Discussion on access control system networking and network security technical issues

First, the development and status quo of access control systems

With the acceleration of digital network development, the scope of networked products has been expanding, and access control systems have steadily moved deeper into the direction of TCP/IP networks from the traditional RS485 bus transmission method. The limitations of RS485 communication in terms of number of nodes, transmission distance, and communication speed limit its application, especially the application of large-scale access control systems. The access control system based on TCP/IP network communication has the advantages of no-node limitation, wide coverage area, fast communication speed, and small interference, and is fully ahead of the RS485 bus system, and it will naturally gain the favor of many users.

At present, some access control systems using external or built-in network converters on the market are actually intermediate devices using RS485 to TCP/IP, which is not a true network access control. The access controller used in the true sense of the network access control is generally implemented by a 32-bit ARM7/9 microprocessor.

The access control system adopting the full TCP/IP method can make full use of the established network resources, and the amount of new wiring works is small. It can be used across regions without distance limitation, and information transmission and storage capacity can be greatly improved. However, if the project does not have a network, the special installation of the network will increase the cost of the initial investment. At present, it is mainly used in large-scale systems with more than 100 doors.

Another aspect of access control system technology development is the integration of access control systems and other intelligent building systems. It is mainly integrated with video surveillance systems, intrusion alarm systems, perimeter detection systems, fire alarm systems, and building automation systems. This combination provides Effective structure to enhance each other's systems complement each other. For example, once there is an event that triggers an alarm, it will send a signal to the video surveillance system to provide real-time recording of the incident scene, and the linked access control system will block the corresponding access control channel.

Second, the access control system networking and network security technology issues 1. Networking and security
At present, there are two networking methods for network access control systems. One is the access control system based on RS485 bus networking. The other is the “IP network access control” of the network access control system. The “IP network access control” refers to the access control system of the access control controller and the access control server using the TCP/IP protocol.

In the past, most of us were concerned about the reliability of access control systems. At present, the security of access control systems has received more and more attention. In particular, the security requirements for access control systems of certain countries' confidential departments and confidential departments are even higher.

Compared with the traditional access control system based on 485 bus network, the advantages of IP network access control are mainly reflected in: (1) greatly improve the system response speed, for more than 100 access control points above the access control system, especially for video linkage requirements occasions, Should be preferred; (2) improve system reliability, RS485 twisted pair bus technology is mature, easy to use, but poor anti-jamming performance; (3) improve system scalability, IP architecture is more suitable for standardization of the system expansion, and off-site It is the best choice for networking users to use. (4) Improve the maintainability of the system. The IP network access control facilitates remote diagnosis and maintenance. Compared with the traditional access control system based on the 485 bus network, the IP network access controller should be higher than the RS485 access controller.

Regarding the network security of the two networking systems, any kind of network communication has the risk of being eavesdropped or modified by a third party. RS485 bus communication technology is simpler than the IP network access control using TCP/IP protocol networking. "Easier to be attacked.

The TCP/IP protocol is the most widely used network communication protocol and has powerful communication capabilities. However, TCP/IP protocol packets are easily monitored and intercepted by dedicated software during the transmission process. The TCP/IP protocol in the network is easily communicated by third parties. Eavesdropping or modification.

The main danger of this kind of threat is that the access authority in the access control system and the administrator's user information and password are easily intercepted. The most terrible danger is the possibility of legal communications being modified, the modified information being used for illegal access, and even blocking the interception of real-time alarm events, etc. will cause incalculable losses to the customer's security.

TCP/IP communication packets are intercepted and executed in many ways. Changing the direction of the message causes the hosts on the network to change the address of the packets they send during the network session.

A spoiler interested in truncating a conversation may use one method to set up relays. A relay failure can occur anywhere in the network, even at a distance from the client system. The relay machine can adjust traffic in real time or record packets for later analysis. The relay machine can also change the content of the transmitted communication.

The method of obtaining the communication content only requires a passive packet monitor (often referred to as a "packet sampler"). The packet sampler can provide the logged network information to the deliberately destructive system security in a relay-broken manner.

Currently, 99% of the TCP/IP access control systems used in large-scale projects such as subways, banks, unattended equipment rooms, telecommunications power, and national government agencies have no anti-intrusion security mechanisms at the network layer. Since customers do not understand the potential risk of being hacked at any time, once attacked will directly threaten the normal operation of the customer; it will even result in major loss of personnel and property, so solving the security problem of TCP/IP access control system becomes anxious. The problem to be solved.

2. Application of Network Security Technology in Access Control System

At present, in order to ensure the security of data and communication in access control systems, the main network security technologies used are: security cryptography, counterfeit card protection technology, equipment authentication technology, intrusion detection, data transmission encryption technology, data storage, backup, and disaster recovery technology. Wait. The following lists the application of several common network security technologies in ensuring access control systems.

Borrow VPN Network Channel Method

Using this method of Figure 1, the threat of illegal computer attacks outside the VPN tunnel is resolved. The disadvantage is that there is also the possibility of illegal computer attacks from inside the VPN tunnel.

Using the method shown in Figure 2 for each controller with an independent VPN device, the advantage is that each device in the system has an independent security channel, effectively solving the threat of internal and external computer attacks. The disadvantages are very high investment costs and high maintenance costs.

High-security encryption technology of the network door vegetable equipment

Such as Siemens company's SIPASS access control system, this type of product communication service uses SSL encryption technology, communication service software and management of customer full and controller communication between all through SSL encryption, decryption, authentication and other strict security detection mechanism To be done.

At present, online banking security encryption uses SSL encryption technology. The comprehensive system security mechanism in this kind of access control system products ensures the security of customers in complex network environments. It is characterized by satisfying customers' high security of the entire system. The requirements are relatively cost-saving, and can also significantly save on subsequent use and maintenance costs. This is a very valuable option.

Third, the integration of access control systems and other systems and information sharing

With the rapid development of digital networking and intelligent building technologies, the integration of access control systems with other systems will become even closer, and the scope will become wider and wider, infiltrating into all areas of society and playing an increasingly important role. In addition to access control, attendance, documents, patrolling, dining, consumption, fitness, medical care, parking, book materials, meeting attendance, visitor management, elevator control management, office equipment management, club entertainment, three forms and property payment, etc. Also with other intelligent systems necessary integration and linkage, such as anti-theft alarm, closed-circuit monitoring, fire alarm, and even building automation systems.

In addition, the system will also make data interfaces with systems such as ERP, such as attendance, payroll, and personnel management.

The network access control system has the following features:

Data sharing: Utilize system resources to speed up data exchange.

Real-time monitoring: Real-time monitoring of all terminals in the system.

Quick Search: All records can be retrieved at one time in the same database, improving efficiency and accuracy.

Comprehensive statistics: All statistical reports can be completed in the management center.

Convenient management: Management of all systems can be completed in the management center.

With the development of building intelligent systems, the integrated management of network access control and card systems is already a general trend. The simple “card” can no longer satisfy the actual needs of the society, but requires a seamless link within the card system, and External linkage of other intelligent systems.

There are two main ways to implement the linkage between the access control system and other systems

The first is the hardware method
That is, the access control system outputs the relay dry contact to the matrix alarm input module of the analog television monitoring system and the alarm input of the DVR, so as to realize the image capture and monitoring functions of the controlled door point or related parts. This kind of integration method is the most commonly used and the most basic one in the past. However, the problem is that afterwards, it can't be queried through more efficient means. At the same time, installation and debugging are quite troublesome.

The second is software

The access controller with digital video server (encoder) function supports the dual data exchange function from the device protocol layer to the software database layer simultaneously with the digital monitoring system. Another method is to directly integrate the program of the access control management system software in the SDK of the DVR video capture card, and connect the DVR equipment through the access control system software function item. The above two software methods have their advantages and disadvantages. The advantage of the former is that the system responds quickly and there is no delay. The disadvantage is that the video data must be stored in the local management host, and the capacity of the host hard disk must be high. The latter has the advantage that the local management host does not need to save the video stream data, and only needs to call the data in the remote DVR when needed. The disadvantage is that the associated video will have a delay of about 1-3 seconds and cannot be abnormal at the channel. The previous video was called. In addition, there is also a software approach that is integrated by an intelligent system platform. This software is provided by the equipment provider's OPC standard interface or data development package, and then developed by a professional software vendor, in the third-party software. Show in and out of data and video information, such software also integrates various systems to achieve the purpose of unified management, the drawback is a long development cycle.

Fourth, the development trend of network access control system

In summary, the networked access control refers to the access control system based on TCP/IP communication. The advantages of the access control system adopting the TCP/IP communication protocol are that the communication speed is fast, the network is not limited by the distance, the network resources are easily obtained, and the system can be managed. Because of the large number of devices, access control devices that use this protocol as a networking mode have become mainstream products for large-scale access control system projects and remote management access control system projects. Compared with the traditional access control, it has greatly improved the communication and real-time monitoring, data transmission, networking and other aspects, and improved the shortcomings of the lack of real-time RS485. It has already broken through the early single RS485 bus to access up to 128 The limitation of the station controller is changed from a bus network to a star structure. Any problem at any point will not affect the system. The system failure is also easy to find and eliminate.

Undoubtedly, with the continuous development of intelligence, integration and networking in the security industry, the access control system will embark on a brand new road, complete with security video surveillance systems, anti-theft alarm systems, and fire alarm systems and building automation systems. Taiwan has become a development trend; in addition, information sharing and seamless integration between building and architecture intelligence subsystems will surely be the direction of development of access control systems.