17 June 2015 - Security Buyer Magazine

Wireless security skills need to prepare for the IoT age

The proliferation of new Wireless security communication technologies within consumer electronics and smart devices is overtaking the skills of the information security industry says Larry Pesce, a leading expert in the field and SANS instructor. “There is a great deal of disparity between the security of the different wireless standards particularly when you compare the 802 family that were predominately built for business use and emerging technologies that came from the consumer landscape such as Bluetooth, Zigbee and Z-Wave,” says Pesce who co-authored ‘Linksys WRT54G Ultimate Hacking’ and ‘Using Wireshark and Ethereal’ books. “For example, Bluetooth has some solid maths around encryption but many of the security decisions are left in the hands of the users which means things can go horribly wrong. Zigbee has a poor design for how it handles passphrase and replay packets which are highly vulnerable while security in some of the proprietary formats like Z-Wave is almost non-existent security.” Pesce who also develops real-world challenges for the Mid-Atlantic Collegiate Cyber Defense Challenge is complementary about newer wireless protocols such as 802.15.4 and Zigbee which uses baseline profiles to help deliver enhanced security but comments, “…the technology is probably ahead of the skill sets out in the field and the problem is also somewhat under estimated.” Pesce also highlights the privacy issues that wireless enabled devices are starting to hit against, “If we look forward a large number of devices in the work and home will be wirelessly enabled and communicating autonomously between each other and back to manufacturers. Unless more consideration is given to securing both the devices and the communication links, there are likely to be breaches that will burrow into this internet of things infrastructure and start to gather private information or act as a staging post for more damaging attacks.” Pesce will be teaching the upcoming SANS course, SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses which is debuting in Europe at Pen Test Berlin 2015 at the end of June. The hands-on course takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, students navigate through the techniques attackers use to exploit WiFi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS, and other systems. The course also examines the commonly overlooked threats associated with Bluetooth, ZigBee, DECT, and proprietary wireless systems. “We are at a crossroads from a standards perspective,” comments Pesce, “The vendors are still mostly obsessed with bigger and faster, but there is increased pressure from a privacy prospective and many are having a hard time figuring it out – for Infosecurity professionals, the skills needed to secure these new types of wireless connections are in high demand.”

Wireless security skills need to prepare for the IoT age Read More »

Over 200 security control rooms using Gallinet’s PeopleHours™

Industry Sectors, Technology, UK News Desk / Ghyslaine Cordrey

Gallinet’s PeopleHours™ on-line scheduling and control room monitoring software will benefit from another upgrade to one of its key application modules following the latest release this month. The TelMe service for PeopleHours™ has been expanded so users can now securely upload and store files and documents to Employee & Location records within the core application. Documents such as assignment instructions, risk assessments, HR documents, contract reviews, patrol point locations etc. can all be linked allowing them to be viewed and amended on the road or on site giving you and your staff secure access to the information they need, whenever and wherever they are. Storing data this way provides additional benefits such as automatic reminders when document annual reviews are due and the facility to complete reviews onsite, such as risk assessments, or face to face with an employee in the case of employee reviews. This update is in addition to the existing functionality that’s allows staff to view their future, current and past duty schedules or holiday status using the convenience of mobile apps. Or, if Managers prefer, they can send rosters to all or selected staff via email with just a couple of clicks. There are currently over 1,000 employees checking their duty schedules daily using the TelMe service. A full reporting suite for mangers allows reports to be scheduled and delivered automatically via email is also. Contracts Managers, or indeed their clients, can now have last night’s incidents reports automatically waiting in their email to be read over the first coffee of the morning, or time and attendance reports supporting invoices can be sent to accounts departments automatically to their required delivery schedules. This update is just one of many planned that will add further functionality such as patrol recording using RFID tags, incident reporting and image capture or lone worker welfare monitoring as well as time and attendance generation to include GPS proof of presence records. We also want to add features that are more directly useful to the end employee though to include reminders of upcoming shifts, the ability to request overtime and addition shifts, submit holiday applications or requests for days off or new uniform items. In so many cases employees work outside of typical office hours, the exact opposite to the admin departments of their company, easing communications between the two can only make life easier for all. TelMe is available as an addition to PeopleHours™ from just £15.00 per month. Gallinet can be contacted at www.gallinet.com or 01384-237 333

Over 200 security control rooms using Gallinet’s PeopleHours™ Read More »

Aperio helps define a sustainable future for assisted-living

UK News Desk / Ghyslaine Cordrey

When the city of Umeå, Sweden, needed a modern electronic locking system to secure a new assisted-living facility, it turned to Tidomat and Aperio® from ASSA ABLOY. The city demanded more than just stringent, user-friendly security. Umeå targeted a new gold standard, a sustainable solution to keeping its most vulnerable residents safe in the new Äldrecentret Teg. The largest city in northern Sweden, Umeå built a new flagship assisted living facility in Teg to provide accommodation and on-site rehabilitation for people with dementia and physical illnesses. The choice for the access control system was Tidomat integrated with Aperio® wireless lock technology from ASSA ABLOY. Key requirements for the facility’s locking solution included a people-centred, secure electronic access control system that would be suited to keeping a vulnerable client group safe combined with a sustainable technology to cut unnecessary energy use at the new facility. Each of the 110 Aperio® equipped doors is connected wirelessly to the access control system. There’s also a locker in every room that can only be opened, via electronic lock, by the correct resident or a member of staff. Aperio® wireless locks are battery powered, and so use much less energy than wired magnetic security locks. They only “wake up” when a credential is presented to the reader. In fact, an Aperio® lock and reader combined uses only 0.001 kWh of energy per year. This compares with 55.2 kWh per year for a typical wired lock and reader*. The energy-efficient Aperio® installation is flexible and future-proofed: it allows Umeå Social Services to bring further facilities into the access control system, if required at a later date. “This is the first step,” says Åsa Jernbom, planning secretary at Umeå Social Services. “Because we’re going to build more assisted living facilities, so we need to think in the long term—smart and sustainable. Umeå is setting the standard with this new facility.” Joacim Äwrnlund, Aperio® Sales Manager Sweden at ASSA ABLOY, adds: “We are very proud of the energy- and carbon-saving credentials of our battery-powered locks. In the long term, installing wireless locks like Aperio® also guarantees cost savings, thanks to reduced energy consumption and lower carbon emissions from a site.” About Aperio®: Available on the global market place, ASSA ABLOY’s Aperio® Technology enables a wide range of access control providers to cost-effectively integrate non-wired doors with mechanical locks into access control systems. About Äldrecentret Teg: In Umeå, northern Sweden’s largest city, Äldrecentret Teg is a new assisted living facility built to provide accommodation and on-site rehabilitation for people with dementia and physical illnesses. From hearing loops built into the floor to Aperio® wireless locks on the doors, technology is at the heart of the new centre

Aperio helps define a sustainable future for assisted-living Read More »

Pilgrims Vessel ‘The Judge’ to assist Organisations requiring Maritime Security in West Africa

Event News / Ghyslaine Cordrey

International security specialist, Pilgrims Group Limited, has further increased its ability to provide safe passage for clients working in West African waters by upgrading a former US Coast Guard cutter with state-of-the-art anti piracy facilities. The vessel, MV The Judge, was acquired by Pilgrims Vessel in the USA three years ago and has recently been refitted to install state-of-the-art navigation and anti-piracy equipment, expanding its personnel capacity to twelve crew members. Corporate clients, including oil companies, geological surveyors and cable laying experts, have already enjoyed the protection of an armed escort provided by MV The Judge, whose captain, Shane Slabbert, has military experience with the South African Navy. The vessel, which has worked as far afield as Egypt, Somalia and Mombasa, is now based in Lagos, Nigeria, working alongside the Nigerian armed forces, and its area of operations now extends along the West African coast. “The potential for attack by pirates is a regrettable feature of modern maritime activity and poses a significant threat to our clients, many of whom are involved in projects of international economic significance,” says Daniel Revmatas, General Manager of Pilgrims Africa. “The Judge gives Pilgrims the ability to provide organisations with a complete solution to security provision, both on land and at sea. Our sea-borne service, demonstrated by the upgraded abilities of The Judge, provides welcome reassurance in this uncertain environment.” The highly mobile vessel is able to respond rapidly to potential threats, long before a suspicious craft can approach a client’s operation. Pilgrims co-ordinates MV The Judge’s operations closely with the Nigerian authorities to escort a range of commercial operations around West African waters. These operations include oil exploration, seismic surveys, resupply missions, crew changes and emergency evacuation. “The decision to bring MV The Judge vessel to Lagos and have a dedicated offshore maritime role is a fantastic addition to the Pilgrims service in Nigeria,” says Tim Hepworth, Regional Director for Drum Cussac, Nigeria, which works alongside Pilgrims supporting clients in the country. “The vessel is fit for task and ideally suited to escort operations or short to mid-term survey and drilling operations in support of the oil and gas industries.” MV The Judge – technical specifications Length: 24.85m Breadth: 5.3m Draft: 1.8m Gross Tonnage: 80 Net Tonnage: 24 Hull and Superstructure Hull – Welded Steel A36 Superstructure – Riveted Aluminum Machinery Two Caterpillar 3412 DITA 800BHP 2100RPM Auxiliaries Two Lovell 1004 GM 48KVa Heat Exchanged 45HP @ 1500rpm Power Supply Two Leroy Somer 380V Alternator 35KW 120/240/440 VAC 3 PHASE 60HZ http://www.pilgrimsgroup.com

Pilgrims Vessel ‘The Judge’ to assist Organisations requiring Maritime Security in West Africa Read More »

Native integration of wireless video technology, TVI, with Milestone

Event News / Ghyslaine Cordrey

IFSEC International, London, 16 June 2015 Digital Barriers (AIM: DGB) announces today that, in response to strong customer demand, its world-class video streaming technology, TVI, will be natively integrated with Milestone XProtect® video management software (VMS). Global interest in secure, real-time video is growing rapidly, fuelled by the exponential rollout of wireless communications infrastructure. The market is now demanding wireless solutions for smart cities, vehicle-based passenger safety, remote asset protection, and body-worn video. Whereas standard video codecs, such as H.264, are not optimised to work in real time over wireless networks (often leading to poor image quality and high data transmission costs), TVI with its military and law enforcement heritage was designed for exactly that purpose: reliable, real-time video over wireless networks that deliver exceptional performance at controllable cost. TVI can operate over wireless networks of all types, ranging from poor quality legacy GPRS cellular, through satcom and IP radio, up to the latest 3G, LTE and WiFi networks. With high-grade security and cost management built in, TVI offers an industry-leading, fully functional end-to-end video distribution platform. With sales into more than thirty countries, TVI already counts some of the world’s most prominent defence and security organisations as its customers. Now, native integration with the industry’s globally leading video software, Milestone XProtect VMS, promises to significantly enhance the solution for customers across the defence and security sectors, as well as much more broadly into a wide range of business sectors. This Milestone-TVI capability will be available in the Summer of 2015, and promises to set a new and significantly improved standard for wireless video capability across the network video market. See a demo at the Milestone booth E750 during the IFSEC International trade show in London June 16-18

Native integration of wireless video technology, TVI, with Milestone Read More »

Key Control Innovations from Morse Watchmans

UK News Desk / Ghyslaine Cordrey

IFSEC Exhibit Highlights Industry Leading Product Portfolio Morse Watchmans’ market-leading portfolio of key control and management solutions, featured this week at IFSEC at their booth (E1800), is helping organizations of every type improve operational security by providing innovative technology for comprehensive safeguarding and management of keys. With experience as a driving force of product development, the company has created key control and management solutions that advance security levels and risk mitigation. Features such as scheduled reports, automatic email notifications, key reservations, mobile capability, key ring inventory, audio prompts and alarms, a new group interlock feature and now the SmartKey® Reader for easier and faster adding and updating of keys illustrates Morse Watchmans’ capabilities in providing state-of-the-art security solutions for key control and asset management. “No matter the size or type of organization, the protection and controlled access to keys is fundamental to a safe and secure facility,” said Fernando Pires, VP Sales and Marketing, Morse Watchmans. “Morse Watchmans has advanced this premise with innovative technology to create higher levels of functionality and integration that help to ensure a more comprehensive solution for building security.” Also reflecting Morse Watchmans’ focus on innovation is their recently updated Lenel Factory Certification that includes KeyWatcher Touch Key Management System support for v6.6 (2013) and v7.0 (2014) of Lenel’s OnGuard Access Control System. In addition to support for segmentation in the OnGuard system, Morse Watchmans has added an advanced card format builder utility to the module which makes it easier to add custom card formats. Featured products at the Morse Watchmans booth include: KeyWatcher Touch® offers the convenience of scheduled PDF reports that are automatically emailed to authorized recipients. Email delivery of customized or standard reports can be scheduled for any frequency or specific time, or they can be accessed using the Morse Watchmans smartphone app. System administrators have access to view or run reports as needed. The system also enables security management to easily notify a user via email when a key becomes overdue. KeyWatcher TrueTouch® software has been updated to incorporate key ring inventory functionality. Now, multiple rings can be assigned to a single SmartKey, allowing users to more easily define what keys and rings should be associated with the SmartKey. The advanced TrueTouch software runs all programming, remote functions and reports for all KeyWatcher Touch locations, while the server synchronizes transactions and maintains the SQL database. Both access control systems and customized client control software interface with the server application. KeyWatcher Illuminated® can be configured with a variety of modules and customized to specific user needs. Available modules include the credit/access card module and single and dual locker modules, which can be used in any KeyWatcher system to hold small valuable items. The new SmartKey Reader is designed for use with the KeyWatcher Touch system and accompanying TrueTouch software and connects to a computer via the USB port. By simply inserting a SmartKey® into the free-standing SmartKey Reader appliance, users can add new keys to the system, delete keys, or identify existing keys – all from a single location, making it even more convenient to manage keys. Morse Watchmans’ Mobile App enables authorized users to view a wide range of live information and to interact remotely with the KeyWatcher Touch system. It’s a highly efficient and easy to use tool that greatly simplifies key control management while on the go. Also on display are the KeyBank® Key Control System that provides total accountability of large quantities of keys; KeyPro™ Software; KeyRings™; PowerCheck® Guard Tour System and TourPro™ Data Sorting Software.

Key Control Innovations from Morse Watchmans Read More »

IDIS Launches Its HD-TVI Surveillance Offering

UK News Desk / Ghyslaine Cordrey

The expanded IDIS line-up ensures a unified user experience across all technology platforms to meet surveillance needs of businesses large or small IDIS today unveiled its HD-TVI surveillance solution, DirectCX™, on stand G700 at IFSEC International, alongside a fully-featured VMS, IDIS Solution Suite™ (ISS). The addition of an analogue HD-over-coaxial system, and the highly flexible and scalable ISS, to the IDIS line-up realizes the surveillance powerhouse’s promise to present the most comprehensive surveillance solution at this year’s exhibition. With a continued commitment to meet a range of surveillance and technology needs, the new IDIS DirectCX™ offering is ideal for customers and installers seeking analogue CCTV and looking to leverage existing coaxial cabling and power lines, while still benefitting from IDIS signature high performance and quality. The DirectCX™ line-up includes a range of HD-TVI video recorders (TVRs), cameras, IDIS Center™ Video Management Software (VMS) and peripherals. Additionally, the fully-featured IDIS VMS, ISS, works across any combination of IDIS recording platforms including the IDIS flagship NVR-based offering, DirectIP™, as well as DirectCX™ TVRs, and presents customers with the powerful functionality offered by server-based recording. Leveraging a cost-effective modular design, ISS works seamlessly with every single IDIS device and allows customers to choose only the modules they need, such as administration, monitoring, recording, streaming, backup, redundant recording, failover and video wall services. Built on core patented technologies, the IDIS offerings all use the same user-friendly interface, ensuring a unified user experience across all technology platforms. ISS allows customers to mix and match network and analogue HD over coaxial cable technology, while customers looking to migrate from DirectCX™ to DirectIP™ or to scale up from DirectIP™ to ISS will find a virtually identical user interface. This future-proofs investments by giving customers the flexibility to expand, while minimising training requirements to ensure a low cost of ownership. Speaking at the show, Brian Song, Managing Director of IDIS Europe, said, “Our philosophy is to meet the surveillance needs of businesses across a range of market sectors by offering a total surveillance solution. We also have a commitment to combining high performance with simplicity and a low cost of ownership. From the perspective of operation there is no difference between using DirectIP™, DirectCX™ or operating ISS. “IDIS Center™, bundled within our DirectIP™ offering, is already a powerful VMS that we offer at no cost, supporting up to 1024 devices or 32,768 (32 x 1024) cameras. Now, with ISS, customers can scale up and expand to, say, 64 simultaneous remote client logins, and gain the power and redundancy of server-based recording, often required by larger enterprises with mission critical security operations, yet the user experience remains the same. The modular design of ISS also ensures customers only pay for what they want and need.” Song continued, “With the addition of our DirectCX™ offering and an enterprise-level VMS, we really are meeting the needs of an even wider range of applications in terms of security, surveillance and technology requirements.”

IDIS Launches Its HD-TVI Surveillance Offering Read More »

Pilgrims Vessel ‘The Judge’ to assist Organisations requiring Maritime Security in West Africa

Event News / Editor

Pilgrims Vessel ‘The Judge’ to assist Organisations requiring Maritime Security in West Africa Read More »

Townscape provides protection to East Midlands Airport

Industry Sectors, Product News, Technology, UK News Desk / Ghyslaine Cordrey

Townscape Products Limited, is helping to safeguard jet setters at East Midlands Airport with its expert hostile vehicle mitigation (HVM) system. The British street furniture manufacturer won the £190,000 contract to supply the airport with its integrated solution for HVM, the CT range, a robust perimeter protection system designed to stop vehicle-based attacks. The international airport, part of Manchester Airport Group, required the solution to prevent unwanted vehicle incursion onto the busy pedestrian plazas at the entrance of the airport terminal, adjacent to the vehicle drop-off points. Townscape supplied 74 of its PAS 68 Counter Terror (CT) Blocks, 10 PAS 68 shallow mount bollards and a PAS 68 manual CT Barrier. Jonathan Goss, managing director of Townscape said: “East Midlands Airport has more than four million visitors pass through its doors each year, so a hostile vehicle mitigation (HMV) system was needed to defend the building, whilst also providing an open and inclusive perimeter. “We used our PerfomaCast™ polymer bollard sleeves to give the shallow mount bollards an aesthetically pleasing finish and keep the maintenance and cost low. The CT blocks were placed at the front of the building to give a strong visual deterrent, whilst also providing seating for pedestrians waiting in the pick-up area.” This is the third airport within the Manchester Airport Group Townscape has provided its perimeter protection to. Other airports across the country include, Manchester Airport and Bournemouth. One of the leading HVM systems on the market, CT Blocks are manufactured at Townscape’s Sutton-in-Ashfield factory. Each weigh in at 2.2 tonnes and are made using a special mix of aggregates designed for ultimate strength. The CT Blocks only require minimal groundwork due to their low profile foundation, making them cost effective to install without compromising security. The blocks are positioned where a building is vulnerable to vehicular incursion and meet the PAS 68 standard for vehicle immobilisation. Townscape’s integrated HVM range, which included blocks, bollards, barriers and planters has been designed to give an aesthetically pleasing solution, fitting into the landscape surroundings. For more information on Townscape’s integrated PAS 68 hostile vehicle mitigation (HVM) range visit: www.townscapeproducts.co.uk or call: 01623 513355.

Townscape provides protection to East Midlands Airport Read More »