Security Dealer & Integrator

JUN 2018

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/993638

Contents of this Issue

Navigation

Page 20 of 59

June 2018 www.SecurityInfoWatch.com / Security Dealer & Integrator 21 ComNet is Your Solution for Fiber Optic, Copper and Wireless Transmission The transmission products you choose today will affect how well your network performs tomorrow. ComNet offers the most comprehensive line of products designed to solve every transmission challenge. Your Transmission Challenge has always been Getting Your Audio, Video, Data and Ethernet Signals from Here to There. The Shortest Distance Between Two Points View the Full Product Line at comnet.net and Identify the Fiber Optic, Copper or Wireless Connectivity Solution for your Application Contact the ComNet Design Center Now for Free Design Assistance. Call 1-888-678-9427 or 1-203-796-5300 or email designcenter@comnet.net Visit www.comnet.net Email info@comnet.net Phone 1-203-796-5300 Toll Free 1-888-678-9427 Visit us at ASIS 2018 | Las Vegas, NV | Booth 2859 | 25-27 September KeyScaler automatically quarantines new devices until validated. To pre- vent the of certificates and unautho- rized use, the Device Authority agent stores the certificate and associated key pair in an encrypted state. e agent will make decryption available only to authorized applications defined in the credential provisioning policy on the KeyScaler server. Binding the cer- tificate to the device can help detect misuse of certificates that are stolen or copied to another device. In another approach to securely provision credentials, Bosch has partnered with SecureXperts to load CHAVE cameras with signed X.509 certificates, allowing trusted commu- nication with these devices. Further, passwords are eliminated entirely by provisioning users with smart card credentials to allow device access. A Vendor-Agnostic Solution Both of the approaches highlighted have technical merit, but they also have a limitation on manufacturers they can currently work with. With many installations employing a mix of different devices, additional techniques would be needed to cover the remain- ing devices. Back in 2016, I wrote about an innovative program implemented by security integrator Contava to securely provision passwords to security techs in the field (www.securityinfowatch. com/12242602). I circled back with David Sime, now VP of Technology for Paladin Technologies, which acquired Contava in 2017. e approach, which uses a product from Click Studios (www.clickstudios.com.au) called Passwordstate, involves VPN access from the field to a Paladin password server, which responds with a strong encrypted password. Passwords are tied to specific devices through a device identifier. Sime says this effort was successful, adding that "there was obvious resis- tance by our techs up front, but once Request information: www.SecurityInfoWatch.com/10215705 we got them there, it took away a lot of their frustration by having the infor- mation at their fingertips. It is a bal- ance between usability and security." Provisioning updated passwords across the enterprise is more diffi- cult with this approach and involves a mass export operation – which in itself can have security ramifications. Sime is now evaluating an enterprise-level offering from 1password to eliminate the internal password server. ■ » Ray Coulombe is Founder and Managing Director of SecuritySpecifiers and the CONSULT Technical Security Symposium. Email him at ray@SecuritySpecifiers.com, or follow him on Twitter: @RayCoulombe.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - JUN 2018