” a message. Even worse, this security breech is virtually undetectable.

End users must take care to enable the network’s wireless equivalent privacy (WEP) setting to curb eavesdropping. In the default mode, it’s turned off. “In a security application, it is paramount that WEP is enabled,” Davitt cautions. “With it, you are secure. Without it, you are wide open.”

Information Technology Professionals Are People, Too

With the abundance of stereotypes in the media, integrators might be quick to assume working with IT professionals is another con of networking security systems.

They couldn’t be more wrong, industry veterans maintain. Simply put, IT professionals are providing a company a service and want to do a good job, just like a security integrator.

“They’re protective of the network because they don’t want to get a call on Sunday at 3 a.m. saying something went down,” Young explains.

IT employees can be an integrator’s biggest ally, but they want to know what you’re going to do, how you’re going to do it and, most importantly, if you know what you’re talking about. Tell them upfront what the bandwidth needs are and what your application is going to require. Speak their language and approach them correctly, integrators advise.

No one likes to look stupid, but be honest if you can’t answer an IT pro’s question: “Write it down and go find out the answer,” Helisek advises. Knowing your subject matter is important, but, if you don’t know it, being honest is the next best thing.”

Establishing a good working relationship with a client’s IT department is especially important when it comes to repairs and updates. If something goes wrong, it must first be established if the problem is infrastructure- related or a security issue. If the former, the IT department is responsible for repairs. The latter, you’re making a service call.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters