Security Today

Comments, thoughts, and pet peeves about the application (or misapplication) of security today.

Friday, October 28, 2011

What is the best way to arrange alarm sensors?

It's the way that detects the intrusion the quickest and most accurately. And, that is done how?

Keep these in mind:
• What are you protecting and where is it? [the asset]
• What are you protecting it from and how will it get there? [the threat]
• What accommodations are needed to function with and within the protected area? [your activities]

The Assumptions:
The goal of the alarm system is to deter a criminal with a siren once an intrusion is detected and to summon a law enforcement (or private security) response. It is also going to provide some insight into the intruders path and possibly their intentions during the attack.

The asset is inside your home or business. There is most likely more than one asset and they are not necessarily grouped together. This makes for multiple areas to specifically protect.

The threat is coming from outside. This may not be true in reality; however it is an assumption for this exercise. It will need to pass through a door, window, wall, floor or ceiling to gain access.

You, your family, or your business associates might want to conduct some limited activity inside sometimes when the alarm is armed. Most of the time the location will be vacated when it is alarmed.

The Basics:
1. All exterior doors should certainly have a magnetic contact or other point sensor installed.
2. Exterior windows should also have magnetic contact or point sensor installed.
3. The areas directly inside the exterior doors and windows should have at least one volumetric sensor.
4. Large areas of glass, or glass that may be targeted by street punks, should have a glass break sensor.
5. Some individual assets may warrant specific protection such as sensors inside safes, or liquor cabinets (for teenagers).
6. The alarm control panel should be in a well protected location (rapid access to this will disrupt the alarm communication and response)
6a. If the communications module for the panel are located away from the panel it too should be well protected.

The Next Step (for the Unoccupied State):
The most likely path(s) that an intruder might use should be monitored by sensors. This offers insight to their activity during the intrusion. The degree of insight comes from the nature of the sensors that are focused on that asset.

The Next Step (for the Occupied State):
Think about where you wish to move while the alarm is armed. Plot this area on a set of floor plans if necessary. Now is it still possible to effectively detect an intrusion with these areas not monitored? In a perfect environment you and your family will be able to use the restroom and walk to each other without activating the alarm. This may not be ultimately possible; although it is with some creative planning. Keep in mind that some burglars have been known to move around the bedrooms of their victims while they were sleeping in the room.


With the sensors planned - we'll jump beyond the whole installation part - there is at least one more step. And it is quite possibly the most important one....

See the entire post

Sunday, October 23, 2011

Cyber Security Awareness Month - what's the hype about

"Every American has a stake in securing our networks and personal information" All the daunting and cool hacker stories today may leave the everyday citizen feeling... well a little uninvolved. NOT SO! Consider for a moment how this directly affects you....

You are a but a cog in the machine is the global information systems. You could be an important cog and never know it. First it's important to realize that most "hacking" is similar to the average burglary. Really it is. Remember the average burglary gains entry through an open or unlocked door or window, right? Well the average malware (malicious software - the projection of the hacker) gains access to your computer by getting past poorly maintained firewalls, anti-virus software that is not updated, and through unpatched/updated software applications. And what does this malware do you ask? What does a burglar do? The malware may roam your machine and look for interesting data, it may lay in wait for you to enter interesting information and it carries it away to for someone else to use. A burglar takes you TV and fences it. A hacker using malware may steal your credit card, social security number, phone numbers, addresses and what not, and then fence them on a website. Or they may just use them for their ends.

What is the most significant difference between a burglar and a network hacker? Threat Population! At any given time there are only so many people within travel distance of your home or office with the tools, expertise and desire to break into your home or office. Let's just make it easy and say the population of the metro area where you live and work. Now the available population for attacking your online presence is everyone connected to the Internet who can download a free software to seek out vulnerable machines and exploit them (so nearly everyone connected). The population difference for the threat is several orders of magnitude larger. Imagine a burglar that was able to cast out their thoughts (fanciful I know but bear with me) and in the telepathic scan can know who did not lock a door or window to their home or office without ever leaving the comfort of their warm soft couch and the other amenities that bring any lazy minimalist pleasure. That is what a hacker may do when they scan the portion of the Internet where your machines are connected. The easiest targets become apparent - the low hanging fruit of cyber theft.

Now an updated firewall, anti-virus software, and application software will not protect you from everything - not even close. Though it will cover the laziest of online miscreants. If you apply the Pareto Principle to this it means that 20% of your effort will be sufficient for 80% of the problems. Updating software also helps to keep it operating smoothly and efficiently.

Why mess with it if it works. I like to install it and leave it alone you say? Consider this analogy for unmaintained firewall. A firewall is a device or software used to separate networks. It's the difference between an open door and a door with an armed receptionist to manage authorized traffic. So you have a security officer come to your home every night to check and make sure everything is locked up and no one can get it. Now everything requires maintenance, even the officer. After a time the vision in his right eye begins to fade but he keeps reporting to you that everything is locked up tight. Then one day you hire a new officer because you had too and suddenly he reports that the last guy didn't see that one of the windows had been unlocked - the one on the right. Who knows how long that window has been open and your resources have been leaving through it.

When you get infected with malware you may be sending to your friends, and their friends, and their acquaintances. Just like a nasty STD. You send an email or message that the malware has attached itself to without your knowledge. Your friend trusts you and opens the email and maybe even an attachment. They're infected now too. The malware that your half-blind security let it might be sending these emails without your knowledge as well. So, please keep your software, firewall, anti-virus, and applications up-to-date. It's a start.

See the entire post

Friday, October 21, 2011

A bit more on sensors

Arranging sensors to protect asset(s) just isn't as simple as looking at set of property plans and sprinkling a pepper shaker over it and placing sensors where the pepper falls. The most likely impact is budgetary - these things cost real money. Next is the unlikeliness that the pepper shaker has such mystical powers as to predict an intruder's path. Lastly, there are some design considerations you might want to entertain that affect the usability of the system. For instance, you might want to be able to use the restroom in the middle of the night without summon the local SWAT team for assistance.

Placing sensors in your home, business or other facility must work within your financial constraints, protect the asset(s), and facilitate your use of the space. We'll work with a home for now as an example.

It is important to detect the intrusion as early as possible. The farther away that the attack is detected and assessed the greater the opportunity to prevent them from being successful - regardless of their intent. It is essential to keep in mind that simply detecting activity is not sufficient. It must be assessed to ensure the detection is legitimate and not an error. There is a point between when a attack begins and when they are successful called the Critical Detection Point. It is that point after which a response will not be quick enough to thwart the success of the attack. With home burglaries it is an unfortunate fact that a response is not likely to arrive very quickly. Why is this you ask. Police departments are overwhelmed with service calls, most alarm activations are false alarms, and a burglar doesn't need to spend very much time in a home to get some good stuff and escape. This may not be as true if you live in a very large house that resembles a museum. In that case there are other concerns. The average home burglar will either be sent away when a loud siren activates or they will not. We'll address the bad guy a little later.

Early detection and assessment. In some areas the alarm must be assessed by phone contact by the central station, or by remotely viewing closed-circuit television (CCTV) or microphones, or possibly just through multiple sensor activations. Let's assume you do not want to have any CCTV systems in or around your home. It may just be enough to arrange the sensors to demonstrate the intent of an intruder and decrease the opportunities for unnecessary police dispatches. This is simply done with layers of sensors.

Many security professionals discuss "Concentric Circles." This is just as it sounds. Layers of protection wrapped around the asset being protected. This is also called "Defense in Depth" as well. Unfortunately this is not so easy in a typical residential structure. There simply aren't enough worthwhile layers. The wall of the house is typically the first line of physical defense (excluding the deterrent value of lighting and other features) and maybe there is a sturdy bedroom door after that - unless the bad guys uses a window.

Think in terms of occupied and unoccupied conditions. Will you be setting the alarm in the evenings while you rest or just when the home is vacant? If you plan on arming the system while you are inside the structure, try to created "protected corridors." These should let you move where you need to while wrapping the adjacent areas with reliable detection zones. In addition to the restroom and childrens' rooms, allow yourself enough movement to assess any odd noises or activities while keeping the alarm armed!

Next we can consider sensor types and locations...

See the entire post

Picking up where we left off.... (so many years ago)

I sincerely hope no one has waited all this time to plan their alarm system. If you have I can only scratch my head...

We left off with the promise of some discussion of sensor types as they relate to planning an alarm system. Here we go...

But first, it is important to determine whether the system will be monitored remotely by a central alarm station or just a local alarm with a siren. Monitored systems provide the opportunity to summon help and come with a fee for the service. Local systems may be cheaper but with the limitation that the only help will need to be within the sound of the alarm and choose to respond. Insurance companies will often require the system to be monitored as well

Alarm systems use sensors to detect activity and there are a very wide variety of sensors to choose from. They can be classified a number of different ways. There are sensors to detect movement, changes in temperature, the presence of water (flooding), capacitance (changes to an electrical field), light and so on. The typical consumer system will normally be a combination of balanced magnetic switches, some sort of volumetric sensors, possibly glassbreak sensors, and maybe panic buttons. Here's a real quick translation:

A balanced magnet switch is commonly referred to as a "door contact" and consist of a magnet next to the sensor to complete the electrical circuit. When the door opens the magnet moves and the sensor detects the break in the circuit. The balanced aspect of the magnet makes it more difficult to defeat the sensor as shown in one of the Beverly Hills Cop movies. These sensors are useful on doors and windows or any objects that may be moved.

Volumetric sensors monitor an area (volume) and include such examples as acoustic (microphones), microwave (radar), passive infrared (ambient heat). There are dual-technology sensors that use a combination of these capabilities to either increase the likelihood of detection (increases false positives) or to increase to the certainty of a valid detection (increases false negatives). The difference between the two choices is nothing more than how the logic within the sensor is configured. This can be referred to as an "And" versus an "Or" that either requires one or both of the technologies to detect the activity. Glassbreak sensors are a form of volumetric sensor that listens for the sound of breaking glass. These are nice because they do not need an intruder to actually intrude before activating. They can also react to other loud sounds as well.

Panic buttons are personal alarm devices that simply allow a user to manually activate the alarm system. The central monitoring station sees each sensor type differently and therefore can place a greater emphasis on a panic button.

What makes the system valuable is the selection and arrangement of these sensors. Poorly selected technologies will generate excess false positives (nuisance or false alarms) and reduce the effectiveness of the response over time. You may have heard the story of the boy who cried wolf? Well alarm systems that cry intruder too often stop being believed too.

One important point to the selection and arrangement of the sensors is considering the asset(s) the system is meant to protect. Is it an expensive collection of something in one spot, random stuff scattered about, or just the piece of mind that no one is waiting inside when you open the door enter?

For a much greater (in every way) discussion of sensors try The Design and Evaluation of Physical Protection Systems by Mary Lynn Garcia.

Next... we'll take a look at arranging the sensors - tricks, tips, and pitfalls.

See the entire post