You will be happy to know that this e-zine goes to more than seven thousand select security professional in the world as direct mail and is also placed in our web-site of ICISS. The link of the web-site is given below –
http://www.wix.com/sbtyagi/iciss
I actively encourage you to join ICISS Group at ‘LinkedIn’ and also
motivate other security professionals likewise. I am confident that by
becoming active member of the ICISS Group, not only you professionally will be benefitted; the profession itself will be benefitted by your active support and contribution. The link to the ICISS Group at LinkedIn is given below –
http://www.linkedin.com/groups?home=&gid=4413505&trk=anet_ug_hm
1. Newsle
etter: July 20
J 012
Let’s profe
s essionalize the pro
t ofessio
onals…
…
http://ww
ww.wix.com/
/sbtyagi/iciss
Aurora th
heatre suspec Jame Holm st
s ct es mes tockpiled 6,00
00
rouunds o ammunition onlin e.
of n
Spend jus a few mi
st inutes brow
wsing the iinternet an it becom clear h
nd mes how James Holmes w able
s was
to stockpi 6,000 r
ile rounds of ammunitio without any alarm soundin “The Guardian” did little
on ms ng. G
research on interne and foun that hu ge amoun of amm
et nd nts munition ca be purc
an chased onlline in a
matter of minutes and can be shipped s straight to customers' doors, no questions asked. Y those
c o s Yet
familiar with gun ow
wnership in the US are unlikely to have be surpris ed.
e t een
BulkAmmo.com is one of many webs
m sites which allow fo the purc
h or rchase of lots of ro
ounds at
knockdow prices. O the we
wn On ebsite one can buy 1,000 .223, 62grain T
TulAmmo rounds, wh hich can
be fired by an AR15 assault rif for just $250, or 25 cents a round.
y 5 fle, t 2
Luckgunn ner.com sto mington rounds in bo
ocks Fiocchi .223 rem oxes of 1,0
000, described as "pe
erfect for
your AR-115!". When “The Gua
n ardian” perrused the website on Monday th
w here were 41 boxes in stock.
Again, “TThe Guardian” we were able t follow the purcha
w to t asing proccedure throough – pootentially
getting 41,000 round delivere within th
ds ed hree days, for $17,42
28.39.
2. C
Courtesy: C D R Se
Col emwal (ca
allsamydr@
@yahoo.c
com)
Today it's significantly differe
s ent! Yeste
erday we operated with fence
o w es,
gates, gua
ards and ccameras. We were w
W worried abo people taking min
out nor
items out of the worrkplace. Bu the fenc
ut ces, guards and gate are not a
s es as
important these day for many business es.
ys y
An IT se ervices commpany tha prides itself on its relaxed and ope
at i d en He is highly expe erienced
philosophy is unlike to appre
ely eciate a se
ecurity lead whose focus is o
der e on (29 years’ serv
y vice in
locking t the emplo oyee pop pulation oout of ne ewer com
mmunicatioon Indian
n Army) with
technologgies, for example. Staff and manageme may look at th at
S ent proven skills
s in
manag ging Safet ty and
individual as a roadb
block to be surmount rather than a par
e ted rtner. security issuees of
establishments,
Planning for acces control system n
ss needs innoovative approach an nd manag ging large human
deep know wledge of the busine and wo
ess ork-culture of the org
e ganization. It resource deployments,
calls for n only ke
not eeping the bad guys out bust also enco
e s ouraging th
he logistics & mobiliity.
good guys to come in without hassle!
s Col. Semwal has
experience & passion
Physical aaccess by a person may be a
y allowed de epending on paymen
o nt, for protection of ecology
authorizattion, etc. A
Also there may be o one-way tra affic of people. Thes se & environmen
e nt. He
can be en nforced by personne such as a border guard, a doorman, a
y el s changged the f face of
Delhi in Bhati Mines
ticket che
ecker, etc., or with a device su ch as a tu urnstile. Th
here may b be Area while he was
fences to avoid cir
o rcumventin this ac
ng ccess cont trol. An alternative of comm manding Eco-
access coontrol in the strict sense (physiically contr rolling access itself) is Battallion of Te erritorial
a system of checki ing authorrized preseence, see e.g. Ticke controlle
et er Army in Delh hi and
(transport
tation). A vvariant is exit controll, e.g. of a shop (che
e eckout) or a turned it into lus green
d sh
area!
country.
He was succes
w ssful in
In physica security the term access c
al y, m control reffers to the practice of restorration of mining
restricting entrance to a prop
g perty, a bu
uilding, or a room to authorize
o ed land by afforestation
persons. P Physical access cont can be achieved by a huma (a guar
trol e an rd, activit
ties in coorddination
with Deptt of
bouncer, or receptio onist), through mecha anical mea such as locks an
ans a nd Enviroonment,
keys, or t through tec
chnologica means s
al such as ac ccess cont system
trol ms Gover rnment of Delhi.
like the mmantrap. W
Within these environm
e ments, phys sical key manageme
m ent
may also be employ as a means of fu
yed m urther mannaging and monitorin
d ng He ha vast exp
as perience
access to mechanic cally keyed areas or aaccess to certain sma assets.
c all and knowledgge in
Industrial Securrity and
Safety in comb
y bination
Physical aaccess conntrol is a matter of wh where, and when An acces
m ho, n. ss
with expertise re
e elated to
control sy
ystem dete ermines wh is allow
ho wed to enter or exit, where the ey Enviro
onment and
are allowe to exit o enter, and when t
ed or they are allowed to enter or ex
e xit. Ecology. He is deeply
Historicall this wa partially accompliished thro
ly as y ough keys and lock ks. commmitted in the field of
e
When a d door is lock only someone w a key can enter through th
ked s with he SHSE (Security; Health
Safety & Environm
y ment).
door depe ending on how the lock is co onfigured. Mechanica locks an
M al nd
keys do n allow re
not estriction of the key h
o holder to specific times or date
s es. He is ICISS Coun
ncilor for
Mechanic locks and keys do not prov
cal vide record of the key used o
ds k on NCR Region.
R
any specific door an the keys can be e
nd s easily copie or trans
ed sferred to a
an
unauthoriz person When a mechanic key is lost or the key holde is no lon
zed n. cal e er nger authoorized to
use the prrotected ar
rea, the loc must b re-keyed
cks be d.
3. Electronic access co
c ontrol uses compute to solve the limita
s ers e ations of m
mechanical locks and keys. A
wide rang of crede
ge entials can be used t replace mechanic keys. T
n to cal The electronic access control
s
system gr rants acce based on the cr
ess redential presented. When acc
p cess is gra
anted, the door is
e
unlocked for a preddetermined time and the transa
d action is re
ecorded. W
When acce is refused, the
ess
door remaains locked and the attempted access is recorded. The syste will also monitor t door
d a em o the
and alarm if the doo is forced open or h
m or held open too long aft being u
ter unlocked.
When a credential is presented to a read the rea
s der, ader sends the crede
s ential’s info
ormation, u
usually a
number, to a control panel, a highly reliable processo The co
y or. ontrol pan compa
nel ares the
credential number to an access contro list, grants or denie the pres
l's r ol es sented req quest, and sends a
transactio log to a database.
on
When acc cess is de
enied base on the a
ed access co ontrol list, the door re
t remains loc
cked. If th
here is a
match bet tween the credential and the a ccess control list, the control p
e panel opera
ates a rela that in
ay
turn unloc the doo The con
cks or. ntrol panel also ignor a door open signa to preve an alarm Often
res al ent m.
the reade provides feedback such as a flashing red LED for an ac
er s k, g ccess deniied and a flashing
green LED for an ac
D ccess grannted.
The abov descript
ve tion illustra
ates a sing factor transaction Credent
gle t n. tials can be passed around,
b
thus subvverting the access control list. F exampl Alice ha access rights to th server r
For le, as he room but
Bob does not. Alice either gives Bob h creden
s e her ntial or Bob takes it; he now has acces to the
; h ss
server roo To pre
om. event this, two-factor authentica
t ation can be used. In a two fact transac
b tor ction, the
presented credentia and a se
d al econd facto are need for access to be granted; another fa
or ded e actor can
be a PIN, a second credential, operator interventio or a bio
on, ometric inpuut.
There are three type (factors) of authen
e es nticating information:
som
mething the user knows, e.g. a pa
e assword, pass-phrase or PIN
o
mething the user has, such as sm art card
som e s
mething the user is, such as finger
som e rprint, verified by biometric measu
urement
Password are a co
ds ommon means of ver ifying a user's identit before a
ty access is given to info
ormation
systems. In addition, a fourth factor o f authentic
h cation is now recog
n gnized: sommeone you know,
where ano other perso who knows you c provide a human element o authentic
on can e of cation in si
ituations
where sysstems have been set up to allo for such scenarios. For exa
e t ow h ample, a us may ha their
ser ave
password, but have forgotten their sm mart card. In such a scenariio, if the user is kn nown to
designate cohorts, the cohorts may pr
ed , rovide thei smart ca and pa
ir ard assword in combinat
n tion with
the extant factor of the user in questio and thu provide two factor for the user with missing
f on us rs
credential and three factors overall to alllow access.
l, e
A credent is a ph
tial hysical/tanggible objec a piece of knowle
ct, edge, or a facet of a person's physical
being, tha enables an individu access to a given physical facility or computer-
at ual s -based info
ormation
system. T Typically, c
credentials can be s
s something you know (such as number or PIN), so
o omething
you have (such as an access badge), s
s something you are (such as a biometric feature) o some
g ( c or
combination of thes items. The typical credential is an acc
se T l cess card, key fob, or other key There
y.
are many card tech
y hnologies inncluding m magnetic st tripe, bar code, Wieg
c gand, 125 kHz proximity, 26
bit card-sswipe, con ntact smart cards, a
t and contac ctless sma cards. A
art Also available are kkey-fobs
which are more com
e mpact than ID cards and attac to a ke ring. Ty
n s ch ey ypical biom
metric techn
nologies
include fin
ngerprint, f
facial recog
gnition, iris recognitio retinal scan, voice and han geometr
s on, s e, nd ry
4. An access control p point, whic can be a door, tu
ch urnstile, pa
arking gate elevator, or other physical
e, ,
barrier whhere granting access can be ele ectronically controlled. Typicallly the acce point is a door.
y ess s
An electroonic access control door can co
d ontain sev veral elemeents. At its most basic there is a stand-
alone elec ctric lock. The lock is unlocked by an op
s d perator with a switch . To autom
h mate this, ooperator
interventio is repla
on aced by a reader. Th reader could be a keypad where a code is en
he c ntered, it
could be a card reader, or it could be a biometric reader. Re
c eaders do not usually make an access
n
decision b send a card num
but mber to an access control panel that ver
n rifies the number against an
n
access lis To mon
st. nitor the door positio a magnetic door switch is used. In concept t
d on r s the door
switch is n unlike t
not those on reefrigerator or car do
rs oors. Gene entry is co
erally only e ontrolled an exit is
nd
uncontroll led. In cases where exit is also controlled a second reader is used on th opposite side of
e o d he e
the door. In cases w where exit is not con ntrolled, fre exit, a device calle a reque
ee d ed est-to-exit (
(RTE) is
used. Req quest-to-exit devices can be a push-bu
s utton or a motion de etector. When the b
W button is
pushed or the motio detecto detects motion at the door, the door a
on or alarm is teemporarily ignored
while the door is opened. Ex xiting a do without having to electricallly unlock the door i called
oor t o is
mechanic free eg
cal gress. This is an im portant sa
s afety feature. In cas es where the lock m must be
electrically unlocked on exit, th request
y d he t-to-exit device also unlocks the door.
u e
Access co ontrol dec
cisions are made by comparin the cred
y ng dential to an access control list. This
s
lookup ca be don by a host or se
an ne h erver, by an access control p
a s panel, or by a read der. The
developmment of acccess contro systems has seen a steady push of th lookup out from a central
ol s n he
host to th edge of the syste or the reader. Th predom
he f em, he minant topoology circa 2009 is h
a hub and
spoke wit a contro panel as the hub and the readers as the spok
th ol r s kes. The loookup and control
d
functions are by the control panel. The spokes co
e p ommunicat through a serial connection; usually
te c ;
RS485. SSome manu ufactures are pushing the decis
a g sion making to the ed by plac
dge cing a controller at
the door. The cont trollers are IP enablled and co
e onnect to a host an databas using s
nd se standard
networks
Access co ders may be classified by functions they are able to perform –
ontrol read d a
Basi (non-inte
ic elligent) reaaders: simp read card number or PIN and forward it to a control panel. In
ply o
case of biometr identifica
e ric ation, such r
readers outtput ID nummber of a usser. Typically Wiegand protocol
d
is ussed for tran
nsmitting da to the c
ata control pan but othe options such as RS-232, RS-
nel, er -485 and
Clock/Data are not uncomm mon. This i s the most popular typ of acces control re
pe ss eaders. Exa
amples of
such readers ar RF Tiny by RFLOGIC ProxPo by HID, and P300 by Farpoint Data.
h re b CS, oint te
Semmi-intelligen readers: have all inp
nt utputs necessary to co
puts and ou ontrol door hardware (lo
h ock, door
conta exit but
act, tton), but do not make any acces decisions When a user presents a card o enters
e ss s. or
PIN, the reader sends info
r ormation to the main coontroller and waits for its respons If the co
se. onnection
to th main controller is interrupted, such read
he ders stop working or f
w function in a degrade mode.
ed
Usua semi-intelligent rea
ally aders are cconnected to a contro panel via an RS-485 bus. Examples of
t ol 5
such readers ar InfoProx Lite IPL200 by CEM Systems and AP-510 by Apollo.
h re 0 d y
Intelligent readders: have all inputs aand outputs necessary to control d door hardwware, they a
also have
mem mory and pr rocessing power neces ssary to ma access decisions independen
ake ntly. Same as semi-
intelligent reade they are connected to a contro panel via an RS-485 bus. The control pan sends
ers e d ol a 5 nel
confiiguration uppdates and retrieves e events from the reade
m ers. Examp ples of suc readers could be
ch
InfoP
Prox IPO200 by CEM Systems an d AP-500 by Apollo.
0 S b
The most common security risk of intr
t r rusion of an access control sy
a system is simply following a
s
legitimate user throu a door Often the legitimate user will hold the d
e ugh r. e e door for the intruder. T
e This risk
5. can be minimized through security awareness training of the user population or more active means
such as turnstiles. In very high security applications this risk is minimized by using a sally port,
sometimes called a security vestibule or mantrap where operator intervention is required
presumably to assure valid identification.[citation needed]
The second most common risk is from levering the door open. This is surprisingly simple and
effective on most doors. The lever could be as small as a screw driver or big as a crow bar. Fully
implemented access control systems include forced door monitoring alarms. These vary in
effectiveness usually failing from high false positive alarms, poor database configuration, or lack of
active intrusion monitoring.
Similar to levering is crashing through cheap partition walls. In shared tenant spaces the divisional
wall is vulnerability. Along the same lines is breaking sidelights. Spoofing locking hardware is fairly
simple and more elegant than levering. A strong magnet can operate the solenoid controlling bolts
in electric locking hardware. Motor locks, more prevalent in Europe than in the US, are also
susceptible to this attack using a donut shaped magnet. It is also possible to manipulate the power
to the lock either by removing or adding current.
Access cards themselves have proven vulnerable to sophisticated attacks. Enterprising hackers
have built portable readers that capture the card number from a user’s proximity card. The hacker
simply walks by the user, reads the card, and then presents the number to a reader securing the
door. This is possible because card numbers are sent in the clear, no encryption being used.
Finally, most electric locking hardware still have mechanical keys as a fail-over. Mechanical key
locks are vulnerable to bumping
Components of Access Control System
PC
Card Reader
Printer
Door Controller
Drop barrier
MOTORISED VEHICLE TRIPOD
BARRIER
Turn stile
6. Forward by - Col NN Bha
ded atia, Veter (narind
ran dra_bhatia
a@hotmai
il.com)
This appeears to be another credit / deb card sc
c bit cam startin to make the rounds. Bewar - just
ng e re!
received f
from a frien in Sydn
nd ney. Well w
worth a read....
There is a new and clever cr
d redit card scam - be wary of those who come bea
e t o aring gifts. Please
.
this to everyone you know, esp
circulate t pecially yo family and friends It just ha
our a s. appened to friends
o
a week or so ago in Singapo , and it can prett well now be happ
ore t ty w pening any ywhere els in the
se
world.
It works like this: Wednesday a week ag I had a phone ca from som
go, all meone who said that he was
o t
from some outfit called "Expre Courie
ess ers" asking if I was going to be home bec
e cause ther was a
re
package f me, and the calle said that the delive would arrive at m home in roughly a hour.
for er t ery my n an
And sure enough, a about an hour later, a deliverym turned up with a beautiful Basket of flowers
man d f
and wine. I was ve surpris
ery sed since it did not involve an special occasion or holiday and I
ny y,
certainly d
didn't expe anything like it.
ect g
Intrigued about wh would send me such a gift, I inqu
ho g uired as t who the sender is. The
to
deliveryman's reply was, he was only d
w delivering the gift pac
t ckage, but allegedly a card wa being
t as
sent sepaarately; (the card has never arri ved!). There was also a consig
e gnment not with the gift.
te
He then wwent on to explain that becaus the gift contained alcohol, there was a $3.50 "
o se t d s "delivery
charge" a proof tha he had actually de
as at elivered th package to an adu and no just left it on the
he e ult, ot
doorstep t just be s
to stolen or ta
aken by an
nyone. Thi sounded logical an I offered to pay hi cash.
is d nd d im
He then ssaid that the company require the pay
ed yment to be by cred it or debit card only so that
y
everything is proper account for.
g rly ted
My husba and, who, by this tim was sta
me, anding beside me, pulled out of his wal his cre
p llet edit/debit
card, and 'John', the "delivery man", ask my hus
e ked sband to sw
wipe the ca on the small mob card
ard bile
machine wwhich had a small screen and keypad where Fran was als asked to enter the card's
s d w nk so t
PIN and s
security number. A re eceipt was printed ou and given to us.
ut
To our surprise, between Thursda
n ay and the following Mo onday, $4 4,000 had been
d
charged/w from our credit/debit account at various ATM mach
withdrawn f a A hines, particcularly in the north
shore are It appe
ea! ears that somehow the "mobile credit card mach
s c hine" which the deliv
h veryman
carried was able to duplicate and crea a "dum
o e ate mmy" card(?) with alll our card details, a
d after my
husband sswiped our card and entered th requeste PIN and security number.
r he ed d
Upon findding out the illegal tra
e ansactions on our ca
s ard, of cou mmediately notified the bank
urse, we im y
which issu us the card, and our crediit/debit acc
ued e d count had been close We als persona went
ed. so ally
to the Police, where it was confirmed tha it is defi
e at initely a sc
cam becau several househol have
use lds
been similarly hit.
Warning: Be wary of accepting any "s
: surprise gif or packa
ft age", whic you neither expec
ch cted nor
personally ordered, especially if it involv any kin of paym
y y ves nd ment as a c
condition of receiving the gift
o g
or packag Also, n
ge. never acce anythin g if you do not personally kno and/or there is no proper
ept o ow o
identification of who the sende is.
o er
Above all, the only t
, time you should give out any personal cr
e p redit/debitc
card inform
mation is w
when you
yourself in
nitiated the purchase or transac
e e ction!
7. Following is the repproduction of the e- -mail received by on acquain
ne ntance which appears to be
benevolen in natur Howev
nt re! ver, on furt
rther inves
stigation it was found that it was an att
d w tempt to
gather important personal / fin
nancial info
ormation. The given link with lo of difficulty got co
T ots onnected
after repe
eated attem
mpts over three mon nths’ time, but for a short while without getting an useful
e ny
informatio indicati
on, hese were non-funct
ing that th tional URL The Ye
Ls. ellow Butto asking to click
on
here to acctivate yo accoun was sen
our nt nding the in
nformation to third pa
arty!
Readers a advised not to re
are espond to s
such mails unless the verify th backgro
s ey he ound of the sender
e
of the mails.
Info
ormation Regard
n ding You accoun
ur nt:
Dea PayPal M
ar Member!
Atte
ention! Your PayPal account has bee violated Someon with IP address
l en d! ne I s
86.3
34.211.83 tr
ried to acc cess your personal account! Please clic the link below and
P ck d
ente your acco
er ount informaation to con firm that yo are not currently awa You hav 3 days to
ou way. ve o
conf
firm account informatio or your ac
on ccount will be locked.
Click here to activ
vate your account
a
You can also confirm your email address by logging into you PayPal account a
y g ur at
http://www.payp pal.com/ Click on the "Confirm email" link in the Actiivate Accou box and
e unt d
then enter this c
confirmation number: 1
n 1099-81971
1-4441-9833 3-3990
Than you for u
nk using PayPa
al!
- Th PayPal Team
he
8. Please take a minu from yo busy s
ute our schedule and read th
a his
letter. I as
ssure you will not regret it. Imaagine yourrself in a car
c
zooming a high sp
at peed and suddenly y
s you see the driver ha as
gone to s sleep before you can take con
n ntrol of the situation a
e
loud bang All is fini
g! ished! You car had all the gad
ur dgets but did
d
not have N NAP a in- expensive safe ty device
NO an
More than 2 million people die and a equal number are
an a
injured in accident caused by dozin / drow
n ts ng wsy / sleepy
drivers. A of us ar at a risk of drows driving; we live in a
All re k sy
ciety where a lot of people are tired all the time.
twenty fou hour soc
ur e e
At 60 mp if you close your eyes for a second you have traveled 8 feet. Mu worse drowsy
ph y 88 uch e
drivers’ ju
udgment is impaired sleepine
s d, ess induce tunnel vision it’s a recipe for an a
es s e accident.
Accidents by dozing drivers ar generallly fatal bec
s g re cause
Do
ozing driver do not brake befor an accid
rs b re dent
The impact is at high sp
e s peed and tthis can be fatal.
e
Dro
owsiness / sleepiness is red ale
ert
Do not build s
o sleep debtt
Adequate res before a long journ is recommended
st ney
Use doze off alert gadggets
We manu ufacture an purchase the mo expens
nd ost sive cars with latest comfort gadgets b have
t but
never thoought of manufacturing a safet device which could warn th driver and co-pas
ty w he a ssengers
when the driver is in danger of dozing of and prev
n f ff venting a po
ossible acc
cident.
At last we have deve
e eloped an intelligent safety dev
vice.
Functional Descrip
ption
When the gadget is active an driver's head falls forward due to dro
e s nd s s owsiness, the intellig
gent NO
NAP will bbuzz loudly and insta
y antly bring the driver to full conc
centration. The gadg gives th alarm
. get he
at preset a
angle.
The angle can be va
e aried accoording to re
equirement The grav switch inside the gadget ke
t. vity e eeps the
track of th position of the driv
he ver's head. If not in us the switch should be kept at OFF pos
se, d a sition.
Salient Fe
eatures
Very light weight
ompact and
Co d
gonomically designed
Erg d
Low maintena
w ance cost
Easy to use a very
and
cos effective
st e
Low cost and high reliability
w d
For more info
ormation – Visit: http
p://www.thenonap.co
om/nni-fd.h
htm
9. Bringing together ssenior-lev securit busines resilien and sa
vel ty, ss nce afety pers
sonnel, thi must
is
attend ev
vent will ad
ddress ke topics i n the form of case studies an cover aspects of the
ey m s nd a f
value cha particularly in upstream a
ain, u and midsttream oil and gas o perations, including
a g:
Security and Patrol For rces
Sattellite and Surveillance
Tellecommunications Data Feeds , Analysis and Instan nt
Inte
erpretationn
Tecchnologies used for Cyber and Maritime Security
s C
Security Risk Analysis
k
Fenncing and Other Phy ysical Secu
urity Measuures, Sensors
CCCTV, Infrare SCADA
ed, A
Info
ormation S Security
Ins
surance an Liability
nd
Act of Militancy and Te
ts errorism
Acttivism, Cor rporate Social Respo
onsibility
10. Su
uggestion & feedb
ns back may b sent to us on e-m
be o mail: capts
sbtyagi@y
yahoo.co.
.in
P.S. - If you don't like to receive our newsletter, w apologize for bothering you. Please let us know your mail ad
u o we g e w ddress, we
will move it out of our coontact list, tha you!
ank