Category Archives: Blog

iSTAR Ultra Video – Integrated Access Control and Video at the Edge

iSTAR Ultra Video offers highly distributed, small site security without sacrificing enterprise performance. This small, yet powerful appliance combines the robust access control features of iSTAR Ultra with embedded VideoEdge video recording and management that is remotely managed by an integrated C•CURE 9000/victor application to meet the security needs of small remote sites. Each iSTAR Ultra Video is factory-imaged with the latest firmware and camera licenses.

istar-ultra-video-collage

Used with IP-ACM Ethernet door modules, iSTAR Ultra Video is ideal for large corporations whose footprints include smaller remote networking facilities, fiber huts and other small but critical facilities that need constant monitoring and control. This highly distributed security architecture can scale to thousands of sites, making it perfect for enterprise customers with multiple remote locations.

 

Features That Make a Difference:

  • Control up to 8 doors and 8 IP cameras in one small, low-cost appliance
  • Managed by remote integrated C•CURE 9000/victor application
  • Scalable to thousands of sites
  • Intuitive web-based start-up wizard with camera auto-discovery reduces commissioning time
  • Local video storage and caching
  • Unparalleled video stream management with full transcoding functionality
  • Powerful video analytics save time; improve situational awareness
  • External USB storage options to increase local recording capacity
  • Supports ONVIF Profile S
  • Manages up to 500,000 cardholders in local memory
  • Native intrusion zone functionality
  • FIPS 197 AES 256 network encryption
  • Included in Tyco Security Products Cyber Protection Program to help reduce risk of vulnerabilities

High-end Multi-zone London Development Chooses Tyco Security Products’ C•CURE 9000 Security and Event Management System

The Challenge
The new Ludgate site, a high-end central London multi-zone development,  required a new integrated security solution. Systems such as video surveillance, access control and video door intercoms combining to create a total security solution using a single interface.

New Ludwig
The Solution
Together, Universal Security Systems and Land Securities chose Tyco Security Products’ C•CURE 9000 Security and Event Management system to unite the New Ludgate buildings’ management, access control and video surveillance systems for comprehensive management of the site’s physical security.

Benefits
  • Rich integration with victor Unifying Client improved – access, video, and intrusion
  • Single server for managing security and events for video, access control, intrusion, central station, fire, real-time location, and other supported systems
  • Visitor management web portal for appointment management that expedites the visitor check-in/out process at the front desk
  • Conditional Access and Dynamic Area Management for areas needing supervised entry and occupancy for increased security
  • Enterprise multi-version software upgrades remain operational while progressively upgrading each server node without needing to take an entire system out of service
  • Event linking and cross-product association for event activations across dispersed security systems with associated time-synchronized video

Penn State Upgrades Security System with Tyco Security Products Solution

The Challenge
Penn State University wanted to move to a single security and event management platform for its residence halls and other group facilities on campus.

Penn State

The Solution
Penn State selected a unified Tyco Security Products solution to protect and manage its campus.

Benefits
  • Improved image quality to quickly identify activity in a variety of lighting conditions
  • Reduced expenses retooling locks and replacing lost cards
  • Easily managed access rights and track activity of each user with powerful audit trail
  • Accelerated investigation searches with intuitive video management system interface
  • Streamlined and automated processes

Distributed Denial of Service

If you were not already familiar with the term Distributed Denial of Service (DDoS), then over the past several weeks you probably have become aware of it through various news articles.

A few key points in the media about the DDoS attacks:

  • Some of the largest DDoS attacks ever launched[1] in late September
  • Release of the Mirai source code used to create the DDoS attacks in early October[2]
  • Growth of devices infected by Mirai malware is growing from 213,000 to 493,000, by mid-October[3]
  • Twitter, Netflix and PayPal and many popular site being unreachable for part of Friday as a result of a new DDoS attack[4]

Were Tyco Products Affected?
These attacks are of special interest for companies such as Johnson Controls because they were launched from botnets composed of “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders[5]There is no indication that any Tyco Security Products devices were involved in these attacks.

  • Illustra cameras are designed to prevent user access to the camera’s operating system and as a result of that decision: telnet is not available on any Illustra camera model.
  • VideoEdge NVRs do not support telnet. Also, all known botnet scanners look for a different version of Linux than used on VideoEdge.
  • iSTAR controllers do not support any remote access protocol and will not be detected by the malicious scanners.
  • DCM controllers, AC200 (RTC) Ethernet Controller and Emerald Intelligent, multi-function access terminals do not support Telnet
  • exacqVision network video recorders and video management system (VMS) software has SSH disabled making it unaffected.
  • Kantech  access control system also remains unaffected.
  • Applications such as AC2000, C•CURE 9000 and victor are not affected. These applications also do not require remote access protocols.

Background: What are Distributed Denial of Service Attacks?
If you are not familiar with a Distributed Denial of Service (DDoS) attack, it is an Internet attack, which typically targets websites in an attempt to bring down the site so that it is inaccessible to other Internet users.  It is a common tactic for activists and groups looking to suppress information or as a form of extortion; demanding money from the victim to cease to attack.  These attacks work by flooding the target website with large amounts of data, or requests for data, that use up a website’s resources. With a small attack, the site may appear to be slow, but large attacks can bring down a website making it inaccessible.

What is a botnet?
These recent attacks have used a ‘botnet’, or a network of devices, infected with malware. The attacker is able to remotely control the device. The owner of the device will not know it has been infected because the malware does not affect the devices normal operation.

This malware is only able to be loaded onto the device if it has a remote protocol such as telnet or SSH enabled on the device. Telnet and SSH are common among physical security products and devices with the protocols enabled will be detected by the scanner.  The Mirai malware uses a table of common factory default usernames and passwords to log into devices.

Recommendations for Installers and End Users
If you have a device which is using the default password and a remote access protocol enabled, you are at risk. To prevent your device from becoming a bot, you should immediately:

  • Disable remote access if it is not required.
  • Reboot the device. This does not have to be a factory reset, just turning the power off, wait a minute and turning it back on is sufficient
  • Change the password to a complex password. If you do not change the password or have a device that doesn’t allow you to change the password, you run the risk of becoming infected.

Again , the following Tyco Security Product devices are not affected:

  • Illustra Cameras
  • VideoEdge NVRs
  • iSTAR
  • DCM
  • AC2000 RTC Controllers
  • Emerald Intelligent Access Terminals

Sign Up to Receive Security Advisories
Tyco Security Products dedicated Cyber Response Team generates notices, typically within 24 hours, advising which products, if any, might be vulnerable along with mitigation steps. If it’s a critical security vulnerability, the team will develop, test and release patches to resolve issues.  Sign up to receive security advisories and access compliance guidelines. 


Sources:

[1] Wall Street Journal Sept 30th 2016 Hackers Infect Army of Cameras DVRs for Massive Internet Attacks http://www.wsj.com/articles/hackers-infect-army-of-cameras-dvrs-for-massive-internet-attacks-1475179428

[2] Wall Street Journal October 5th 2016 Hackers Release Botnet Code, Raising Specter of More Attacks ttp://www.wsj.com/articles/hackers-release-botnet-code-raising-specter-of-more-attacks-1475677667

[3] PC World October 18,th 2016 Hackers create more IoT botnets with Mirai source code http://www.pcworld.com/article/3132571/hackers-create-more-iot-botnets-with-mirai-source-code.html

[4] Wall Street Journal October 21st 2016 Cyberattack Knocks Out Access to Websites http://www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080

[5] Krebs on Security October 21, 2016 Hacked Cameras, DVRs Powered Today’s Massive Internet Outage  https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/#more-36754

Cyber Security Assessment

Today’s businesses are faced with unprecedented threats from sabotage, theft of intellectual property and compromised sensitive data. Have you considered how your physical security products affect your cyber security?

TSP Cyber Protection Program Flowchart

Take a look at our infographic and assessment quiz to see if you are asking the right questions and taking the next step to be cyber secure.

Access the InfographicTake the Assessment Quiz
Learn more about Tyco’s industry-leading Cyber Protection Program.

Cyber Security Language

Security breaches are in the news today more than ever before. Security integrators and security officers must work with IT departments to ensure the physical security system is successfully deployed, maintained and upgraded on the network with minimal impact and without compromising network security.

cyber crime

To create a complete cyber secure environment, IT and security departments must effectively work together. However, physical security and IT often use the same words to mean different things – resulting in everyone being confused. Sometimes security integrators and security officers even avoid the IT department due to the misunderstanding.

For example, IP may mean intellectual property to a corporate security officer but internet protocol to IT security professionals. Or perimeter may mean the exterior building wall to the security officer and network connection to the outside to the IT professional.

To make sure all departments are speaking the same, common language, we suggest developing a list of terminology definitions that everyone can use.

Terms to be Clearly Defined:

  • IP
  • CredentialsTyco Security Products Cyber Protection Program
  • Key
  • Patch
  • Firewall
  • Vulnerability
  • Social engineering
  • Perimeter
  • Intrusion detection
  • Bandwidth
  • Directory
  • Security logs
  • Revocation
  • Signature

Having a common subset of terms will help you understand how to ask the right questions and quickly comprehend the answers. After establishing your company common language, clearly explain the information you need from IT to be able to define the network and security requirements.

Learn more about the Tyco Security Products Cyber Protection program.

C•CURE Go Reader Mobile App

The innovative C•CURE Go Reader mobile app extends the reach of your C•CURE 9000 system more powerfully than ever before. An inspired evolution of the C•CURE Go mobile app, C•CURE Go Reader lets you grant or deny access in even the most remote, disconnected areas such as construction sites, offline events and roaming security checkpoints.

ccure-go-reader

Using an Android device, C•CURE Go Reader pairs with a multi-technology read head to mimic a full-fledged iSTAR door, complete with schedules, clearances and holidays. As a virtual “door” in C•CURE 9000, C•CURE Go Reader inherits all clearances of an associated iSTAR door group, ensuring strict security even if you are far away from your nearest iSTAR controller.

C•CURE Go Reader provides peace of mind in many different situations:

  • Construction sites can be dangerous areas and, long before the walls of the buildings are built, security is compulsory.
  • Offsite events pose unique security challenges for companies who need to safeguard employees and visitors with limited physical boundaries.
  • Roaming security checkpoints allow your guards to spontaneously check access badges in hallways or near secured areas.
  • Roll calls are extremely important, to make sure employees have evacuated during emergency situations.
  • C•CURE Go Reader makes it easy to verify that employees have reached the designated areas during the emergency.

Visit our webpage for more information.

Cyber Protection Program – Security Features

What Comes After Device Hardening?

It’s common knowledge that encrypted communication and other device hardening features are necessary for cybersecurity, but it’s vitally important to think beyond hardening.  Now that the security industry has adopted IP technology, manufacturers and integrators must consider not only the security operator’s needs, but also those of the IT manager.

An unsecured device can be the target of a cyber attack that might affect the entire network. While IT managers in government agencies, utilities, transportation, retail operations and financial enterprises are most acutely aware of the dire consequences of a successful hack, IT managers in all sectors are demanding security measures that go well beyond hardening before accepting devices onto their networks.

Here are four features that Tyco Security Products offers to achieve network acceptance for our Software House C•CURE 9000 Access Control Systems and American Dynamics victor Unified Video Management Systems that incorporate iSTAR controllers:

 

  1. Archive and Failover featuresto ensure continual operation and fast recovery
  1. LDAP Support to manage credentials.
  1. FIPS 140-2, Level 2, end-to-end validated encryption
  1. Network Storm Protection that ensures an iSTAR controller continues to operate during a denial of service attack.

Not every industry or enterprise requires the same security features for network acceptance. Our application specialists are available to advise which features are relevant to a specific application.

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damage, disruptions and misuse.

IP-ACM Ethernet Door Module

Flexible, secure Ethernet edge device reduces wiring and extends cost effectiveness of an IP-based access control system.

IP ACM

IP-ACM is a flexible, future proof Ethernet door module that provides IT savvy customers with a highly secure option to manage their security, while reducing wiring and installation costs. The IP-ACM is installed near the doors that it’s controlling and communicates securely over IP to an iSTAR Ultra GCM using AES-256 encryption. The GCM contains the local access database and makes all access decisions. Each IP-ACM can support two doors, or one door with in and out readers. Each iSTAR Ultra supports up to 32 readers maximum.

Visit our webpage for more information.

Responding Rapidly to Security Vulnerabilities

While hardening is important, it does not guarantee that the device you install today will be secure tomorrow. Potential problems can lie dormant for years and then provide easy access for hackers when uncovered. For example, Shellshock was actually introduced as a product feature in 1989. Its vulnerability existed undetected in numerous products — including “hardened” versions of Linux and Unix operating systems — for 25 years. But within a single day of the vulnerability announcement in 2014, hackers reportedly were taking advantage of this critical bug.

At Tyco Security Products, we understand that a vulnerability discovered in one of our security products could potentially put your entire business at risk. That’s why we’ve put a team and process in place designed to deliver a fast, actionable response to help protect your investments from harm.

Our Cyber Protection Team continuously monitors for vulnerabilities using multiple resources. When a new bug is discovered, the Cyber Protection Team and key product engineers work quickly to tackle and resolve security concerns before they become critical to your operation.

This dedicated response enables us to create a security advisory, typically within 24 hours. The notification includes information about which products are vulnerable along with mitigation steps. It also lists products that we have confirmed are not vulnerable for greater peace of mind.

In the case of significant vulnerabilities, advisories are updated as needed until the issues are resolved. Quality engineers ensure that software patches are fully tested and validated. While we cannot predict how long it will take to resolve an issue, it took the team just two weeks to deliver patches for ShellShock and Heartbleed, both critical vulnerabilities.

BugHeart

Learn more about our Cyber Protection Program and how we’re working to protect our physical security products from attacks, damages, disruptions and misuse. You can also sign up to receive security advisories.