Subscribe to

Blogs

Why you should care about passwords

 - 
Tuesday, September 2, 2008
Lately, people have been sending me any number of articles about the importance of passwords, whether it's this bit about making sure your password can't be easily guessed or today's article from Ars Technica about the likelihood that a fired systems administrator will steal your passwords and use them against you maliciously. Why is this a physical security problem? Well, obviously, as physical security systems move increasingly onto the network, we've heard lots of talk about how integrators need to work with and sell to the IT department. Well, maybe there isn't exactly the same moral certitude in the IT department as there might be in the security department. Maybe there is. But it's at least something that isn't often talked about when we talk about "selling to IT," etc. That Ars Technica article reports these findings: The results of the Trust, Security and Passwords study are based on a survey of 300 system administrators at the Infosecurity 2008 event in Europe. Of the study respondents, 88 percent admitted they would take sensitive data with them when leaving their current place of employment, and approximately one-third said that they would abscond with company password lists. Of course, IT departments already have vital roles in the protection of data, which can be more valuable that physical assets, but before physical security systems were networked, they didn't exactly have the power to risk people's lives. Now, increasingly, they do. If, out of spite, a fired employee builds a hidden doorway into your access control software on his way out the door, that could be very bad, indeed. As systems integrators, it's vital that you make management aware of who should be privy to which passwords involved with the security system, and why. Especially if the head of security comes from a physical background, and is particularly reliant on the IT department for help in administering the system, you need to provide that person with the particulars of what to look for should an IT employee with access to the system be replaced. And you should make certain that final access authority resides with the security department and not with the IT department, to make sure accountability is where it ought to be. Anyone else have the experience of a supposedly "nice" guy wiping his hard drive clean on the way out the door? If so, you know how important it is to manage employees who've been let go. Emphasize this to your customers and make sure the security system is prepared for vindictive attacks. Oh, and don't use your cat's name as your password. I would never do that. Rather, I combine the name of my old, dead cat, with the name of my all-time favorite prog rock album. That's much more secure.

Even broadband has its limits

 - 
Friday, August 29, 2008
Interesting news coming from cable/broadband provider Comcast today: It will begin placing a bandwidth limit on its subscribers. Of course, that limit is extremely high. 250GB. For any normal consumer, that means: Send 50 million e-mails (at 0.05 KB/e-mail) Download 62,500 songs (at 4 MB/song) Download 125 standard-definition movies (at 2 GB/movie) Upload 25,000 hi-resolution digital photos (at 10 MB/photo). But what if you're a small business and you're monitoring your 5 megapixel surveillance cameras from your home office? Will corporate users who don't have a dedicated T-1 or greater come under the same limits? If so, will this affect how satellite offices can be monitored by a central command center? Much of the talk about the limits on IP surveillance has focused on bandwidth, and we see here that bandwidth is clearly at a premium, even for a provider like Comcast with all the bandwidth in the world. Something to think about over a long holiday weekend. Or maybe not think about. I'm mostly going to be thinking about how nice the lake water is, and how sturdy the deck beneath me is, and how comfortable the chair I'm in is, and how much I wish my kids would go take a nap already. But you can think about video and bandwidth if you want.

Labels:

When distributors get funny

 - 
Thursday, August 28, 2008
I'm a little bit frightened. ScanSource is trying to get all viral with its promotion of its ImpactNow event, coming Nov. 10 to Orlando, and the videos are actually kind of funny. Find the latest one here. I'd embed it, but I can't figure out how at the moment. So go watch it. ... Done yet? Okay, good. I wanted to think it was inane and unfunny, because I like my security companies like I like my music - no funny involved - but I was sort of smirking despite myself. The whole "punch you in the mustache" riff isn't bad and might even be improvised, which I like more. It's pretty clear ScanSource actually hired professional actors and stuff. This is a scary level of media sophistication for a security industry where many manufacturers still snail mail press releases. Well done by ScanSource on at least one level. However (maybe I should have written "HOWEVER," since this is a big however), is it really true that ScanSource believes the target candidates for its ImpactNow event are jamokes who sit on their couch together, calling one another "dude" and "bro," playing Wii and obsessing over Danica Patrick? I understand they're going for ironic, but isn't this the exact image of the industry many people are trying to dispel? Hey, high-level IT guys, come work in the security industry, where we all have southern accents, wear ballcaps, and obsess about meeting mildly attractive female racecar drivers! Cuz we're all guys! And guys play video games and objectify women! Ha! Are the guys on that couch the same guys who are coming to ImpactNow to see ex-Apple exec Steve Wozniak this year, or the ones who were impressed by this presentation from Jack Welch last year? It seems unlikely. The ImpactNow events have real content that's worthwhile. Why not have nerdy computer type obsession about seeing their idol, Wozniak, who invented their favorite all-time operating system or something? For those people trying to professionalize the industry, appeals like, "win this car," or "come see this babe," are simply counterproductive. When you go to journalism conferences, I can assure you there aren't any appeals along the lines of, "learn how to write an effective lede after you get an autograph from hottie softballer Jennie Finch!" When my wife evaluates audiology conferences (as female-dominated an industry as I've ever witnessed), she isn't enticed to attend with, "fit hearing aids the way Tom Brady fits into his Levi Jeans." So, good for ScanSource being creative and entertaining, but let's not forget we're trying to elevate our game here a little.

Huh?

 - 
Tuesday, August 26, 2008
What in the name of Charlton Heston are they smoking in Harrold, Texas? Did you hear about the new "security measures" they're taking in this Texas burg to protect students? Teachers are allowed to carry guns. Here's the story There are these restrictions, though: (from a separate AP story) "In order for teachers and staff to carry a pistol, they must have a Texas license to carry a concealed handgun; must be authorized to carry by the district; must receive training in crisis management and hostile situations and have to use ammunition that is designed to minimize the risk of ricochet in school halls."

Newest Atlanta celebrity

 - 
Tuesday, August 26, 2008
So in a few weeks I'll be heading down to Atlanta to attend ASIS International. I had a great time in Atlanta when I went for a preview visit in February (partially because there wasn't four feet of snow on the ground like there was here in Maine). One of the highlights was the Georgia Aquarium, which is an awesome venue (minus the hoards of children) with its three beluga whales, massive whale sharks and many intriguing exhibits. I read an article today from CNN about the latest addition to the Georgia Aquarium in the form of a 450-pound manta ray named Nandi. She has a nine-foot wingspan and made her debut in the acquarium just yesterday. I hope that someone out there is having some sort of event in the aquarium (it has an awesome conference room that has a window into the beluga whale tank) and, more importantly, will send along an invite to yours truly. If not, Nandi sounds like a great reason to get off the show floor.

Axis grabs Steve Surfaro

 - 
Tuesday, August 26, 2008
If you've been to an industry show in the past 10 years, you likely know Steve Surfaro, Panasonic's long-time technical liaison, who has led countless training spots and seminars, all of them informative and entertaining. The guy's got a smile three feet wide. So, good for Axis in grabbing him to be their new strategic channel manager and security industry liaison. I don't have a link, but here's the press release: Axis Communications Names Steve Surfaro Strategic Channel Manager and Security Industry Liaison High-Profile Former Panasonic Exec Brings More Than 20 Years of Industry Experience An excellent start. No all-capped headline. Those Swedes are so reserved. CHELMSFORD, Mass. – August 26, 2008 – Axis Communications, the global leader in the network video market, today announced that it has named Steve Surfaro as strategic channel manager and security industry liaison. Surfaro will work with industry organizations such as ASIS, BICSI and SIA, as well as Axis’ software and hardware partners to raise the awareness of network video solutions in the industry. He will also work to expand Axis’ technology partnership program to ensure the availability of best-of-breed network video solutions. He will report to Dr. Jumbi Edulbehram, director, strategic channel. Sounds like he'll basically be in that same evangelist role he had at Panasonic. It suits him. If you can't get excited about a topic after talking it over with Surfaro, you're probably a dead person. Surfaro has more than 20 years of security industry experience. Prior to Axis, Surfaro served for 12 years at Panasonic as group manager, strategic technical liaison. In that role, he served as the public face of the company to the security industry. Before that, he was an account manager for Wells Fargo Alarm Services. He is a member of the ASIS Physical Security Council, chairman of that council's education subcommittee and is responsible for consistent workshop content. Surfaro is regular contributor to BICSI as well as SIA's Digital Video Standards. He holds a bachelor’s degree in engineering from The Cooper Union. “Steve brings tremendous knowledge and energy to Axis, and is a well respected educator and speaker in the security industry,” said Fredrik Nilsson, general manager of Axis Communications, Inc. “We are very excited to have Steve join Axis and look forward to his important upcoming work with industry organizations as well as partners and customers.” I think sometimes people still think of Axis as a small company. That Surfaro would take essentially the same job at Axis that he had at Panasonic is an indication of just how big people think Axis might get.

Fraternizing between pollworkers and voting machines banned

 - 
Monday, August 25, 2008
I've had this one sitting on my desk top for a few days: Did you know that sleepovers involving poll workers and voting machines have been banned in Ohio? Here's an AP story on the ban It seems that 24 of the 88 counties in this state—remember the one with the questionable results in the past couple presidential elections?—have allowed its pollworkers to take voting machines home for a sleepover the night before the election. This practice makes it easier, they say, to get the machines to the polling place in a timely manner. Not this year. The practice has been deemed an unacceptable security risk. Here's a quote from the Globe story: "We want Ohio's voters and the rest of the nation to see that we have prepared a transparent process of transporting voting equipment, ballots, and supplies," said Brunner, a Democrat elected in 2006 with a promise to reform a system criticized for scattered problems of long lines and poorly trained poll workers. Here, here. Seems sensible to me. And there may even be an upside for my fire friends. Yes. One pollworker's banned sleepover may be another fire installer's business opportunity. The voting machines will be delivered to polling places the election eve, provided the polling place has adequate security and fire protection in place.

"Surveillance Society"

 - 
Monday, August 25, 2008
A nice article in am New York over the weekend, looking at the growing number of cameras in New York City. It's a well balanced piece and raises a number of points of discussion, including some great commentary from Desmond Smyth, president of SecureWatch 24. First, the issue: They're everywhere and they're watching. New York has become Camera City as our every coming and going is recorded. Dropping off at the dry cleaners? Getting a cup of coffee at Starbucks? Crossing the street? Smile, for better or worse you're on someone's security camera, whether it's the city's, shopkeepers' or some nutjob's. A single busy block in Manhattan can contain hundreds. "You don't know who's watching you," said Nicole Labruto, 24, of Woodside, Queens. "You don't even know if there's a tape in there. It's creepy." For other New Yorkers it's added security. "Unless you're doing something wrong, you shouldn't worry," said Tracy Sugalski, 28, who lives near Union Square. "It sounds like a lot, but in New York City aren't we always being watched?" I think it's unfortunate that they lead with the idea that New York has become "Camera City," and that's "creepy," then get around to the rejoinder, but I guess that's to be expected. I mean, New York also has more cabs than anywhere else. Is it "cab city"? If you're going to do a thought piece, which isn't actually generated by a news event, I think you should start off a little more neutral and philosophical. Especially considering the results of their poll, which showed when I voted that just 20 percent of respondents were made "nervous" by the video surveillance. Anyway, they get on to some meatier stuff: Placement of cameras is governed by the reasonable expectation of privacy, which does not extend far beyond one's home, hotel rooms, bathrooms, gyms, and changing rooms. Streets, stores, and the workplace are not private. For security and surveillance experts, the real question privacy starts after the images are taken. "I go into hotels all the time, I see digital video recorders with burners in there," said Desmond Smyth, president of SecureWatch 24, a Manhattan-based security company with some 11,000 cameras. "It's just amazing to me. That's where their liability is. Who's to say these guys aren't just watching pretty girls?" This, for me - and I've written about it before - is the real issue with video surveillance: We do not yet have appropriate legislation governing the use of recorded video. Who gets to view it? How long is it kept for? How is it stored? How is it compressed? I think it's definitely shady that a hotel could theoretically record you falling down in their lobby and then post it to YouTube as a gag video. How would I ever know it was there? I've got to agree with the NYCLU on this point: The NYPD's recently released plan to protect the city by installing some 3,000 additional cameras in the city raised concern at the NYCLU because it takes a new step in surveillance by creating a database of license plates and people's movements. The police said the images, including license plate captures, would be erased after 30 days. The NYCLU's concern is they have not seen any written policy that described how the images would be protected and if they would be shared with other agencies. It's not about the surveillance, it's about how the surveillance is used, and it's about avoiding ambiguity. As long as everyone sees the policies, they can either agree or disagree, and use our democratic process to do something about something they disagree with. But if there's no written policy, it creates suspicion and skepticism and makes thoughtful people uneasy. What if it was up to the police officer how much to fine you for speeding, sometimes docking you $10, sometimes $500? You'd flip out. Well, what if sometimes the video of you walking down the street was erased in one day, and sometimes it was posted online to make fun of your outfit? Or, less hyperbolically, what if it was passed around the police station internally, commenting on your physical assets? Don't think that doesn't happen.

Power over wireless?

 - 
Friday, August 22, 2008
I know at least a couple industry smarty-pantses who use power-over-wireless as a joke, seeing if they can find a sucker. Well, who's a sucker now? This is real, this is cool, and this is definitely a game-changer if the technology is made widely available. Except maybe it's still a ways off? It's hard to tell from the article. At one point, they're talking about how they're wirelessly powering a lamp right in front of the audience, and then we get this part, which is very exciting: "Initially it eliminates chargers and eventually it eliminates batteries all together," analyst Rob Enderle of Enderle Group said of Intel's wireless power system. "That is potentially a world changing event. This is the closest we've had to something being commercially available in this class." Sign me up! But wait. Smith says Intel's wireless power system is still in an early stage of development and much research remains before it can be brought to market. Rattner spoke of technological transformations he expects by the year 2050. Huh? 2050? I'll be really old by then. Aren't we supposed to have flying cars that run on hydrogen by then, and nuclear batteries that run forever? That's what Isaac Asimov promised me. But maybe the article is just poorly written, and the transformations the writer is referring to are different than this wireless power stuff. I'll keep you posted.

Guiliani keynotes ISC East and elsewhere

 - 
Thursday, August 21, 2008
So I was wondering this week, when Reed Exhibitions announced that former N.Y. Mayor Rudy Guiliani would deliver the keynote address at this year's (Oct. 29-30) ISC East, which personality Guiliani would be sporting: his super conservative primary personality which we saw during his spectacularly disastrous bid for the Republican nomination? or, since we'll be in Manhattan, the more socially liberal personality we saw during his tenure as mayor of New York? My guess, of course, given the security audience at this event, would be the former. Either way, Reed made a good choice, and I think people will be interested to hear and see Guiliani at ISC East. This morning I saw that we'll get a pre-ISC East view of the mayor speechifying at this year's Republican National Convention in Minnesota. It was announced this morning that he'll be keynoting there as well. Here's a CBS story with a Q & A with Guiliani about the presidential race and his RNC keynote.

Pages