Security Features - February 2012

External security system adopted by UK Police control rooms
Compound Security Systems Ltd., manufacturers of probably the most stable external security systems in the UK, is pleased to announce the formal adoption of its security systems by Norfolk and Kings Lynn police.
Well-known for its controversial but highly effective Mosquito anti-loitering device and RDAS wireless battery powered GPRS systems for large external compounds, void property systems and recently its church roof security systems, Merthyr Tydfil-based Compound Security Systems has chalked up another first with its VX and HX range of standalone PIR security systems.
Simon Morris, Commercial Director, says: “We have been working with several UK police forces over the last 18 months to develop a range of standalone GPRS connected PIRs that can be rapidly installed by police officers in any external environment.  
“Using Optex VX402 and HX40 detectors Compound Security Systems has modified the units to GPRS communication, providing a fully ARC monitored system and online real-time log.”
Initial trials over the last 12 months have allowed Norfolk and Kings Lynn police to deploy units in areas suffering from theft within minutes and be assured that the units are reliable, and that they will not trigger a false alarm due to animals or severe weather.
Deployment of the initial batch of systems has led to several arrests and convictions that have been well received by local residents and senior officers.
The Compound Security Systems VX and HX GPRS stand-alone systems have proved to be so reliable and valuable that Norfolk and Kings Lynn police have committed to using Compound’s range of monitoring solutions fully integrated with the Bold Gemini alarm handling system used in their control room.
Optex Europe's Divisional Manager, Paul Nicholas, adds: “This is another benchmark for the performance delivered by our BoundaryGard range of external detectors when in the hands of trained installers.
“We are delighted with the support and results Compound Security have gained by working with Norfolk Police. Reliable external detection is possible and presents the industry with a range of new opportunities for solution selling in all market sectors.”  
Brian Kelly, Managing Director of Bold Communications – the monitoring software supplier – says: “There is strong demand in the monitoring sector for a reliable and effective rapid deployment solution. Feedback from Norfolk Police about the Compound RDAS product has been consistently positive and we are very pleased to support the unit within our Gemini software, enabling other users of Bold Gemini to also monitor the devices.”    
Simon concludes: “We are currently working with several other Forces towards the same goal, since the ease of use and reliability of the new GPRS-enabled VX and HX external systems has given the police a powerful tool in the fight against crime that is highly cost effective. Installation costs are essentially the cost of an hour of an officer’s time and the returns are significant, especially during difficult budgetary restrictions within the Forces.”
Compound Security Systems produces a range of external and void property systems suitable for a wide range of applications. All systems are designed and built in the UK from component level and are highly reliable and flexible. This is in part due to the design engineers but also because only Optex PIRs and active beams are provided with their systems, due to the fact that Simon Morris believes Optex produces the world’s most stable passive and active beam detectors on the market.

Business Logic Attacks Attractive To Hackers,
Imperva Finds Study of web application attacks shows automated attacks can peak at nearly 38,000 an hour
Imperva has announced the release of the second Imperva Web Application Attack Report (WAAR), which revealed that web applications are subject to business logic attacks. The WAAR, created as a part of Imperva’s ongoing Hacker Intelligence Initiative, offers insight into actual malicious web application attack traffic over a period of six months, June 2011 through November 2011.
Imperva monitored and categorized attacks across the internet targeting 40 different applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation.
“Business logic attacks are attractive for hackers since they follow a legitimate flow of interaction of a user with the application,” said Amichai Shulman, Imperva’s CTO. “This interaction is guided by an understanding of how specific sequences of operations affect the application’s functionality. Therefore, the abuser can lead the application to reveal private information for harvesting, skew information shared with other users and much more — often bypassing security controls.”
Report Highlights
- Automated application attacks continue. In the six month period from June – November 2011, the observed web applications suffered attacks in the range of 130,000 to 385,000 per month. At its peak, the application set was under attack at a rate of nearly 38,000 per hour or ten per second.
- Hackers are relying on business logic attacks due to their ability to evade detection: Imperva also investigated two types of Business Logic attacks: Comment Spamming and Email Extraction. Comment Spamming injects malicious links into comment fields to alter search engine results and potentially defraud consumers. Email Extraction simply catalogs email addresses for building spam lists. These Business Logic attacks accounted for 14% of the analyzed malicious traffic.
- The geographic origin of Business Logic attacks were: Email extraction was dominated by hosts based in African countries. An unusual portion of the Comment-spamming activity was observed from eastern-European countries.
Hackers exploit five common application vulnerabilities: The five most common application vulnerabilities are: Remote File Inclusion (RFI), SQL Injection (SQLi), Local File Inclusion (LFI), Cross Site Scripting (XSS) and Directory Traversal (DT). Cross Site Scripting and Directory Traversal are the most prevalent classical attack types. Why are these vulnerabilities targeted? Hackers prefer the path of least resistance and application vulnerabilities offer a rich target.

Health & safety - Looking ahead for 2012!
David Lummis, CEO of the British Safety Industry Federation (BSIF), discusses what the year 2012 has in store for the health and safety industry.
As 2011 comes to a close, I’m left to contemplate what the year ahead has in store for the health and safety industry. The Lofstedt Review and the revised PPE Directive, are just a few of the topics that spring to mind which will have an impact.
Despite the seemingly endless stream of gloomy news from Europe, the UK appears to be weathering the turbulent financial storm. Whilst confidence remains fragile and with many investment plans on hold, industry output continues, something which is of course vital to keep the UK moving!
In Vince Cable’s speech at the beginning of the year, he highlighted that the UK remains the world’s sixth biggest manufacturer — a fact that still surprises many people when they hear it. With the spotlight continuing to shine on manufacturing, manufacturers will need to ensure that suitable health and safety measures are in place. Keeping up to speed on these varying health and safety needs, especially as manufacturing technology continues to develop, will be pivotal for our profession to develop and thrive.
Additionally this year, an independent review of health and safety legislation, chaired by Professor Ragnar Lofstedt, has taken place. Following a stakeholder consultation, the Lofstedt Review has now been published. Within this review, Professor Lofstedt makes a number of recommendations to simplify and improve the way health and safety legislation is enforced. As these recommendations are implemented throughout the next few years, companies and individuals will need to keep abreast of the changes taking place.
Another change in European Legislation is the amended version of the PPE Directive. The PPE Directive is a fundamental piece of European legislation relating to occupational safety throughout Europe. It has a large impact on the sale of PPE and directs many of the requirements of supplying this equipment to the UK market. A period of consultation has taken place and it is now anticipated that the final draft will be available in 2012 albeit that the final text of the Directive might not be available until 2013.
The new PPE Directive is set to make distributors and resellers of PPE responsible for the integrity of the equipment they are selling, as well as continuing to place the responsibility on the manufacturers. The repercussions of this new focus of responsibility throughout the purchasing chain will help ensure end users can purchase from a distributor with confidence, comfortable in the knowledge that the products they are buying are genuine.
The changes that are set to be made in the PPE Directive will have potential ramifications for businesses throughout the industry and is something the BSIF will continue to keep abreast of and advise as appropriate throughout the New Year.
Finally, one of the BSIF’s key focuses throughout this year has been its campaign to combat illegal and counterfeit PPE products. Throughout 2011, this campaign has gathered momentum and the aim to further educate end users about the need to purchase genuine, safe and legal safety products is a message that has been consistently reinforced. As the success and the drive of this campaign builds, so do our aims. 2012 will see the launch of our new PPE Checklist that has been devised to aid recognition for end users and trading standards of legal and compliant PPE. The BSIF’s Registered Safety Supplier Scheme has also seen an increase in members as organisations seek to join an initiative that helps them stand out from the crowd! All companies participating in the scheme have signed a binding declaration that the safety equipment they offer meets the appropriate product performance standards, is fully compliant with the PPE Directive and is therefore legally carrying the mark. Making sure end users are aware of the importance of purchasing PPE from a reputable organisation will continue to drive the BSIF into the New Year and beyond!
The world of health and safety is changing and in turn so must the businesses operating within the industry. As new legislations are implemented, organisations need to embrace the changes and adapt accordingly. Without doubt, 2012 may be challenging but the rewards in store far outweigh the challenges. We wish you a happy, healthy and prosperous new year.

New Symmetry™ Outdoor Network Camera Released
G4S Technology have added a new outdoor camera to the Symmetry network camera range. The EN-7540 is a high performance pan/tilt/zoom, day and night camera, ideal for demanding outdoor applications.
The EN-7540 includes a x36 optical zoom for long range applications and has a vandal proof casing, making it a perfect solution for high risk areas.
The camera supports H.264 encoding reducing the network bandwidth needed and decreasing the hard drive storage space required. The high quality video encoding enables the cameras to capture details such as facial features and license plates, making it especially relevant for security applications.
The camera is supported by Symmetry Video Management software V6.2 or later and using intelligent triggers in Symmetry can form part of highly integrated security management solution for any application worldwide.

Helping businesses protect lone workers
Almost by definition, lone working can be both intimidating and at times dangerous, so the protection of lone workers involves a twofold approach; not only to provide safeguards but also to offer reassurance to the people involved.
 A recent study by the Royal College of Nursing (RCN) has revealed that more than 60% of community nurses spend more than half their time as a lone worker without immediate access to a colleague for support. Over 70% reported having been subjected to either physical or verbal abuse during the course of their jobs in the past two years, with many agreeing that the risk they face has increased, largely due to the increased expectations of patients, their relatives and carers.
Alongside the health sector, a wide variety of other industries employ people whose jobs require them to work or operate alone, either regularly or occasionally, so to address these important issues, the security industry has worked with the police and end-users to develop a combination of practice, technology and standards capable of providing an effective – and cost-effective - solution to the risks. The development of technology and practice in the field has focused on encouraging and enabling lone workers to assess the risks they might be facing and provide them with the means both to summon aid in an emergency and collect information that can be used in evidence, if necessary. This has led to the creation of lone worker devices equipped with mobile phone technology that connect employees quickly and discreetly with an emergency response system that has direct links to the police.  A number of products are commercially available from BSIA member companies.
Police response is clearly a crucial factor and the technology has been developed to maximise effectiveness through the reduction of false alarms. This is achieved through a combination of 24/7 remote monitoring and two-tier alert facilities, classified as pre-activation (aka amber alert or pre-alert) and activation (red alert).  All approved devices are monitored by an Alarm Receiving Centre (ARC), accredited to British Standard 5979. Sending a pre-activation message allows users to inform the ARC when they are entering an area with a potential risk – e.g. before walking across a dark car park. If the user then experiences a problem or encounters a situation that seems likely to escalate into something more serious then the lone worker device can be activated to summon help.
Activating the lone worker device automatically triggers a voice call to the ARC. No further action is required by the user, as the device effectively functions as an open microphone, enabling the ARC to capture an audio recording of the incident for future action such as police investigation of legal proceedings. Operators at the ARC also monitor the audio channel in real time, enabling them to assess the situation and alert the police if the user needs help or protection. This procedure allows the police to optimise their response to genuine emergencies by providing a ‘moving picture’ of the incident, including an increase or decrease in risk as it happens. The very knowledge that this is taking place is, of course, a major boost to the user’s confidence.
Expert guidance
The development of British Standard BS8484, a Code of Practice for the provision of Lone Worker Services, has been a key element of the security industry’s work to create such solutions. BS8484 is employed by all BSIA members in the field and forms the basis for police respond to lone worker systems.
The BSIA has also published two associated guides, which provide both employers and lone workers themselves easy-to-follow advice.
‘Lone Workers – An Employer’s Guide’ informs employers about and what to look for when sourcing a supplier. To download the guide go to www.bsia.co.uk/publications, and search for form number 288.
For employees whose role requires them to work alone, the BSIA has produced a separate guide, ‘Lone Workers – An Employee’s Guide’, which can be downloaded free by visiting the BSIA’s website and searching for form number 284.
To find out more about the BSIA visit www.bsia.co.uk

Accessible Access Control from Assa
ASSA, a part of ASSA ABLOY Security Solutions, a division of the ASSA ABLOY Group, has made access control systems accessible for all with the introduction of a standalone version to the Smartair family. 
Bridging the gap between mechanical security and access control systems, the Smartair standalone wireless door management solution from ASSA, is specifically designed for smaller applications, where a complete access control system is not suitable.
With no need for wiring thanks to its use of contactless RFID technology, simplifying the installation process, the bolt-on Smartair unit is supplied in a handy kit form and can be installed on any mechanical door. In addition, there’s no need to install complicated software and often the existing mechanical cylinder can also be used.
The cost effective system from ASSA, which uses a unique management system, is ideal for small commercial environments or one-off developments where some degree of people management is required.
Credential types can be stipulated and a programming card is also supplied to further manage the system by adding and deleting authorised users, helping to increase a premise’s security.
Lorna Ardern, Product Manager for ASSA, said: “The latest addition to the Smartair range from ASSA, makes access control systems available for all, extending the Smartair family.
“The Smartair offering now ranges from the standalone system, which can be used on a single door or as a bolt-on to an existing system to an advanced wireless access control system that can be used across multiple buildings. This means that whatever the application, ASSA’s Smartair has the solution. This is great news for our customers, enabling them to win work on a variety of developments, whilst end users can benefits from Smartair’s features, regardless of the project scale.”
ASSA-branded products can be accessed through the UK operating company, ASSA ABLOY Security Solutions. For further information, please contact ASSA ABLOY Security Solutions on 020 8688 5191 or visit www.assa.co.uk