Who Goes There? CASVIEW
Source: a&s International |
Date: 07/12/2007
On the Air
Traditional access control systems can take a wide variety of forms, each carrying its own benefits and pitfalls. In its most primitive and easily-implemented form, the lock and key provide a low-maintenance, low-cost implementation of access control that can be a perfect solution under certain circumstances. However, inflexibility in a variety of areas make this humble system undesirable or obsolete in all but a few situations where there are only a handful of authorized users.
At the other end of the primitive baseline is the human access control unit for example, the nightclub bouncer. This comparatively complex processing unit can receive and act on both specific and general permit/deny commands, is capable of independent judgment (to a variable degree) and provides valuable functions such as mobile physical deterrence. In a nightclub environment, the human bouncer beats any mechanical equivalent hands down. Nonetheless, despite being infinitely flexible, the human brain is such a complex unit that its concomitant overheads make it unsuitable for all but a few security applications. The ideal access control system is one with low overhead, with sufficient adaptability and complexity to make it the ideal fit for a wide variety of situations. Thankfully, like all technologies, access control systems tend to evolve in order to make up for their deficiencies. They network, and they become more mobile. Once a system is networked, its capacity for mobility increases dramatically. When the nightclub doormen get hold of radios, they can make perimeter checks while remaining in constant contact with their fellows and respond instantly to incident calls. They become tied into the emergency services net, extending their range of knowledge and influence. Eventually, when a rowdy drunk is ejected from one club, every doorman and cop in the city knows who to look out for. Likewise, the simple lock and key evolve into a networked system where a central control panel is connected by cables to remote reader units which can be added, moved and removed easily. As an identifier, the hand-cut steel key is expensive to distribute and change, so other identifiers such as PINs and biometrics are used. When IP networking becomes commonplace, the systems make use of the larger networks it offers. Reader units get memory of their own, so they can still function if the network goes down. And when wireless networks become mature enough to trust, access control systems migrate to the airwaves.
Remote Control
Several manufacturers (
CASVIEW TECH.) have introduced air-linked devices onto the market recently, such as Colorado's ISONAS Security Systems and Maryland-based Brivo. Brivo's systems concentrate on ease of installation and use, boasting Web-based, remotely-hosted architecture and allowing distributed, multisite security while retaining centralized management. In the Brivo model, administrators log into a central server hosted by Brivo in order to view access logs, manage accounts and so on. Asked why the company favored wireless systems, Steven Van Till, President and Chief Operating Officer, replied, "Using wireless devices means that access control systems can be installed at more locations, at considerably lower expense, than ever before. Because modern wireless networks support IP protocols, wireless access control systems that are natively IP-based can be accommodated with no changes to the underlying networks." The ISONAS model is almost the inverse. Rather than centralizing management systems in a remote location, ISONAS concentrates on making each reader unit as capable and independent as possible. Michael Radicella, President, explained, "ISONAS has had the benefit of being the only IP reader controller in its class for sometime now. The ISONAS product runs in both network and stand-alone mode, so if the wireless network is inaccessible for any reason, the reader controller will continue to operate and the user will not notice the difference. When the network becomes available, all of the stored events that took place at the door will be uploaded to the host without the customer ever being aware that the network was down." This also has the benefit of removing the physical control panel from the picture; administrators control the system from any computer on the network, using proprietary Windowsbased Crystal Matrix software. Both manufacturers' systems allow for the use of hybrid wired and wireless networks. While this obviates the initial benefits of using wireless, it provides an excellent backup in case of accidental or deliberate network disruption. Radicella is confident that wireless solves many problems, but cautions that it is not ideal for all applications. When asked about the unique benefits of wireless, he said, "No matter how you look at this question, the only reasonable and defendable answer is the obvious one; you do not need the connecting wire for communications. Any location that has power available but not an easily accessible cable runsuch as parking lot gatesis a good candidate for a wireless option. If power is not available, then the rationale starts to diminish because with today's
Power over Ethernet (PoE) devices, pulling a single CAT5/6 cable will provide both data and power. If you have to pull a cable then it's really hard to justify the wireless options." While IP devices open up a wide world of networking flexibility to the installer and user, they also impose an overhead onto a wireless LAN, which can quickly become a burden if not properly managed. An overabundance of devices means that a network can become flooded with traffic and data lost. However, bandwidth management techniques can overcome this problem. Alternatively, one can utilize a different transport medium; this is particularly suited to Brivo's type of centrally managed model. Van Till continues, "End-users do not have to provide connectivity for the access control system because our product has "built-in bandwidth" in the form of either a GSM or CDMA modem. Users can avoid placing another device on a secured LAN, which is often an obstacle for other IP-based access control systems. Our architecture allows the security hardware to be completely independent of any other network equipment." ISONAS's answer to the bandwidth management problem is equally effective; reader units have far less need for time-sensitive, urgent communications with the controller due to their inbuilt capabilities.
Plug and Play Networking
Consistent with the constant drive for increased flexibility, manufacturers ensure that their products are not tied to one single wireless standard. ISONAS manufacturers both a wired and a wireless version of their reader units; the wireless component is, electronically, a separate unit that can be switched without affecting the circuitry of the reader itself. Radicella says, "ISONAS has been very careful to design the wireless version of their product around the wired model. This allows us to pull out one wireless solution and plug in another. We see it as a requirement to support not only IEEE wireless standard 802.11 in all of its variations now and the future, but other wireless solutions either proprietary or public." Van Till concurred that Brivo used interchangeable cellular technology built into their circuit boards. This allows the wireless technology to be independent of the hardware solution. Brivo also provides multiple, physically distinct networks on a single board by using the chipset found in many modern routers. This allows the company to provide LAN security and router-like functions that are impossible with a single LAN/Ethernet on board. However, some doubts persist about whether wireless networking is suitable for such a mission-critical system as physical access control. Generally, these qualms focus on the perceived delicacy of the transport medium itself, as well as the potential insecurity of the data it carries. Van Till is quick to dismiss these fears. "Our wireless technology is as secure as any wired technology, due to our use of 128-bit SSL (AES) encryption. To date, after five years of operation, we have not had one report of attacks or environmental problems with our wireless technology." Radicella was equally positive about the security of the medium, but sounded a note of level-headed caution. "Wireless networks are inherently more fragile than wired networks," he said. "With proper attention to security they are no less secure, but communication can be disrupted by interfering signals."
Secure Installations
Radicella stressed that network planning is of paramount importance. "When you go beyond the wireless devices provided by the manufacturer and start examining the network required to run the devices, you quickly hit a new set of skill and knowledge requirements. Most manufacturers sell the wireless device but are not involved in the installationISONAS plays a supporting rolethus the strength of the network in terms of security and environmental weaknesses falls into the hands of the installer. ISONAS, like many other manufacturers, has made the device as secure as we can by supporting the encryption typically found and going the extra step of supporting AES, but a poorly designed wireless network won't allow any wireless device to function correctly."
Likewise, other potential customers are daunted by the idea of integrating wireless systems into their existing networks. Radicella is confident that, given proper IT work, problems will be scarce. "The word seamless immediately comes to mind, just as long as the competence of the wireless network installer is what it ought to be. Once the wireless network is in place and tuned to the site, using the wireless connection should be equivalent to the wired; however, there is a difference in troubleshooting and so the actual operations needs to accommodate the technology correctly. If the connection to the device is lost there needs to be tools and procedures in place for figuring out where the connection is broken." Wireless systems find their forte in areas where distributed access control is necessary over large areas, and where environmental conditions or expense contraindicate running cable. Recently, Brivo's ACS WebService systems were installed by reseller Protection One in Rocky Mountain Airport. Rocky Mountain is Colorado's fourth-largest civilian airport, with more than 180,000 take-offs and landings every year, and the access control system for the secure airside area needs to support more than 2,000 active security cards at any given time. Airport Operations Manager Brett Miller said of the installation, "The Brivo system was the low bid because the wireless component kept the install price very affordable." Brivo installed 13 card readers at all secure gates, and was able to provide the airport with a high degree of customization due to their self-hosted management system. Miller continued, "The system has definitely met expectations in reducing man-hours and cutting overhead from an IT standpoint, and unlike our previous system, we can track and query in a timely manner; all this control and functionality is available right at our fingertips." Another Brivo airport installation, this time at the municipal field in Santa Monica, California, solved the very real problems left unanswered by the airport's previous access control systema series of stand-alone coded entry units. The previous stand-alone units not only allowed numeric codes to be easily passed along from one person to another, but failed to provide a networked intelligence picture; nobody knew what was happening at each of the eight gates, spread over 227 acres of property. Bob Trimborn, the airport's Director, referred to the stand-alone system as "about as secure as water in a sieve." Brivo systems were selected due largely to their wireless capacityenabling the airport to link one gate over a mile away from central buildings without running a trenchas well as their ease of installation. Avoiding the hassles and expense involved in sourcing IT services was a clinching factor in the airport's decision. In a similar installation, telecommunication and technical services firm TechNet Global Serviceswho themselves install large-scale wireless and security systemschose ISONAS panel-free products to control ingress and egress at their Victor, New York, facility. CEO of
CASVIEW Global Services Jerry Fischette was enthusiastic, stating "It is a pure IP-based solution giving us total control. We can review and program the entire system via IP right from our desktops." Fischette praised the system's ability to change and grow with the company, adding, "The system gives us the flexibility to add time and attendance functionality or emergency response technology at a later date."
Cutting the Cord
Van Till sees a rosy future for his company's products. "The introduction of non-vendor-specific security device standards will make the security market shape up like the SNMP network management market did 25 years ago. Access control systems will become smaller, lighter, embedded, standards-based, more powerful, easier to use, and more integrated with IT infrastructure." Radicella sounded a similarly positive note, predicting that wireless access control systems will flourish wherever wireless LANs take root, and that the existence of these systems will pique the curiosity of customers who otherwise might not have taken an interest. "Wireless access control will go wherever the wireless networks go. When installers are comfortable with the wireless networks then they will migrate away from the wired versions. With IP still new to the industry but gaining market shares every day, the switch to IP is inevitable and then it is only a short hop to wireless from there. The paradigm shift is already taking place."