Physical Security Network Management

Blog Date:  10/1/2010
Author:  Ray Coulombe

One area within the subject of convergence that has received surprisingly little press, and that is conspicuously missing from industry product offerings, is Network Management targeted at the connected devices. The ISO defines five elements of network management: fault, configuration, accounting, performance and security. Some or all of these are implemented in a variety of Network Management Systems (NMS).
Simple Network Management Protocol (SNMP) enables the gathering of information about the device itself, depending on what was implemented in design by the device manufacturer. Most major IP camera manufacturers support SNMP, but only a few, including Axis and Pelco, support the more secure SNMP version 3. Many security devices do not support SNMP, but topology information can still be gained if the device is connected to a managed switch. In the context of IT, there are several proven NMS packages such as HP OpenView, SolarWinds and Whatsup Gold that have evolved to provide the IT manager a range of capabilities, including performance management, diagnostics, process monitoring and problem isolation. Such tools have become an indispensible asset for IT managers - particularly in enterprise-class systems. These are IT-centric tools, however, and are arguably too expensive, too intimidating, and, in all likelihood, overkill for the physical security manager. These packages typically focus on the switch infrastructure and may not easily identify common device issues such as intermittent connection problems.
Let's look at the features and requirements of NMS tools as they might apply to physical security:
- Network topology: Ideally, an NMS should let you know what devices reside on the network, information about them (e.g., MAC address and IP address), and how they are interconnected, including switch port interconnections.
- Network performance: Are any of the communication links indicating no communication or excessive bandwidth use? Is there an underlying trend or pattern?
- Device performance: Are any of the devices displaying delays in responses or intermittent outages? Not all problems are caused by network performance. Ping response times can easily identify an overloaded or troubled device. - Device configuration: Have device operating parameters been properly configured? For example, improper subnet mask settings can make it difficult to uncover issues.
- Network installation and configuration: The system should provide a record of initial installed configuration, if possible, and changes from the baseline configuration. It should readily flag issues such as duplicate IP addresses and provide for preloading of IP addresses where static IP addresses should be assigned, e.g., IP cameras and video servers. Some systems can auto-provision the IP address of a faulty device with the same address of a like device.
- Network documentation: The NMS should be capable of downloading a document, such as a .csv file that snapshots the configuration and allows for later analysis, on or off-site.
- Problem diagnostics: The NMS should be a primary tool in pinpointing such issues as duplicate IP and MAC addresses, non-PC systems, overloaded or misbehaving devices, intermittent communications, connection faults, faulty devices and/or NIC cards, broadcast or multicast spikes or storms. Further it should be capable of alarms based on certain parameters via e-mail, or text, or tied into another management system.
- Remote support: Given that local support for the security network may be limited, can the system provide enough information for an off-site resource to properly identify (or at least surround) the problem, enabling it to be addressed quickly?
- Network security: The system should promote overall network security by identifying rogue or wireless devices, hubs with unauthorized devices or bandwidth usage in excess of an anticipated maximum level.
- Cost: The system's cost of acquisition and support needs to be supportable within the security department's budget (or IT budget, if applicable). - Usability: The user interface for the system should be somewhat intuitive or, at least, easily learned; and relevant to the application of physical security.
Link to Complete Article as it appeared in Security Technology Executive Magazine


Resource Blogs

Most Recent Blog List for Blog Author: Ray Coulombe

Security Specifier Blog List Image for  Stay Safe! While Traveling This Summer

Stay Safe! While Traveling This Summer

It’s summer vacation time! The last thing you need to worry about it is getting your identity stolen while you’re sitting on a beach somewhere exotic. In 2016, more than 15 million Americans were victims of identity theft, up 16 percent from the previous year, according to Experian. Plus, about 33 percent of that fraud took place when people were traveling. Here’s a few tips to staying safe all summer while traveling...
read more -->

Security Specifier Blog List Image for Rethinking Cabling

Rethinking Cabling

Cat 5e became an ANSI/TIA/EIA standard in 2001, Cat 6 in 2002, and Cat 6a in 2008. However, it may be extremely useful to consider taking advantage of other existing cabling infrastructure in lieu of running new. Read more to learn how to approach cabling.
read more -->

Security Specifier Blog List Image for Off the Beaten Path at ISC West

Off the Beaten Path at ISC West

This year at ISC (the International Security Conference and Exposition), I was determined to try to see the latest iStechnologies hiding in the nooks and crannies—literally! I visited booths in the back, the basement, small kiosks hidden inside larger vendor books, and throughout the Emerging Technology Zone.

In case you missed the show, I’ll round up some of the best new technologies and companies to keep an eye on. Read more.
read more -->

Security Specifier Blog List Image for Cyber Crime Taking Down Cities

Cyber Crime Taking Down Cities

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. Read how ransomware impacted this metropolitan area.
read more -->

Security Specifier Blog List Image for A Few Thoughts on K-12 School Security

A Few Thoughts on K-12 School Security

There is no one size fits all when it comes to K-12 school security. Schools vary in so many ways: size, age, local environment, affluence, culture, governance, and more. Read some helpful tips and resources that might just help your school be better prepared.
read more -->

Copyright Ⓒ 2010 SecuritySpecifiers™