PHYS-201_final
Information Security y
and Physical Access
Control System
CollaborationCollaboration
Terry Neely
PlaSec, Inc
04/22/09 | PHYS 20104/22/09 | PHYS-201
Session Classification: Intermediate
1
Agenda
Why Collaborate
How to ?How to ?
U CUse Cases
Chall...
Information Security y
and Physical Access
Control System
CollaborationCollaboration
Terry Neely
PlaSec, Inc
04/22/09 | PHYS 20104/22/09 | PHYS-201
Session Classification: Intermediate
1
Agenda
Why Collaborate
How to ?How to ?
U CUse Cases
Challenges and Opportunities
2
WhyWhy
Collaborate ?
3
What’s not working
• Historical perspective• Historical perspective
• Proprietary architecture
4
Contractor indicted for logic bomb
• Rajendrasinh B. Makwana fired Oct 2008Rajendrasinh B. Makwana fired Oct 2008
• Planted malicious code after termination
B d & l t t d 3 ½ h l t• Badge & laptop returned 3 ½ hours later
http://finance.yahoo.com/news/Feds-allege-plot-to-destroy-apf-14214374.html
5
What needed to happen
Collaboration requires…
• Out of the box interoperability
B ilt b t ti f IT• Built on best practices from IT
• Becomes part of the security fabric
Is not convergence!
7
Why collaborate?
Reduce costs
• Streamlines operationsp
• Reduce personnel requirements
Add value to the business
• The “where” data point
• Policies cross logical & physical
environments
• Provisioning & de provisioning• Provisioning & de-provisioning
8
How to?How to?
9
Physical access components
Doors & Readers Controllers Access Control HostDoors & Readers Controllers Access Control Host
10
The differences are artificial
Physical Access Logical Access
Identities Policies &R Identities
Policies &
RIdentities Resources Identities Resources
Events Events
11
Physical and logical access
Similarities Differences
• Identities
• Provisioning
• Lack of standards
• Offline operations
• Entitlement
• Monitoring
• Delivery channel
• Product cycles• Monitoring
• Enforcement
• Product cycles
• Locking hardware
12
UseUse
Cases
13
Tie physical location with logical
• Provision access based on location• Provision access based on location
• Eliminates tailgating
• Accurate people count
• Provides “locality of use” to IP transfer policiesy p
14
Collaborate with situation event manager
• Adds the “where” to the cloud
• Central security policies can take into account• Central security policies can take into account
where an identity is located
Response
Tighten network security
infrastructure
Comprehensive
threat detected
from physical and
Lock doors
Require higher authentication
t th dForced door + server login
from physical and
logical sensors
at other doorsForced door + server login
15
Provisioning
Physical access provisioned with logical
• Leverage existing tools to reach into physical accessLeverage existing tools to reach into physical access
• De-provisioning revokes physical access with logical
• Entitlement Management• Entitlement Management
– Physical access policies integrated with roles
Separation of duty checking– Separation of duty checking
– Temporal and limited roles
16
Challenges &Challenges &
Opportunities
17
Challenges with legacy access control
• Highly proprietary• Highly proprietary
• Multiple systems = multiple efforts
• Upgrades problematic
• Expensive developmentp p
18
A better way through collaboration
New collaboration platforms eliminate
proprietary products
Leverage existing IT tools and products
19
Next steps
• Assess existing systems & processes
• Identify interoperability points
• How can collaboration technology enhance my
security strategy?security strategy?
• Start with provisioning
20
Thank you!Thank you!
Terry NeelyTerry Neely
President
PlaSec, Inc
terry@plasecinc.com
本文档为【PHYS-201_final】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。