Categories
Apps Business security

Access control meets www – and it's not what you think

When I began this blog I intended to cover subjects that I felt would be of general interest to users of business communications services in the UK – Timico customers generally. I didn’t think that this would for one moment include the topic of door entry systems. It does.

Some time ago we began a relationship with a company called Paxton Access. This was because we needed a security system for our new purpose built Headquarters building in Newark (Notts – not New Joisey for the benefit of international readers). Since then we have started installing it as part of an integrated package for customers.

Door locks have moved on a long way. This system comes with a Software Development Kit. I’m not suggesting that this is something particularly useful for general business customers who won’t know one end of a SDK from the other. However the rich engineering talent we have at Timico has been able to put it to good use.

We now have an intranet page that provides access to the door entry system. One click on the web interface and the door can be opened. Is this a security risk? We don’t think so. Access to the web page is controlled via Active Directory authentication and is tied down to specific individuals. This can apply to any door at any of the Timico UK locations and can be tied in with camera visuals so that the person allowing entry can see who they are letting in.

The same door can be opened by anyone holding a registered keyfob or, using the intercom, via any telephone handset on the Newark Nortel PBX. This functionality could be extended to opening by sms pin number from registered mobile handsets, or via command line interface from non Windows PCs as is the case in our Ipswich NOC where the engineers have the traditional geek’s abhorrence of all things Microsoft.  

There is more. This system can be used to set the alarm and turn off all the lights when the last person leaves the building. This is serious use of web technology for mundane but important business needs. 

Categories
Apps Business security

Access control meets www – and it’s not what you think

When I began this blog I intended to cover subjects that I felt would be of general interest to users of business communications services in the UK – Timico customers generally. I didn’t think that this would for one moment include the topic of door entry systems. It does.

Some time ago we began a relationship with a company called Paxton Access. This was because we needed a security system for our new purpose built Headquarters building in Newark (Notts – not New Joisey for the benefit of international readers). Since then we have started installing it as part of an integrated package for customers.

Door locks have moved on a long way. This system comes with a Software Development Kit. I’m not suggesting that this is something particularly useful for general business customers who won’t know one end of a SDK from the other. However the rich engineering talent we have at Timico has been able to put it to good use.

We now have an intranet page that provides access to the door entry system. One click on the web interface and the door can be opened. Is this a security risk? We don’t think so. Access to the web page is controlled via Active Directory authentication and is tied down to specific individuals. This can apply to any door at any of the Timico UK locations and can be tied in with camera visuals so that the person allowing entry can see who they are letting in.

The same door can be opened by anyone holding a registered keyfob or, using the intercom, via any telephone handset on the Newark Nortel PBX. This functionality could be extended to opening by sms pin number from registered mobile handsets, or via command line interface from non Windows PCs as is the case in our Ipswich NOC where the engineers have the traditional geek’s abhorrence of all things Microsoft.  

There is more. This system can be used to set the alarm and turn off all the lights when the last person leaves the building. This is serious use of web technology for mundane but important business needs. 

Categories
Engineer security

Junk email

Junk email filters are great. I don’t get much if any SPAM because of the Timico anti SPAM/virus service but I do get a lot of emails from genuine businesses trying to sell me tickets to conferences (usually not in the same country as I live) and from headhunters trying to place candidates.

Whilst everyone has to make a living these unsolicited sales approaches can really clog up my intray .  Amazingly enough I only recently discovered how to filter out by domain so that they all go into the junk email folder.

Also if someone calls me without a caller ID then they only stand a 50% chance of me picking up the phone. The philosophy here is that if you don’t want me to know your phone number then I quite possibly don’t mind not knowing you.

This isn’t to say I am unapproachable but you need to have an elevator pitch ready. We have recently met with some impressive technology vendors who got through on a good elevator pitch.

Categories
broadband Business security voip

Supernode Discovery

I am quite excited because I think I might have discovered a Supernode. A Skype Supernode that is.

 

Skype doesn’t have it’s own network infrastructure. Instead as a peer to peer technology it takes data from Skype clients around the world and identifies which users have plenty of bandwidth and processing power available. This user then becomes a Supernode which handles some of the Skype network signalling functions.

 

Being a broadband Supernode is not at all super as what you are effectively doing is  letting other Skype users use the broadband bandwidth that you are paying for yourself.

 

This customer was complaining that his quad bonded ADSL was underperforming. He was right. He was getting 1Mbps instead of his normal 9Mbps. We sent an engineer onsite and found that the customer had taken it upon himself to do some internal rewiring and had laid the ADSL cables on top of his ring main power cable. The interference from the main was causing the poor performance.

 

We moved the cables away from the main and hey presto the original high speed returned.

 

As part of the debug process we did some traffic sniffing on his network and found serious levels of peer to peer packets which turned out to be Skype.

 

I’m not saying that Skype in this case caused his broadband connectivity to slow down but business users should be aware of the problem. It should also be noted that Skype traffic is encrypted, at least the IM part. This means that virus scanners can’t pick up potential problem packets coming into the corporate network. Look out sensitive competitive information! Don’t keep your bank details on the network!

Categories
Business security voip

SPIT and SPAM

One of the problems facing the VoIP industry is of course SPIT. SPIT is the SPAM of the Internet Telephony industry. Robot diallers are a huge problem in North America and I have a friend who always listens to who is leaving an answer phone message before picking up the call. A high proportion of calls are from computers.

 

In the IP world it is even easier to make huge volumes of VoIP calls from a computer, particularly because there is potentially no cost involved. The model here is the same as for SPAM which is of course essentially free of charge.

 

The interesting dilemma is that whilst a SPAM filter can monitor and email for particular types of content this is not possible in Internet Telephony where a call has to be set up and answered before the callee knows who is speaking to them.

 

We therefore have to employ more sophisticated techniques in spotting this type of traffic and in general an ITSP will monitor the call traffic on its network to identify unusual patterns. For example if a specific caller is making multiple calls inside an unreasonable short space of time then it cannot be a human making the call. Alternatively if calls to many different end users are going unanswered then this too is unusual behaviour and is likely to be a computer.

 

The level of SPIT facing an ITSP has not yet reached the proportions of SPAM which can be over 90 percent of all incoming emails (if you are receiving a high level of SPAM you need to change to a professional anti SPAM service). It is however certainly something that a serious ITSP takes seriously.

Categories
Engineer security

Network Security

One subject that is dear to the heart of a major corporation is network security. One often hears anecdotal evidence of the huge steps companies take to protect their intellectual property. I even knew a company whose boardroom was “secure” and had regular scans for listening devices. Also there have been a number of high profile news items where CDs with bank account information have gone astray in the post or where laptops have been stolen resulting in embarrassing security breaches.

 

For a smaller organisation it doesn’t necessarily make economic sense to employ dedicated IT staff to look after the security of their network. This doesn’t make their important information any less valuable in relative terms than that of a major international corporation.

 

Security is a huge subject so where do you start. To begin with businesses can make sure that the way they connect to the outside world is secure.

  • Sign up for a good quality anti-virus and anti spam service that is updated regularly – don’t rely on the one that often comes as a free trial with your PC.
  • Make sure that you have a company firewall and that this is properly managed
  • Ensure that you have adequate resilience in place for critical business components/resources. Eg use a server with dual power supplies, back up critical data daily (at least)
  • If you are using a Wireless LAN is this properly protected/encrypted?
  • Are your passwords secure (eg “password” is not a secure password) and how often do you change them?

This is all basic stuff but a small business needs to make sure that it has it all covered. A little time spent on prevention is better that the days of effort it might take you to recover from a virus attack or someone maliciously hacking into your network.