Posts

New SPG Product in Focus – OSDP Mini Camera

Not all work environments are the same; some require additional surveillance to maintain and complete the security work needed to protect and safeguard valuable assets. Additionally, remote sites may be subject to significant variations in temperature, humidity, power availability, and other services and variables. SPG’s latest hardware is ideally suited to these types of challenging requirements.
Ideal for mounting inside enclosures, racks, ATM’s, vaults, Telco cabinets, Utility facilities or any location where non-continuous monitoring is more economical.

Connected via the encrypted OSDP bus of the S1000 Smart Controller, the Mini Camera captures images at high speed and then stores them locally on the S1000 SD card.

Images can be uploaded to the ARCO Platform using Ethernet or via a 4G expansion card in the S1000 Smart Controller or directly connecting to a WIFI router.
Up to eight (8) Mini Cameras are supported on an S1000 Smart Controller. Minimal battery backup to an S1000 would ensure continuous availability of images from remote sites for alarm management or activity verification. All communications are encrypted end to end.

Some typical use cases are listed below:

Vehicle Fleet and Driver Security & Tracking Management

SPG’s fleet and driver monitoring solutions puts management within the passenger seat of each vehicle in the fleet with GPS, truck, trailer and driver monitoring
Add video, two-way audio and environmental monitoring and controls to your fleet and secure your driver’s and cargo’s safety end to end.

Cabinet Monitoring and Management

Providing early warning of failures, video and two-way audio and ensuring only authorized employees or contractors are permitted access are key attributes of our remote cabinet solutions. In addition, sophisticated monitoring provides the real-time condition of the cabinet and its key components.
This also helps control preventative maintenance, make informed decisions, and cut personnel and operational expenses costs. SPG’s sensor logs also provide for root cause evaluation to help mitigate future problems.

ATM Monitoring and Management

Persistent physical attacks continue on ATM’s resulting in theft, disruption, damage and poor customer service. Increasingly, explosive gases are used to destroy the integrity of ATM vaults, and the use of mechanical excavators and machinery still results in ATM’s being pulled from their building surrounds or free-standing locations.

SPG Controls offers a smart security system, which has been designed to protect ATM’s from theft or unauthorized access. Providing early warning of failures, video and two-way audio and ensuring only authorized employees or contractors are permitted access are key attributes of our ATM monitoring solutions. Standard battery backup and 4G connectivity provide ongoing operation in the event of a power or communications loss.

 

Remote Vault Monitoring & Management

Where physical security vaults protect cash, documents and assets, SPG Controls offers a smart security system designed to protect the vault and the personnel opening and closing vault and bookroom doors from theft, unauthorized access or duress. Providing early warning of failures, video and two-way audio and ensuring only authorized employees or contractors are permitted access are key attributes of our vault monitoring solutions. SPG enables both efficiency and security, our sophisticated monitoring devices providing the real-time condition of the vault and key components. This additionally helps to manage preventative maintenance, make informed decisions, and cut operational expenses. SPG’s sensor logs also provide for root cause evaluation to help mitigate future problems.

Data Centres – Monitoring & Management

Data Centers are among the most important components in modern IT infrastructures, hosting websites, web services, and web applications that we use on a daily basis. Social networking, media streaming, software as a service (SaaS), and other activities wouldn’t be possible without the use of these web servers. With cloud computing growing fast and moving more services online, web server monitoring is only becoming more important.

SPG Controls offers the perfect management system for Data Center temperature monitoring. Our ARCO Solution can easily be configured to send you and your team alerts when Data Center temperature and humidity values rise or fall with video verification using our OSDP Mini Camera.

Sound Intelligence from SPG Controls resonates with our European partners

Digital Audio Verification to manage Alarm Events

Another addition to SPG Control’s product line provides encrypted two-way VOIP data for alarm verification, intercom and public address. Our latest Audio Listen-In Module provides connectivity to our S1000 Smart Controller through an encrypted OSDP bus. Digital audio is then delivered from the S1000 over wifi, ethernet or 4G to our central ARCO software platform or via Industry standard protocols to commercial security monitoring stations.

Two leading French monitoring companies have just successfully completed testing of our digital audio products in anticipation of several new projects. ESI and Azuresoft have been working alongside our European distributor, JMP Controls, based in Paris. Pascal Creff, CEO, said, “I’m delighted with the new capability and industry-leading audio quality available from SPG Controls Audio Listen-In Module. I expect to be able to offer improved alarm management and risk reduction to my growing portfolio of customers.”

 

 

 

 

Up to 8 microphones and 8 speakers can be attached to an S1000. Audio playback is possible using SIP (IP telephony), RTP streams or can be sent direct-to-browser. Our technology remains compatible with any central station monitoring provider, with audio control possible via DTMF commands or through Industry-standard contact ID reverse commands. Audio feeds may be triggered by alarm events governed by our “rules engine,” pre-alarm audio is also available. Pre-recorded messages may be stored within the S1000 Smart Controller and can be enunciated when triggered by specific circumstances.

Contact us to learn more about how SPG Controls applies the science of sound to help your business.

How to Improve Mobile App Security

Mobile Application Security Improvement

Mobile App security issue

With the increasing popularity of Mobile Devices, almost everybody uses mobile applications, but hardly anyone thinks of their data security while using them! At the same time, when developing system applications, there’s a tendency to focus on Site security rather than on the Application. Security is taken for granted, relying on the backend, where there may also be vulnerabilities.
A poorly protected mobile application can be a serious threat to an entire system. Mobile devices are where we store and work on critical data such as in payments, access, for medical and banking information, almost certainly for personal data, etc.

The problem of mobile application security is, especially concerning in various Android systems. Mainly because as it’s an open system, it is more vulnerable to data breaches at the operational level than Apple iOS (which is a closed system). Android is very fragmented, new versions of the system are deployed to customers’ devices very slowly, which directly impacts the improvement of the entire system’s security. It does not mean your Apple iOS system is completely safe – there are threats related to storing data or web server communication (a Man in the Middle attack) which may make your application vulnerable.

To add perspective to the problem, let’s consider the following examples;

Data and device interception

A Mobile App security breach can be related to several issues, from storing users’ data without encryption in the localised database (which was the case of a popular communication app in 2011) to session token change (a problem for a well-known marketplace application in 2016). The mobile app switched sessions to a different user’s token, most probably collected from deep links. This, through a fake marketplace site, made way for the potential theft of other users’ account data, such as user ID, profile photo, phone numbers, date of birth, access logs, and much other private information.

There are also several examples where an entire device has been compromised through a system vulnerability. Back in 2017, there was a significant security loophole discovered in a Bluetooth driver called BlueBorn; this allowed attackers to obtain complete control of a mobile phone by remotely executing code. In 2018, another issue was discovered; in order to control device modems, an Android firmware used AT commands (dating back to the 1980s). Manipulating these commands allowed hackers to gain control of the entire mobile device. Luckily, you don’t have to worry about BlueBorn issues anymore – it is already fixed on the majority of Android devices running 6.0 or greater and in iOS 10 and greater.

Such vulnerabilities can be used for a variety of reasons, for example, to create false certificates to obtain the data streaming out of your mobile app or install malware to obtain user data. These issues were rather quickly fixed at the operational level, but the question remains as to the extent of the breach. Normally, system loopholes unfortunately result in users waiting for an upgrade and ensuring app security personally.

Ensuring Mobile Application Protection

Ensuring mobile protection is an ongoing process, A most common methodology is to follow a standard security practice; more are now being adapted;.

Standard security practices may include:

  • The encryption of sensitive personal data, including encryption of the local database, cache, or API communication
  • The correct cryptographic key management and user session authorisation (tokens)
  • Token validations – the assigning of one to each consecutive device separately and with different session expiration times
  • Implementation of safe communication standards, e.g. certificate pinning in the case of HTTPs

Mobile-specific security methodology may include:

  • The protection against malicious apps
    • blocking screenshots or masking
    • Masking the mobile app view in the app switcher – preventing any preview of the mobile app’s content when switching to a different app
    • securing the clipboard – so a copied password is not visible in other mobile apps
    • IPC protection (Inter-Process Communication) – a security measure applied to system components to enable communication between mobile apps and the system, such as Activities, Services, Broadcast Receivers, Content Providers
  • UI security analysis, specifically in terms of data leaks (e.g. password masking or data validation)
  • Anti-tampering
  • Android-specific:
    • Code Obfuscation – these limit reverse engineering
    • Proper handling of mobile app signatures
    • Blocking access to overlapping active mobile apps – protection against content scraping done through different apps layered on top of the active mobile app
    • managing permissions in Android apps
  • iOS-specific
    • Using App Transport Security (ATS) for all internet connections
    • Enable the File Data Protection
      All the stated methods cover just some of the risks but be aware of them! Secondly, implementation or verification may require particular expertise.

How does SPG Controls ensure the security of Mobile Applications?

Mobile security is our priority. SPG Controls will ensure our Mobile Applications adhere to industry standards and are robust and resilient to attack.

Security Review

The security review can be done in five steps:
1. SPG Controls review the project to better understand the source code, structure, and purpose of the application.
2. SPG Controls make a list of the application’s various elements responsible for introducing risk to the project.
3. SPG Controls prepare a list of the application security features that should be implemented for all elements, and then verify if all the required security features are in place.
4. After a thorough analysis, if needed, a rescue plan will be created – SPG Controls prepares the list of security protocols which should be implemented.
5. Finally, SPG Controls will maintain the security level of the Mobile Application and ensure it is in the future updates.

Secure Authorisation

Specific permissions dictate the features available to the end user. Permissions are based on asset of assigned roles (or access groups). There are also “Access Policies” defined, which are additional rules needed to access a resource, such as what times an operator is allowed to access a specific resource. An operator who is logged in to the system with more than one role, for example as an Administrator, an Engineer and as a Guard, will be able to select a role and this will define which objects can be viewed with what permissions.

API Integration

The ARCO Platform provides the ability to interface to many 3rd party systems using an Open API. The API is based on the latest Web-based Restful Architecture. All data contained within the ARCO Platform is securely exposed to the 3rd party systems. All commands, events and configuration changes are logged by ARCO including the property changes made, so there is a full Audit trail.

To know more about how SPG’s ARCO Platform and how it can help secure your assets, click here.

Top 5 Encryption Best Practices That Will Protect You

Best Encryption Practices to Protect Your Business

Growing in importance, Encryption is something that every business needs! Not only to provide better online security but to prevent data breaches and business interruption.

What is Encryption?

In its simplest form, Encryption is the process by which data is encoded to prevent that data from being easily understood by an unauthorised person.  Only the parties involved in the communication are authorised to decrypt the data. As examples, those parties can be between your browser and a website, a storage device and an individual authorised user.

Normally a message is encrypted with a key, but for demonstration purposes and in a very simple way, characters may be “shifted” to another place in the alphabet. For instance, B might become A. The word “AZS” is an encrypted form of “BAT” as the places have been shifted by one place to the left. One of the most popular shift cyphers is the ROT13, which is short for “rotate by 13 places”.

Why Use Encryption?

Encryption prevents unauthorised actors from seeing sensitive data, whether that data is static or in transit. Data is considered to be transmitting whenever it is sent to another party or endpoint. For instance,  transferring a file to another device. For the duration of the transmit, a third-party can “eavesdrop” on the communication and create an opportunity for a  man-in-the-middle attack (MITM).

A man-in-the-middle attack can alter the communication between two parties and can happen in real-time. It can alter the data that is being transmitted and received and can lead to serious complications. For instance, a patch that seems normal might end up carrying a payload of viruses and backdoors which hackers can use to gain entry and compromise an otherwise secure system. Some everyday computer users and even administrators do not often see that their systems are already compromised because the altered data will be presented just as a normal software update. Another grave consequence is that sensitive data can be taken by hackers. If a system regularly transmits bank details or credit card credentials, they could be taken by malicious actors. Some systems would also be unable to detect whether data was compromised.

What practices can be implemented to make sure that data is secure and sound?

Multiple Encryption Methods

Having layers of Encryption for data can be beneficial. They can act as a separate layer of security for each encryption method available. If one of the Encryption fails, there are other methods that can be used to slow down or even deter hackers from taking further action.

ARCO Platform communicates with each component using wolfSSL.

The wolfSSL library is a lightweight SSL/TLS library targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set. It is used in many common platforms because the wolfSSL library supports over 30 different operating environments, industry standards up to the current TLS 1.3 library and offers progressive cyphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback report dramatically better performance when using wolfSSL versus other similar implementations of TLS.

Detailed Logs and Audit Trails

System design should incorporate the creation and storage of traffic logs for every event. This should include tracking which users are logged in and from where they are logged in. This can help administrators and cybersecurity experts to identify suspicious activities. In the case of an attack, investigators can see location data which may be helpful in building better fortification strategies.

ARCO Platforms includes real-time events, reports and alarms throughout the system.

Access to real-time information will help Companies visually understand changing security and business conditions to enable better decisions. Ones based on the real-time data and collated in pre-designated reports. ARCO enables you to identify trends and measure the impact of system activities.

Set Minimal Privileges for Users

Integrated systems tend to provide a lot of user privileges. It is important to limit access to a system to the minimal privileges required by each user. The temptation is to incorporate more system privileges than are required. For instance, a guest user does not need administrator privileges.

ARCO Platform gives users a set of permissions from a set of configurable roles.

 

Roles are only allowed to access the information necessary to perform specific tasks effectively. Access can be based on several factors, such as authority, responsibility and job competency. In addition, access to ARCO Platform can be limited to specific tasks such as the ability to view, create or modify a device.

Backups

It is also important to create regular system backups. This permits authorised users to restore data in case of a disruption to service.

Get Better Security

Invest in accredited and tested products and select fully trained and experienced partners for implementation and support services. SPG Controls has the right products and track record for securing your business as well as a global network of authorised Value-Added Resellers. Contact us to know more.

 

 

The Anatomy of a Unified System Integration

How Automated Security Systems Work

Having a unified security system integration policy for your Company is a game-changer. It can help provide more security to property and assets but also brings additional benefits.

Unified system integration for security has a lot of advantages, and thanks to SPG Controls technology a lot more is possible.

Some advantages of automated security systems:

Monitoring

Every “event” is included in a system audit trail and can be monitored. For example, Companies can monitor anyone entering their properties, whether single locations or multiple locations, locally, regionally or globally and have data at their fingertips either to a control room, a security room or through a Mobile Application. Entrances and exits may be viewed in real-time, locally, at a regional headquarters, or remotely. Visitors, contractors and delivery personnel can be screened prior to being authorised to enter Company property, minimising the risk to Company personnel.

Regulation of Access for Secure Places

Most Companies have areas in their premises where additional access rights are required; An example could be an IT or communications room, a UPS room, a storage area for high-value items, Corporate policy may dictate that two personnel are required in certain locations or that an airlock controls access by only one person at a time,

Automated systems can be programmed to let only specified personnel or authorised contractors into critical areas within your property. Each event will be added to the audit trail within the SPG Controls system.

Trail Records and Logs

The system creates an audit trail for every event, and a flexible reporting tool enables records to be presented for multiple uses, for example, contractor attendance records, payroll input through time and attendance reporting, fire muster lists in the event of a fire alarm.

Safely Manage Everything

As an authorised and authenticated system administrator, management of the automated security system is at your fingertips. SPG Controls provides an intuitive Mobile Application through which Company personnel can safely and securely manage any security event.

What makes an Integrated System?

Multi-Function Security Control Panel

At the heart of an SPG Controls security solution is the S1000, a multi-functional security control panel. This is typically located at every site and integrates with existing or new security equipment such as movement sensors, door contacts, building alarms, the fire system, CCTV or camera system, access control and locks, intercom, and other security components in the integrated system. In addition, the S1000 provides the capability to connect to multiple other inputs, such as but not limited to, temperature, light, heat and humidity sensors, refrigeration units, air conditioning units and lone worker monitoring with full backward control.

User Interface Devices

Keypads, biometrics, and other interface devices allow authorised security personnel to arm and disarm locks and alarms in Corporate properties. They also allow administrators to control parts of the automated system either locally through the Keypad or remotely through the Mobile Application

Central Software Monitoring System

The software part of the automated security system is crucial as it manages all of the access to all system components. It collects and records data from every input in the system.

SPG Controls offers these advanced parts of an integrated system for security.

S1000 Smart Controller

Remote access is possible thanks to the S1000 Intelligent control panel which can be connected to adaptor modules and network devices.

The S1000 Smart Controller can be installed to monitor and automate alarms and access control rights to areas and doors. There is automatic data collection from readers and other devices within each location.

Remote User Interface

The SPG Keypad supports a variety of features including local arming and disarming of the security equipment. Other components, such as OSDP readers, can provide access control functionality.

Remote User Interface

 

Security in each area can be fine-tuned using Scheduled Access, Anti-pass back, Duress Alarms and Dual Authentication options.

ARCO Platform

The ARCO platform is one of the most advanced management tools that can be used to operate a central security monitoring environment. It can provide access and records to all of the connected monitoring devices such as cameras, alarms, locks, and other sensors. It can also be used for multiple operator workstations for efficiency and redundancy. The platform handles all of the access rights for the areas and security components. The master audit trail is also managed by the ARCO Platform.

ARCO Platform

Software features of the ARCO Platform include alarm management, site configuration, database management, interactive dashboard, distributed workstations, a graphical user interface for site location and status, built-in reporting engine, artificial intelligence capability for programmable logic rules.

To know more about how SPG Controls can help you secure your property and premises, contact us.

 

Securing Security Management Systems – Cybersecurity

With the global average cost of a data breach now reported as US$3.86 million Cybersecurity has never been more critical. In addition, the average time to identify and contain a data breach or the “breach lifecycle” is 280 days in 2020 and so the effects of a data breach can be costly and very disruptive!  (see IBM Security, Cost of a Data Breach Report 2020).

In this article, SPG Controls will explain why Cybersecurity needs to extend to electronic and physical security products to ensure business continuity and integrity.

data security cyber data or information privacy idea

What is Cybersecurity?

Simply put, Cybersecurity is the protection of any system that is connected to the internet, including both hardware and software. Customer and business data are usually targeted, and the resultant business interruption, loss of reputation and recovery can cause lasting damage.

For businesses, it is important to note that ” security” encompasses both physical security (as an example a lock on a server room door) and Cybersecurity (as an example protecting the servers with anti-virus software from vulnerabilities).

Cybersecurity also includes the study and implementation of various technologies that can help deter and prevent hackers from accessing unauthorised data. Cybersecurity specialists work hard to execute strategies to bolster a system and/or a network from cyberattacks. Some specialise in website security while others are more engaged in protecting hardware from external attack.

 

What Can You Do to Protect Your Business?

You can protect your business by ensuring that your security systems are certified to Industry standards and are robust and resilient to attack.

SPG ‘ ‘Control’s ARCO Platform is one of the most highly sophisticated security software platforms and can also be integrated with existing systems, meaning companies can re-use previous investments and re-utilise and re-purpose assets. ARCO  is designed to work within secure environments. Every user and device communicate with the system through encrypted channels ensuring only authenticated and authorised users and equipment is connected. This is also essential for security when remote access is required.

 

ARCO Security is implemented in three ways

 

Secure Architecture

Businesses can benefit from the ARCO ‘ ‘Platform’s Onion Architecture which can be used in the cloud, on-premises, and in hybrid environments.

The ARCO Platform has different layers for each application. This is to isolate them from each other in the event of a cyber-attack. It also paves the way for better testing and maintenance of the application.

The ARCO Platform also has a domain-driven design. The domain model contains both the business logic and rules. Business logic is separated from the view and data access layers.

 

Secure Authentication

Remote connections and access are also protected by the ARCO Platform. Each of its functionalities are deployable through microservices, which communicate via HTTPS endpoints through a Web API. WolfSSL is used in the encryption of communication between any connected devices to the ARCO Platform through the S1000 controller.

Certificate-based authentication is used to further protect unauthorised access. The certificates are validated or revoked by ARCO Platform Integration Layers. Core services are run through standard strict Web API security checkpoints.

Java Web Token is used for access token validation. Every action of a user is passed through the token to ensure security. The ARCO Platform also uses modular access policies so that each ‘ ‘role’s permissions can be further controlled.

 

Secure Authorisation

Specific permissions dictate the features available to the user. Permissions are based from a  set of roles (or access groups) assigned. There are also “Access Policies” defined, which are additional rules needed to access a resource, such as what times an operator is allowed to access a specific resource. An operator who is logged in to the system with more than one role, for example as an Administrator, an Engineer and as a Guard,  will be able to select a  role and this will define which objects can be viewed with what permissions.

What Can You Do to Protect Your Business?

To know more about how ARCO Platform and how it can help secure your assets, click here.

 

Reference sources detailed below.

Security Intelligence

IBM Security

News

ARCO Platform 4.0 Release Highlights

Advanced Reporting

ARCO Platform 4.0 guides you in making smarter, more informed decisions using the fully integrated Reporting and Dashboard modules. Gather data from real-time key system metrics or develop insights from historical trends.
Get immediate value from out-of-the-box reports and ready access on a full range of data elements that track reporting information such as User Access, Environmental Patterns or Alarm Status.

Enhance Dashboards

ARCO Platform 4.0 features new and improved Dashboard UI for a cleaner and more efficient display your overall system status.

Email Notification

ARCO Platform 4.0 now enables you to configure an SMTP (Simple Mail Transfer Protocol) to send, receive, and/or relay outgoing mail between email senders and receivers.
ARCO Platform Rules module enables you to fully control exactly when an email notification will be sent.

Audio Monitoring

When the Sip Call Center Service receives call a call from a User, it sends commands to ARCO requesting S1000 gateway to make a callback. When Sip Service receives the callback from the S1000 gateway, it looks for active incoming call and transfers the S1000 gateway’s call to the User.

Dual ARCO Server

Dual ARCO System enables support for the mapping of Contact ID events for reporting to 3rd party system using the S1000 Smart Controllers “Reporting Category” retrieved from the hardware and reported events.