IP-based technology – the future of the security industry

FEATURE

Build least privilege in solid foundations That said, least privilege management isn’t the panacea to all security problems, but it goes a long way towards solving many of them, giving companies a massive ‘bang for their buck’. By closing so many potential security holes through a reduction in the attack surface, applying least privilege also gives enterprises the breathing space they need to focus on building robust security strategies on solid foundations, which while it may sound obvious, is still something that so many organisations are still failing to do. Never has the threat landscape moved as fast as it does today. Many enterprises are still building big walls around their environments, believing that this approach will keep them safe, but without accurate knowledge of the security landscape – which means they are building on shifting sands that are prone to collapse. We need to move away from this fortress-mentality and build proper solid security foundations before starting to invest in new products. Those foundations are the clear knowledge of the security of the environment. Just as with any journey – and IT security is a journey – once an organisation knows accurately where it is, then it can more easily plan its destination.

After all, security strategy isn’t just about clever technology, it’s as much about having the right knowledge, policies and processes in place. This doesn’t have to be difficult – for example the Security Content Automation Protocol (SCAP) framework gives companies access to a whole host of resources that can allow them to leapfrog forward in managing their environments securely. Security strategy also needs to cover all devices (again, sounds obvious, but is so often not the case) including cloud environments, virtual machines, mobile equipment and web apps. It’s time to accept that these technologies are no longer additional to IT infrastructures but are part of core systems, used at production-level intensity and highly relied upon. Get the knowledge of those systems and their configurations right and then, and only then, focus on buying the additional tools – be that intrusion detection, vulnerability management or good old anti-virus software. Don’t get drawn in by the latest, shiny solution as there are a few key things to remember: A lot of security tools overlap. UÊ œÊœ˜iÊ܏Ṏœ˜Ê܈Ê`œÊiÛiÀÞ̅ˆ˜}]Ê but any solution should address as much of your infrastructure as is reasonably possible.

IP-based technology – the future of the security industry

UÊ ˆ˜`Ê̅iÊÀˆ}…ÌÊ̜œÊvœÀÊ̅iÊÀˆ}…ÌÊ job – focus on different parts of the organisation – what might fit well for one area does not necessarily apply elsewhere. UÊ œ˜½ÌÊLiÊÌi“«Ìi`Ê̜Ê}œÊœÕÌÊ>˜`ÊLÕÞÊ every new tool that is introduced. In practice, that can mean a combination of: comprehensive vulnerability management (97% of attacks target known vulnerabilities); good configuration management (which can provide protection against zero-day vulnerabilities); and, bringing us neatly back to the core topic of this article, least privilege (which eliminates 90% of known Windows 7 vulnerabilities). This blend is an achievable and effective strategy that can make a great difference to the security landscape, giving an organisation the time and space to look forward.

About the author Brian Chappell is director of engineering for BeyondTrust in EMEA and India. BeyondTrust (www.beyondtrust. com) provides context-aware security intelligence to many of the world’s largest organisations. Chappell has been an IT professional for over 26 years during which time he has held a number of senior roles in companies such as Amstrad, BBC Television and GlaxoSmithKline.

Scott Baker

Scott Baker, NG Bailey Until very recently, physical security networks in buildings consisted mainly of VœÃi`‡VˆÀVՈÌÊÌiiۈȜ˜Ê­

/6®ÊÃÞÃÌi“ÃÊ̅>ÌÊÀ>˜Êœ˜Ê̅iˆÀʜܘÊVœÃi`ÊVˆÀVՈÌÊ over coaxial cabling, independently from any other systems on the premises. However, the security landscape is currently changing, as IP-based security increases in popularity and is requested by landlords and businesses who want to gain control over their buildings’ security systems and other resources. Current IP-based security systems offer end users cutting-edge technology that is 14

Network Security

supported by standards-based warranted cabling systems and high-speed Local

Area Networks (LANs), often making them the preferred choice over their analogue counterpart. And there are several other reasons that make IP technology a strong contender and, in the opinion of many, the future of the security industry.

October 2013

FEATURE

Limitations of traditional CCTV CCTV entails the use of video cameras to transmit the video recording signal to a specific place, usually a security room with monitors, as a tool for increased security in areas that need careful monitoring, such as banks, airports and retail stores. One of the main limitations of conventional CCTV systems is the amount of cabling associated with the network, which is usually highly restrictive and difficult to expand. Usually, if a camera needed to be moved or newly installed, a complete new cabling solution was often required. Conventional CCTV systems were also designed for point-topoint transmission of video from a camera to a recorder on the same site. As a result, tapes needed to be changed and stored, recordings needed to be monitored and, as they were often stored on magnetic tape, images were highly sensitive. Despite the limitations, CCTV systems are still prevalent in the UK, as reflected by the latest study carried out by the CCTV User Group, which estimates that there are 1.85 million cameras across the country. Before deciding on IP versus analogue systems, it is recommended to first understand how both technologies work, their limitations and what key benefits they bring to the table. For example, the general benefits of IP-based systems include lower total cost of ownership (TCO), environmentally friendly features, higher quality of image and audio, upgrading capabilities and easier network convergence.

Green credentials & TCO Minimising the environmental impact of any business activity is a major concern for companies in the UK. This is not only driven by compliance requirements, but also due to the potential repercussions on any organisation’s reputation and the necessity to demonstrate due diligence. Moreover, sustainable methods of operating offer many business benefits, such as cost savings and improved efficiencies. IP-based systems allow for cost, waste and resource usage reductions during infrastructure implementation, mainly

October 2013

by making use of existing cabling and equipment. This means that the amount of construction materials needed for new infrastructures or other network modifications is significantly less than with traditional networks. Nevertheless, the latest systems being implemented requiring new wiring – they are using new cabling that meets environmental standards, as cable manufacturers are currently striving to reduce the carbon emissions of their manufacturing processes. Both a customer- and industryled change, most recent tenders also include ‘green’ clauses that ensure system implementation projects reduce their environmental impact, starting with the cable manufacturing stage through to the implementation and maintenance phases.

“In the long-term, businesses experience more savings with IP than when using their analogue equivalents, due to greater network control capabilities” One of the perceptions in the security industry is that IP-based systems are more expensive than analogue ones, due to the higher initial investment required. However, the reality is that, in the longterm, businesses experience more savings with IP than when using their analogue equivalents, due to greater network control capabilities. Therefore, in addition to reducing the environmental impact, IP-based security systems can also reduce installation costs, helping the customers’ bottom line. To summarise, IP-based systems enable businesses to reduce their carbon emissions by eliminating the cost and impact of implementing new wiring, as well as using greener cabling and allowing for remote access and control, negating the need for transportation of large teams.

Greater control of your network All buildings have a network, and landlords and businesses alike increasingly want to fully manage their buildings’ networks more efficiently and effectively. Normally, network cabling would run

over Cat6 or Cat6a wiring, which would have usually been enhanced over the years and currently might have the ability to provide not only the transfer of data and voice, but also have the ability to provide other services, such as CCTV. Moreover, the actual quality and operative features of current IP cameras have improved greatly, allowing for better and more accurate image recording capabilities. Therefore, end users currently wish to leverage as much cost savings as they can in terms of ownership, running all their systems over a single network cabling infrastructure while still having the best image technology. Running all the systems of a building, including security, over an IP-based network also offers another big benefit to customers – segregation. IP allows for segregation within the switching layer of the architecture of the network – for example, having CCTV traffic run on a separate VLAN within the network. In simpler words, segregation enables for voice and video management to run independently, but still have regular analogue governance and compliance apply.

Increased IP security: intelligent management Another benefit of IP-based networks is that they allow for Intelligent Infrastructure Management (IIM) solutions, which offer increased security features such as unauthorised activity alerts. For example, whenever an unscheduled patching change occurs or an unauthorised device attempts to connect to the network, appropriate staff can be notified by alerts, emails or text messages. IIM systems provide a link between real-time network management tools and traditional structured cabling infrastructures. Other benefits of IIM include increased productivity and efficiency of IT service management processes, through automatic, real-time infrastructure records, real-time work order management, reduced downtime and improved network utilisation efficiency. Moreover, IIM also offers switch port link status control – which is the ability

Network Security

15

FEATURE coverage range. IP security systems can also be enhanced, removed and updated easier than their competing analogue security systems, allowing for more frequent and convenient upgrading.

“IP allows for segregation within the switching layer of the architecture of the network – for example, having CCTV traffic run on a separate VLAN within the network”

IP-based physical security allows for convergence with data security systems and also leverages the skill sets of the IT department.

to control the link status (up/down) of a switch port so only authorised, scheduled connections are provided access to the network – and integrated IP device discovery. By including the automatic detection of IP-based devices, IIM systems provide a unique view that is not available from traditional network management or service desk applications. This means that IIM systems can determine the exact location of devices by correlating the connectivity of the discovered device via the automated patching to reflect them onto a floor plan – increasing device visibility and enhancing overall remote management capabilities.

Improved convergence & management Maintaining a variety of standalone systems can be a complex task at the best of times and working with numerous technologies often means a business has to work with multiple companies and teams to keep their systems in good working order. IP technology helps address these challenges by allowing for convergence. With IP-based systems, all security devices can be configured and maintained online either by one service provider or the company’s ICT department. This makes management easier, while also reducing security overheads. 16

Network Security

IP-based security provides higher quality and additional storage capabilities, as it allows for the consolidation of CCTV recordings. For example, large retail outlets often have multiple cameras operating at the same time in their different branches. Rather than having local storage for all of those devices, they can have the ability to consolidate all the information in a safe and reliable environment – such as a central office. Centralising information also provides for better management and greater access. For example, in the past, if anything went wrong in a local retail store, staff would have to contact the local retail manager or whoever managed the CCTV locally to retrieve the information they needed. As information can now easily be stored centrally over an IP environment, companies are able to easily access it and extrapolate the needed information without causing any disruption at a local level.

Higher quality & upgrading capabilities IP-based CCTV systems perform better than their analogue counterparts. Although dependent on the cost and quality of cameras, IP cameras typically provide a higher resolution and better quality of images while offering a wider

Providing clearer images and being able to digitally zoom in on recorded videos, making identification of objects and people easier, means insurers are likely to offer better rates to companies operating IP-based security systems. The 2011 UK riots demonstrated this, with many of the images picked up on analogue cameras being of poor quality and unusable in court. Video analytics are superior on IP camera systems and can be installed on the camera itself, rather than on a centralised analytics system that analogue cameras use.

Union Square: an IP solution in action An example of a currently functional and successful IP-based converged network offering security features is the Union Square shopping centre. Located in Aberdeen, it is the largest development of its type in Scotland, providing 18,000m2 of retail units, a 15,000m2 shopping park, 5,700m2 of restaurants and catering space, a 200-bed hotel, 1,700 parking spaces and a new civic square. The network infrastructure running throughout the centre supports an integrated security solution on an IP converged network. The delivered project comprised a flexible, multi-vendor open platform IP solution, which was supported by a Brand-Rex copper and fibre-optic cabling infrastructure. Due to the size and scale of the scheme, the IT infrastructure was designed based on an infrastructure of 13 Secondary Equipment Rooms (SERs) to minimise horizontal cabling lengths throughout the building. All SERs connected back to the Central Equipment Room

October 2013

FEATURE (CER) using diverse and resilient Brand-Rex OM3 multimode fibre-optic cables. Approximately 1,000 BrandRex Cat6Plus gigaplus cables were then installed from each of the SERs to support the IP devices and various IP partners throughout the centre, including IP CCTV, IP access control and a building management system. The network was delivered through a resilient Cisco chassis-based core switch within the server room and supported by stackable Cisco Gigabit Ethernet Power over Ethernet (POE) enabled switches within the SERs. The overall security management software was the Milestone Enterprise Solution, which managed all security elements allowing the security control room to be managed with minimal support staff, flagging events via a purpose-built control room.

“There is still a significant amount of industry development to be achieved, as present standards still apply to the analogue environment” Due to the IP nature of the system, Hammerson IT could use the solution not only in the control room, but from any PC on the network and establish offsite control rooms easily. Hammerson IT also benefitted from the further integration available from the IP security systems rather than the traditional bespoke analogue systems. The result left Union Square with an integrated intelligent building solution that allowed integration between security, car park, vending and communications, while lowering the operational cost of the building due to the open architecture of the system.

Industry change is on its way Although IP-based security systems offer a great many advantages, the reality is that 70% of organisations currently implementing security solutions are still using coaxial cables and analogue cameras. This low IP adoption rate is the result of a lack of understanding in the main benefits offered by the technology

October 2013

and the lack of skills in the industry for its effective implementation. Moreover, there is also a gap in the sector regarding specific IP-based security standards and regulations, which might discourage some companies from its adoption. Although some bodies, such as the British Security Industry Association are currently developing specific standards for IP-based security, there is still a significant amount of industry development to be achieved, as present standards still apply to the analogue environment. For example, there are no set rules on the segregation of traffic, management of end devices and codes of conduct regarding the compromise of passwords. Without standards in place, organisations and companies might be misled into thinking that IP-based security is not a safe option – a genuine misconception. For this to change at a faster pace, change must occur within the industry, based on education and knowledge regarding the benefits and implications of IP technology. However, education needs to be twofold: companies that have IP systems in place need to understand the systems and benefits and become more confident in talking about them with customers. While businesses seek low-cost solutions, they need to understand that IP could be more cost-effective down the line. Although the investment in IP-based technology might seem a little daunting at first, customers should be made aware of the fact that the benefits will surely outweigh the initial investment in the long term, thanks to the reduction of central management costs, transport requirements and increased upgrading capabilities.

“Organisations can no longer afford to stick with old and inefficient practices. Ultimately, using office productivity tools to implement IT GRC processes does not make sense” Moreover, it could also be argued that security systems are sitting in the wrong place within buildings’ infrastructures, requiring an institutional move from

building’s facility management into the IT services’ rooms, as IT experts understand IP-based technology and have the skill sets to implement innovative solutions that could cut costs and improve access and control even further. For example, IT services could implement sensors that would alert landlords of when their systems require upgrading, without having to deploy engineers onsite on a regular basis, cutting transport and task-force budgets while reducing downtime.

The future of IP-based security The main changes in the security industry are, and will be, driven by the next generation of landlords and businesses – technology-savvy individuals who want to gain and maintain control over their buildings, while being able to offer tenants greater benefits. IP-based systems will provide end users with greater control of their assets in the form of monthly reports on resource allocation and usage, while allowing them to efficiently and cost-effectively plan ahead for any upgrades. Ultimately, enhanced security systems will enable the next generation of landlords to raise the profile of their properties, attracting tenants who want compliant, safe, reliable and efficient properties.

About the author Scott Baker is head of sales structured cabling and electronic security at NG Bailey’s IT Services division. He is responsible for leading the sales team and developing growth strategies. With more than 20 years’ experience, he has extensive knowledge of IT services solutions. Baker joined NG Bailey from NDY where he was a security and communications engineer and held responsibility for designing security and communications systems for the corporate and retail sectors. Prior to that, he also held senior roles at AVLAN Europe and Bailey Teswaine.

Reference 1. The British Security Industry Association, home page. Accessed Sep 2013. www.bsia.co.uk.

Network Security

17