Security of any premises comprises of critical systems like – Physical Access Control System (PACS), Video Surveillance, and Logical Access Control. Physical access control is the foremost line-of-defense against any breach of security followed by video surveillance that assists to analyze the intrusion incident. Hence, the security team and the management must know the significance of PAC system which helps to manage and identify any sort of threats & vulnerabilities.
A few points below that explains the framework of PACS:
1. Safeguarding all Storage Locations
For better security, ensure all the controller devices and its cabling are hidden from general public to avoid accessing for fabrications. Credentials play a major role in identifying users in PACS. Limit the storage of credential data to fewer components, such as controllers and server databases. Even if smart cards or readers get hacked, it becomes impossible for the intruder to gain sensitive information.
Here are some of the most effective ways to secure storage components of PACS credentials:
a. Server Database Security
– Use of standard RDBMS products offering secure authentication protocols
b. Controller Memory Security
– Crypto memory chip
– Biometric credential storage on the controller itself (publicly exposed devices such as readers should not carry any confidential credential data)
c. Reader Memory Security
– A secure element for the protection of keys and cryptographic operations
d. Smart Card User Memory Security
– Key-based secure user memory access (instead of just referring to card CSN)
2. Securing all Communication Networks
The PACS framework is designed in a way that if any communication networks (server, controller, reader, cards) gets compromised, all the sensitive credential information becomes vulnerable.
However, here are some of the most effective ways to secure the respective communication channels:
a. Secure Communication between Card & Reader
– Symmetric Key Encrypted data transmission (instead of just referring to card CSN)
b. Secure Communication between Reader & Controller
– Use of communication protocol supporting encryption such as OSDP SC (instead of ubiquitous wiegand protocol)
c. Secure Communication between Controller & Server
– TLS encryption or AES 128/256 bit
– Cryptographic module, like OpenSSL FIPS Object Module RE for certified implementation of TLS
– IPV6, ensuring greater connection integrity and security
d. Secure Communication between Server & Clients
– SSL (HTTPS)
3. Device/ Application Access Management
PACS security threat continues on application access management levels, wherein hackers gain access to privileged user’s credentials for unauthorized access.
Here are some of the most effective ways to secure against unauthorized application access:
a. Robust Password Policy Implementation, such as-
– Enforcing strong passwords
– Password expiry/Portal lockout (multiple incorrect login attempts)
– Audit trails
– CAPTCHA
b. Ensure Server Application Security with:
– VAPT certification
– ISO 27001:2013 (ISMS) certified processes
To know more about PACS, contact our experts at IDZONE Saudi Arabia.