All posts by Tyco Security Products

Using Duo at the Door: Protecting Physical Access Through New Partnerships – GUEST BLOG

Duo has recently partnered with two of the leading providers of physical access security: Tyco Software House and BioConnect. The partnership tells a complementary story. Duo was born in the cloud. Since our inception, we’ve focused on providing a simple, secure authentication workflow into any business application. Tyco and BioConnect live in the concrete world of building and office access.

Duo offers a broad integration portfolio that includes hundreds of cloud and on-premises applications. Thousands of customers leverage Duo to protect a diverse set of applications, from Office 365 to the AnyConnect VPN or even custom on-premises applications. Our technical integrations and partnerships have primarily focused on protecting the workforce from compromised digital credentials and data breaches.

However, we’ve come together with Tyco Software House and BioConnect to answer the question: how can we also protect physical workplaces and physical credentials?

Physical credentials can take many forms but often come as key cards or badges that are used to enter business critical facilities. Many of us are familiar with physical credentials and access control from their supporting roles in heist movies. In most cases, a ragtag group of would-be thieves includes a pickpocket whose responsibilities involve lifting a key card from an unsuspecting VIP. While this fictionalized version of credential theft is not the most common case for losing physical credentials, at its heart it still reveals a potential hole in physical access control. When the crown jewels are at stake, these partnerships and integrations can help you verify that the holder of a physical credential is the person who belongs to the card.

Tyco Software House

Tyco Software House is committed to providing a robust security and event management solution for buildings across the globe with its C•CURE 9000 platform to protect any company’s people, buildings, and assets. This solution scales to protect buildings of any age, layout, or location, whether a company is protecting one door or hundreds.

And now, C•CURE 9000 seamlessly integrates with Duo’s multi-factor authentication (MFA) solution to provide an additional layer of security at points of access. The integration is simple to set up and provides an easy and effective end-user experience at a company’s most critical locations. C•CURE 9000 customers will not have to change any infrastructure or card readers, and employees can self-enroll in Duo. When deployed, an employee simply taps their access card as they would normally, but instead of gaining direct access they are challenged with a second form of authentication on their preferred device. For more information about the integration and the Tyco Software House’s product portfolio, check out this informational video and the integration announcement.

BioConnect

BioConnect is spearheading the unification of the digital and physical access management sectors. Their previous solutions are known for leveraging biometric credentials (face, voice, fingerprint and eyeprint) to secure access to both physical assets, like data centers, and digital assets, like corporate portals. The outcome is higher identity assurance of who is accessing what and provides in-depth reporting and analysis regarding a company’s physical and digital access points.

BioConnect has realized a gap in the physical access market where certain customers’ physical access points are not equipped with biometric readers. In these cases, a BioConnect customer may need to use a badge on a door that currently does not provide a second factor of authentication. In order to address this use case, BioConnect has integrated with Duo’s MFA, adding it to BioConnect’s authentication flow. With Duo and a retro-fit solution that is integrated into 80% of the top access control system providers, it becomes easy and cost-effective for BioConnect customers to provide step-up authentication on all doors or access points.

To learn more about how this integration ensures security in every case, check out BioConnect’s documentation or their video guide to using Duo at the door.

Introducing the Innometriks and Software House Fully Integrated End-to-End High Assurance Solution

The Software House C•CURE 9000 and Innometriks High Assurance Solution is a fully integrated platform providing a robust system for the stringent identity validation needs of the Federal Government and security conscious commercial businesses. Available with the C•CURE 9000 Version 2.7 Service Pack 2 release, the updated and enhanced offering provides streamlined setup and configuration making the deployment of High Assurance systems quicker and less complicated.

Personnel Enrollment has also been greatly improved with the updated High Assurance solution. Enrollment is now done through the familiar C•CURE 9000 user interface without the need for an additional application thus reducing system complexity and enhancing the user experience.

The High Assurance Solution supports the enhanced portfolio of Innometriks purpose-built, High Assurance readers, including the new lower cost Cheetah SE. These readers cover the breadth of security levels with multiple authentication options and centralized management of settings and firmware. In addition, support for third-party readers from several manufacturers has been added as well. All of these readers connect directly to Software House iSTAR Ultra and iSTAR Ultra SE ACMs without the need for additional hardware

One of the most significant improvements to the High Assurance solution is the deep integration within C-CURE 9000. With many “bolt on” solutions, the use of multiple vendors for main system components makes solving potential issues a nightmare increasing potential downtime. With all major system components coming from Johnson Controls, the solution can be tested thoroughly as updates are made to make sure the entire system continues running smoothly.

 

Key Features

  • Complete end-to-end High Assurancesolution
  • Updated solution is now easier to install and configure
  • Supports OSDP High Assurance readers from several manufacturersas well as advanced readers from Innometriks including the new Cheetah SE.
  • Readers connect directly to an iSTAR Ultra/UltraSE ACM. No additional hardware is required.
  • Native C•CURE 9000 enrollment

Visit our webpage for more information about the Integrated High Assurance Solution.

Innometriks Cheetah SE High Assurance Smart Card Reader. Small footprint. Big features.

The Innometriks Cheetah SE High Assurance Smart Card Reader delivers centralized reader management and FICAM solution compliance in a low cost, compact footprint. The Cheetah SE is designed to meet implementation paths recommended by NIST SP800-116, which provides Federal agencies and non-governmental organizations with risk-based guidelines for the incremental rollout of PIV-enabled access points. Cheetah SE Reader’s advanced architecture allows seamless integration into a range of existing physical access control systems for authentication and network environments for administration.

In addition, the Cheetah SE supports Software House RM Reader functionality for new and existing installations making it a great choice for users who wish to upgrade to a high assurance solution over time. The Cheetah SE supports the full capabilities of RM communications such as arming and disarming intrusion, locking and unlocking groups of doors while displaying their current mode and status, and with simple RM Reader keypad commands you can remotely activate cameras, doors, and other events as well as trigger a duress call right from a reader. Keypad commands can be configured to require card presentation and/or a PIN to validate the command.

Key Features

  • Cost effective high assurance reader for installations requiring two-factor authentication
  • Easy to deploy, flexible and highly secure authentication solution for physical access
  • Web-based, centralized reader management
  • Supports Software House RM reader functionality including intrusion and local door control
  • OSDP and OSDP Secure Channel RS-485 connectivity for broad industry compatibility
  • Contactless and contact + contactless models available
  • Indoor and outdoor configurations

Visit our webpage for more information about the Innometriks Cheetah SE.

SOFTWARE HOUSE PROVIDES CLOUD DEPLOYMENT AND ENHANCED SECURITY FOR C-CURE 9000 V2.70 SP1

C•CURE 9000 v2.70 SP1 provides software improvements for C•CURE 9000 v2.70 and new capabilities to enhance the security and safety of a facility and improve system administration.

C•CURE 9000 can now be deployed under an Infrastructure-as-a-Service (IaaS) model, reducing or eliminating the need for onsite server hardware. As demand for cloud deployments continues to grow, Johnson Controls offers a solution that enables customers to take advantage of the flexibility and resilience provided by this technology. C•CURE 9000 v2.70 SP1 provides a cloud deployable solution that can be used by enterprise companies to support the security and safety of people, buildings and assets globally while at the same time lowering system management costs.

In addition to fixes and solutions that are driven by the Software House Customer Support team and prioritized by severity and impact, C•CURE 9000 SP1 delivers additional capabilities that enhance security. While previous versions of C•CURE 9000 had the capability to designate dynamic area managers for added oversight, it didn’t meet the needs of some security teams. The addition of Area Supervisor ensures that one or more personnel designated as supervisors must accompany personnel designated as supervised into an area at all times. For example, Area Supervisor is used in retail banking when a supervisor must be in the area at all times during cash counting procedures.

Additional features in C•CURE 9000 v2.70 SP1 that elevate a site’s security are Automatic Door Unlock Control per controller and the ability to monitor disarmed events.

For more information on C-CURE 9000 v2.70 SP1, click here to download the data sheet and New Product Announcement under the Documents tab on the Software House website.

IP-ACM v2 Ethernet Door Module for a More Secure Access Control Option

IP-ACM v2 is the latest version of the IP-ACM Two-Reader Ethernet Door Module, enhancing the original IP-ACM by providing a secondary Ethernet port to connect an additional network device such as a biometric reader on the same LAN segment. The maximum lock output amperage has been increased to 0.75A per lock, allowing the IP-ACM to directly power a wider range of locking devices, plus, the output connector size has increased, for easier installation. In addition, IP-ACM v2 now supports 801.1X and TLS 1.2 secure network protocols for added protection against the threat of cyberattacks.

Like its predecessor, the IP-ACM v2 enables a pure IP edge-based access control architecture. IP-ACM acts as the interface between the local field wiring/devices and the IP network, communicating to iSTAR Ultra and iSTAR Ultra SE door controller GCM or iSTAR Ultra LT for all access decisions.

IP-ACM utilizes a customer’s network infrastructure to reduce installation costs, requiring just a single Cat 5/6 cable to each door. IP-ACM also offers compelling benefits in a hybrid solution where IP and traditional wired doors are required. Embedded lock power is provided through PoE (Power over Ethernet) for further installation savings (primary port only).

Visit our webpage for more information.

C•CURE 9000 Integration with Innometriks High Assurance Security Solution for Strong Identity Authentication

C•CURE 9000 security and event management system now integrates with the Innometriks High Assurance Security Solution, a FICAM approved software, for strong identity authentication. The integrated solution includes FICAM (Federal Identity, Credential, and Access Management) software, Cheetah and Rhino Smart Card Readers and ID Server for FICAM continuous vetting.

The C•CURE 9000 integration with the Innometriks FICAM software provides users with a seamless, high-assurance access control solution, which is important for government agencies that need to deploy a secure and interoperable access control solution for high security areas. Strong authentication verifies an individual’s identity using technologies including biometrics, smartcards, Public Key Infrastructure (PKI) and digital signatures to provide a level of assurance above and beyond that available through non-smartcard ID card mechanisms.

With Innometriks’ FICAM software as part of the physical access control system, integrators benefit from installing an already integrated solution through reduced installation time and implementation complexities. End users will see faster transaction times and a reduced overall cost of the system when compared with systems that take a bolt on approach.

Innometriks FICAM software is built on an open architecture platform. It integrates with many third-party readers and supports Open Supervised Device Protocol (OSDP) authentication. OSDP is a communications protocol that enables peripheral devices such as card readers and biometric readers to interface with physical access control system panels. OSDP provides another layer of sophistication through directional communication and read/write capabilities.

Software House C•CURE 9000 now includes an end-to-end approach, providing the security market with a solution that includes card registration capabilities, validation and integration with HSPD-12 (Homeland Security Presidential Directive) complaint readers.

Visit our website to learn more about Innometriks High Assurance Security Solution.

High-end Multi-zone London Development Chooses Tyco Security Products’ C•CURE 9000 Security and Event Management System

The Challenge
The new Ludgate site, a high-end central London multi-zone development,  required a new integrated security solution. Systems such as video surveillance, access control and video door intercoms combining to create a total security solution using a single interface.

New Ludwig
The Solution
Together, Universal Security Systems and Land Securities chose Tyco Security Products’ C•CURE 9000 Security and Event Management system to unite the New Ludgate buildings’ management, access control and video surveillance systems for comprehensive management of the site’s physical security.

Benefits
  • Rich integration with victor Unifying Client improved – access, video, and intrusion
  • Single server for managing security and events for video, access control, intrusion, central station, fire, real-time location, and other supported systems
  • Visitor management web portal for appointment management that expedites the visitor check-in/out process at the front desk
  • Conditional Access and Dynamic Area Management for areas needing supervised entry and occupancy for increased security
  • Enterprise multi-version software upgrades remain operational while progressively upgrading each server node without needing to take an entire system out of service
  • Event linking and cross-product association for event activations across dispersed security systems with associated time-synchronized video

Penn State Upgrades Security System with Tyco Security Products Solution

The Challenge
Penn State University wanted to move to a single security and event management platform for its residence halls and other group facilities on campus.

Penn State

The Solution
Penn State selected a unified Tyco Security Products solution to protect and manage its campus.

Benefits
  • Improved image quality to quickly identify activity in a variety of lighting conditions
  • Reduced expenses retooling locks and replacing lost cards
  • Easily managed access rights and track activity of each user with powerful audit trail
  • Accelerated investigation searches with intuitive video management system interface
  • Streamlined and automated processes

Distributed Denial of Service

If you were not already familiar with the term Distributed Denial of Service (DDoS), then over the past several weeks you probably have become aware of it through various news articles.

A few key points in the media about the DDoS attacks:

  • Some of the largest DDoS attacks ever launched[1] in late September
  • Release of the Mirai source code used to create the DDoS attacks in early October[2]
  • Growth of devices infected by Mirai malware is growing from 213,000 to 493,000, by mid-October[3]
  • Twitter, Netflix and PayPal and many popular site being unreachable for part of Friday as a result of a new DDoS attack[4]

Were Tyco Products Affected?
These attacks are of special interest for companies such as Johnson Controls because they were launched from botnets composed of “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders[5]There is no indication that any Tyco Security Products devices were involved in these attacks.

  • Illustra cameras are designed to prevent user access to the camera’s operating system and as a result of that decision: telnet is not available on any Illustra camera model.
  • VideoEdge NVRs do not support telnet. Also, all known botnet scanners look for a different version of Linux than used on VideoEdge.
  • iSTAR controllers do not support any remote access protocol and will not be detected by the malicious scanners.
  • DCM controllers, AC200 (RTC) Ethernet Controller and Emerald Intelligent, multi-function access terminals do not support Telnet
  • exacqVision network video recorders and video management system (VMS) software has SSH disabled making it unaffected.
  • Kantech  access control system also remains unaffected.
  • Applications such as AC2000, C•CURE 9000 and victor are not affected. These applications also do not require remote access protocols.

Background: What are Distributed Denial of Service Attacks?
If you are not familiar with a Distributed Denial of Service (DDoS) attack, it is an Internet attack, which typically targets websites in an attempt to bring down the site so that it is inaccessible to other Internet users.  It is a common tactic for activists and groups looking to suppress information or as a form of extortion; demanding money from the victim to cease to attack.  These attacks work by flooding the target website with large amounts of data, or requests for data, that use up a website’s resources. With a small attack, the site may appear to be slow, but large attacks can bring down a website making it inaccessible.

What is a botnet?
These recent attacks have used a ‘botnet’, or a network of devices, infected with malware. The attacker is able to remotely control the device. The owner of the device will not know it has been infected because the malware does not affect the devices normal operation.

This malware is only able to be loaded onto the device if it has a remote protocol such as telnet or SSH enabled on the device. Telnet and SSH are common among physical security products and devices with the protocols enabled will be detected by the scanner.  The Mirai malware uses a table of common factory default usernames and passwords to log into devices.

Recommendations for Installers and End Users
If you have a device which is using the default password and a remote access protocol enabled, you are at risk. To prevent your device from becoming a bot, you should immediately:

  • Disable remote access if it is not required.
  • Reboot the device. This does not have to be a factory reset, just turning the power off, wait a minute and turning it back on is sufficient
  • Change the password to a complex password. If you do not change the password or have a device that doesn’t allow you to change the password, you run the risk of becoming infected.

Again , the following Tyco Security Product devices are not affected:

  • Illustra Cameras
  • VideoEdge NVRs
  • iSTAR
  • DCM
  • AC2000 RTC Controllers
  • Emerald Intelligent Access Terminals

Sign Up to Receive Security Advisories
Tyco Security Products dedicated Cyber Response Team generates notices, typically within 24 hours, advising which products, if any, might be vulnerable along with mitigation steps. If it’s a critical security vulnerability, the team will develop, test and release patches to resolve issues.  Sign up to receive security advisories and access compliance guidelines. 


Sources:

[1] Wall Street Journal Sept 30th 2016 Hackers Infect Army of Cameras DVRs for Massive Internet Attacks http://www.wsj.com/articles/hackers-infect-army-of-cameras-dvrs-for-massive-internet-attacks-1475179428

[2] Wall Street Journal October 5th 2016 Hackers Release Botnet Code, Raising Specter of More Attacks ttp://www.wsj.com/articles/hackers-release-botnet-code-raising-specter-of-more-attacks-1475677667

[3] PC World October 18,th 2016 Hackers create more IoT botnets with Mirai source code http://www.pcworld.com/article/3132571/hackers-create-more-iot-botnets-with-mirai-source-code.html

[4] Wall Street Journal October 21st 2016 Cyberattack Knocks Out Access to Websites http://www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080

[5] Krebs on Security October 21, 2016 Hacked Cameras, DVRs Powered Today’s Massive Internet Outage  https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/#more-36754

Cyber Security Assessment

Today’s businesses are faced with unprecedented threats from sabotage, theft of intellectual property and compromised sensitive data. Have you considered how your physical security products affect your cyber security?

TSP Cyber Protection Program Flowchart

Take a look at our infographic and assessment quiz to see if you are asking the right questions and taking the next step to be cyber secure.

Access the InfographicTake the Assessment Quiz
Learn more about Tyco’s industry-leading Cyber Protection Program.