New Integration Announcement: Provision-ISR® Devices

/0 Comments/in /by

S1000 Smart Controllers now enable integration to all models of Provision-ISR devices (IP cameras, DVR, NVR) that support physical outputs and camera tamper alarms. Additionally, any Provision-ISR device can be mapped to a Smart Controller Virtual Sensor to trigger S1000 events.

The S1000 Smart Controller sends output activations to Provision-ISR device; these trigger local camera actions, such as a move to a preset position.

  • S1000 Smart Controller connected directly to up to 4 Provision-ISR devices.
  • Support for IP cameras or IP-connected DVR/NVR that supports the Provision-ISR WebSocket API
  • Monitor alarms for up to 16 cameras per Provision-ISR DVR/NVR.
  • Support for Provision Analytics-based camera tamper alarms.
  • Monitor for HDD faults & errors on the Provision-ISR device.
  • Support for activating physical outputs on the Provision-ISR device or connected cameras from the S1000 Smart Controller.
  • Support for activating Virtual Sensors on the Provision-ISR device from the S1000 Smart Controller.

PROVISION-ISR® is an Israeli multinational company founded in 2007 to meet the demands for high quality products in the medium-high segment of the CCTV market. Provision-ISR’s range of devices, encompasses different camera series, specifically designed to help the installers to find the best suited solution for their customers.

Provision-ISR is the first CCTV manufacturer to embed a 3rd part Cyber Security solution by CheckPoint®.

Website: https://provision-isr.com/

We hope this short overview of the new integration with Provision-ISR has been useful for you and your organization. If you’re still unsure about whether or not our integration is right for your business, please don’t hesitate to reach out to our Customer Support at info@spgcontrols.com

ARCO Platform 6.1 Release Highlights

/0 Comments/in /by

Please refer to the SPG Support site for the complete Release Notes.

JMP Seminar in Casablanca, Morocco

/0 Comments/in /by

Our associates from JMP hosted a banking and multi-site client seminar in Casablanca in Morocco together with Protectas and Assa Abloy yesterday. We presented the latest technologies for cloud solutions available in today’s market.

JMP 6
JMP 5
JMP 3
Previous image
Next image

JMP Controls is a value-added distributor of innovative and efficient security solutions covering all areas of electronic security.

Check out the SPG Controls page to find out more about our collaborators: https://spgcontrols.com/partners/

ARCO Platform 6.0 Release Highlights

/0 Comments/in /by

Please refer to the SPG Support site for the complete Release Notes.

SPG Controls FCC Certification

/0 Comments/in /by

SPG Controls’ S1000 Smart Controller and Peripherals are FCC certified under 47 CFR PART 15, SUBPART B/ICES-003 issued by the independent testing company EMC Technologies Pty. Ltd.

List of FCC Certified Products

• S1000 Smart Controller: S1000-PCB
• SPG Power Supply: SP1-PSU-2A
• CRI Expansion Card: SE1-CRI-PCB
• Card Reader Interface Board: SD1-CRIO-PCB
• IO Expansion Card: SE1-8I2O-PCB
• 6 Output Expansion Card: SE1-6OUT-PCB
• S1000 Remote IO: SD1-REMIO-PCB
• Audio Listen In Module: SD1-AUDIO4-PCB
• Audio Converter Expansion Card: SE1-AUDIOBUS-PCB
• Dual Ethernet Expansion Card: SE1-ETHER2-PCB
• Cellular+WiFi Expansion Card: SE1-CELL-PCB
• Sensor Remote Device: SD1-2ADI-PCB
• Alarm Keypad: SD1-TKD-MFRICP-B
• S1000 Communicator: S1000-PENC

For a copy of the FCC certificate or the comprehensive testing report, feel free to contact us at info@spgcontrols.com

New Collaboration Announcement: Eclipse Digital Solutions

/0 Comments/in /by

SPG Controls is pleased to announce a new collaboration with Eclipse Digital Solutions, a double award-winning pioneer of modern-day integrated security solutions. Eclipse Digital Solutions has long-established relationships with a wide range of public and private sector bodies and commercial clients in and around the UK.

Eclipse Digital Solutions Ltd have consistently delivered tailor-made and cost-effective security solutions to our client base across various sectors.
Clients include the Home Office, Centre for the Protection of National Infrastructure, Ministry of Justice and businesses and organisations requiring the highest level of security protection.

Dedicated to standards and is accredited to ISO9001 Quality Management System and ISO27001 and is a member of ADS – the premier trade association for organisations operating in our sectors – providing the best possible solutions, products and services.

Check out the Eclipse Digital Solutions website: https://www.eclipsedigital.co.uk/

Check out the SPG Controls page to find out more about our collaborators: https://spgcontrols.com/partners/

How To Detect and Mitigate the Log4j2 Vulnerability

/0 Comments/in /by

Like many manufacturers in our Industry, we became aware on the 10th of December 2021 of the Remote Code Execution vulnerability CVE-2021-44228 in the popular Java logging library Log4j2 CVE (all versions between 2.0 and 2.14.1 are vulnerable).

While SPG Controls and our related products are safe from the Log4j2 vulnerability, you may have other products and services that are not.

Below is a brief infographic on how the Log4j2 works and potential fixes you can implement.

Contact us at info@spgcontrols.com and tell us how we can help you configure your systems integrations to be safe from the Log4j2 vulnerability.

Log4j2 CVE Vulnerability and SPG Controls

/0 Comments/in /by

Description:

Like many of the manufacturer’s in our Industry, we became aware on the 10th of December 2021 of the Remote Code Execution vulnerability CVE-2021-44228 in the popular Java logging library Log4j2 CVE (all versions between 2.0 and 2.14.1 are vulnerable).

SPG Controls Action:

SPG Controls scan the published docker images for known security flaws. The Log4j2 CVE vulnerability has been included in this process by the Docker Hub team.

Vulnerability Summary:

  • Code developed by SPG Controls does NOT use Log4j2 CVE.
  • Some Official Docker Images do contain the vulnerability; however, the versions used by SPG Controls are NOT affected.
  • SPG Control uses a version of Elasticsearch which does NOT contain the vulnerability.

Further Details:

Scan images on Docker Hub

Docker Hub security scans triggered after 1700 UTC the 13th of December 2021 are now correctly identifying the Log4j2 CVE. Scans before this date do not currently reflect the status of this vulnerability. Therefore, we recommend that you trigger scans by pushing the image to Docker Hub to view the status of Log4j2 CVE in the vulnerability report.

Source: https://docs.docker.com/docker-hub/vulnerability-scanning/

Code developed by SPG Controls does NOT use Log4j2 CVE. Some Official Docker Images do contain the vulnerability; however, the versions in use by SPG Controls are not affected.

Repository

Patched version

Additional documentation

couchbase

7.0.3

Couchbase blog

Elasticsearch

6.8.22, 7.16.2

Elasticsearch announcement

Flink

1.11.6, 1.12.7, 1.13.5, 1.14.2

Flink advice on Log4j CVE

Geonetwork

3.10.10

Geonetwork GitHub discussion

lightstreamer

Awaiting info

Awaiting info

logstash

6.8.22, 7.16.2

Elasticsearch announcement

neo4j

4.4.2

Neo4j announcement

solr

8.11.1

Solr security news

sonarqube

8.9.5, 9.2.2

SonarQube announcement

storm

Awaiting info

Awaiting info

Elasticsearch mitigation

Elasticsearch mitigation summary matrix.

Note: While the below mitigations are considered complete, our overall recommendation is to update to version 7.16.2 or 6.8.22 or newer.

Yes indicates the versions that are subject to the vulnerability in question, No indicates they are not vulnerable. Version ranges are inclusive.

Source: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

SPG Control uses a version of Elasticsearch which does NOT contain the vulnerability.

Elasticsearch

JDK

CVE IDs

Information Leak

Remote Code Execution

Complete Mitigation

7.16.1 – 7.16.2

≥ 8

CVE-2021-44228, CVE-2021-45046

No

No

N/A (not vulnerable)

7.0.0 – 7.16.0

≥ 9

CVE-2021-44228, CVE-2021-45046

No

No

N/A3 (not vulnerable)

7.0.0 – 7.16.0

< 9

CVE-2021-44228, CVE-2021-45046

Yes

No

System property1

6.8.21

≥ 8

CVE-2021-44228, CVE-2021-45046

No

No

N/A (not vulnerable)

6.0.0 – 6.8.20

≥ 9

CVE-2021-44228, CVE-2021-45046

No

No

N/A3 (not vulnerable)

6.4.0 – 6.8.20

< 9

CVE-2021-44228, CVE-2021-45046

Yes

No

System property1

6.0.0 – 6.3.2

< 9

CVE-2021-44228, CVE-2021-45046

Yes

No

Remove JndiLookup2

5.6.11 – 5.6.16

8

CVE-2021-44228, CVE-2021-45046

Yes

Yes

System property1

5.0.0 – 5.6.10

8

CVE-2021-44228, CVE-2021-45046

Yes

Yes

Remove JndiLookup2

< 5.0.0

any

CVE-2021-44228, CVE-2021-45046

No

No

N/A (not vulnerable)

 

Sources:

https://www.lunasec.io/docs/blog/log4j-zero-day/

https://docs.docker.com/security/

https://docs.docker.com/docker-hub/vulnerability-scanning/

https://hub.docker.com/_/elasticsearch

https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

Download Technical Bulletin

New Integration Announcement: Orange Business Services – Pack ID solution

/0 Comments/in /by

SPG Controls is pleased to announce a new partnership with Orange Business Services, a global IT and communications services provider. Orange Business Services operations span 26 countries and serve 207 million mobile customers, including 8 million business customers.

Integration with ARCO Platform uses its Open API to interface to the Pack ID solution from Orange Cloud Service mobile credentials. Credential request on the Orange Cloud Server leverages the built-in security architecture and secure communication of the ARCO Platform to access Sites/Doors.

The API is based on the latest Web-based Restful Architecture. All data contained within ARCO Platform is securely communicated to the Orange Cloud Service.

Check out the Orange Business Services website: https://www.orange-business.com/fr/produits/pack-id 

Check out the SPG Controls partners page to find out more about our collaborators: https://spgcontrols.com/partners/

New Partner Announcement: Avarn Security

/0 Comments/in /by

SPG Controls is pleased to announce a new partnership with Avarn Security, a leading security group with operations in Norway, Sweden, Denmark and Finland. Avarn Security supply security to clients across the Nordic countries.

Avarn Security (earlier Nokas) is a leading and strategic security partner for corporate customers and public sector organizations. They provide security services and solutions in the Nordic market.

Avarn Security is known for its long history as a strong solution provider of access control solutions. They are expanding their current access control system offering by bringing the latest technology in the industry to Finland for the benefit of the customers. SPG Controls and Avarn Security have entered into a cooperation agreement, in which Avarn Security will continue to represent the ARCO Enterprise access control system in Finland alongside its current access control solutions.

The company’s main operations are based in Norway, Sweden and Finland. Its head office is located in Oslo, Norway and it is headed by Group CEO Vidar Berg, with 16,000 employees spread across the Nordic countries.

Check out the Avarn Security website: https://www.avarnsecurity.fi/

Check out the SPG Controls partners page to find out more about our collaborators: https://spgcontrols.com/partners/