IP: the conflict of interest

To achieve this, different systems and hardware need a common medium to communicate with each other that is independent of the site infrastructure. To this end, Internet Protocol (IP) is rapidly becoming the system of choice for many in the security and building management arenas.

CCTV, access control, intruder detection, fire and voice evacuation systems – in addition to the remote transmission of alarms – are perceived as low cost, simple to deploy and easy-to-use when integrated over an IP-based network. However, in reality these systems simply employ the existing IT infrastructures to make cost savings by using the current cables and connections.

Most organisations’ networks were not originally built as security networks. In fact, they are designed and run to be as open and simple to connect into as possible, with limited restrictions imposed on both end users and applications alike.

Given the greater integration of security and IT in recent times, we need to take a careful look at the infrastructures and vulnerability of these same corporate networks, and how security devices connect to them.

There is a definite requirement to examine the impact of Denial of Service (DoS) attacks – the computing/network equivalent of a ‘line failure’ in monitoring parlance – and how this can impact on the functionality and availability of the system to protect both a building’s occupants and its contents.

Denial of Service (DoS): the truth

When a system is disabled or flooded with commands to prevent that system from acting as it was intended then a Denial of Service (DoS) ‘situation’ has arisen. A Distributed Denial of Service (DDoS) attack, on the other hand, is launched from several locations at the same time such that the target will have more commands flooding the system(s) than can be processed. The objective? To prevent legitimate access and the transmission of secure voice, data or alarm signals.

By understanding how a system works, one can better comprehend the unique risks that need to be appreciated to make a security system resistant to DoS either by accident or design (see figure 1 on page 52).

IP systems represent a cheap and effective method of linking devices and components but, unlike most PC networks, security systems are required to perform 24 hours per day, seven days per week (including those time periods when the building is unoccupied and at possible risk from intruders or fire).

Malicious DoS attacks are now taking place on a daily basis, often as part of extortion attempts against commercial online service providers (online betting, banking and gaming providers being the high profile examples of late). It is therefore refreshing to see the issue being taken seriously within Government – efforts are focused on rendering ‘DoS by design’ an offence under the revision of the Misuse of Computers Act (‘APIG targets update of Computer Misuse Act’, News Update, SMT, October 2004, p7).

Whereas DoS is a malicious, external threat to the IP network, accidental breakdown of service can equally compromise the network. In truth, this may result from a number of issues.

What can possibly go wrong?

In reviewing a network for suitable integration with the requirements of security, security and IT managers must consider the likely effects on a building’s protection regime if any of the following should occur:

• an unexpected closure of the network;
• damage or unplanned closure of the routing devices;
• network overload;
• traffic density;
• power failures anywhere in the network;
• disruption to the WAN/LAN or network centre;
• closure of the Internet Service Provider;
• regional power failure;
• breaks in the telecoms links;
• physical damage to the ATE or ATS environment;
• access security of the network by unauthorised users;
• connectivity of non-secure equipment such as PDAs and wireless laptops.

By accident or design, DoS attacks can have the effect of blocking all transmissions to and from any security device or site within an organisation and/or the link to the 24-hour manned Control Centre. In turn, this will reduce the effectiveness of response by the emergency services, key holder or the manned security patrol on site.

Fire and security panels

Fire and security hardware boasts non-volatile programming and remains unaffected by many of the causes of DoS. However, that hardware may be affected by the direct or indirect effects of a virus, worms, Trojans or malware on the management system that hosts the transmission, management or receipt of messages over private or public networks.

There is much to be gained by integrating IT and security systems, but when transferring the security system to an IP environment a thorough risk assessment should first be undertaken to ensure that the level of protection is not undermined.

For the purposes of reviewing a security system, the compliance of that system is only as good as the lowest grade component (which includes the network). Availability is key in this decision, for although IT networks may appear to be available 24 hours per day, in reality they are not. Often, at those times of low usage IT managers will choose to upgrade their systems, large data files will be backed-up or new networks enabled. This often occurs in the unoccupied times when the company’s property is most at risk.

Even in the best run environments, without a secondary path systems will only be as reliable as their weakest link. With IP networks, one has to ask who holds the management rights to close or amend the configuration? Are they covered by a security policy? Do subcontractors have access rights? Can the network be accessed from remote locations?

There is much to be gained by integrating IT and security systems, but when transferring the security system to an IP environment a thorough risk assessment should be undertaken to ensure that the level of protection is not undermined

In a recent article, Karl Fielder of Internet security management consultancy RedM outlined the results of a survey looking at major systems. The statistics suggested that 60% of them leaked data, while few had any security measures in place. In addition, many networks use wireless LANs which could be accessed from a car park some 300 yards away with little or no difficulty.

Either by accident or design, these networks may not always be there. To ensure that a given message does leave a property in the event of a disaster scenario, a fall-back link to a remote, manned centre is essential. Of course, this link would have to be via separate media (for example global radio system for mobiles such as GSM). Remember that the fault responsible for closing down the network may also affect the telecom link. This is particularly true of Voice-over-IP (VoIP) systems.

Voice-over-IP (VoIP) systems

VoIP emulates the functions of a standard switched telephone line via the Internet or other IP network to provide a pathway for voice telephone calls, a technique widely deployed in the US to save telephone costs within many large corporations. The technique is now beginning to penetrate the UK market.

Once activated, the VoIP adaptor provides a dial tone at the handset and then samples the analogue speech sounds, converting them into IP data. They are then transmitted over the Internet. On receipt, they are converted back into sounds that emulate speech.

Once they have established a connection, communicators (such as digital communicators, for example) send the data rapidly, but IP splits up the packet of information and it may not be received intact due to differences in the rate which parts of the data have been transmitted. In some cases this may be due to the VoIP compression not being able to handle the speed of the communicators’ ‘exchange’, and may require reprogramming by the alarm installer.

It is vital to understand that, at any given time, a specific alarm communicator connected to a VoIP adaptor may be able to communicate with a receiver. At other times, though, it may not. It is possible that it may make numerous attempts for an alarm panel to reach the central station via VoIP in order to deliver a single alarm message. Be aware, too, that VoIP connection may inhibit or otherwise not allow the remote downloading of control panel programming from an installer’s office, while also requiring additional site visits for one-to-one connection by the engineer.

Links to 24-hour manned centres

The logical step with IP is to link the site to its chosen Alarm Receiving Centre through the company LAN or WAN. However well structured, this will inevitably require the transmission path to travel via one or more Internet Service Providers (ISPs). These ISPs have no interest in the content or purpose of the traffic moving across their connections. Indeed, they may not even be located in the UK or be subject to our legislation.

Each ISP link is a weak point. One cannot expect IP alone to achieve the security Grade 3 or 4 of EN 50131 without an alternate route.

How, then, might security managers work with the IT team to ensure that the security systems stay online? First of all, you need to review the choice of the secondary path. Can this handle ‘confirmation’ without the IP link in place? When converting to IP or VoIP, managers must consult with their system installers to ensure that all solutions are compatible.

For their part, installers should advise security managers and client contacts that it’s their responsibility to, in turn, advise them – and operatives at the 24/7 manned centre – of any change such that round-the-clock links can be maintained.

Managers must also make sure that any systems they’re using are designed to send regular text messages such that any changes implemented are identified early on.

IP is not a panacea

IP-based systems will deliver cost benefits to the end user, but they are not – and should not be deemed – a panacea solution.

All of those having jurisdiction over the systems should be consulted, and their opinions added to the overall fire and security risk assessment. Once that risk assessment has been conducted, the cost benefits of integrating the systems are transparent and can be agreed with the senior management.

On balance, if there is a significant benefit engendered by moving over to IP then the additional requirements and costs to meet the special needs of the building management fire and security system can be agreed by the IT Department, and the necessary network operator security procedures put in place.

These policies will need to be reviewed quarterly, whenever the network is extended, modified or adapted and, in particular, when merged with other systems to ensure the planned integrity is not undermined and that 24/7 protection is maintained. n