7.14.2010

Plexidor Electronic Dog Door - Access Control for your Dog!

Home :: Plexidor Electronic Dog Doors

Plexidor Electronic Dog Doors


We offer electronic pet access control doors from Plexidor® Pet Doors.


The Plexidor® electronic door only opens for your pet while keeping other animals out. The collar key is an electronic RFID (radio frequency identification) that is attached to your pet's collar. The door reads the key code as your dog approaches and if it recognizes the code, it slides up like a mini garage door, allowing access for your pet. You can program the key to accept just one of thousands of possible key codes, so it is very secure. The rugged electronic collar keys do not require batteries, are water and shock proof, and also work with underground fencing and household security systems.

We have models for both door mounting and wall mounting to suite dogs up to roughly 125 lbs in size. The main frame has a low profile of just 1 5/8" in thickness. Door plugs into household outlet or can be hardwired. Both models are available in 2 colors: white or brown.


All models come complete with pet door, exterior trim, stainless steel hardware, 2 collar keys, power supply and 15ft cord, and are backed by our industry leading 90-day satisfaction guarantee and 5-year no-hassle warranty!





Plexidor® Electronic Advantage

Secure - Interior stainless steel locking bar, thousands of key codes. Opens only for your pet. Tough shatter resistant panel. Heavy, thick aluminum frames that won't bend. Won't interfere with home security systems.

Energy Efficient - No Gaps for air infiltration, saves you money.

Pet and Child Safe - Panel won't close when obstructed. Total control up and down. No pinched tails. No pinched fingers. Panel will not free fall with power failure.

Dependable - Runs on household current. Collar key is waterproof and does not need batteries. Key fastens securely to collar. Interior mounted motor will not freeze up in cold.

Durable - Steel and hardened aluminum frame with thick acrylic closing panel. Wall units include aluminum tunnel pieces and stainless steel mounting hardware for years of service. No unsightly rust streaks on your home.

Easy to Use - One button programming to add or change collar codes quickly and simply. Collar key snaps on easily and stays on. Comes complete with pet door, exterior trim, stainless steel hardware, 2 collar keys and power supply with 15ft cord.

Available Colors - White and bronze baked on finish. (Click picture for larger view)


WhiteBronze

Optional Wall Unit - Made of all aluminum and stainless steel for years of service. (Click picture for larger view)


White

Product Documents:

Suggested Installation Tools

Common Plexidor Questions
Info Quicksheet
Plexidor Electronic Dog Door Owner's Manual


6.22.2010

Looking for Vulnerabilities in All the Right Places? Experts Think you Might be Missing a Few...

Source -- DarkReading
By Keith Ferrell, Contributing Writer
DarkReading
 
The biggest vulnerabilities in the enterprise might be items we see every day -- and just don't think about.

Experts say that vulnerability assessments often overlook the everyday dangers: Network-attached devices that aren't computers. Paper documents. Passwords posted in plain view. Portable storage devices.

Most of these are technologies that would never be taken into account by a traditional vulnerability scan. Yet they could lead to data leaks just as surely as a keylogger or a data-stealing Trojan, experts say.

"Peripheral devices on the network may have capabilities the business doesn't know of," says Kevin Brown, delivery manager for custom testing at security assessment firm ICSA. "And those capabilities can create security vulnerabilities."

Printers, fax machines, and multifunction devices with persistent storage could all serve as entry points for a sophisticated hacker, Brown observes. And the presence of internal storage might not be clear at first glance, nor does it necessarily show up on traditional security audits.

"An automated vulnerability scan may not reveal which printers and other hard copy devices have hard drives," Brown observes. "As a result, the business isn't aware that digital copies of sensitive information may remain in the printer."

A thorough vulnerability assessment should include examining all hard copy devices for internal storage capability -- this could require contacting the manufacturer or even opening the machine, Brown says.

Enterprises also should take steps to ensure that digital files are wiped from these devices as soon as the hard copy is produced or the fax transmitted. This could mean purchasing and installing additional software from the manufacturer.

Other network-attached devices could also be vulnerable, Brown observes. "Any device connected to the network needs to have its security validated," he says.

He offers security cameras as an example. "For cost-saving and other reasons, companies have shifted security cameras from dedicated coaxial cable connections to TCP/IP connections, which run the risk of being vulnerable to cross-site scripting attacks and remote control takeover."

Even backup power devices might be at risk, Brown warns. "UPS devices connected to the network could enable an attacker to take control," he says.

Brown offers three bits of advice for all network-attached devices. "The biggest risk is leaving the default password in place," he says. No matter the device and its purpose, he advises, users should change its password before connecting it to the network.

"Second," Brown continues, "review all of the features that the device offers. Web printing capability may not be useful as a business function at your company, but it could be very useful to an attacker."

Finally, he points out that maintaining security readiness on peripheral devices is an ongoing process.

"Incorporate all devices into your patch cycle," he says. "We're all familiar with Microsoft and Cisco patches -- but when was the last time you upgraded the firmware on your printer? Seek out patch information on every device connected to your network, and incorporate them into your patching cycle."

Many of these office devices produce a lot of paper -- paper which, as security consultant Steve Stasiukonis of Secure Network Technologies points out, can be a vulnerability itself.

"Take a look at your copier station," Stasiukonis says, noting that many companies overlook sensitive material that might be found in unsecured places. Recycling bins or preshredder collection stations holding unshredded materials can be rich sites for information-miners, he notes.

Documents that aren't shredded could be the cause of a data breach, as a recent New Jersey incident revealed when papers containing Social Security numbers and other personal information were found in a public dumpster.

"And don't forget the amount of paper and other sensitive information on employees' desks," Stasiukonis advises.

A workplace walk-through -- even in a "clean desk" environment -- can often reveal security badges and swipe-cards laying in plain sight, ripe for the taking, Stasiukonis explains. In his physical penetration tests, Stasiukonis frequently also finds passwords and log-ins on sticky notes and keyrings hanging from thumbtacks in cubicles.

Even if you don't see anything at first glance, Stasiukonis suggests, look a little closer. "Have your employees turn over their keyboards for inspection," he suggests, noting that many users stick their passwords there for easy recall.

Stasiukonis also recommends checking devices, such as copiers, for default service tech passwords, which might remain in place even if the business has changed its own access and log-in codes.

"Check to be sure that security cameras haven't been repositioned," he adds. "Scan for infrared devices. Examine the security not only of IT administration notebooks, but also physical plant management and control notebooks. Beyond that, an examination of the contents of employees' desks can reveal treasure chests of vulnerabilities.

"But," he cautions, "before going into employees' desks, you should review your plans with your human resources department." Whatever your company's legal rights, many employees resent having their desks checked, so be sure to educate them before conducting a search, he explains.

Another vulnerability vector -- and in many ways the most common one -- is human nature.

Security professional Scott Wright's Honey Stick Project put human nature to the test by leaving specially prepared USB drives in plain sight. When one of the drives was inserted in a business device, the information was logged, revealing what the user had done.

Such behavior is typical, according to Wright. As he notes on his Streetwise Security Zone site: "Out of 54 devices dropped with specially configured -- but safe -- files on them, the Honey Stick Project has detected that at least 35 of these devices have had files opened."

Vulnerability-scanning tools are a good place to start, but they can't see the whole enterprise, the experts warn. To find all of your vulnerabilities, you'll need to look at the things your users see every day -- in a new way.

6.21.2010

The Pelco DX Series, Doing More for Less... Part 1.

For many years and countless hours of around-the-lock operation, the Pelco DX Series of DVRs has been relied upon to protect people and property in thousands of location worldwide. From basic video security systems with just a few cameras, to fully distributed network video systems, the DX Series is the perfect digital recording solution to meet most any video recording need.

The DX Series begins with the DX4100. These affordable, entry-level DVRs eliminate the need for the traditional VCR/multiplexer/matrix combination. Offering four-channel models with internal storage capacity of up to 2 tb, the DX4100 series is designed to guard your business while protecting your bottom line. The hallmark of the DX4100 series is its ease of operation. These systems feature simple installation, are ready to record right out of the box, and have an easy-to-use and intuitive user interface which makes training and support a snap.

6.09.2010

Piezoelectricity and You.

Sustainability got sexier last week at the opening of Surya in London. The Club4Climate project is London’s first taste of eco-friendly clubbing, making clubbers happy in the knowledge that their organic beverage-induced booty shaking can generate 60% of the energy needed to run the club. The venue’s most exciting innovation is the piezoelectric dancefloor, which uses quartz crystals and ceramics to turn clubbers’ movement into electricity!

Previously seen in the Sustainable Dance Club in Rotterdam, this is Britain’s first exposure to such technology. The rest of the power needed will come from a wind turbine and solar energy system, with any surplus used to power private homes in the area. The club will also be installing the latest air flush, waterless urinals, low flush toilets and automatic taps to ensure maximum water saving plus less greedy air conditioning units.

The project is clearly trying to affect behavior on a much wider scale, too, requiring patrons to sign a 10-point manifesto on entry, giving free entry to anyone who can prove that they walked or cycled to the venue, and encouraging as many other clubs as possible to adopt his philosophy.

Property developer Andrew Charalambous is behind Club4Climate, appearing in character as ‘Dr Earth‘ to be more down with the kids. He says the club aims to ’stop preaching to people and use an inclusive philosophy to create the revolution [needed] to combat climate change.’ A Club4Climate island is also planned for 2010, although how clubbers will transport themselves to the island hasn’t been mentioned.

In another shining example of using what you have  for power generation, a Netherlands train station is using a revolving door to produce electricity. The Natuurcafe La Port in the train station expects the coming and going of patrons to provide 4,600 kWh a year. So, while the coffee powers the customers, the customers are powering the coffee shop.

The door uses a generator that harvests the kinetic energy produced when the door spins and a supercapacitor to store the energy. The energy is used to power the cafe's LED lights. When the lights use up the stored energy from the door, the station's main energy supply takes over. For the curious, the station has a display that shows the amount of energy generated as customers walk in and out.

While 4,600 kWh is a small amount compared to a train station's total energy needs, it's great to see a large building harvesting renewable energy from as many sources as possible. These types of kinetic energy generators could go a long way if they're consistently implemented in both new buildings and renovation projects.

Piezoelectricity is the ability of some materials (notably crystals, certain ceramics, and biological matter such as bone, DNA and various proteins) to generate an electric field or electric potential[1]  in response to applied mechanical strain. The effect is closely related to a change of polarization density within the material's volume. If the material is not short-circuited, the applied stress/strain induces a voltage across the material. However, if the circuit is closed the energy will be quickly released. So in order to run an electric load (such as a light bulb) on a piezoelectric device, the applied mechanical stress must oscillate back and forth. For example, if you had such a device in your shoes you could charge your cell phone while walking but not while standing. The word is derived from the Greek piezo or piezein (πιέζειν), which means to squeeze or press.

The piezoelectric effect is reversible in that materials exhibiting the direct piezoelectric effect (the production of an electric potential when stress is applied) also exhibit the reverse piezoelectric effect (the production of stress and/or strain when an electric field is applied). For example, lead zirconate titanate crystals will exhibit a maximum shape change of about 0.1% of the original dimension.

The effect finds useful applications such as the production and detection of sound, generation of high voltages, electronic frequency generation, microbalances, and ultra fine focusing of optical assemblies. It is also the basis of a number of scientific instrumental techniques with atomic resolution, the scanning probe microscopies such as STM, AFM, MTA, SNOM, etc., and everyday uses such as acting as the ignition source for cigarette lighters and push-start propane barbecues.

5.03.2010

No, DNSSEC Upgrades Won't Break the Internet Next Week


"Internet users face the risk of losing their internet connections on May 5th when the domain name system switches over to a new, more secure protocol," proclaims the Register, which informs its readers that DNSSEC upgrades could "kill your internet." The article goes on to insist that "from May 5th all the DNS root servers will only respond with signed DNSSEC answers," then goes on to infer this could terminate connectivity for users completely. That certainly sounds scary. Would it make you feel any better to learn that most of that isn't true?

DNSSEC stands for Domain Name System Security Extensions, and it's the new flavor of security that allows both sites and providers to validate domain names to make sure they're correct and not tampered with, and is supposed to help combat things like DNS cache "poisoning" and phishing scams.As we mentioned recently, Comcast hopes to have the upgrade installed by the end of 2011 ("if not sooner"), while OpenDNS has stated they'll be using an alternative to DNSSEC dubbed DNSCurve they claim is simpler and easier to deploy.

Upgrading to DNSSEC is a slow and measured affair that's only just really getting off the ground, and despite The Regester's claims that the Internet may grind to a halt next Wednesday -- all 13 root servers upgraded with DNSSEC next week will behave normally to end users whether your ISP is fully prepared or not (and most certainly aren't). However there is a small problem that could slow the Internet down slightly for a very small portion of users, as "El Reg" explores:

Normal DNS traffic used the UDP protocol, which is faster and less resource-hungry than TCP. Normal DNS UDP packets are also quite small, under 512 bytes. Because of this, some pieces of network gear are configured out of the box to reject any UDP packet of 512 bytes on the basis that it's probably broken or malicious. Signed DNSSEC packets are quite a lot bigger than 512 bytes, and from May 5th all the DNS root servers will respond with signed DNSSEC answers.

Kind of -- except for the fact that we we understand it -- root servers will only return signed DNSSEC answers to queries that have explicitly asked for them. In other words? The vast majority of Internet users won't notice a damned thing next week.

Keith Mitchell, head of engineering at root server operator Internet Systems Consortium, takes issue with the very Register article he's quoted in. "No-one is going to completely lose Internet service as a result of the signed root -- or indeed any DNSSEC deployment efforts -- and I certainly didn't say that," he says. "The worst that is going to happen is that a tiny minority of users behind mis-configured firewall or middleware boxes may experience some performance degradation when their clients have to attempt alternative paths for resolving names,"  says Mitchell of the May 5th upgrade.

Apparently, "Highly Technical Upgrade May Cause Very Small Problem" wasn't as hit-generating as claiming the world might end. Users interested in learning more about DNSSEC can head to our security forum where users are discussing the upgrade and how to test your ISP for DNSSEC preparedness and possible problems next week.

Internet users are not without choice, however, as OpenDNS provides a free service to anyone looking for alternatives.

4.05.2010

Introducing Plexidor Electronic Access Control for your Dog!

Access Control is evolving all the time.  Situations in which access control can evolve to are limited only by one's imagination. That said, did you know that there’s access control option for your pets?

Yes, gone are the days where one worries about the unwanted entry of stray dogs, neighborhood cats, racoons, or any such pesky varmint.  Pet owners can find relief knowing that RFID tags are available for pet collars giving access to enter or exit the house when the pet door is equipped with electronic access control.  You are able to control which pet(s) can go outside and which cannot.

Love your pet? Can you hold it for 9 hours? The next time you have to “go” in the middle of the night, think about your pet – and the Plexidor® Performance Pet Doors. Sure, pets are different from people. People have flush toilets, pets don’t. Pets just have to wait until morning.

But if you forget, or make your pet wait too long, you know what comes next: Yup, the clean-up.

So, for the last 22 years, Plexidor® has been crusading for pets’ rights to come and go as they please. It’s actually a 2-in-1 crusade because pet owners have rights too…such as the right NOT to be a 24-hour-a-day doorman, the right NOT to live with spotted carpeting, and the right NOT to have to refinish scratched doors, to name just a few.

Because of this crusade Plexidor® has been designing and manufacturing the Performance Pet Door line. The Plexidors® come in sizes ranging from cat to great dane. They work in any kind of door or wall. All Plexidors® have heavy durable aluminum frames that can be secured and locked. White and bronze frames are baked on for strength and durability. And the door panels are made of insulated high impact acrylic to help keep your home warm in the winter and cool in the summer.

Call us or visit our website and join the crusade. Order a Plexidor® pet door today. You and your pet will be happier.

  • High impact acrylic panels, also used in small aircraft windshields.
  • These colors do not run. Plexidor® pet doors are not painted, they use a baked on finish.
  • Dogs chew through plastic and bend thin aluminum frames. These are thick, heavy aluminum.
  • Magnets are not effective “keys” and are not used with Plexidor® pet doors.
  • The electronic door has 1000s of key codes.

Plexidor® Electronic Doors

Secure – Interior stainless steel locking bar, thousands of key codes. Opens only for your pets. Tough shatter resistant panel. Heavy, thick aluminum frames that won’t bend. Won’t interfere with home security system.

Energy Efficient – No gaps for air filtration, saves you money.

Pet/Child Safe – Panel won’t close when obstructed. Total control up and down. No pinched tails. No pinched fingers.

Dependable – Runs on household current. Collar key is waterproof and does not need batteries. Key fastens securely to collar and won’t fall off. Interior mounted motor won’t freeze up in cold.

Durable – Steel and hardened aluminum frame with thick acrylic closing panel. Wall units include aluminum tunnel pieces and stainless steel mounting hardware for years of service. No unsightly rust streaks on your home.

Easy to Use – One button programming to add or change collar codes quickly and simply. Collar key snaps on easily and stays on. Comes complete with pet door, exterior trim, stainless steel hardware, 2 collar keys, power supply and 15ft cord.


The key is a micro RFID chip weighing only 0.4 oz.

Plexidor® collar keys are:
  • Waterproof
  • Rugged
  • Battery free
  • Shock proof
  • Won’t fall off
  • Works with underground fencing
  • Have 1000s of key codes

How it works: Plexidor® Electronic “reads” the key code and opens only for your pet. Panel unlocks and slides up like a mini garage door. The main frame has a low profile of just 1 5/8” in thickness. Door plugs into household outlet or can be hardwired.

Order a Plexidor® today and say goodbye to…
  • Messy littler trays
  • Scratched doors
  • Wasted energy
  • Awkward, noisy, chewed flaps
  • Ruined carpets and drapes

Plexidor® Pet Doors Provide
  • Peace and quiet
  • Undisturbed sleep & TV
  • Freedom from worry about letting your pet out

Plexidors® are
  • A carpet saver
  • A money saver
  • An energy saver

4.01.2010

How I'd Hack Your Weak Passwords.

 source: One Man's Blog.


If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it? 

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.) 

One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password Length All Characters Only Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters
0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia
0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?

Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.


Here are some password tips:
  1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
  2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
  3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
  4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
  5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
  6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
  7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
  8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
By request I also created a short RoboForm Tutorial. Hope it helps…

Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network – after which time they will own you!

Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.

I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there.

2.11.2010

ISONAS' Crystal Matrix at a glance.

Easily Support Seasonal Schedules with ISONAS Access Control System
source: ISONAS

Are some of your clients affected by seasonal changes to their facility's schedules?

Seasonal variations are common for organizations such as:

  • Schools and Libraries
  • Park Districts
  • Amusement Parks
  • Sports Facilities
  • Churches
  • Recreation or Tourism Business

Many of these organizations will wnat to pre-plan and pre-program the upcoming schedules into their access control system, so that the schedule's transition times are seamless and worry-free. The Crystal Matrix application supports these types of requirements with the Permission Groups feature.

Crystal matrix Permission Groups for Schools

A high school might use the Permissions Group feature of Crystal matrix to schedule the full summer activity sessions before the end of the school year. Prepare the system for band camp, 2-a-days football practice, teacher development workshops, and adult education seminars. All pre-planed and pre-programmed before the school's staff begins its summer break. As the summer calendar progresses, the access control system automatically adjusts the system's business rules to allow the proper people into the school, at the proper times.


Understanding how to use Crystal Matrix Permissions

To effectively use the Crystal matrix Permission Groups feature, you shoul dhave a solid understanding of how Permissions are defined within the system. Below are links to short training videos that explain the process of setting up Permissions within the ISONAS system.


There's a "People Element" to security we seem to be forgetting...

Social Engineering, the USB Way 

Those thumb drives can turn external threats into internal ones.

The folks at DarkReading recently got hired by a credit union to assess the security of its network. The client asked that they really push hard on the social engineering button. In the past, they'd had problems with employees sharing passwords and giving up information easily. Leveraging their effort in the report was a way to drive the message home to the employees.

The client also indicated that USB drives were a concern, since they were an easy way for employees to steal information, as well as bring in potential vulnerabilities such as viruses and Trojans. Several other clients have raised the same concern, yet few have done much to protect themselves from a rogue drive plugging into their network. So the DarkReading guys wanted to see if they could tempt someone into plugging one into their employer's network.

In the past they had used a variety of social engineering tactics to compromise a network. Typically they would hang out with the smokers, sweet-talk a receptionist, or commandeer a meeting room and jack into the network. This time, they knew they'd have to do something different. Employees were talking within the credit union and were telling each other that somebody was going to test the security of the network, including the people element.

So DarkReading tried something different by baiting the same employees that were on high alert. They gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with their own special piece of software. One of their guys wrote a Trojan that, when run, would collect passwords, log-ins and machine-specific information from the user's computer, and then email the findings back.

The next hurdle was getting the USB drives in the hands of the credit union's  internal users. Simply enough, they made their way to the credit union at about 6am to make sure no employees saw them. They then proceeded to scatter the drives in the parking lot, smoking areas and other areas employees frequented.

Once the drives were seeded, it was time to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desk.

Upon calling the guy who wrote the Trojan and asking if anything was received at his end, it was revealed that slowly but surely info was being mailed back to him. It would have been lovely to be on the inside of the building watching as people started plugging the USB drives in, scouring through the planted image files, the unknowingly running the piece of software cleverly hidden away by DarkReading.

After about three days, they figured they'd collected enough data. Upon review of their findings, they were amazed at the results. Of the 20 USB drives planted, 15 were found by employees and all had been plugged into company computers. The data  obtained helped to compromise additional systems, and the best part of the whole scheme was the convenience. Everything that needed to happen did, and in a way it was completely transparent to the users, the network and credit union management.

This little "giveaway" takes security loopholes a step further, working off humans' innate curiosity. Email virus writers exploit this same vulnerability, as do phishers and their clever faux websites. The credit union client wasn't unique or special. All the technology and filtering and scanning in the world won't address human nature. But it remains the single biggest open door to any company's secrets.

Disagree? Sprinkle your receptionist's candy dish with USB drives and see for yourself how long it takes for human nature to manifest itself.

The Clash of the Titans; Physical Security and IT Security

IT departments are no strangers to turf wars, but is the one shaping up between those overseeing computer networks and those in charge of physical security about to get really ugly?

Unlike past tussles between say, voice and data communications teams, the contest between IT security and those involved in everything from fire alarms to video surveillance to door-lock access controls tends to involve people who might never have had any reason to cross each other's paths.

Converging physical and logical security: A good idea or not?

"It typically takes a C-level executive to force these organizations to work together," says Tom Flynn, director of marketing in North America for smart-card maker Gemalto. "The fact is there are different entities in a corporation for physical and logical security… We see turf wars happening."

Merging physical and logical security is seen by advocates as a cost-saving step and a natural evolution for facilities maintenance and guard operations, where door-access equipment and video cameras are increasingly IP-enabled, and a smart card-based badge could be used by employees to access both buildings and computers. But resistance to convergence runs deep among traditional physical security managers, who are wary of IT departments taking control. And even IT security experts voice concerns that it's risky, with some strongly opposed to the idea of physical security operations, such as video surveillance streams, riding on the same IP corporate network as the rest of the business.

"Physical security has been about closed systems, but with the move to IP-based systems and connecting campuses there's the need to have the IT and security department involved," says Steve Russo, director of security and privacy technology at IBM's global technology services group. He says there can be advantages in integrating physical security with logical and transactional systems to give management a better picture of what's occurring, especially in retailing. And although network capacity is a concern, it's possible to share an IP network for logical and physical security, he suggests.

"Is there a risk associated with combining it? Absolutely," Russo acknowledges. But he adds: "The logical-security people are looking at threats to the environment. And where we see the interesting spark is that they can take information about physical events and turn it into operational use."

But there's often a cultural rift existing between the physical security department for facilities management, with their isolated closed networks, and the IT department with its systems administrators and security specialists trying to keep scores of Internet-accessing computers and applications running safely.

"With IP-based access control, the 'turf wars' tend to be marginalized once the IT folks realize that a system like ISONAS' PowerNet reader is actually a network appliance," says Steve Rice, Vice President of Sales and Marketing for Colorado based ISONAS Security Systems. "It demands little in the way of network capacity, resources to install and can be supported like any other IP device. The benefits of integrated video, access control and/or other building control systems include a combination of additional detailed information available from a set of closely integrated functionalities (ex. have a picture of personnel involved in an entry event plus network confirmation of the credential information timed exactly to the video feed) as well as the simplicity of dividing what functionality to integrate on a customer by customer basis. This is due to the relative ease of integration with a true network software-based system. So the physical security requirements are met with a minimum of IT resource."

These differences in viewpoint are often heard in the physical-logical security convergence debates. But one of the most ardent advocates for convergence might be Ray O'Hara, executive vice president of international operations, consulting and investigations at Andrews International, which is in the traditional physical security business of "guns, gates and guards," as he puts it.

"The traditional security person and the cyber-security side are both hands-on and doing things for the betterment of the organization," says O'Hara, who recently became president of the board of directors of ASIS International, an organization for security professionals.

But today the physical-security technologies are evolving to the point where "the traditional people need help from the IT people," O'Hara says. There is often discord and mistrust between the physical and logical security divisions. But that needs to be overcome by possibly combining reporting structures so they can more easily collaborate or by setting up a "risk council" to have regular discussions with business managers, he suggests.

IBM's Russo says protocol issues point to the need for standardized compression techniques and transport in physical-security equipment, as well as standard XML-based definitions so that important meta-data can be shared. "Physical security is transitional right now," Russo says, pointing to both the Physical Security Interoperability Alliance and OASIS as organizations trying to further interoperability standards that would add convergence and make it worthwhile.

But to date, Flynn says he is only aware of a handful of large enterprises in the oil-and-gas industry, such as Chevron and Exxon, and pharmaceutical giants such as Pfizer, that have adopted converged smart cards for physical and logical security.

1.19.2010

Tough Snail Shell Could Inspire Better Body Armor

source. LiveScience

By Rachael Rettner, LiveScience Staff Writer

A snail's shell that protects it from attacks underwater could provide clues for designing improved body armor to guard human soldiers, a new study suggests.

The research involved an unusual sea snail, the so-called "scaly-foot" snail which was first reported in 2003 and makes its home in the harsh environment of a deep-sea hydrothermal vent in the Indian Ocean. Past studies of the  snail, a type of sea mollusk, revealed its foot was covered in plates of iron-sulfide minerals, and it is now the only known animal today to employ iron sulfides as a structural material.
  
Like other snails, this one also sports a shell covering its body. Although hard, a typical snail's shell will fracture if persistently squeezed by a predatory crab. Hoping to learn exactly how the scaly-foot snail's shell is designed to resist such crushing, the authors took a close look at the shell's structure, examining it on the nanoscale.
 
They saw that shell is composed of three layers: a hard outer layer that contains iron sulfides, similar to the ones identified in its foot scales; a more supple middle layer made of organic material; and a stiff inner layer with a large amount of calcium minerals. This arrangement of "rigid-compliant-rigid" layers creates a trilayer, sandwich structure unique to this snail, the researchers say.


Snail protection
After figuring out the shell's structure, the team used a computer model to simulate how the shell faired when subjected to a penetrating force, similar in strength to the pinching of a crab's claws.

"Each layer does something differently," said lead researcher Christine Ortiz, a materials science and engineering professor at the MIT.

The hard outer layer contains small, grain-like particles. When under attack, these granules help to dispel the energy of the blow, spreading it out across the outer region. Any fractures that occur will disperse along jagged lines guided by the granules, forming fissures in the top layer.

"Cracks that form travel extensively throughout the outer layers, thereby protecting the inner layers and mitigating catastrophic fracture," Ortiz said.

The softer middle layer helps protect the brittle inner layer from cracking, Ortiz explained. And the inner layer itself protects the snail's body from injury. Since this inner layer is rigid, it doesn't displace into the animal's body during an assault, which could cause blunt trauma, Ortiz said.

Put together, the three layers work to help prevent penetration of the shell and also withstand bending.

The outer and middle layers also help the snail to survive in the extreme environment characteristic of hydrothermal vents, since these layers are resistant to dissolving in the highly acidic waters.  And the middle layer protects the snail from temperature changes at the vents.

Snail-like armor and sporting gear
The shell's structure may one day inspire new and better designs for human protective equipment, from body armor to sporting gear. The three-layer arrangement and curved surface give the shell stability and penetration resistance, highly valued characteristics of materials used for armor, Ortiz said.

Automobiles painted with an iron-based, granular coating similar to the one found in the shell's outer layer could dissipate energy in the same way the shell does when undergoing a predator attack.

However, any bio-inspired design would likely not use the exact same materials found in the snail's shell, which has flaws of its own. Scientists would simply use it as a guide, and improve upon the shells shortcomings.

"Nature only uses what's available to it," said Ortiz. Engineers might use a similar design, but replace some of the components with high performance structural, or ballistic materials, she said.

The results were published online Jan. 18 in the journal Proceedings of the National Academy of Sciences.

1.18.2010

Financial Security Solutions with Simons-Voss

Whether it is the system, an organization, or people, your world revolves around integrity and verified trust.
It used to be that a brass key was a powerful symbol of trust and protection, bu tin today's world most brass keys are easily duplicated and the locks that depend on them are easily fooled or bypassed. On top of that, managing these keys is expesnsive and the functionality of the keys is very low. Depending on mechanical keys to protect your responsibilities in today's world is like telling your customers that their mattress is a good place to keep their money.

Fortunately SimonsVoss has locks that are as sophisticated as today's financial instruments.
With a wide range of products for various applications you never need to modify the door or frame and yet you end up with a sophisticated electronic lock that can control access by time and day while tracking all usage. Even better, the credentials use an encrypted challenge-response wireless signal that cannot be duplicated or successfully recorded and replayed.

Important Concerns
  • High cost of frequent re-keying.
  • Keys are easily copied or duplicated.
  • No record of which key was used or when it was used.
  • No control of when keys may be used.
  • Aesthetics are important to provide a warm inviting atmosphere to customers
  • Leased facilities, temporary needs for security.
  • ATM kiosks and small remote offices.
SimonsVoss Benefits
  • Re-keying accomplished with the click of a mouse.
  • Transponders are very hard to duplicate and very secure.
  • SimonsVoss loicks provide an audit trail so you can see who used the lock and when that access was granted.
  • All SimonsVoss locks and credentials can be limited to specific times and/or days at your discretion.
  • SimonsVoss locks look like standard locks. No need to advertise your security precautions with big, ugly industrial-looking locks.
  • Remove the mechanical lock, apply the SimonsVoss solution. When the need is over replace the mechanical lock and use the SimonsVoss lock for the next need.
  • Standalone or networked, the SimonsVoss wireless solutions makes it easy to implement solutions for these applications.

The best news of all is that these locks can be deployed one at a time as standalone solutions or combined under a centrally controlled network so you are not limited by applications that are too small or large to benefit from this solution.

Digital Mortise Cylinder

  • The Digital Mortise Cylinder puts electronic access control into the mortise cylinder. Now you can remove the mechanical mortise cylinder and replace it with a digital cylinder.







Digital RIM Cylinder Exit Bar Outside Trim

  • The Digital RIM Cylinder puts electronic access control into the RIM cylinder. Now you can apply a digital lock cylinder in many applications where a RIM cylinder is required.






Digital Mortise Cylinder Aluminum Frame Door Lock

  • This gives you control over who has access, when they have access, and can track that use for later reference. You can even remove access for a user without their credential being present.






Smart Relay Mag Locks/Cabinets

  • Barriers, gates, rolling gates, automatic systems, revolving doors, elevators and alarm systems don't need to exist as separate entities.









SV1C Cylindrical Lock Office Doors
 
  • The SimonsVoss SV1C Digital Cylindrical Lock can be applied anywhere a standard commercial cylindrical lock is used without additional holes or wires. 



 

7 Famous Security Breaches

source: NJ.com


When Rutgers doctoral student Haisong Jiang slipped under a security rope to give his girlfriend a kiss before she left on a flight out of Newark Liberty airport Jan. 3, the resulting security breach threw the airport into a lockdown, and inspired everyone from politicians to ordinary business travelers to talk about airport security. While this incident grabbed headlines worldwide, it's only the latest in a long line of high-profile breaches to hit airports, computer networks and even the White House. Take a look at our list of seven famous breaches.


7. Presidential Dinner Crashers: Washington D.C., November 24, 2009
Tareq and Michaela Salahi, a Virginia couple, slipped past security and were uninvited guests at a White House state dinner. The event was to honor Indian Prime Minister Manmohan Singh, but the well-dressed Salahis got all the headlines, mingling with guests and even getting a photograph with President Barack Obama.


Result: White House security systems are under review, two wannabes got 15 minutes of fame and may face criminal charges.


6. Man of Many Talents: Worldwide, Arrested, 1969
New York native Frank Abagnale was at different times an airline pilot, an attorney, a doctor. Actually, he was fooling security officials at airports, hospitals and other institutions. Abagnale was also famous for forging millions of dollars in checks and playing havoc with security systems long before computers.

Result:
Abagnale was arrested in 1969 in France, served jailtime and later became a security expert. His life story became the inspiration for "Catch Me if You Can," a movie starring Leonardo DiCaprio and Tom Hanks.



5. Grammy Gatecrasher: New York, Feb. 25, 1998
Picture it: Rock and roll legend Bob Dylan is jamming on stage during the Grammy Awards. Suddenly, a pasty man with no shirt is on stage next to Dylan. How did this guy get past show security? How come he's got SOY BOMB written on his chest? The man gyrates for about a minute on TV before being escorted off by security. The best part? Dylan never missed a beat.

Result:
Artist Michael "Soy Bomb" Portnoy  had been hired as one of dozens of show extras to dance in the background as Dylan performed, but he clearly went over the line. He never faced charges, but never got paid for his appearance.





4. This is Only a Drill: Slovakia, Jan. 2, 2010
Airport security workers in Bratislava, Slovakia put a bomb in an unsuspecting passenger's luggage as part of a drill. Problem was, none of the airport staff being drilled removed the explosive and it was loaded onto a plane bound for Dublin. Fortunately, the bomb didn't explode, no one was hurt and the plane landed without incident. The bomb was recovered after the plane landed, when the passenger was arrested for carrying a bomb aboard a plane.


Result: The passenger was released, but European Union officials are demanding changes in Slovakia's airport security procedures.


3. Security breach in the CIA:  Arlington, Va., arrests made Feb. 24, 1994
Some spies spill secrets for ideological reasons. Central Intelligence Agency USSR expert Aldrich Ames was in it for the money. Beginning in 1985, the FBI says Ames shuttled the Soviets classified documents and was paid nearly $2 million over several years. Because he was schooled by the CIA, Ames was able to cloak his misdeeds for years.


Result: Ames and his wife Rosario were arrested, plead guilty and sentenced to jail.


2. Retail Hacker: Miami, Arrested August 17, 2009
If you shopped at T.J. Maxx, ate at Dave & Buster's or bought books at Barnes & Noble, computer hacker Albert Gonzalez may have had access to your credit card number. The feds say Gonzalez led a group of hackers who breached computer security systems and stole 170 million payment card numbers from ordinary people just like you. Gonzalez may have been emboldened by his experiences as a one-time government informant.


Result: Gonzalez's sentencing has been delayed. He's lobbying for a lenient sentence because he has Asperger syndrome.


1. Deadly Painkillers: Chicago, 1982
A string of deaths in and around Chicago in 1982 were blamed on Extra-Strength Tylenol spiked with cyanide. At first it was feared the poison had been introduced during the production of the painkillers, but authorities later said the pills were most likely tainted after they were stocked on supermarket shelves.


Result: The incident led to changes in the way medications are packaged, but the killer or killers remain at large.


© 2010 NJ.com. All rights reserved.


1.12.2010

Mind-reading systems could change air security

source: msnbc



Technological developments can blur the line between security and civil liberties.

A would-be terrorist tries to board a plane, bent on mass murder. As he walks through a security checkpoint, fidgeting and glancing around, a network of high-tech machines analyzes his body  language and reads his mind.

Screeners pull him aside.

Tragedy is averted.

As far-fetched as that sounds, systems that aim to get inside an evildoer's head are among the proposals floated by security experts thinking beyound the X-ray machines and metal detectors used on millions of passengers and bags each year.

On Thursday, in the wake of the Christmas Day bombing attempt over Detroit, President Barack Obama called on Homeland Security and the Energy Department to develop better screening technology, warning: "In the never-ending race to protect our country, we have to stay one step ahead of a nimble adversary."

The ideas that have been offered by security experts for staying one step ahead include highly sophisticated sensors, more intensive interrogations of tevelers by screeners trained in human behavior, and a lifting of the U.S. prohibitions against profiling.

Some of the more unusual idea are already being tested. Some aren't being given any serious  consideration. Many raise troubling questions about civil liberties. All are costly.

"Regulators need to accept that the current approach is outdates," said Philip Baum, editor of the London-based magazine Aviation Security International. "It may have responded to the threats of the 1960s, but it doesn't respond to the threats of the 21st century."

Here's a look at some of the ideas that could shape the future of airline security:

Mind readers
The aim of one company that blends high technology and behavioral psychology is hinted at in its name WeCU - as in "We See you."

The system that Israeli-based WeCY Technologies has devised and it testing in Israel projects images onto airport screens, such as symbols associated with certain terrorist group of some other image only a would-be terrorist would recognize, said company CEO Ehud Givon.

The logic is that people can't help reacting, even if only subtly, to familiar images that suddenly appear in unfamiliar places. If you strolled through an airpost and saw a picture of your mother, Givon explained, you couldn't help but repsond.

The reaction could be a darting of the eyes, an increased heartbeat, a nervous twitch or faster breathing, he said.

The WeCU system would use humans to do some of the observing but would rely mostly on hidden cameras or sensors that can detect a slight rise in body temperature and heart rate. Far more sensitive devices under development that can take such measurements from a distance would be incorporated later.

If the sensors picked up a suspicious reactions, the traveler could be pulled out of line for further screening.

"One by one, you can screen out from the flow of people those with specific malicious intent," Givon said.

Some critics have expressed horror at the approach, calling it Orwellian and akin to "brain fingerprinting."

For civil libertarians, attempting to read a person's thoughts comes uncomfortably close the the future world depicted in the movie "Minority Report," where a policeman played by Tom Cruise targets people for "pre-crimes," or merely thinking about breaking the law.

Lie Detectors
One system being studied by Homeland Security is called the Future Attribute Screening Technology, or FAST, and works like a souped-up polygraph.

It would subject people pulled aside for additional screening to a battery of tests, including scans of facial movements and pupil dilation, for signs of deception. Small platforms similar to the balancing boards used [with] the Nintendo Wii would help detect fidgeting.

At a public demonstration of the system in Boston last year, project manager Robert Burns explained that people who harbor ill will display involuntary physiological reactions that others - such as those who are stressed out for ordinary reasons, such as being late for a plane - don't.

The system could be made to work passively, scanning people as they walk through a security line, according to Burns.

Field testing of the system, which will cost around $20 million to develop, could begin in 2011, The Boston Glove said in a story about the demonstration. Addressing one concern of civil libertarians, Burns said the technology would delete data after each screening.

The Israeli Model
Some say the U.S. should take a page from Israel's book on security.

At Israeli airports, widely considered the most secure in the world, travelers are subjected to probing personal questions as screeners look them straight in the eye for signs of deception. Searches are meticulous, with screeners often scrutinizing every item in a bag, unfolding socks, squeezing toothpaste and flipping through books.

"All must look to Israel and learn from them. This is not a post-911 thing for them. THey've been doing this since 1956," said Michael Goldberg, president of New York-based IDO Security Inc., which developed a device that can scan shoes while they are still on people's feet.

Israel also employs profiling: At Ben-Gurion Airport, Jewish Israelis typically pass through smoothly, while others may be taken aside for closer interrogation or even strip searches. Another digtinguishing feature of Israeli airports is that they rely on concentric security rings that start miles from terminal buildings.

Rafi Ron, the former security director at israel's famously tight Ben Gurion International Airport who now is a consultant for Boston's Logan International Airport, says U.S. airports also need to be careful not to overcommit to securing passenger entry points at airports forgetting about the rest of the field.

"Don't invest all your efforts on the front door and leave the back door open," said Ron.

While many experts agree the United Stated could adopt some Israeli methods, few believe the overall model would work here, in part because of the sheer number of U.S. airports - more than 400, versus half a dozen in Israel.

Also, the painstaking searches and interrogations would create delays that could bring U.S. air traffic to a standstill. And many Americans would find the often intrusive and intimidating Israeli approach repugnant.

Profiling
Some argue that policies against profiling undermine security.

Baum, who is also managing director of Green Light Limited, a London-based aviation security company, agrees profiling based on race and religion is counterproductive and should be avoided. But he argues that a reluctance to distinguish travelers on other grounds - such as their general appearance or their mannerisms - is not only foolhardy but dangerous.

"When you see a typical family - dressed like a family, acts like a family, interacts with each other like a family ... when their passport details match - then let's get them through," he said. "Stop wasting time that would be much better spent screening the people that we've got more concerns about."

U.S. authorities prohibit profiling of passengers based on ethnicity, religion or national origin. Current procedures call for travelers to be randomly pulled out of line for further screening.

Scrutinizing 80-year-old grandmothers or students because they might be carrying school scissors can defy common sense, Baum said.

"We need to use the human brain - which is the best technology of them all," he said.

But any move to relax prohibitions against profiling in the U.S. would surely trigger fierce resistance including legal challenges by privacy advocates.

Privatization
What if security were left to somebody other than the federal government?

Jim Harper, director of information policy studies at the Washington-based Cato Institute, a free-market-oriented think tank, says airlines should be allowed to take charge of security at airports.

Especially since 9/11, the trend has been toward standardizing security procedures to ensure all airports follow the best practices. But Harper argues that decentralizing the responsibility would result in a mix of approaches - thereby making it harder for terrorists to use a single template in planning attacks.

"Passengers, too, prefer a uniform experience," he said. "But that's not necessarily the best security. It's better if sometimes we take your laptop out, sometimes we'll pat you down. Those are things that will really drive a terrorist batty - as if they're not batty already."

Harper concedes that privatizing airport security is probably wishful thinking, and the idea has not gotten any traction. He acknowledges it would be difficult to allay fears of gaping security holes if it were left to each airline or airport owner to decide its own approach.