Access control systems are a huge asset for security, offering integrated and intelligent responses to events on site. But the best access control systems guard against cyber as well as physical threats to ensure more robust safety and security for people and places.
Inner Range General Manager Tim Northwood blogs about what to look for in your access control system to ensure you have robust cyber as well as physical security in place.
- Secure communications at every interface
Secure communications are paramount for cyber security, whether that’s via in-house private communication networks or between access control system controllers, servers and door modules, or when the core system integrates with third-party products, such as CCTV.
A robust level of end-to-end encryption across all these communications channels and interfaces is vital. Data encryption ensures secure LAN communications at all times and continuous monitoring will detect any fault or attempted module substitution.
Ensuring the communications network is isolated also helps reduce the risk of interception.
Sandboxing is a software management strategy that isolates applications, such as your access control system, from critical system resources and other programs, such as other products integrated with your core access control system. It provides an extra layer of security that prevents malware or harmful applications from negatively affecting your access control system.
Without sandboxing, an application may have unrestricted access to all system resources and user data on a computer. A sandboxed app, on the other hand, can only access resources in its own ‘sandbox’. An application’s sandbox is a limited area of storage space and memory that contains the only resources the program requires. If a program needs to access resources or files outside its sandbox, permission must be explicitly granted.
- Reduce the risk of module substitution
Where a higher than normal level of security is required, you should ensure devices connected to the access control system have their own MAC addresses to help guard against cyber security breaches. This measure prevents module substitution. For example, if an attacker attempted to replace devices for others with lesser level of performance, the system would alert operators to the unauthorised change.
- Create a stable network with failover protocols
Ensuring your system is ‘always on’ is another key element to reducing the risk of cyber breaches in vulnerable down-time. A security system should offer high availability with an IP network that runs multiple instances of itself – at the same time – across multiple nodes or servers at local, national and global levels. Solutions such as database failover clustering means it will auto-connect to available nodes when necessary and ensure there is no compromise to the system.
- Fine grain permissions for users
Security systems that allow ‘fine grain’ tailoring for permissions and protocols offer better protection from would-be hackers. For example, systems that allow you to create completely bespoke access credentials for each member of staff and visitor ensure they can only access the correct areas and systems.
- Forensic audit trail and roll-back
Systems offering a full forensic audit trail are vital for robust cyber security. Forensic audit reports cover every single action and engagement with the access control system and can be reported at local, national or global levels. This means security managers can see exactly who has done what to the system and when. A good audit trail system should have the ability to ‘roll-back’ changes made to system programming by any person or entity at a specific date and time. This means, for example, changes made by a ‘rogue’ operator can be undone in one action and the system programming rolled back to exclude these changes.