SOFTWARE HOUSE ENHANCES CENTRALIZED POLICY MANAGEMENT WHILE DELIVERING SERVICE ORIENTED CAPABILITIES WITH C•CURE 9000 v2.70

C•CURE 9000 v2.70 from Software House is one of the industry’s most powerful security management systems providing 24×7 mission critical security and safety protection for people, buildings and assets. This new version provides up-to-date capabilities and technologies that enable security departments to meet the changing requirements of corporate facility protection. C•CURE 9000 v2.70 provides security staff with a consistent, standardized approach to meet critical access control and visitor management needs for enterprises adopting agile workplace strategies.

C•CURE 9000 v2.70 makes obtaining access clearances faster and less prone to errors, with an Access Management consistent process. A card holder can now request access to a space and that request is directed to the correct personnel for approval, replacing long email chains and long response times common for access approvals. The system provides a complete audit trail of the approval or decline of the clearance for compliance purposes all natively within C•CURE 9000.

Enhanced Visitor Management capabilities within C•CURE 9000 are designed to reduce reception desk workload and speed visitor processing. New in v2.70 is the addition of visitor badge printing from the self check-in kiosk, group add which easily allows users to add a group of visitors for events, classes and conferences, and new host instructions. To increase the safety and security of a site, internal watchlists have been added for personnel and visitor management. In addition, an assistance button is now available for personnel to send an alert to the security team with one click to help provide a quick response to visitor or other personnel issues.
Enhanced management on C-CURE 9000 Platform
C•CURE 9000 v2.70 also include enhancements to C•CURE Web with support for Swipe and Show, which visually confirms a card holder with a picture in their record to reduce identity theft and social engineering attacks. This allows users to increase security using any web-enabled workstation or mobile device with C•CURE 9000.

Watch the “What’s New in C•CURE 9000 version 2.70” video for more details.

IP-ACM v2 Ethernet Door Module for a More Secure Access Control Option

IP-ACM v2 is the latest version of the IP-ACM Two-Reader Ethernet Door Module, enhancing the original IP-ACM by providing a secondary Ethernet port to connect an additional network device such as a biometric reader on the same LAN segment. The maximum lock output amperage has been increased to 0.75A per lock, allowing the IP-ACM to directly power a wider range of locking devices, plus, the output connector size has increased, for easier installation. In addition, IP-ACM v2 now supports 801.1X and TLS 1.2 secure network protocols for added protection against the threat of cyberattacks.

Like its predecessor, the IP-ACM v2 enables a pure IP edge-based access control architecture. IP-ACM acts as the interface between the local field wiring/devices and the IP network, communicating to iSTAR Ultra and iSTAR Ultra SE door controller GCM or iSTAR Ultra LT for all access decisions.

IP-ACM utilizes a customer’s network infrastructure to reduce installation costs, requiring just a single Cat 5/6 cable to each door. IP-ACM also offers compelling benefits in a hybrid solution where IP and traditional wired doors are required. Embedded lock power is provided through PoE (Power over Ethernet) for further installation savings (primary port only).

Visit our webpage for more information.

C•CURE 9000 Integration with Innometriks High Assurance Security Solution for Strong Identity Authentication

C•CURE 9000 security and event management system now integrates with the Innometriks High Assurance Security Solution, a FICAM approved software, for strong identity authentication. The integrated solution includes FICAM (Federal Identity, Credential, and Access Management) software, Cheetah and Rhino Smart Card Readers and ID Server for FICAM continuous vetting.

The C•CURE 9000 integration with the Innometriks FICAM software provides users with a seamless, high-assurance access control solution, which is important for government agencies that need to deploy a secure and interoperable access control solution for high security areas. Strong authentication verifies an individual’s identity using technologies including biometrics, smartcards, Public Key Infrastructure (PKI) and digital signatures to provide a level of assurance above and beyond that available through non-smartcard ID card mechanisms.

With Innometriks’ FICAM software as part of the physical access control system, integrators benefit from installing an already integrated solution through reduced installation time and implementation complexities. End users will see faster transaction times and a reduced overall cost of the system when compared with systems that take a bolt on approach.

Innometriks FICAM software is built on an open architecture platform. It integrates with many third-party readers and supports Open Supervised Device Protocol (OSDP) authentication. OSDP is a communications protocol that enables peripheral devices such as card readers and biometric readers to interface with physical access control system panels. OSDP provides another layer of sophistication through directional communication and read/write capabilities.

Software House C•CURE 9000 now includes an end-to-end approach, providing the security market with a solution that includes card registration capabilities, validation and integration with HSPD-12 (Homeland Security Presidential Directive) complaint readers.

Visit our website to learn more about Innometriks High Assurance Security Solution.

Expand Policy Enforcement and Increase Operational Efficiencies with C•CURE 9000 v2.60

C•CURE 9000 v2.60 includes features that are invaluable to airports, government buildings and other large-scale facilities because they automate processes improving operational efficiencies, and provide process and procedure accountability for meeting compliance standards. This latest version of the C•CURE 9000 security and event management platform also supports IPV6 address protocols for the iSTAR Ultra door controller and introduces a new C•CURE 9000 Web Client user interface.

CC9000-iSTAR-Ultra_p3_07_na_v

  • Customizable access control workflows for more efficient management of access credentials
  • Visitors can easily look up an appointment and register using a self-service kiosk
  • Funnel card holder access after-hours through a central entry point for visual identity by security personnel
  • Allow users to add expiration dates to clearances reducing the need for multiple clearances
  • Automate screening selection for high security areas with random screening feature
  • Restrict access to sensitive areas with n-person rule and team rule
  • iSTAR Ultra support for IPv6 network protocol standards
  • And much more!

iSTAR Ultra Video – Integrated Access Control and Video at the Edge

iSTAR Ultra Video offers highly distributed, small site security without sacrificing enterprise performance. This small, yet powerful appliance combines the robust access control features of iSTAR Ultra with embedded VideoEdge video recording and management that is remotely managed by an integrated C•CURE 9000/victor application to meet the security needs of small remote sites. Each iSTAR Ultra Video is factory-imaged with the latest firmware and camera licenses.

istar-ultra-video-collage

Used with IP-ACM Ethernet door modules, iSTAR Ultra Video is ideal for large corporations whose footprints include smaller remote networking facilities, fiber huts and other small but critical facilities that need constant monitoring and control. This highly distributed security architecture can scale to thousands of sites, making it perfect for enterprise customers with multiple remote locations.

 

Features That Make a Difference:

  • Control up to 8 doors and 8 IP cameras in one small, low-cost appliance
  • Managed by remote integrated C•CURE 9000/victor application
  • Scalable to thousands of sites
  • Intuitive web-based start-up wizard with camera auto-discovery reduces commissioning time
  • Local video storage and caching
  • Unparalleled video stream management with full transcoding functionality
  • Powerful video analytics save time; improve situational awareness
  • External USB storage options to increase local recording capacity
  • Supports ONVIF Profile S
  • Manages up to 500,000 cardholders in local memory
  • Native intrusion zone functionality
  • FIPS 197 AES 256 network encryption
  • Included in Tyco Security Products Cyber Protection Program to help reduce risk of vulnerabilities

High-end Multi-zone London Development Chooses Tyco Security Products’ C•CURE 9000 Security and Event Management System

The Challenge
The new Ludgate site, a high-end central London multi-zone development,  required a new integrated security solution. Systems such as video surveillance, access control and video door intercoms combining to create a total security solution using a single interface.

New Ludwig
The Solution
Together, Universal Security Systems and Land Securities chose Tyco Security Products’ C•CURE 9000 Security and Event Management system to unite the New Ludgate buildings’ management, access control and video surveillance systems for comprehensive management of the site’s physical security.

Benefits
  • Rich integration with victor Unifying Client improved – access, video, and intrusion
  • Single server for managing security and events for video, access control, intrusion, central station, fire, real-time location, and other supported systems
  • Visitor management web portal for appointment management that expedites the visitor check-in/out process at the front desk
  • Conditional Access and Dynamic Area Management for areas needing supervised entry and occupancy for increased security
  • Enterprise multi-version software upgrades remain operational while progressively upgrading each server node without needing to take an entire system out of service
  • Event linking and cross-product association for event activations across dispersed security systems with associated time-synchronized video

Penn State Upgrades Security System with Tyco Security Products Solution

The Challenge
Penn State University wanted to move to a single security and event management platform for its residence halls and other group facilities on campus.

Penn State

The Solution
Penn State selected a unified Tyco Security Products solution to protect and manage its campus.

Benefits
  • Improved image quality to quickly identify activity in a variety of lighting conditions
  • Reduced expenses retooling locks and replacing lost cards
  • Easily managed access rights and track activity of each user with powerful audit trail
  • Accelerated investigation searches with intuitive video management system interface
  • Streamlined and automated processes

Why it’s Critical to Take a Multi-Faceted, Multi-Layered Approach to Mass Notification

By Jim Stankevich

The size, scope and inherently open nature of hospitals and healthcare facilities make them particularly challenging cases for notifying the masses of an event or incident. Hospitals face myriad threats from inside and outside, and thus need to be able to communicate quickly, accurately and effectively when faced with a crisis.

However, hospital personnel don’t always have or are even allowed ready access to their personal phones to receive text or voice messages, nor are many of them likely to be sitting at a desk viewing their email or viewing social media.

Instead, the bustling healthcare setting requires a multi-faceted, multi-layered network-based mass notification process so staff, patients and visitors can receive targeted, accessible information. A process like this is crucial regardless of whether there is an active shooter in the emergency department, a weather-related situation that requires action involving the whole complex and its inhabitants or a domestic dispute incident affecting specific patients, visitors or staff.

Currently many healthcare facilities are opting for text-based notification systems, which are sometimes funded by grant monies, and can work well enough if staff members have a hospital-issued phone readily available or if they are allowed to use their personal phone on the job. But some healthcare organizations don’t allow the use of personal phones being used at work, thus eliminating this major means of crisis communications.

correctional_officer_radio_istock_000006315938xlarge_ms

Another traditional way of alerting personnel has been via public address announcements (PA) using a series of codes or fictional names or codes to alert them about a particular situation. Since hospitals have PA systems that reach almost every area within the facility this is still a viable way to notify those within the building of a situation. The PA may not be ideal for every emergency situation but it is used often every day and should be connected to your automated mass notification system for that should be communicated via the PA as one means of notification.

Even when healthcare facilities have mass notification protocols in place, if the messaging can’t be delivered in a timely manner, or isn’t read immediately on a phone or email, the effectiveness is lost. Having to send messages by text or email can mean a notification that needs to be delivered quickly so staff can react accordingly is taking too long to be disseminated among the long list of employees and staff members who need to receive it. And once sent, the message could sit in someone’s inbox for minutes or even hours before they have the opportunity to see it.

Thus, a multi-layered approach tied in with a network-based access control system is critical in a setting where people are constantly on the move. Along with individual texts and emails, messages that appear as a pop-up message on computer screens at nurses’ stations even when logged off and on computers and tablets used on mobile workstations within patients’ rooms can better convey a message during a crisis. Likewise, with a highly critical situation such as an active shooter, a mass notification system should be able to incorporate a public address, visual public monitors throughout the facility, SIP IP phone system, and radios used by security personnel to reach the most people in the quickest manner possible.

An effective mass notification system should also be a “two-way system,” so personnel who are in a duress situation or are seeing a crisis unfold have the ability to send an alert to get help, not just receive an alert. With some systems, the ability to send such a message can be as simple as using two keys on a computer keyboard that, when used together, constitute a panic alarm. Additionally, computer screens or phones can be set up with icons that when used, trigger a panic or notification alarm as well.

These types of alerts not only work well in that they quickly disseminate information from someone in crisis to the appropriate responders, but if that person is being confronted by an abuser or someone who is armed, it is much less obvious to press a couple of keys than it is to pick up the phone and call for help which might escalate the situation with the person listening to the call.

Additionally, highly useful mass notification schemes are being tied into access control systems and other security monitoring systems such as video surveillance, HVAC, fire and burglar alarms, and infant abduction systems to provide a holistic approach to security.

An employee in the emergency department who is dealing with a potential gang confrontation has the ability, through the push of a button, to alert security and activate video of the incident or even lockdown doors. And if an infant abduction alarm sounds, through the integrated mass notification system, security has the ability to send messages to key personnel around the facility or within the parking structure so the chances of that child being removed from the premises is greatly reduced as well as to lock specific doors and view relevant video.

Of course, a system is only effective if everyone is familiar with it and it is working properly. It is important, therefore, to make testing and supervision of the mass notification system a requirement of the product. This not only keeps it working for when it’s desired most, but also reminds hospital staffers that they have this vital tool readily available should they need it and how to use it.

Jim Stankevich is the Global Manager for Healthcare Security & Lynx for Tyco Security

Products and is a past IAHSS board member. He can be reached by email at: JStankevich@tycoint.com

Distributed Denial of Service

If you were not already familiar with the term Distributed Denial of Service (DDoS), then over the past several weeks you probably have become aware of it through various news articles.

A few key points in the media about the DDoS attacks:

  • Some of the largest DDoS attacks ever launched[1] in late September
  • Release of the Mirai source code used to create the DDoS attacks in early October[2]
  • Growth of devices infected by Mirai malware is growing from 213,000 to 493,000, by mid-October[3]
  • Twitter, Netflix and PayPal and many popular site being unreachable for part of Friday as a result of a new DDoS attack[4]

Were Tyco Products Affected?
These attacks are of special interest for companies such as Johnson Controls because they were launched from botnets composed of “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders[5]There is no indication that any Tyco Security Products devices were involved in these attacks.

  • Illustra cameras are designed to prevent user access to the camera’s operating system and as a result of that decision: telnet is not available on any Illustra camera model.
  • VideoEdge NVRs do not support telnet. Also, all known botnet scanners look for a different version of Linux than used on VideoEdge.
  • iSTAR controllers do not support any remote access protocol and will not be detected by the malicious scanners.
  • DCM controllers, AC200 (RTC) Ethernet Controller and Emerald Intelligent, multi-function access terminals do not support Telnet
  • exacqVision network video recorders and video management system (VMS) software has SSH disabled making it unaffected.
  • Kantech  access control system also remains unaffected.
  • Applications such as AC2000, C•CURE 9000 and victor are not affected. These applications also do not require remote access protocols.

Background: What are Distributed Denial of Service Attacks?
If you are not familiar with a Distributed Denial of Service (DDoS) attack, it is an Internet attack, which typically targets websites in an attempt to bring down the site so that it is inaccessible to other Internet users.  It is a common tactic for activists and groups looking to suppress information or as a form of extortion; demanding money from the victim to cease to attack.  These attacks work by flooding the target website with large amounts of data, or requests for data, that use up a website’s resources. With a small attack, the site may appear to be slow, but large attacks can bring down a website making it inaccessible.

What is a botnet?
These recent attacks have used a ‘botnet’, or a network of devices, infected with malware. The attacker is able to remotely control the device. The owner of the device will not know it has been infected because the malware does not affect the devices normal operation.

This malware is only able to be loaded onto the device if it has a remote protocol such as telnet or SSH enabled on the device. Telnet and SSH are common among physical security products and devices with the protocols enabled will be detected by the scanner.  The Mirai malware uses a table of common factory default usernames and passwords to log into devices.

Recommendations for Installers and End Users
If you have a device which is using the default password and a remote access protocol enabled, you are at risk. To prevent your device from becoming a bot, you should immediately:

  • Disable remote access if it is not required.
  • Reboot the device. This does not have to be a factory reset, just turning the power off, wait a minute and turning it back on is sufficient
  • Change the password to a complex password. If you do not change the password or have a device that doesn’t allow you to change the password, you run the risk of becoming infected.

Again , the following Tyco Security Product devices are not affected:

  • Illustra Cameras
  • VideoEdge NVRs
  • iSTAR
  • DCM
  • AC2000 RTC Controllers
  • Emerald Intelligent Access Terminals

Sign Up to Receive Security Advisories
Tyco Security Products dedicated Cyber Response Team generates notices, typically within 24 hours, advising which products, if any, might be vulnerable along with mitigation steps. If it’s a critical security vulnerability, the team will develop, test and release patches to resolve issues.  Sign up to receive security advisories and access compliance guidelines. 


Sources:

[1] Wall Street Journal Sept 30th 2016 Hackers Infect Army of Cameras DVRs for Massive Internet Attacks http://www.wsj.com/articles/hackers-infect-army-of-cameras-dvrs-for-massive-internet-attacks-1475179428

[2] Wall Street Journal October 5th 2016 Hackers Release Botnet Code, Raising Specter of More Attacks ttp://www.wsj.com/articles/hackers-release-botnet-code-raising-specter-of-more-attacks-1475677667

[3] PC World October 18,th 2016 Hackers create more IoT botnets with Mirai source code http://www.pcworld.com/article/3132571/hackers-create-more-iot-botnets-with-mirai-source-code.html

[4] Wall Street Journal October 21st 2016 Cyberattack Knocks Out Access to Websites http://www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080

[5] Krebs on Security October 21, 2016 Hacked Cameras, DVRs Powered Today’s Massive Internet Outage  https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/#more-36754

Cyber Security Assessment

Today’s businesses are faced with unprecedented threats from sabotage, theft of intellectual property and compromised sensitive data. Have you considered how your physical security products affect your cyber security?

TSP Cyber Protection Program Flowchart

Take a look at our infographic and assessment quiz to see if you are asking the right questions and taking the next step to be cyber secure.

Access the InfographicTake the Assessment Quiz
Learn more about Tyco’s industry-leading Cyber Protection Program.