Or, maybe the title should have been is this the best way to deal with the problem. This news story from North Carolina brings up a couple of key points in a just a few lines.
First the problem is on-going and not a single loss event.
"An uptown church is shutting its doors more often after a recent rash of robberies."
Ok good, at least we know they aren't making knee-jerk reactions and spending money for just one loss event. Sadly in many instances, and it sure as heck isn't limited to houses of worship, organizations get a little nuts after some event and jump through hoops to make themselves feel better - or that they are safe again. This is not to say that after each and every loss event there shouldn't be a review to improve security planning; it just means that this review need not always result in more spending.
Second, there is a societal fixation on cameras.
"The church plans to buy newer, better security cameras"
Does anyone out there still believe that closed-circuit television cameras (CCTV, aka security cameras) deter any crime? Maybe they do, a little, but if they were effective at it then we might not see so many videos of crime on the news. Consider this, cameras offer a tools for following up, or investigating, activities after they occur. Now this is indeed a very important tool and one that should not be overlooked. Unless someone is monitoring the CCTV system there will be no immediate response to a wrongful act.
So third, just installing better cameras will not likely reduce the number of incidents that occur, unless they are being committed by a select few individuals who, once apprehended, are not able to continue. If not, the losses will continue and the police will more arrests - AND the organization will continue to lose valuable assets. CCTV systems, in a traditional sense, create a nice record of what happened but they are not effective at facilitating the intervention necessary to stop the event.
Look, I'm not saying they shouldn't upgrade their CCTV system. What I am saying is, "hey, let's look into how we might be able to prevent these events from happening in the first place." Maybe, just maybe, catching one of these thieves in the act and counseling them might result in a much better outcome than just having them arrested at some later time.
So how could we prevent it from happening??? I think in the next I might discuss some newer tools - and some old tools.
Saturday, May 12, 2007
Fresh start - in more ways than one
Clearly I haven't been posting any information to this blog in quite some time, and for good reasons... Today, however, signals a fresh start for the blog counter for another really good reason. I just learned that Sitemeter had started installing ad cookies on its member sites. So I've moved to a new counter service, and I figured I'd take this time to go ahead and start over - with the counter and with new posts.
Also, some of you may know that I've stopped consulting full-time and returned to the world of "doing" security. I know, I know. You're asking why anyone would do that; give up the cushy hours, the fun travel, eh, you get the point. Suffice it to say it was just time to go ahead and get back into the game.
Stay tuned. More to come (hopefully more regularly)
Also, some of you may know that I've stopped consulting full-time and returned to the world of "doing" security. I know, I know. You're asking why anyone would do that; give up the cushy hours, the fun travel, eh, you get the point. Suffice it to say it was just time to go ahead and get back into the game.
Stay tuned. More to come (hopefully more regularly)
Monday, February 5, 2007
Wireless Sure... But how do I plan a system anyway?
Not to put the cart before the horse as I did with the previous post... Before you can plan to go wireless with a burglar alarm system you should really plan it a little. After all wired vs. wireless may not be the right question to ask at the beginning anyway. What is the right questions and how do you begin your system plan? Come in and see...
Burglar alarm systems, hereafter referred to just as alarm systems (gotta love the legalese once in a while), are there for piece of mind. Let me make this point clear first - THEY DO NOT STOP A DETERMINED INTRUDER!!! These systems will let you know if someone has activated a sensor which may mean they have already gained access. But they fill other purposes as well. How do you know when you enter your home that someone isn't waiting for you inside? Well that might be the greatest value of an alarm system. An adversary that abducts you inside your house wins in every way possible. They are not in the travelled way, not in public view, and it is highly unlikely that you will have time to dial 911 for help. You alarm system should be planned well enough so that you can be reasonably confident that you are the only person that has entered your home when you open your door.
Planning a system requires a bit of discussion on sensor types, activities and spaces, and access/traffic patterns. So the next couple of posts will deal with each of these briefly.
Burglar alarm systems, hereafter referred to just as alarm systems (gotta love the legalese once in a while), are there for piece of mind. Let me make this point clear first - THEY DO NOT STOP A DETERMINED INTRUDER!!! These systems will let you know if someone has activated a sensor which may mean they have already gained access. But they fill other purposes as well. How do you know when you enter your home that someone isn't waiting for you inside? Well that might be the greatest value of an alarm system. An adversary that abducts you inside your house wins in every way possible. They are not in the travelled way, not in public view, and it is highly unlikely that you will have time to dial 911 for help. You alarm system should be planned well enough so that you can be reasonably confident that you are the only person that has entered your home when you open your door.
Planning a system requires a bit of discussion on sensor types, activities and spaces, and access/traffic patterns. So the next couple of posts will deal with each of these briefly.
Thursday, February 1, 2007
See this on wireless alarm systems
Wireless alarm systems are a real option especially when retrofitting a building. Wireless devices save money and time that is consumed trying to drag wire throughout a facility that is already built.
Wednesday, January 31, 2007
Why go wireless???
Ever thought about a burglar alarm but didn't want to deal with the wires? Ever think that wireless wasn't good enough? Maybe it's because of movies like The Score, The Italian Job, Heat, and the others that portray very talented thieves and complicated thefts. The kind that generally just don't happen everyday in real life. The common burglar will use the door or window that is left unlocked. Or they may put a foot against the door or destroy a window. Either way the greatest threat comes from the path of least resistance.
Realistically, what are the chances that someone would bring equipment to generate a radio signal to jam a wireless alarm system? But what if your wireless system could detect the jamming attempt and use that as a trigger for an alarm?
Welcome to the real world of quality wireless alarm systems. What is quality? See Zen and the Art of Motorcycle Maintenance for a detailed discussion of that topic. But a worthwhile wireless alarm system will likely include all UL listed parts. And is should do some very important things like detect jamming attempts, prevent data collision, and device supervision.
Data collision is what occurs when two or more devices try to communicate to the system panel at one time. Worthwhile systems will not do this. While device supervision is just what it sounds like. The system panel periodically checks the status of each device. What a device fails to respond then the panel makes notifications that something needs to be done.
What might be the best reason for looking at a wireless systems is their resilience during power outages. The backup battery that should be fitted with the system panel is good and may last for 12 hours, but when that battery does not have to support each individual sensor it lasts much longer. See with wireless systems each device has its own battery and thus is not affected by power outages in the same way as a traditional wired system.
Now you may think that he batteries are expensive, but its not the expense that is likely to cause a problem since they usually last for about one to two years. The greatest issue the annoyance of actually changing the batteries every so often. But there are trade-offs with everything.
Keep in mind that there are disadvantages to wireless systems as well, but for the most part they should work just fine for you home and small business needs.
More on planning an alarm system and monitoring options next...
Realistically, what are the chances that someone would bring equipment to generate a radio signal to jam a wireless alarm system? But what if your wireless system could detect the jamming attempt and use that as a trigger for an alarm?
Welcome to the real world of quality wireless alarm systems. What is quality? See Zen and the Art of Motorcycle Maintenance for a detailed discussion of that topic. But a worthwhile wireless alarm system will likely include all UL listed parts. And is should do some very important things like detect jamming attempts, prevent data collision, and device supervision.
Data collision is what occurs when two or more devices try to communicate to the system panel at one time. Worthwhile systems will not do this. While device supervision is just what it sounds like. The system panel periodically checks the status of each device. What a device fails to respond then the panel makes notifications that something needs to be done.
What might be the best reason for looking at a wireless systems is their resilience during power outages. The backup battery that should be fitted with the system panel is good and may last for 12 hours, but when that battery does not have to support each individual sensor it lasts much longer. See with wireless systems each device has its own battery and thus is not affected by power outages in the same way as a traditional wired system.
Now you may think that he batteries are expensive, but its not the expense that is likely to cause a problem since they usually last for about one to two years. The greatest issue the annoyance of actually changing the batteries every so often. But there are trade-offs with everything.
Keep in mind that there are disadvantages to wireless systems as well, but for the most part they should work just fine for you home and small business needs.
More on planning an alarm system and monitoring options next...
Tuesday, October 17, 2006
A short note on landscaping
Landscaping can be an indispensable tool for security, not to mention how much better it can make any building look. For security it can provide some very real benefits, and I'm not talking about those "tips" for home protection like placing thorny bushes around windows (which works or doesn't depending on who you consult).
So here are a few basics for incorporating security functions into your landscaping.
The most important bit has to do with Natural Surveillance, or making sure that everyone is able to see the goings on in a given area. To do this keep shrubs relatively low, particularly closer to the building, to reduce potential areas of concealment. Then keep trees high, or "canopy" them, with the lowest branches somewhere above five feet (six is event better). There reason for adjusting the trees is to highlight the silhouette of a person standing near it. The head is one of the most identifiable features on a human silhouette. This coupled with improved lighting makes it much harder for someone to conceal themselves around a building.
From there is becomes possible to use landscaping for "wayfinding" or assisting persons to remain on the proper path. Shrubs and trees can help guide people without the use of fencing, bollards or chains. It looks nicer, costs less over time, and can be just as effective. For instance, if folks like to "cut across" the lawn on their way to a nearby attraction then a row of shrubs can help deter this behavior. Again the shrubs can be kept relatively low and the height can be compensated with depth. While it might be easy to just over an 18" high row of shrubs, it is much more difficult to do the same for a row that is, say, four or five feet deep. Different types of shrubs can add color and texture for visual appeal while making it uncomfortable to force passage. Some shrubs are particularly adept had creating a sort of "tanglefoot" entrapment that is difficult (or even treacherous) and uncomfortable to pass through. Here again, lighting can help enhance the shrubbery by lighting the path around the plants to further assist in guiding individuals.
There. A couple of quick thoughts on the uses of landscaping in security.
So here are a few basics for incorporating security functions into your landscaping.
The most important bit has to do with Natural Surveillance, or making sure that everyone is able to see the goings on in a given area. To do this keep shrubs relatively low, particularly closer to the building, to reduce potential areas of concealment. Then keep trees high, or "canopy" them, with the lowest branches somewhere above five feet (six is event better). There reason for adjusting the trees is to highlight the silhouette of a person standing near it. The head is one of the most identifiable features on a human silhouette. This coupled with improved lighting makes it much harder for someone to conceal themselves around a building.
From there is becomes possible to use landscaping for "wayfinding" or assisting persons to remain on the proper path. Shrubs and trees can help guide people without the use of fencing, bollards or chains. It looks nicer, costs less over time, and can be just as effective. For instance, if folks like to "cut across" the lawn on their way to a nearby attraction then a row of shrubs can help deter this behavior. Again the shrubs can be kept relatively low and the height can be compensated with depth. While it might be easy to just over an 18" high row of shrubs, it is much more difficult to do the same for a row that is, say, four or five feet deep. Different types of shrubs can add color and texture for visual appeal while making it uncomfortable to force passage. Some shrubs are particularly adept had creating a sort of "tanglefoot" entrapment that is difficult (or even treacherous) and uncomfortable to pass through. Here again, lighting can help enhance the shrubbery by lighting the path around the plants to further assist in guiding individuals.
There. A couple of quick thoughts on the uses of landscaping in security.
Wednesday, October 11, 2006
Managing vandalism - Part II: an alternate approach
Although it may be well past the original event discussed in this series of postings, vandalism to Houses of Worship continues unabated throughout the world. This article is a bit more recent but similar acts occur nearly every day (or night depending on how you look at it).
I have received much feedback from some very vocal peers with a different view on how to respond to such vandalism. Their approach is certainly valid and is, and has been, used many times in many communities - successfully. So here is an alternate response:
As discussed in the previous post you must do a little leg work in advance, but if you don't you will simply have to do it on the fly afterwards. Get a feel for how long it may take to discover vandalism. Keep in mind that I am speaking of prominent vandalism not so much something small in an out of the way place. I mean the sensational stuff that the passing public will see. Will you be aware of it in an hour, a day, or longer?
Then discuss with your local law enforcement what steps they will take once the event is reported. Build your actions around their response. It's just easier that way. Given that your organization is probably a little more agile than the local government (but not always).
The real divergence in this alternate approach is when the vandalism is removed. In this scenario, rather than hiding the damage, covering it up, cleaning in expeditiously, it is used for public relations and awareness.
Organize a press conference with the local media. Include whichever partners may be most appropriate: the local police chief, prosecutor, mayor, or council members. The press conference becomes a time to speak out say that you are not afraid or ashamed. And to discuss how long the vandalism will remain as a symbol of defiance. Follow-up coverage should be arranged with local media to keep this thought fresh in the public mind and additional awareness activities may be planned as well.
Regardless of which approach might be used, or any method for that matter, it is without a doubt important to plan your actions. Even if this planning is done for just a few minutes after an event. Take the time to think through your actions. What is it you wish to accomplish and why. Then act accordingly with those goals. A few minutes of preparation can prevent embarrassment, annoyance, and further hurt from the event.
Good luck.
I have received much feedback from some very vocal peers with a different view on how to respond to such vandalism. Their approach is certainly valid and is, and has been, used many times in many communities - successfully. So here is an alternate response:
As discussed in the previous post you must do a little leg work in advance, but if you don't you will simply have to do it on the fly afterwards. Get a feel for how long it may take to discover vandalism. Keep in mind that I am speaking of prominent vandalism not so much something small in an out of the way place. I mean the sensational stuff that the passing public will see. Will you be aware of it in an hour, a day, or longer?
Then discuss with your local law enforcement what steps they will take once the event is reported. Build your actions around their response. It's just easier that way. Given that your organization is probably a little more agile than the local government (but not always).
The real divergence in this alternate approach is when the vandalism is removed. In this scenario, rather than hiding the damage, covering it up, cleaning in expeditiously, it is used for public relations and awareness.
Organize a press conference with the local media. Include whichever partners may be most appropriate: the local police chief, prosecutor, mayor, or council members. The press conference becomes a time to speak out say that you are not afraid or ashamed. And to discuss how long the vandalism will remain as a symbol of defiance. Follow-up coverage should be arranged with local media to keep this thought fresh in the public mind and additional awareness activities may be planned as well.
Regardless of which approach might be used, or any method for that matter, it is without a doubt important to plan your actions. Even if this planning is done for just a few minutes after an event. Take the time to think through your actions. What is it you wish to accomplish and why. Then act accordingly with those goals. A few minutes of preparation can prevent embarrassment, annoyance, and further hurt from the event.
Good luck.
Monday, August 21, 2006
More on your home computer
Here is a link to some sound advice on securing your home computer from the folks over at CERT at Carnegie Mellon.
Sorry folks there just wasn't much more to say about this one.
Sorry folks there just wasn't much more to say about this one.
Thursday, August 17, 2006
Personal Firewalls
This article on Personal Firewalls does a really nice job of discussing the "long and the short of it."
Firewalls are a necessity, period (fullstop for those speaking the Queen's English). Folks in the security industry often speak of "Defense in Depth." In other words, you don't put everything you have in place, much like the French did prior to WWII with the Maginot Line. This incredible fortress was bypassed by the Germans, making it useless to the defense of France. Unfortunate for their history and disasterous for your data if you try it on your home computer or home network.
However, that is exactly what most folks do when they only use Anti-virus protection. And it some ways it is similar to using the same vendor for all phases of your defense. Many folks use the all-in-one packages (firewall, anti-virus, anti-spyware) from the major vendors like McAfee or Norton, but again all of the muscle is in one product. And that puts all the work on the processor of one computer as well.
My thoughts on this are simple for those with broadband internet access. Start with a hardware firewall (perimeter firewall). It's a box that is physically between your cable/DSL modem and your computer. There are several brands such as Netgear. Now do you need all the muscle it offers? Probably not, but for about $100 why not add that extra layer of protection. With this the work of your software protection products is a little less intensive. It only needs to focus on everything that gets by the hardware firewall.
Think of it this way. You keep the front door of your house open so you can speak with your neighbor across the street. Bugs tend to fly through the door and you have to spend a bunch of time and effort with a flyswatter getting rid of them. Then you install a screen door and you only have to open your door once in awhile, so your "flyswatter time" is reduced.
It think that might be enough today.
Firewalls are a necessity, period (fullstop for those speaking the Queen's English). Folks in the security industry often speak of "Defense in Depth." In other words, you don't put everything you have in place, much like the French did prior to WWII with the Maginot Line. This incredible fortress was bypassed by the Germans, making it useless to the defense of France. Unfortunate for their history and disasterous for your data if you try it on your home computer or home network.
However, that is exactly what most folks do when they only use Anti-virus protection. And it some ways it is similar to using the same vendor for all phases of your defense. Many folks use the all-in-one packages (firewall, anti-virus, anti-spyware) from the major vendors like McAfee or Norton, but again all of the muscle is in one product. And that puts all the work on the processor of one computer as well.
My thoughts on this are simple for those with broadband internet access. Start with a hardware firewall (perimeter firewall). It's a box that is physically between your cable/DSL modem and your computer. There are several brands such as Netgear. Now do you need all the muscle it offers? Probably not, but for about $100 why not add that extra layer of protection. With this the work of your software protection products is a little less intensive. It only needs to focus on everything that gets by the hardware firewall.
Think of it this way. You keep the front door of your house open so you can speak with your neighbor across the street. Bugs tend to fly through the door and you have to spend a bunch of time and effort with a flyswatter getting rid of them. Then you install a screen door and you only have to open your door once in awhile, so your "flyswatter time" is reduced.
It think that might be enough today.
Liquid explosives? And what it means for the rest of us...
What does all this mean for everyday life? Well, it's sort of the same situation as 9/10 syndrome. The only thing that's different between today and "yesterday" is how we perceive the situation. Liquid components for explosives have been a concept for a long time; I even knew some folks in high school that toyed with them.
The difference is that we are reacting to it now. Here's the deal on flying and I don't intend this to sound like a bunch of false bravado.
Whether or not someone sneaks a bomb onto a plane is generally out of your (and my) control. Simply stay alert and help where and when you can. If all you can do is calm others that are interfering with any response then do it. Rick Rescorla did much more than this on 9/11 and he exemplifies what the security professional, but the one thing that everyone that walked past him keeps stating in interviews was his calm and his efforts to keep everyone else calm as they evacuated.
So do what you can, when you can, but remember that very little has changed since the day before the announcement, except maybe your perception.
The difference is that we are reacting to it now. Here's the deal on flying and I don't intend this to sound like a bunch of false bravado.
Whether or not someone sneaks a bomb onto a plane is generally out of your (and my) control. Simply stay alert and help where and when you can. If all you can do is calm others that are interfering with any response then do it. Rick Rescorla did much more than this on 9/11 and he exemplifies what the security professional, but the one thing that everyone that walked past him keeps stating in interviews was his calm and his efforts to keep everyone else calm as they evacuated.
So do what you can, when you can, but remember that very little has changed since the day before the announcement, except maybe your perception.
Tuesday, August 15, 2006
A short hiatus
Sorry for the break folks, I have recently moved to Washington State for a new opportunity. Just a short move across the entire U.S. from one Washington to another.
I plan on being just a tad more regular here in the near future.
I plan on being just a tad more regular here in the near future.
Friday, March 3, 2006
SHAC six found guilty on ALL counts!!!
I'll get links to articles up soon, but in the meantime just know that the federal jury in Trenton, New Jersey found Kevin Kjonas and the rest guilty of terrorism under the Animal Enterprise Act.
This is exceptional news and it means that it may become just a tad easier to defend your organization from such attacks.
Here is a short list of SHAC's tactics:
So, if your organization has done business with HLS in the past, is involved in any sort of animal testing in particular, or other uses of animals targeted by the Animal Rights movement it would be prudent to be prepared for random retaliatory actions.
This is exceptional news and it means that it may become just a tad easier to defend your organization from such attacks.
Here is a short list of SHAC's tactics:
- Posting executive and employee information on the web. This information sometimes went so far as to show what schools the executive's children attended. Not that it makes any difference, this was not just information about HLS employees but also that of other companies that did business with HLS.
- Home protests - that's right they would visit an employee's home and protest outside with graphic signs. They might also canvass the neighborhood to inform their neighbors of the "horrible" things their neighbor was involved in.
- Telephone campaigns - companies were inundated with phone calls that amounted to little more than denial of service attacks.
- Others limited only by creativity...
- Vandalizing employee homes and cars - throwing paint on the houses and using etching acid to write on house and car windows. They would also use paint stripper to write in the paint on cars.
- Booby-trapped letters were mailed to some executives - not explosives but razorblades.
- Threatening phone calls, letters, emails and the like.
- At least one denial of service attack on a bank.
- Vandalizing the Marsh offices.
- And let's not forget the Chiron and Shaklee bombings in California.
- This is just the short list.
So, if your organization has done business with HLS in the past, is involved in any sort of animal testing in particular, or other uses of animals targeted by the Animal Rights movement it would be prudent to be prepared for random retaliatory actions.
Tuesday, February 28, 2006
More thoughts on your home network
Here's a news story that you probably won't find as a headline, because it happens all too often... My friends house was burglarized and among his losses - possibly the least of his concerns - were his computers.
So we chatted a good bit about it and I got a little food for thought as well.
First, was the question how anyone would know that he had computers in the first place. Anyone? Anyone? Here are three quick possibilities:
So what are some solutions?
As for the laptop cases, there are some designer bags that don't "have the look," but they're pricey. I'm pretty cheap so my solution involves my favorite daybag (book backpack) and a bit of swag from my buddy at Cisco. For you, just find a bag or briefcase that you like and works for you. Then get a padded carrier for the laptop and put in inside your bag/briefcase. It may not be pretty, unless you put some time into it, but it works nicely. I like it for airports and other public places. No one would ever put a laptop in my ratty old backpack, so no one gives it a second look.
The windows problem should be pretty easy. If not, you have much larger problems. And if you problems are much larger, like you have a server rack in your kitchen, then it's time to get creative with your window treatments. Possibly frosting the lower half of window will prevent casual observation.
Wireless networks are a problem - and one that just won't go away. Most folks look at this issue in terms of encrypting data and the like. The focus is on a hacker, not a burglar. So you can turn off your SSID Broadcast to make it a little harder form someone to find your network. This has little benefit and does create some headache. While it makes the network stop broadcasting "its name" it still has to transmit the data and you must "tell" your computer the name of the wireless network it is looking for before it can get access. Keep in mind that someone with moderate skill will be able to find your network, sniff all you packets, crack you encryption and get onto your network. It's coming, but right now the average burglar probably isn't going through this trouble. If he/she did they probably wouldn't enter your home since they could steal your data remotely. So consider lowering the profile of your wireless network. Turn it off when out of the house. Turn off the SSID. Turn on the MAC filter - again, this has limited benefit with additional headache. Oh, and I should not have to mention this, but make sure you change the password to your router.
I'll stop this here, but don't worry this topic will come up often I'm sure.
So we chatted a good bit about it and I got a little food for thought as well.
First, was the question how anyone would know that he had computers in the first place. Anyone? Anyone? Here are three quick possibilities:
- The comings/goings of persons with "laptop cases" - we all know what they look like and it's pretty unavoidable.
- Looking into the windows of the house. How many of us actually try to conceal our computers from the windows? Afterall, they're so common.
- Wireless networks. That's it. Anyone with a laptop running XP that turns it on will see the network listed, unless....
So what are some solutions?
As for the laptop cases, there are some designer bags that don't "have the look," but they're pricey. I'm pretty cheap so my solution involves my favorite daybag (book backpack) and a bit of swag from my buddy at Cisco. For you, just find a bag or briefcase that you like and works for you. Then get a padded carrier for the laptop and put in inside your bag/briefcase. It may not be pretty, unless you put some time into it, but it works nicely. I like it for airports and other public places. No one would ever put a laptop in my ratty old backpack, so no one gives it a second look.
The windows problem should be pretty easy. If not, you have much larger problems. And if you problems are much larger, like you have a server rack in your kitchen, then it's time to get creative with your window treatments. Possibly frosting the lower half of window will prevent casual observation.
Wireless networks are a problem - and one that just won't go away. Most folks look at this issue in terms of encrypting data and the like. The focus is on a hacker, not a burglar. So you can turn off your SSID Broadcast to make it a little harder form someone to find your network. This has little benefit and does create some headache. While it makes the network stop broadcasting "its name" it still has to transmit the data and you must "tell" your computer the name of the wireless network it is looking for before it can get access. Keep in mind that someone with moderate skill will be able to find your network, sniff all you packets, crack you encryption and get onto your network. It's coming, but right now the average burglar probably isn't going through this trouble. If he/she did they probably wouldn't enter your home since they could steal your data remotely. So consider lowering the profile of your wireless network. Turn it off when out of the house. Turn off the SSID. Turn on the MAC filter - again, this has limited benefit with additional headache. Oh, and I should not have to mention this, but make sure you change the password to your router.
I'll stop this here, but don't worry this topic will come up often I'm sure.
Subscribe to:
Posts (Atom)