managing your access control systems

Access Control Systems

WELCOME!

Access Control SystemsThe Balancing ActAccess Control DefinedKey/Credential ManagementControl ConfigurationSoftware Features and CapabilitiesController Hardware

BreakPeripheral ComponentsAccess Controlled Door Hardware Types and SpecificationsTrends and ConvergenceResources

AGENDA

How to get the most…

VERBAL COMMUNICATIONApprox 100% was what the speaker wanted to sayApprox 80% was saidApprox 60% was heardApprox 40% was remembered after 3 hoursApprox 15% was remembered after 3 daysApprox 0-5% was remembered after 3 months

VERBAL + VISUAL COMMUNICATIONApprox 60% was remembered after 3 daysApprox 40-50% was remembered after 3 months

VERBAL + VISUAL + NOTESApprox 80% was remembered after 3 days Approx 60-70% was remembered after 3 months

HARVARD RESEARCH STUDY

How to get the most…

Why are we here?

Gain Knowledge.Asking Questions.

The Balancing Act

• Security • Balancing Openness and Public Safety

• Applying new technologies and lessons learned

• Improving the physical security of buildings

• Protecting people and assets while maintaining a pleasant work environment.

• The challenge facing government officials, realtors and corporate building owners.

Security….”The Absolutes”

• Our world is dangerous and will get more dangerous

• We take security for granted till something goes wrong.

• Security is inconvenient- and expensive

• Paranoid or Prepared? Politics!

• Constant vigilance – Almost overwhelming!

• 100%, guaranteed security ?? No such thing !

• 100% security = 0% accessibility

• 100% security = 0% productivity

• Buildings must be functional, comfortable, inspirational – SAFE

• You don’t design a building for security. You secure the design of a building

• Rethinking Security – new meaning to architects

Architects and Security

Security Elements

• Deterrence• Training, Fences, Signage, Lighting,

Consequences

• Delay• Locks, Doors

• Detection• Alarms, CCTV, Metal Detectors, Motion & Sound

Sensors

• Communication• Voice, Data, Video

• Response• Crisis Preparedness, Security Personnel, Police

Access Control Defined

• WHO?

• WHERE? / WHAT?

• WHEN? / TIME?

The WHO

• The person, or device, requesting access to an area, or asset, we want to control.

• Authentication Methods

…something the person / device…• HAS – Physical • KNOWS – Knowledge of• IS / ARE – Biometric

The WHERE / WHAT

• The place or process we want to allow authorized persons to get to.

• Physical and Logical

• Controlled or Restricted area

• As it relates to both manual and electronic access controls this is critical to our access management plan

• Vending, gas dispensing, copier machine usage, time and attendance, meal plans and more

The WHEN

• The time period or interval when access is granted or denied.

• Can be managed with both on line and off line systems

• Also used for setting events and logic statements for:

• Triggers • Time Zones• Timing responses to alarms• Timing for routing of messages to other devices

Access Control Defined

• WHO?

• WHERE? / WHAT?

• WHEN? / TIME?

Access Control is…

AS SIMPLE AS A KEY

• Knowing exactly who has keys• Knowing areas of access of each key holder• Knowing key blanks are not readily available• Knowing keys cannot be copied without proper

authorization• Having a policy on lost keys• When issuing temporary use of keys, keeping record trail

Unauthorized key duplication remains the most violated security policy and one of the largest

problem of facility managers

Ultimate Key Management

Key # 123

PLAIN BOWS

D0 NOT

DUPLICATE

STAMPED BOWS

Conventional Keyways

A conventional keyway is one which the manufacturer will sell to anyone, it may most

common, or the most used, or the "standard" or it may be family of keyways

Yesterday’s Key Control

COMPLETE KEY

CONTROL STRONG UTILITY PATENT

CONTROLLED KEY BLANKS

LEGAL CONTRACTS

AUDIT CONTROLS

ENFORCEMENT

Not a Design Patent

Not Available

to all Customers

Agreements of

Control

Know Where

Blanks Are

Must Be Aware of

Unauthorized Copies

5 Steps To Key Management

1. Patented keyways

Utility patent gives manufacturer exclusive manufacturing rights

Manufacturer control distributionPatent good for 20 yearsImitation manufacturers cannot duplicateAssures protection to facility / owner

Security Leg

Millings for

Keyway Blade

Security Ledge

Blade

Today’s Key Management

2A. Manufacturer Controls

Policy and procedures in place

Signature verification

Controlled access to product areas

Ship key blanks direct to end user

Has return key policy

Provides specially coined blanks

Policy1. Verify all signatures

2.

3.

4

Today’s Key Management

2B. Facility/Owner ControlsPolicy and procedures in place supported by

upper managementLocksmith administrator on staffLocked storageSupervisor approval of new keysEmployee signs for key

Should have penalty attachedAll keys numbered and logged into systemProcedure for keys to be returned

should have penalty attachedAdditional procedures:

Cleaning crewOutside contractors

ISSUE TO : Bill Jones

DATE ISSUED: 07-07-05

Request for New Key

DATE: 07-04-05

TO: Lock shop

NO. OF KEYS: 1

KEY NUMBER: 123

KEY SET: AB15

APPROVED BY: C T Smith

ISSUE TO: Bill Jones

RECEIVED BY: Bill Jones

By Lock Shop

ISSUE DATE: 07-07-05

ISSUED BY: CH

RETURNED DATE

Today’s Key Management

3. Contracts and Agreements

Protects facility / owner

Protects distributor

Protects manufacturer

Summarizes responsibilities to all parties

Provides guide lines

Eliminates misunderstanding

We agree

Today’s Key Management

4. Audit Controls

Keep records – Use Software Use manufacturers original blanks

Reduce master keyingHave employees carry more than one key

Stamp keys with codeUtilize available formsUse sealed key rings

AB15123

1215

Today’s Key Management

Use a key cabinet; electronic or manual

Access Control is…

AS SIMPLE AS A KEY

Access Control is…

This is a key!This too!

The Credential

• Most visible component of the system

• Issued to personnel as “electronic keys”

• Several Card Technologies• Badge Construction• Degree of Security Required• Durability• Reader Environment• Convenience and Price• Performance

Card / I D Technology Types

• Barium Ferrite

• Bar Codes

• Magnetic Stripe

• Wiegand

• Proximity

• Smart Card

• Hybrid

Biometrics – Another Key

• Biometrics and the “Smart Card”

• Iris Scan

• Finger Print

• Facial Recognition

• Retinal Scan

• Voice Recognition

• Hand Geometry

• Others on the horizon

Credentials / Smartcards

Access Control

Time & Attendance

Free

Free

Personal Data

Photo

Vending

Cafeteria

PC Login

Access Controls more about the “key”

• The “Common Access Card”

• FIPS 201 / HSPD12

• Database sharing trends

• Communications options

• Encryption – DES, AES

• PINs

Homeland Security Presidential Directive/Hspd-12 Subject: Policy for a Common Identification Standard for Federal Employees and Contractors

(1) Wide variations in the quality and security of forms of identification used to gain access to secure Federal and other facilities where there is potential for terrorist attacks need to be eliminated. Therefore, it is the policy of the United States to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors (including contractor employees).

HSPD-12

CONTROL CONFIGURATIONS

• Stand Alone Systems

• Multi-Door Systems

• Enterprise Integrated Systems

STAND ALONE SYSTEMS

• Authentication Types;• PIN, Credential / Proximity, Biometric

• Battery Operated or Wired

• Keypad Programming

• Computer Managed / PDA• Entry Automation• 1st Man In• Audit Trail • # Users

• Labor vs. Hardwired System

Single-User Multi-Door Systems

• Instant Local Notification

• Multiple Reader Type

• Input Output Linking

• Dedicated PC

Multi-User / Multi-Door Systems

• Instant Multiple Notification Options

• LAN Access

• Discretionary Reporting

• Mandatory Controls

IDENTITY IDENTITY MANAGEMENTMANAGEMENT

DIGITAL VIDEO DIGITAL VIDEO SURVEILLANCE & SURVEILLANCE & MANAGEMENTMANAGEMENT

INFORMATION INFORMATION SECURITYSECURITY

ASSETASSETMANAGEMENTMANAGEMENT

VISITOR VISITOR MANAGEMENTMANAGEMENT

ACCESSACCESSCONTROLCONTROL

INTRUSIONINTRUSIONDETECTIONDETECTION

FIRE ALARMFIRE ALARMSYSTEMSSYSTEMS

WIRELESS WIRELESS ACCESSACCESS

MULTI-TENANT MULTI-TENANT PROPERTY PROPERTY

MANAGEMENTMANAGEMENT

INTEGRATEDINTEGRATEDALARMALARMMANAGEMENTMANAGEMENT

BUILDING BUILDING AUTOMATIONAUTOMATION

INTERCOMINTERCOMCOMMUNICATIONCOMMUNICATION

SYSTEMSSYSTEMS

Enterprise Systems

Smart CardsSmart Cards

IncidentIncidentReportingReporting

Time and Time and AttendanceAttendance

ERPERP

Criminal Criminal HistoryHistory

PayrollPayroll

Social Social SecuritySecurity

Active Active Directory/LDAPDirectory/LDAP

AccessAccessControlControl

Human Human ResourcesResources

Medical Medical InformationInformation

VisitorVisitorManagementManagement

Biometric Biometric TemplatesTemplates

CredentialCredentialManagementManagement

Bringing together disparate databases

or informationsources

Bringing together disparate databases

or informationsources

Enterprise Systems

System Architecture

Field Panel Door Controller

Direct Connect

RS-232 or RS-422 RS-422

CCTV System

Access Control

Life Safety

ManagementPhoto ImagingVisitor

Management

Ethernet NetworkLAN/WAN

RS-232

Field Panel

Cellular

POTS

Field Panel Field Panel

HVACRS-232

Readers

Field Panel

Modem

Dial-up Modem

SOFTWARE

• Integrated solutions sets

• Network ready

• SQL and Oracle

• Linux based embedded solutions

• Partition-able database

• Windows XP, NT, 2000, Vista Compatibility

• Web enabled

• Web Embedded

The Application Software

• This is the GUI- It should be intuitive easy to train operators and managers

• The database manager• Ability to partition and filter views based on passwords • Import and export features

• Potential interface to HR database systems

• May be Standalone or• Part of a network

• Numerous work stations• Redundant emergency backup• Full set of utilities for storage and archiving

Desired Software Features

• Migration path (scalability)

• Alarm Monitor capacity

• Anti-Pass back

• Event Triggers

• Time zones and Holidays

• Clearance (area) controls

• CCTV Matrix Switching

• Digital Video recorder event linking

Desired Software Features

•No limit on system scalability.• Unlimited Card Readers.• Unlimited Inputs/Outputs.• Unlimited Cardholders.• Unlimited Control Panels.• Unlimited Holidays.

•Guard Tour application•Elevator Control•Full featured Badging•Real time status monitoring•Multiple reader technology support•Microsoft database•Report Manager•Visitor Management•ODBC and MDAC Compliant•Potential web access/enabled

Access Granted Transactions

Access Denied Transactions

Contact Transactions

Relay Transactions

Actions that effect Card Readers

Actions that effect Contact Devices

Actions that effect Relays

Card Reader Triggers and Actions

Integrated Applications

• Photo I D Creation

• Bio-metric enrollment

• Alarm management

• Access Management

• Air Quality monitoring

• Visitor Controls

• Digital Video event linking

• Event and data base linking

• Camera Controls

• Virtual CCTV Matrixes

• CCTV Analytics

• Smartcard Application Support

Access Control Panel Operation

• Card is presented data sent to Panel

• Panel compares information

• Grants/Denies access• Based on Card Status

• Time of Day

• Cardholder’s access privileges

• Other Administrator selected features

Access Control Panels

• Contain Microprocessors • On-board Random Access Memory (RAM)

• Upgradeable Software stored in Erasable Program Read Only Memory (EPROM)

• System Administrator or authorized web client enters all information related to system at host computer or direct to board via web with on board software in panel

• Information may be downloaded to Access Control Panel’s RAM

Access Control Panels

• Once downloaded/programmed a Panel can process information locally.

• “Intelligent” panels inform the Host of all actions taken, including time and date• Often referred to as “distributed processing”

• Saves Host processing time

Access Control Panel Operations

• May be configured many ways• Can store thousands & some users are requiring

Millions of records!

• Multiple access levels

• Time Zones

• Thousands of historical transactions

• Quantum leaps in storage abound

Access Control Panel Operations

• Can support Inputs• Can detect an input’s change of state, process the

information and report it to the host computer/ or web based client on alarm

• Typical Inputs include door monitor and request to exit (or bypass) devices

• Can support Outputs• Door locking mechanisms• Sound or broadcast alarm devices

• Lights, sirens, bells, digital dialers, etc.• Can be programmed so an Input activates or deactivates

outputs automatically• Example: Glass break sensor (input) might activate a

siren (output)

Access Control Panel Wiring

Access Control Panel Wiring

• Three different approaches to cabling of readers• Bus Cabling

• Readers can be wired to a common cable that runs back to the panel

• Saves wiring costs when readers are close to each other

• Star Cabling

• Readers can be wired to the panel individually

• Combination Bus and Star sometimes is best

• Independent IP / Network Drop communications via Network

Access Control Panel Trends

• Distributed intelligence

• Embedded software – web enabled data management

• FIPS- 201 for Federal Employees

• Full feature set resident at the local panel

• POTS pack up / cellular back up

• HiCap memory backup

• On line and off line capacity

• Bio-metric / Smartcard

• Integrated into lock hardware

SEE YOU IN 5 Minutes

QUESTIONS?

Kevin Klemmer, PSP, CISSP

Access Control Systems

Access Control Hardware / Peripherals

&

IT Convergence

Kevin Klemmer, PSP, CISSP

First Security Measures

The more things change…

• Which one is the lock?

Modern Castle – Corporate Campus

Entrance to the Castle

Entrance to the Castle

The Opening

25 to 50% of the cost of access

control implementation.

Often perceived as the first line of

defense.

Systems Building Blocks

Access Control Components

The Basics: Electric Locks

MaglocksStrikes

Cylindrical Mortise

ExitsPeripherals

Safety Security

Control & Monitoring Remote Locking

Reduces Manpower Convenience

ADA requirements

Benefits of Electrified Hardware

ELECTRIFIED HARDWARE

Performs functions normally executed manually, usually from remote location or automated.

Must specify a system with all components compatible. One component will not work without the others.

Components of a System

ACCESS CONTROL HARDWARE

TRANSFORMER

INPUT 120VAC

OUTPUT 24VDC

RECTIFIER

REGULATOR

CAPACITOR

FILTER

Reduces Voltage

Converts AC to DC

Stores needed current

Eliminates “Noise”

Keeps Output Constant

Parts of a Regulated Power

Supply

ACCESS CONTROL HARDWARE

The power supply must furnish the

SAME voltage as required by the load.

The current (amps) available from the power supply must be

EQUAL TO or GREATER THAN that required by the total load of the system.

ACCESS CONTROL HARDWARE

Converts electrical energy into another form I.e., unlocks a solenoid, retracts a latch bolt, etc Performs the work required

Electric Lock or Strike

Electric Exit Device

Closer / Holder

Electromagnetic Holders

ACCESS CONTROL HARDWARE

FAIL SAFE• Lock or locking device

that remains UNLOCKED on loss of power

FAIL SECURE (non-fail safe)

• Lock or locking device that remains LOCKED on loss of power

Terminology

ACCESS CONTROL HARDWARE

Electrical Characteristics of a Load

Need to Know to Select Power

Supply

• Current Draw In Amps

• Voltage Required

• Fail Safe / Fail Secure

ACCESS CONTROL HARDWARE

Key Pad

Key Switch

Toggle Switch

Push Button

Stand Alone System

Access Control System

Switches are used to control a locking device or to signal a monitoring device

ACCESS CONTROL HARDWARE

Switches are used to control a locking device or to signal a monitoring device

Each switch has one movable contact, the POLE, and one or more fixed contacts, the THROWS

SWITCH SYMBOL

Normally open

ACCESS CONTROL HARDWARE

Normally closed

Switches are used to control a locking device or to signal a monitoring device

Each switch has one movable contact, the POLE, and one or more fixed contacts, the THROWS

SWITCH SYMBOL

ACCESS CONTROL HARDWARE

MAINTAINED CONTACT

• A switch designed for applications requiring sustained contact; but with provision for resetting

i.e., ordinary light switch

MOMENTARY CONTACT

• A spring loaded switch designed for applications requiring constant contact; when pressure is removed, reverts back to original position

i.e., door bell

Terminology

ACCESS CONTROL HARDWARE

Carries current through system

The more distance between the power source and the load, a heavier wire gauge is required # 1 TROUBLESHOOTING PROBLEM

ACCESS CONTROL HARDWARE

Size of Conductor (Gauge)

Length of Conductor (Resistance)

The farther the load is from the power supply, the more resistance is experienced; a heavier gauge wire is required

Need to Know

ACCESS CONTROL HARDWARE

25 50 100 150 200 250 300 400 500

0.25 18 18 18 18 18 18 18 18 16

0.50 18 18 18 18 16 16 16 14 14

0.75 18 18 18 18 16 16 14 14

1.00 18 18 18 16 16 14 14

1.50 18 18 18 16 16 14

2.00 18 18 16 16 14

2.50 18 18 16 14

3.00 18 16 14

3.50 18 16 14

Distance in feet from Power Supply to Locking Device

MINIMUM WIRE GAUGE FOR 24V DC or AC

AMPS

ACCESS CONTROL HARDWARE

ONE

OPERATIONS

NARRATIVE

HARDWARE

LIST THREE

ELEVATION

DRAWING FOUR

SYSTEM WIRING

DIAGRAM

TWO

Elements of a System

ACCESS CONTROL HARDWARE

1. OPERATIONS NARRATIVE

4. WIRING

DIAGRAM

2. HARDWARE

LIST

3. ELEVATION DRAWING

REQUIREMENTS

• Outside Operation

• At Rest (while locked)

• Electrically Unlock

• Mechanically Unlock

• Power Failure

• LED’s

• Inside Operation

1. OPERATIONS NARRATIVE

ACCESS CONTROL HARDWARE

1. Power Supply

2. Key Pad

3. Power Transfer

4. Electric Exit Device

3. ELEVATION DRAWING

4. WIRING

DIAGRAM

2. HARDWARE

LIST

1. OPERATIONS NARRATIVE

2. HARDWARE

LIST

ACCESS CONTROL HARDWARE

3. ELEVATION DRAWING

4. WIRING

DIAGRAM

1. OPERATIONS NARRATIVE

2. HARDWARE

LIST

3. ELEVATION DRAWING

120VAC input

Power

Supply

ACCESS CONTROL HARDWARE

4. WIRING

DIAGRAM

2. HARDWARE

LIST

3. ELEVATION DRAWING

1. OPERATIONS NARRATIVE

4. WIRING

DIAGRAM

ACCESS CONTROL HARDWARE

Making Hardware Selections Based On Owner’s

Instructions Cashier's Door from Drivers Lounge Closed and Locked at all Times Must Be Entered During Day Employees Secretary To Remotely Unlock Door Management Always Able To Enter

*

DRIVERS LOUNGE

CASHIER

CHOICES

1.OPERATIONS NARRATIVE

Door is normally closed, latched and secure from the outside. Depressing the push switch will unlock the electric strike to allow ingress. Door will relock as soon as push button returns to normal position. Loss of power, the door will remain locked. Enter by key at all times. Free egress from inside at all times.

2.HARDWARE LIST

Load

Switch

Power Supply

Electric Strike 712NFS 24VDC

Push Button PB

Transformer TP-24-2

EXAMPLE

TO RISER DIAGRAM

3. ELEVATION

EXAMPLE

18 ga

18 ga

GAGE AND NUMBER OF CONDUCTORS

Rectifier

PB 712NFS Electric Strike

Transformer 24VAC output TP-24-2

120VAC INPUT

Systems Wiring Diagram orPoint to Point Wiring Diagram

4. WIRING DIAGRAM

EXAMPLE

Electric StrikeTransformer

+ -

Non- polarized

C

NO

NC

Pushbutton

PUSH TO EXIT

120VAC LockedUn-Locked

COMPONENTS & ELEMENTS

POWER SUPPLY

LOAD SWITCH CONDUCTORS

4 COMPONENTS

OPERATIONS NARRATIVE

HARDWARE LIST

ELEVATION DRAWING

WIRING DIAGRAM

4 ELEMENTS

Access Control Trends

Smaller, Faster, Better

More Integrated Features

Embedded Web Server

Open Source

WiFi - Wireless

Access Control Trends

Embedded Prox Technology

Monitoring Options

Request To Exit

Door Contact

Keyswitch Monitoring

Other options…

Convergence

Analog to IP (Security to IT)Applications ConvergencePhysical and Cyber

“Soon the security industry will move to systems in which there are no analog or proprietary wired devices at all; where all

devices connect to the Ethernet infrastructure. The knowledge of how to design efficient network systems and how to secure those systems is paramount to successful security systems.

This is the future of security technology”

Thomas Norman, Protection Partners InternationalIntegrated Security Systems Design

Threats of Converged Enterprise

Modeof

Attack

PhysicalSecurity

PhysicalAttack

Physical AttacksAgainst Cyber

InformationSecurity

InformationAttack

Cyber Intrusion IdentifiesValued Targets

Targets

Facilities People

Media

$$$

Computers

Information

Convergence Migration

IP Communications

Fire

Physical Security

Lighting

Visitor Access

Elevator

24 / 7 Monitor

Energy HVAC

WAN

Intelligent Converged EnvironmentDisparate Building Networks

Convergence Benefits

HVAC

24/7 Monitor

Video surveillance

Elevator

Lighting

Fire

Access

Energy

Benefits:

Safety and security

Environmental sustainability

Occupant comfort

Organizational flexibility

Streamlined operations

Reduced costs

Energy savings

Managed services

Data mining

Process Measurement

Services an

d T

echn

olo

gies

Resources

Reduce security vulnerabilities in all types of facilities.

The industry's first-ever guide for exterior and interior security features, NFPA 730: Guide for Premises Security addresses security in all occupancies from residential dwellings to large industrial complexes. Uniform guidelines help you assess vulnerability and design appropriate security plans.

Provisions describe construction, protection, and occupancy features and practices intended to reduce security risks to life and property. Topics covered include:

General requirements and facility classifications Security vulnerability assessment Exterior security devices and systems Physical security devices Interior security systems Security planning

Measures to control security vulnerabilities in educational, healthcare, and other facilities

The Guide also addresses protocols for special events, and the responsibilities of security personnel. (Approx. 88 pp., 2006)

Resources

Ensure the quality and reliability of security system installations

NFPA 731; Installation of Electronic Premises Security Systems is the first Standard developed primarily to define the means of signal initiation, transmission, notification, and annunciation, as well as the levels of performance and the reliability of electronic security systems.

Requirements cover every step of security equipment installation, with provisions for the application, location, performance, testing, and maintenance of physical security systems and their components.

Detailed chapters are included for:Intrusion detection systems Electronic access control systems Video surveillance systems Holdup, duress, and ambush systems Testing and inspection

Rules address the protected premises from the property line to the interior of the premises. NFPA 731 also references or incorporates provisions from applicable UL, SIA, and other standards. (Approx. 43 pp., 2006)

Resources

ETHICS IN SECURITY

• Perform professional duties in accordance with the law and the highest moral principles.

• Observe the precepts of truthfulness, honesty, and integrity.

• Be faithful, competent, and diligent in discharging their professional duties.

• Safeguard confidential and privileged information and exercise due care to prevent its improper disclosure.

• Not maliciously injure the professional reputation or practice of colleagues, clients, or employees.

Physical Security Professionals must adhere to the Code of Professional Responsibility, agreeing to:

QUESTIONS?

Thank You!Thank You!