managing your access control systems
Post on 22-Nov-2014
636 Views
Preview:
DESCRIPTION
TRANSCRIPT
Access Control Systems
WELCOME!
Access Control SystemsThe Balancing ActAccess Control DefinedKey/Credential ManagementControl ConfigurationSoftware Features and CapabilitiesController Hardware
BreakPeripheral ComponentsAccess Controlled Door Hardware Types and SpecificationsTrends and ConvergenceResources
AGENDA
How to get the most…
VERBAL COMMUNICATIONApprox 100% was what the speaker wanted to sayApprox 80% was saidApprox 60% was heardApprox 40% was remembered after 3 hoursApprox 15% was remembered after 3 daysApprox 0-5% was remembered after 3 months
VERBAL + VISUAL COMMUNICATIONApprox 60% was remembered after 3 daysApprox 40-50% was remembered after 3 months
VERBAL + VISUAL + NOTESApprox 80% was remembered after 3 days Approx 60-70% was remembered after 3 months
HARVARD RESEARCH STUDY
How to get the most…
Why are we here?
Gain Knowledge.Asking Questions.
The Balancing Act
• Security • Balancing Openness and Public Safety
• Applying new technologies and lessons learned
• Improving the physical security of buildings
• Protecting people and assets while maintaining a pleasant work environment.
• The challenge facing government officials, realtors and corporate building owners.
Security….”The Absolutes”
• Our world is dangerous and will get more dangerous
• We take security for granted till something goes wrong.
• Security is inconvenient- and expensive
• Paranoid or Prepared? Politics!
• Constant vigilance – Almost overwhelming!
• 100%, guaranteed security ?? No such thing !
• 100% security = 0% accessibility
• 100% security = 0% productivity
• Buildings must be functional, comfortable, inspirational – SAFE
• You don’t design a building for security. You secure the design of a building
• Rethinking Security – new meaning to architects
Architects and Security
Security Elements
• Deterrence• Training, Fences, Signage, Lighting,
Consequences
• Delay• Locks, Doors
• Detection• Alarms, CCTV, Metal Detectors, Motion & Sound
Sensors
• Communication• Voice, Data, Video
• Response• Crisis Preparedness, Security Personnel, Police
Access Control Defined
• WHO?
• WHERE? / WHAT?
• WHEN? / TIME?
The WHO
• The person, or device, requesting access to an area, or asset, we want to control.
• Authentication Methods
…something the person / device…• HAS – Physical • KNOWS – Knowledge of• IS / ARE – Biometric
The WHERE / WHAT
• The place or process we want to allow authorized persons to get to.
• Physical and Logical
• Controlled or Restricted area
• As it relates to both manual and electronic access controls this is critical to our access management plan
• Vending, gas dispensing, copier machine usage, time and attendance, meal plans and more
The WHEN
• The time period or interval when access is granted or denied.
• Can be managed with both on line and off line systems
• Also used for setting events and logic statements for:
• Triggers • Time Zones• Timing responses to alarms• Timing for routing of messages to other devices
Access Control Defined
• WHO?
• WHERE? / WHAT?
• WHEN? / TIME?
Access Control is…
AS SIMPLE AS A KEY
• Knowing exactly who has keys• Knowing areas of access of each key holder• Knowing key blanks are not readily available• Knowing keys cannot be copied without proper
authorization• Having a policy on lost keys• When issuing temporary use of keys, keeping record trail
Unauthorized key duplication remains the most violated security policy and one of the largest
problem of facility managers
Ultimate Key Management
Key # 123
PLAIN BOWS
D0 NOT
DUPLICATE
STAMPED BOWS
Conventional Keyways
A conventional keyway is one which the manufacturer will sell to anyone, it may most
common, or the most used, or the "standard" or it may be family of keyways
Yesterday’s Key Control
COMPLETE KEY
CONTROL STRONG UTILITY PATENT
CONTROLLED KEY BLANKS
LEGAL CONTRACTS
AUDIT CONTROLS
ENFORCEMENT
Not a Design Patent
Not Available
to all Customers
Agreements of
Control
Know Where
Blanks Are
Must Be Aware of
Unauthorized Copies
5 Steps To Key Management
1. Patented keyways
Utility patent gives manufacturer exclusive manufacturing rights
Manufacturer control distributionPatent good for 20 yearsImitation manufacturers cannot duplicateAssures protection to facility / owner
Security Leg
Millings for
Keyway Blade
Security Ledge
Blade
Today’s Key Management
2A. Manufacturer Controls
Policy and procedures in place
Signature verification
Controlled access to product areas
Ship key blanks direct to end user
Has return key policy
Provides specially coined blanks
Policy1. Verify all signatures
2.
3.
4
Today’s Key Management
2B. Facility/Owner ControlsPolicy and procedures in place supported by
upper managementLocksmith administrator on staffLocked storageSupervisor approval of new keysEmployee signs for key
Should have penalty attachedAll keys numbered and logged into systemProcedure for keys to be returned
should have penalty attachedAdditional procedures:
Cleaning crewOutside contractors
ISSUE TO : Bill Jones
DATE ISSUED: 07-07-05
Request for New Key
DATE: 07-04-05
TO: Lock shop
NO. OF KEYS: 1
KEY NUMBER: 123
KEY SET: AB15
APPROVED BY: C T Smith
ISSUE TO: Bill Jones
RECEIVED BY: Bill Jones
By Lock Shop
ISSUE DATE: 07-07-05
ISSUED BY: CH
RETURNED DATE
Today’s Key Management
3. Contracts and Agreements
Protects facility / owner
Protects distributor
Protects manufacturer
Summarizes responsibilities to all parties
Provides guide lines
Eliminates misunderstanding
We agree
Today’s Key Management
4. Audit Controls
Keep records – Use Software Use manufacturers original blanks
Reduce master keyingHave employees carry more than one key
Stamp keys with codeUtilize available formsUse sealed key rings
AB15123
1215
Today’s Key Management
Use a key cabinet; electronic or manual
Access Control is…
AS SIMPLE AS A KEY
Access Control is…
This is a key!This too!
The Credential
• Most visible component of the system
• Issued to personnel as “electronic keys”
• Several Card Technologies• Badge Construction• Degree of Security Required• Durability• Reader Environment• Convenience and Price• Performance
Card / I D Technology Types
• Barium Ferrite
• Bar Codes
• Magnetic Stripe
• Wiegand
• Proximity
• Smart Card
• Hybrid
Biometrics – Another Key
• Biometrics and the “Smart Card”
• Iris Scan
• Finger Print
• Facial Recognition
• Retinal Scan
• Voice Recognition
• Hand Geometry
• Others on the horizon
Credentials / Smartcards
Access Control
Time & Attendance
Free
Free
Personal Data
Photo
Vending
Cafeteria
PC Login
Access Controls more about the “key”
• The “Common Access Card”
• FIPS 201 / HSPD12
• Database sharing trends
• Communications options
• Encryption – DES, AES
• PINs
Homeland Security Presidential Directive/Hspd-12 Subject: Policy for a Common Identification Standard for Federal Employees and Contractors
(1) Wide variations in the quality and security of forms of identification used to gain access to secure Federal and other facilities where there is potential for terrorist attacks need to be eliminated. Therefore, it is the policy of the United States to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).
HSPD-12
CONTROL CONFIGURATIONS
• Stand Alone Systems
• Multi-Door Systems
• Enterprise Integrated Systems
STAND ALONE SYSTEMS
• Authentication Types;• PIN, Credential / Proximity, Biometric
• Battery Operated or Wired
• Keypad Programming
• Computer Managed / PDA• Entry Automation• 1st Man In• Audit Trail • # Users
• Labor vs. Hardwired System
Single-User Multi-Door Systems
• Instant Local Notification
• Multiple Reader Type
• Input Output Linking
• Dedicated PC
Multi-User / Multi-Door Systems
• Instant Multiple Notification Options
• LAN Access
• Discretionary Reporting
• Mandatory Controls
IDENTITY IDENTITY MANAGEMENTMANAGEMENT
DIGITAL VIDEO DIGITAL VIDEO SURVEILLANCE & SURVEILLANCE & MANAGEMENTMANAGEMENT
INFORMATION INFORMATION SECURITYSECURITY
ASSETASSETMANAGEMENTMANAGEMENT
VISITOR VISITOR MANAGEMENTMANAGEMENT
ACCESSACCESSCONTROLCONTROL
INTRUSIONINTRUSIONDETECTIONDETECTION
FIRE ALARMFIRE ALARMSYSTEMSSYSTEMS
WIRELESS WIRELESS ACCESSACCESS
MULTI-TENANT MULTI-TENANT PROPERTY PROPERTY
MANAGEMENTMANAGEMENT
INTEGRATEDINTEGRATEDALARMALARMMANAGEMENTMANAGEMENT
BUILDING BUILDING AUTOMATIONAUTOMATION
INTERCOMINTERCOMCOMMUNICATIONCOMMUNICATION
SYSTEMSSYSTEMS
Enterprise Systems
Smart CardsSmart Cards
IncidentIncidentReportingReporting
Time and Time and AttendanceAttendance
ERPERP
Criminal Criminal HistoryHistory
PayrollPayroll
Social Social SecuritySecurity
Active Active Directory/LDAPDirectory/LDAP
AccessAccessControlControl
Human Human ResourcesResources
Medical Medical InformationInformation
VisitorVisitorManagementManagement
Biometric Biometric TemplatesTemplates
CredentialCredentialManagementManagement
Bringing together disparate databases
or informationsources
Bringing together disparate databases
or informationsources
Enterprise Systems
System Architecture
Field Panel Door Controller
Direct Connect
RS-232 or RS-422 RS-422
CCTV System
Access Control
Life Safety
ManagementPhoto ImagingVisitor
Management
Ethernet NetworkLAN/WAN
RS-232
Field Panel
Cellular
POTS
Field Panel Field Panel
HVACRS-232
Readers
Field Panel
Modem
Dial-up Modem
SOFTWARE
• Integrated solutions sets
• Network ready
• SQL and Oracle
• Linux based embedded solutions
• Partition-able database
• Windows XP, NT, 2000, Vista Compatibility
• Web enabled
• Web Embedded
The Application Software
• This is the GUI- It should be intuitive easy to train operators and managers
• The database manager• Ability to partition and filter views based on passwords • Import and export features
• Potential interface to HR database systems
• May be Standalone or• Part of a network
• Numerous work stations• Redundant emergency backup• Full set of utilities for storage and archiving
Desired Software Features
• Migration path (scalability)
• Alarm Monitor capacity
• Anti-Pass back
• Event Triggers
• Time zones and Holidays
• Clearance (area) controls
• CCTV Matrix Switching
• Digital Video recorder event linking
Desired Software Features
•No limit on system scalability.• Unlimited Card Readers.• Unlimited Inputs/Outputs.• Unlimited Cardholders.• Unlimited Control Panels.• Unlimited Holidays.
•Guard Tour application•Elevator Control•Full featured Badging•Real time status monitoring•Multiple reader technology support•Microsoft database•Report Manager•Visitor Management•ODBC and MDAC Compliant•Potential web access/enabled
Access Granted Transactions
Access Denied Transactions
Contact Transactions
Relay Transactions
Actions that effect Card Readers
Actions that effect Contact Devices
Actions that effect Relays
Card Reader Triggers and Actions
Integrated Applications
• Photo I D Creation
• Bio-metric enrollment
• Alarm management
• Access Management
• Air Quality monitoring
• Visitor Controls
• Digital Video event linking
• Event and data base linking
• Camera Controls
• Virtual CCTV Matrixes
• CCTV Analytics
• Smartcard Application Support
Access Control Panel Operation
• Card is presented data sent to Panel
• Panel compares information
• Grants/Denies access• Based on Card Status
• Time of Day
• Cardholder’s access privileges
• Other Administrator selected features
Access Control Panels
• Contain Microprocessors • On-board Random Access Memory (RAM)
• Upgradeable Software stored in Erasable Program Read Only Memory (EPROM)
• System Administrator or authorized web client enters all information related to system at host computer or direct to board via web with on board software in panel
• Information may be downloaded to Access Control Panel’s RAM
Access Control Panels
• Once downloaded/programmed a Panel can process information locally.
• “Intelligent” panels inform the Host of all actions taken, including time and date• Often referred to as “distributed processing”
• Saves Host processing time
Access Control Panel Operations
• May be configured many ways• Can store thousands & some users are requiring
Millions of records!
• Multiple access levels
• Time Zones
• Thousands of historical transactions
• Quantum leaps in storage abound
Access Control Panel Operations
• Can support Inputs• Can detect an input’s change of state, process the
information and report it to the host computer/ or web based client on alarm
• Typical Inputs include door monitor and request to exit (or bypass) devices
• Can support Outputs• Door locking mechanisms• Sound or broadcast alarm devices
• Lights, sirens, bells, digital dialers, etc.• Can be programmed so an Input activates or deactivates
outputs automatically• Example: Glass break sensor (input) might activate a
siren (output)
Access Control Panel Wiring
Access Control Panel Wiring
• Three different approaches to cabling of readers• Bus Cabling
• Readers can be wired to a common cable that runs back to the panel
• Saves wiring costs when readers are close to each other
• Star Cabling
• Readers can be wired to the panel individually
• Combination Bus and Star sometimes is best
• Independent IP / Network Drop communications via Network
Access Control Panel Trends
• Distributed intelligence
• Embedded software – web enabled data management
• FIPS- 201 for Federal Employees
• Full feature set resident at the local panel
• POTS pack up / cellular back up
• HiCap memory backup
• On line and off line capacity
• Bio-metric / Smartcard
• Integrated into lock hardware
SEE YOU IN 5 Minutes
QUESTIONS?
Kevin Klemmer, PSP, CISSP
Access Control Systems
Access Control Hardware / Peripherals
&
IT Convergence
Kevin Klemmer, PSP, CISSP
First Security Measures
The more things change…
• Which one is the lock?
Modern Castle – Corporate Campus
Entrance to the Castle
Entrance to the Castle
The Opening
25 to 50% of the cost of access
control implementation.
Often perceived as the first line of
defense.
Systems Building Blocks
Access Control Components
The Basics: Electric Locks
MaglocksStrikes
Cylindrical Mortise
ExitsPeripherals
Safety Security
Control & Monitoring Remote Locking
Reduces Manpower Convenience
ADA requirements
Benefits of Electrified Hardware
ELECTRIFIED HARDWARE
Performs functions normally executed manually, usually from remote location or automated.
Must specify a system with all components compatible. One component will not work without the others.
Components of a System
ACCESS CONTROL HARDWARE
TRANSFORMER
INPUT 120VAC
OUTPUT 24VDC
RECTIFIER
REGULATOR
CAPACITOR
FILTER
Reduces Voltage
Converts AC to DC
Stores needed current
Eliminates “Noise”
Keeps Output Constant
Parts of a Regulated Power
Supply
ACCESS CONTROL HARDWARE
The power supply must furnish the
SAME voltage as required by the load.
The current (amps) available from the power supply must be
EQUAL TO or GREATER THAN that required by the total load of the system.
ACCESS CONTROL HARDWARE
Converts electrical energy into another form I.e., unlocks a solenoid, retracts a latch bolt, etc Performs the work required
Electric Lock or Strike
Electric Exit Device
Closer / Holder
Electromagnetic Holders
ACCESS CONTROL HARDWARE
FAIL SAFE• Lock or locking device
that remains UNLOCKED on loss of power
FAIL SECURE (non-fail safe)
• Lock or locking device that remains LOCKED on loss of power
Terminology
ACCESS CONTROL HARDWARE
Electrical Characteristics of a Load
Need to Know to Select Power
Supply
• Current Draw In Amps
• Voltage Required
• Fail Safe / Fail Secure
ACCESS CONTROL HARDWARE
Key Pad
Key Switch
Toggle Switch
Push Button
Stand Alone System
Access Control System
Switches are used to control a locking device or to signal a monitoring device
ACCESS CONTROL HARDWARE
Switches are used to control a locking device or to signal a monitoring device
Each switch has one movable contact, the POLE, and one or more fixed contacts, the THROWS
SWITCH SYMBOL
Normally open
ACCESS CONTROL HARDWARE
Normally closed
Switches are used to control a locking device or to signal a monitoring device
Each switch has one movable contact, the POLE, and one or more fixed contacts, the THROWS
SWITCH SYMBOL
ACCESS CONTROL HARDWARE
MAINTAINED CONTACT
• A switch designed for applications requiring sustained contact; but with provision for resetting
i.e., ordinary light switch
MOMENTARY CONTACT
• A spring loaded switch designed for applications requiring constant contact; when pressure is removed, reverts back to original position
i.e., door bell
Terminology
ACCESS CONTROL HARDWARE
Carries current through system
The more distance between the power source and the load, a heavier wire gauge is required # 1 TROUBLESHOOTING PROBLEM
ACCESS CONTROL HARDWARE
Size of Conductor (Gauge)
Length of Conductor (Resistance)
The farther the load is from the power supply, the more resistance is experienced; a heavier gauge wire is required
Need to Know
ACCESS CONTROL HARDWARE
25 50 100 150 200 250 300 400 500
0.25 18 18 18 18 18 18 18 18 16
0.50 18 18 18 18 16 16 16 14 14
0.75 18 18 18 18 16 16 14 14
1.00 18 18 18 16 16 14 14
1.50 18 18 18 16 16 14
2.00 18 18 16 16 14
2.50 18 18 16 14
3.00 18 16 14
3.50 18 16 14
Distance in feet from Power Supply to Locking Device
MINIMUM WIRE GAUGE FOR 24V DC or AC
AMPS
ACCESS CONTROL HARDWARE
ONE
OPERATIONS
NARRATIVE
HARDWARE
LIST THREE
ELEVATION
DRAWING FOUR
SYSTEM WIRING
DIAGRAM
TWO
Elements of a System
ACCESS CONTROL HARDWARE
1. OPERATIONS NARRATIVE
4. WIRING
DIAGRAM
2. HARDWARE
LIST
3. ELEVATION DRAWING
REQUIREMENTS
• Outside Operation
• At Rest (while locked)
• Electrically Unlock
• Mechanically Unlock
• Power Failure
• LED’s
• Inside Operation
1. OPERATIONS NARRATIVE
ACCESS CONTROL HARDWARE
1. Power Supply
2. Key Pad
3. Power Transfer
4. Electric Exit Device
3. ELEVATION DRAWING
4. WIRING
DIAGRAM
2. HARDWARE
LIST
1. OPERATIONS NARRATIVE
2. HARDWARE
LIST
ACCESS CONTROL HARDWARE
3. ELEVATION DRAWING
4. WIRING
DIAGRAM
1. OPERATIONS NARRATIVE
2. HARDWARE
LIST
3. ELEVATION DRAWING
120VAC input
Power
Supply
ACCESS CONTROL HARDWARE
4. WIRING
DIAGRAM
2. HARDWARE
LIST
3. ELEVATION DRAWING
1. OPERATIONS NARRATIVE
4. WIRING
DIAGRAM
ACCESS CONTROL HARDWARE
Making Hardware Selections Based On Owner’s
Instructions Cashier's Door from Drivers Lounge Closed and Locked at all Times Must Be Entered During Day Employees Secretary To Remotely Unlock Door Management Always Able To Enter
*
DRIVERS LOUNGE
CASHIER
CHOICES
1.OPERATIONS NARRATIVE
Door is normally closed, latched and secure from the outside. Depressing the push switch will unlock the electric strike to allow ingress. Door will relock as soon as push button returns to normal position. Loss of power, the door will remain locked. Enter by key at all times. Free egress from inside at all times.
2.HARDWARE LIST
Load
Switch
Power Supply
Electric Strike 712NFS 24VDC
Push Button PB
Transformer TP-24-2
EXAMPLE
TO RISER DIAGRAM
3. ELEVATION
EXAMPLE
18 ga
18 ga
GAGE AND NUMBER OF CONDUCTORS
Rectifier
PB 712NFS Electric Strike
Transformer 24VAC output TP-24-2
120VAC INPUT
Systems Wiring Diagram orPoint to Point Wiring Diagram
4. WIRING DIAGRAM
EXAMPLE
Electric StrikeTransformer
+ -
Non- polarized
C
NO
NC
Pushbutton
PUSH TO EXIT
120VAC LockedUn-Locked
COMPONENTS & ELEMENTS
POWER SUPPLY
LOAD SWITCH CONDUCTORS
4 COMPONENTS
OPERATIONS NARRATIVE
HARDWARE LIST
ELEVATION DRAWING
WIRING DIAGRAM
4 ELEMENTS
Access Control Trends
Smaller, Faster, Better
More Integrated Features
Embedded Web Server
Open Source
WiFi - Wireless
Access Control Trends
Embedded Prox Technology
Monitoring Options
Request To Exit
Door Contact
Keyswitch Monitoring
Other options…
Convergence
Analog to IP (Security to IT)Applications ConvergencePhysical and Cyber
“Soon the security industry will move to systems in which there are no analog or proprietary wired devices at all; where all
devices connect to the Ethernet infrastructure. The knowledge of how to design efficient network systems and how to secure those systems is paramount to successful security systems.
This is the future of security technology”
Thomas Norman, Protection Partners InternationalIntegrated Security Systems Design
Threats of Converged Enterprise
Modeof
Attack
PhysicalSecurity
PhysicalAttack
Physical AttacksAgainst Cyber
InformationSecurity
InformationAttack
Cyber Intrusion IdentifiesValued Targets
Targets
Facilities People
Media
$$$
Computers
Information
Convergence Migration
IP Communications
Fire
Physical Security
Lighting
Visitor Access
Elevator
24 / 7 Monitor
Energy HVAC
WAN
Intelligent Converged EnvironmentDisparate Building Networks
Convergence Benefits
HVAC
24/7 Monitor
Video surveillance
Elevator
Lighting
Fire
Access
Energy
Benefits:
Safety and security
Environmental sustainability
Occupant comfort
Organizational flexibility
Streamlined operations
Reduced costs
Energy savings
Managed services
Data mining
Process Measurement
Services an
d T
echn
olo
gies
Resources
Reduce security vulnerabilities in all types of facilities.
The industry's first-ever guide for exterior and interior security features, NFPA 730: Guide for Premises Security addresses security in all occupancies from residential dwellings to large industrial complexes. Uniform guidelines help you assess vulnerability and design appropriate security plans.
Provisions describe construction, protection, and occupancy features and practices intended to reduce security risks to life and property. Topics covered include:
General requirements and facility classifications Security vulnerability assessment Exterior security devices and systems Physical security devices Interior security systems Security planning
Measures to control security vulnerabilities in educational, healthcare, and other facilities
The Guide also addresses protocols for special events, and the responsibilities of security personnel. (Approx. 88 pp., 2006)
Resources
Ensure the quality and reliability of security system installations
NFPA 731; Installation of Electronic Premises Security Systems is the first Standard developed primarily to define the means of signal initiation, transmission, notification, and annunciation, as well as the levels of performance and the reliability of electronic security systems.
Requirements cover every step of security equipment installation, with provisions for the application, location, performance, testing, and maintenance of physical security systems and their components.
Detailed chapters are included for:Intrusion detection systems Electronic access control systems Video surveillance systems Holdup, duress, and ambush systems Testing and inspection
Rules address the protected premises from the property line to the interior of the premises. NFPA 731 also references or incorporates provisions from applicable UL, SIA, and other standards. (Approx. 43 pp., 2006)
Resources
ETHICS IN SECURITY
• Perform professional duties in accordance with the law and the highest moral principles.
• Observe the precepts of truthfulness, honesty, and integrity.
• Be faithful, competent, and diligent in discharging their professional duties.
• Safeguard confidential and privileged information and exercise due care to prevent its improper disclosure.
• Not maliciously injure the professional reputation or practice of colleagues, clients, or employees.
Physical Security Professionals must adhere to the Code of Professional Responsibility, agreeing to:
QUESTIONS?
Thank You!Thank You!
top related