April Promotion:

            SPRING SAVINGS ALERT! 

Get Free Shipping* on all Isonas Card Reader Orders from Kondor Security, Now Through April 30^th!

The industry's first panel-free IP reader controller to deliver true Power Over Ethernet, Isonas PowerNet Readers provides the freedom to secure an unlimited number of doors without the hassle of have to wire panels or hubs.

ISONAS RC-03-PRX Ethernet Enabled Reader-Controller.  Proximity (125 kHz) Reader Controller Configurations for Interior & Exterior Access Points and it supports both ISONAS & HID Proximity Credentials.

ISONAS RC-03-MCT Ethernet Enabled Reader-Controller.  Proximity (13.56 MHz & 125 kHz) Reader-Controller Configurations for Interior & Exterior Access Points.  The RC-03-MCT supports Mifare, Desfire,iClass, PIV Smart Cards and ISONAS & HID Proximity Credentials. 

Both versions available in Keypad and Non-Keypad formats. 

Be sure to check out the Kondor Security Web Store for all of your Isonas needs. 

*Please use the code “ISONAS READER” and click the Redeem Coupon button.  The offer enables free shipping on Isonas products that include at least 1 Reader/Controller.  Please note:  The offer does not include shipping when other items from separate manufacturers are included on the order. If you run into problems redeeming coupon online please contact Customer Service at 888-409-9245.

 

Axis M3004-V Fixed Dome Network Camera--Fixed Mini Dome with HDTV Performance

• Ultra-compact, vandal-resistant design
• Progressive scan
• HDTV 720p / 1 MP
• Easy, flexible installation
• Corridor Format
• Edge storage

AXIS M3004-V video clips

 Watch 1 MP video

The palm-sized AXIS M3004-V Network Camera is an affordably priced, easy-to-install indoor fixed dome that supports HDTV 720p and 1 MP resolution. It is ideal for retail stores, hotels, schools, banks and offices.

Easy and flexible installation

AXIS M3004-V is vandal- and dust-resistant, and designed for quick and flexible installation. With a 3-axis camera angle adjustment, the cameras can be mounted on walls or ceilings, and images can be easily leveled. No focusing is required as the camera comes focused at delivery.

AXIS M3004-V offers a horizontal viewing angle of 80°. It supports Axis’ Corridor Format for vertically oriented video streams of areas such as corridors, hallways or aisles. To enable the camera to better blend in with the environment, skins are available in different colors. AXIS M3004-V also comes with a 2 m (6.6 ft.) network cable and are powered using Power over Ethernet (IEEE 802.3af), which simplifies installations.

Skins are available in different color options to suit interior design.

Intelligent video

The camera’s support for AXIS Camera Application Platform enables the installation of intelligent video applications such as people counting.

Convenient video management

AXIS M3004-V offers a convenient video management solution with its built-in micro-SDHC memory card slot for edge storage and support for software such as the complimentary AXIS Camera Companion. Video streams can be encoded in H.264 and Motion JPEG.

More features

• Multiple H.264 streams.
• Intelligent capabilities such as enhanced video motion detection and detection of camera tampering attempts like blocking or spray-painting.
• Power over Ethernet (IEEE 802.3af), eliminating the need for power cables and reducing installation costs.
• Advanced security and network management features such as HTTPS encryption with preserved performance, IPv6 and Quality of Service.
• Open Application Programming Interface (API) for software integration, including VAPIX^® from Axis Communications.

For more information on Axis M3004-V Fixed Dome Network Camera, Features, Dimensions, Accessories, A Video Clip, Support and the Manual, CLICK HERE!!!!!!!!!! 

The Pelco DX Series, Doing More for Less... Part 1.

For many years and countless hours of around-the-lock operation, the Pelco DX Series of DVRs has been relied upon to protect people and property in thousands of location worldwide. From basic video security systems with just a few cameras, to fully distributed network video systems, the DX Series is the perfect digital recording solution to meet most any video recording need.

The DX Series begins with the DX4100. These affordable, entry-level DVRs eliminate the need for the traditional VCR/multiplexer/matrix combination. Offering four-channel models with internal storage capacity of up to 2 tb, the DX4100 series is designed to guard your business while protecting your bottom line. The hallmark of the DX4100 series is its ease of operation. These systems feature simple installation, are ready to record right out of the box, and have an easy-to-use and intuitive user interface which makes training and support a snap.

Introducing Plexidor Electronic Access Control for your Dog!

Access Control is evolving all the time.  Situations in which access control can evolve to are limited only by one's imagination. That said, did you know that there’s access control option for your pets?

Yes, gone are the days where one worries about the unwanted entry of stray dogs, neighborhood cats, racoons, or any such pesky varmint.  Pet owners can find relief knowing that RFID tags are available for pet collars giving access to enter or exit the house when the pet door is equipped with electronic access control.  You are able to control which pet(s) can go outside and which cannot.

Love your pet? Can you hold it for 9 hours? The next time you have to “go” in the middle of the night, think about your pet – and the Plexidor® Performance Pet Doors. Sure, pets are different from people. People have flush toilets, pets don’t. Pets just have to wait until morning.

But if you forget, or make your pet wait too long, you know what comes next: Yup, the clean-up.

So, for the last 22 years, Plexidor® has been crusading for pets’ rights to come and go as they please. It’s actually a 2-in-1 crusade because pet owners have rights too…such as the right NOT to be a 24-hour-a-day doorman, the right NOT to live with spotted carpeting, and the right NOT to have to refinish scratched doors, to name just a few.

Because of this crusade Plexidor® has been designing and manufacturing the Performance Pet Door line. The Plexidors® come in sizes ranging from cat to great dane. They work in any kind of door or wall. All Plexidors® have heavy durable aluminum frames that can be secured and locked. White and bronze frames are baked on for strength and durability. And the door panels are made of insulated high impact acrylic to help keep your home warm in the winter and cool in the summer.

Call us or visit our website and join the crusade. Order a Plexidor® pet door today. You and your pet will be happier.

• High impact acrylic panels, also used in small aircraft windshields.
• These colors do not run. Plexidor® pet doors are not painted, they use a baked on finish.
• Dogs chew through plastic and bend thin aluminum frames. These are thick, heavy aluminum.
• Magnets are not effective “keys” and are not used with Plexidor® pet doors.
• The electronic door has 1000s of key codes.

Plexidor® Electronic Doors

Secure – Interior stainless steel locking bar, thousands of key codes. Opens only for your pets. Tough shatter resistant panel. Heavy, thick aluminum frames that won’t bend. Won’t interfere with home security system.

Energy Efficient – No gaps for air filtration, saves you money.

Pet/Child Safe – Panel won’t close when obstructed. Total control up and down. No pinched tails. No pinched fingers.

Dependable – Runs on household current. Collar key is waterproof and does not need batteries. Key fastens securely to collar and won’t fall off. Interior mounted motor won’t freeze up in cold.

Durable – Steel and hardened aluminum frame with thick acrylic closing panel. Wall units include aluminum tunnel pieces and stainless steel mounting hardware for years of service. No unsightly rust streaks on your home.

Easy to Use – One button programming to add or change collar codes quickly and simply. Collar key snaps on easily and stays on. Comes complete with pet door, exterior trim, stainless steel hardware, 2 collar keys, power supply and 15ft cord.

The key is a micro RFID chip weighing only 0.4 oz.

Plexidor® collar keys are:

• Waterproof
• Rugged
• Battery free
• Shock proof
• Won’t fall off
• Works with underground fencing
• Have 1000s of key codes

How it works: Plexidor® Electronic “reads” the key code and opens only for your pet. Panel unlocks and slides up like a mini garage door. The main frame has a low profile of just 1 5/8” in thickness. Door plugs into household outlet or can be hardwired.

Order a Plexidor® today and say goodbye to…

• Messy littler trays
• Scratched doors
• Wasted energy
• Awkward, noisy, chewed flaps
• Ruined carpets and drapes

Plexidor® Pet Doors Provide

• Peace and quiet
• Undisturbed sleep & TV
• Freedom from worry about letting your pet out

Plexidors® are

• A carpet saver
• A money saver
• An energy saver

How I'd Hack Your Weak Passwords.

 source: One Man's Blog.

by John P.

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it? 

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
4. “password”
5. Your city, or college, football team name.
6. Date of birth – yours, your partner’s or your child’s.
7. “god”
8. “letmein”
9. “money”
10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.) 

One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

• You probably use the same password for lots of stuff right?
• Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
• However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
• So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
• Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
• But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)

And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password Length	All Characters	Only Lowercase
3 characters 4 characters 5 characters 6 characters 7 characters 8 characters 9 characters 10 characters 11 characters 12 characters 13 characters 14 characters	0.86 seconds 1.36 minutes 2.15 hours 8.51 days 2.21 years 2.10 centuries 20 millennia 1,899 millennia 180,365 millennia 17,184,705 millennia 1,627,797,068 millennia 154,640,721,434 millennia	0.02 seconds .046 seconds 11.9 seconds 5.15 minutes 2.23 hours 2.42 days 2.07 months 4.48 years 1.16 centuries 3.03 millennia 78.7 millennia 2,046 millennia

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?

Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.

Here are some password tips:

1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

By request I also created a short RoboForm Tutorial. Hope it helps…

Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network – after which time they will own you!

Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.

I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.

Please, be safe. It’s a jungle out there.

ISONAS' Crystal Matrix at a glance.

Easily Support Seasonal Schedules with ISONAS Access Control System

source: ISONAS

Are some of your clients affected by seasonal changes to their facility's schedules?

Seasonal variations are common for organizations such as:

• Schools and Libraries
• Park Districts
• Amusement Parks
• Sports Facilities
• Churches
• Recreation or Tourism Business

Many of these organizations will wnat to pre-plan and pre-program the upcoming schedules into their access control system, so that the schedule's transition times are seamless and worry-free. The Crystal Matrix application supports these types of requirements with the Permission Groups feature.

Crystal matrix Permission Groups for Schools

A high school might use the Permissions Group feature of Crystal matrix to schedule the full summer activity sessions before the end of the school year. Prepare the system for band camp, 2-a-days football practice, teacher development workshops, and adult education seminars. All pre-planed and pre-programmed before the school's staff begins its summer break. As the summer calendar progresses, the access control system automatically adjusts the system's business rules to allow the proper people into the school, at the proper times.

Click here for more details on this solution

Understanding how to use Crystal Matrix Permissions

To effectively use the Crystal matrix Permission Groups feature, you shoul dhave a solid understanding of how Permissions are defined within the system. Below are links to short training videos that explain the process of setting up Permissions within the ISONAS system.

Basic Crystal Matrix Configuration

Advanced Crystal Matrix Configuration 

There's a "People Element" to security we seem to be forgetting...

Social Engineering, the USB Way 

source: darkreading.com

Those thumb drives can turn external threats into internal ones.

The folks at DarkReading recently got hired by a credit union to assess the security of its network. The client asked that they really push hard on the social engineering button. In the past, they'd had problems with employees sharing passwords and giving up information easily. Leveraging their effort in the report was a way to drive the message home to the employees.

The client also indicated that USB drives were a concern, since they were an easy way for employees to steal information, as well as bring in potential vulnerabilities such as viruses and Trojans. Several other clients have raised the same concern, yet few have done much to protect themselves from a rogue drive plugging into their network. So the DarkReading guys wanted to see if they could tempt someone into plugging one into their employer's network.

In the past they had used a variety of social engineering tactics to compromise a network. Typically they would hang out with the smokers, sweet-talk a receptionist, or commandeer a meeting room and jack into the network. This time, they knew they'd have to do something different. Employees were talking within the credit union and were telling each other that somebody was going to test the security of the network, including the people element.

So DarkReading tried something different by baiting the same employees that were on high alert. They gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with their own special piece of software. One of their guys wrote a Trojan that, when run, would collect passwords, log-ins and machine-specific information from the user's computer, and then email the findings back.

The next hurdle was getting the USB drives in the hands of the credit union's  internal users. Simply enough, they made their way to the credit union at about 6am to make sure no employees saw them. They then proceeded to scatter the drives in the parking lot, smoking areas and other areas employees frequented.

Once the drives were seeded, it was time to grab some coffee and watch the employees show up for work. Surveillance of the facility was worth the time involved. It was really amusing to watch the reaction of the employees who found a USB drive. You know they plugged them into their computers the minute they got to their desk.

Upon calling the guy who wrote the Trojan and asking if anything was received at his end, it was revealed that slowly but surely info was being mailed back to him. It would have been lovely to be on the inside of the building watching as people started plugging the USB drives in, scouring through the planted image files, the unknowingly running the piece of software cleverly hidden away by DarkReading.

After about three days, they figured they'd collected enough data. Upon review of their findings, they were amazed at the results. Of the 20 USB drives planted, 15 were found by employees and all had been plugged into company computers. The data  obtained helped to compromise additional systems, and the best part of the whole scheme was the convenience. Everything that needed to happen did, and in a way it was completely transparent to the users, the network and credit union management.

This little "giveaway" takes security loopholes a step further, working off humans' innate curiosity. Email virus writers exploit this same vulnerability, as do phishers and their clever faux websites. The credit union client wasn't unique or special. All the technology and filtering and scanning in the world won't address human nature. But it remains the single biggest open door to any company's secrets.

Disagree? Sprinkle your receptionist's candy dish with USB drives and see for yourself how long it takes for human nature to manifest itself.