Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

Factors to Consider When Choosing the Right Equipment for the Access Control System

Home
Industry Insights
Factors to Consider When Choosing the Right Equipment for the Access Control System

Blog Article Published: 03/10/2023

Written by Alex Vakulov

When building an access control system, the determining parameters are speed, reliability, and ease of use.

Modern access control system architecture

In modern access control systems, communication between controllers, user workstations, and the system server is often carried out via the Ethernet network. The Ethernet interface ensures high system operation reliability through standard IT solutions and the operation of all devices in a single address space using a single protocol. Ethernet also makes it possible to use Power over Ethernet technology, a convenient way of powering network devices, significantly simplifying the installation of access control equipment.

All controllers and PCs of the system work in a single information environment with a single database installed on the system server. A permanent connection between the controllers and the database is not required in this case. All the necessary access rights are transferred to the non-volatile memory of the controllers. Registered events are also stored there. You can set the operation algorithm, which allows the system to work offline for a long time without connecting to the server.

For example, Global anti-pass is supported through routing tables that are passed to all controllers in the system. Such settings allow you to build complex access control solutions taking into account zoning. In the event of a power outage, the routing table remains in the controller's memory without server support, and the entire system remains fully functional. When the connection with the system server is restored, the events are transferred to the database and can be backed up to the cloud.

The amount of memory is an important characteristic when ensuring the autonomous operation of the controller. For example, some modern controllers can store 50,000 users and 150,000 events in their memory.

To expand the system, it is not necessary to replace existing devices. You can just add new equipment to the Ethernet network. The high data transfer rate and parallel operation of all controllers make it possible to build security systems with no limit on the number of controllers, including those located in different buildings, districts of the city, and in different cities. The ability to simultaneously process many events ensures the correct operation of the system at the moments of concurrent operation of several devices.

The ability to connect second-level controllers to the main controller simplifies system expansion, which is especially important for large enterprises. The RS-485 communication interface can be used with the controllers of the second level, which allows you to significantly optimize the costs of expanding the system.

When choosing controllers for your access control system, an important parameter is the number of managed devices. Universal controllers, depending on the settings, can control turnstiles, barriers, locks, etc. Second-level controllers allow using just one network controller and manage access through a turnstile to the premises and to ten inner rooms using a lock or connect two turnstiles and eight door locks. So, second-level controllers help significantly reduce the cost of ACS implementation.

When choosing controllers, you should pay attention to the presence of multiple inputs/outputs for connecting additional equipment: video cameras, sensors, alarm devices, etc. The Fire Alarm input allows you to connect fire alarm devices and configure turnstile unlocking when a signal is received from fire alarm devices. When connecting a camera to the controller output, you can set the algorithm in which the camera starts recording when it receives a signal about an alarm event. Flood sensors can be connected to the controller input: when a particular water level is reached, upon a signal from the sensors, the turnstiles are unlocked for evacuation. Additional inputs and outputs also allow you to connect external verification devices, such as pyrometers, breathalyzers, and scales.

Controller as server

One of the main drivers of the access control market is the spread of web technologies. New advantages include the ability to work remotely using mobile devices while maintaining centralized administration.

New generation controllers make it possible to embed software and use the controller as a server. This architecture simplifies the implementation of the system and reduces its cost. Again, controllers are connected to the network via the Ethernet interface. The development of Internet technologies and channel bandwidth suggests that web technologies will soon replace the traditional approach to developing not only ACS software but also any system in general.

As more powerful controllers appear, all the ACS software features can be implemented inside them without installing a system server on a computer.

The web interface of controllers

The web interface allows you to connect to the controllers directly from a computer using secure communication channels like VPN. The web interface of new generation controllers allows you to assign access rights to employees and visitors, add identifiers to the system, create built-in reactions in the controller, diagnose the controller, and update the firmware. To implement these tasks, the installation of additional software is not required. A small enterprise can build a mini-ACS without using software, which minimizes the cost of implementing the system.

Integration options

Obtaining a controller SDK allows integration with various systems, for example, pay access systems or ERP systems. The open protocol of the controller allows organizing access control in fitness centers, museums, theaters, amusement parks, parking lots, and many other objects on its basis.

Choice of identification methods

When choosing equipment for an access control system, it is necessary to determine which identification methods will be used: HID or MIFARE access cards, mobile devices, access by barcode, fingerprints, face recognition, etc. Technical characteristics of controllers and readers should allow the chosen identification method to be implemented.

Wiegand, RS-485, and USB interfaces are often used to connect the controller and readers. Wiegand is used in ACS for reading magnetic cards and RFID identifiers. Its advantages include simplicity, prevalence, range of up to 150 meters, and compatibility with equipment produced by different manufacturers. The disadvantages include vulnerability to hacking due to the lack of two-way authentication and data encryption and lack of control over the integrity of data transmitted between the controller and the reader device.

A USB interface is used to connect fingerprint or barcode scanners to the controller, as well as to connect control readers designed to enter identifiers into the system.

Multi-format readers can be selected if you want to use multiple identification methods simultaneously, such as copy-protected MIFARE cards and mobile devices. When choosing a reader, it is important to pay attention to characteristics such as operating temperature range (when used outdoors), IP rating, and vandal resistance.

A controller with a built-in access card reader, support for mobile identification, and a fingerprint scanner can be a very convenient solution. Such solutions allow a gradual transition from traditional to more secure identification methods. It is worth paying attention to the way the controller is installed. Ethernet controllers are simple to connect to the network, which greatly simplifies installation.

Conclusion

When building an access control system, it is important to consider factors such as speed, reliability, and ease of use. Modern access control systems often use Ethernet networks for communication between controllers, user workstations, and the system server, which ensures high system operation reliability and simplifies the installation of equipment. The system can operate offline for a long time without connecting to the server, and all necessary access rights are transferred to the non-volatile memory of the controllers. The system can be expanded by adding new equipment to the Ethernet network, and the ability to connect second-level controllers to the main controller simplifies system expansion and reduces costs. When choosing controllers, it is important to pay attention to the number of managed devices and the presence of multiple inputs and outputs for connecting additional equipment.

About the Author

Alex Vakulov is a cybersecurity researcher with over 20 years of experience in virus analysis. Alex has strong malware removal skills. He is writing for numerous security-related publications sharing his security experience.
Enhancing cloud security strategyIdentity and Access Management

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Why Business Risk Should be Your Guiding North Star for Remediation

Published: 04/25/2024

How to Prepare Your Workforce to Secure Your Cloud Infrastructure with Zero Trust

Published: 04/24/2024

Upselling Cybersecurity: Why Baseline Security Features Shouldn’t Be a Commodity

Published: 04/24/2024

Secure Your Kubernetes Environment by Enforcing Least Privilege

Published: 04/24/2024