EUR
en EN

Tag Archives: security

Jan 14

Today, more and more people begin to appreciate the need for integrated housing protection. Reliable door and window grating represents the first barrier. A security system that provides control over the environment and informs about events represents the second barrier. If an incident occurs, it needs to be responded to immediately and as effective as possible. Professional monitoring service is unchallenged in this field.

Demand breeds supply — the number of new security and service companies that ensure protection of a specific area of a city, residential compound or cottage estate is growing. They rely on new technologies, and efficiency, quality of service, and reliability represent the key success factors of their business. People are willing to pay for such security services.

Ajax fits perfectly into the new security business model — users love it and it has proven its reliability to professionals. Because of such advantages as quick installation, remote administration, simple service, and ultra-high reliability, more and more security companies choose Ajax as its standard equipment. The Ajax applications for smartphones and computers have already saved thousands of hours for installers and engineers.

Ajaxs’ aim is to offer a comprehensive solution to ensure the protection of a residential area — hundreds of private houses or thousands of apartments with professional monitoring and effective response around the clock. The updated Ajax PRO Desktop application is the right solution.

New features

Starting a monitoring service based on a standard console software requires careful preparation. A new company needs to set up equipment, adapt the application, and train its staff. However, these are not all the difficulties — every facility will have to be connected to the console manually, and this procedure cannot be automated in any way.

In October 2017, Ajax released a mobile application: Ajax PRO: Tool for Engineers, and half a year later, they released a version for computers — Ajax PRO Desktop. The programs are accompanying the Central Monitoring Station (CMS) simplifying the management of the Ajax security systems for installers and engineers.

Today, Ajax present the monitoring feature in Ajax PRO Desktop. The application allows the operator to process alarms arriving from up to 2500 facilities, configure security systems remotely, perform detector adjustment at the customers’ requests, and manage access rights. Facilities are connected automatically in just a few minutes and no additional settings are required, and there is nothing superfluous in Ajax PRO Desktop — a short briefing is enough to get started.

Ajax PRO Desktop is a free alternative to the Central Monitoring Station for security and service companies that ensure safety of residential compounds and cottage estates.

Implementation of monitoring
is a simple task

Having chosen the Ajax PRO Desktop as a monitoring solution, you do not need to spend time setting up the application and security systems as well as transfer information manually. You can just log into the administrator account, request access to the hubs, and specify the addresses of the facilities.

Thanks to the Ajax Cloud server, all Ajax applications contain up-to-date information about the security systems: composition of devices, settings, user rights, and events.

Connecting the security system featuring 5
detectors to the monitoring program

Central Monitoring Station (CMS) applicationAjax PRO Desktop featuring monitoring function
Connection procedure14 minutes 1. Set up monitoring at the central monitoring station.
2. Create a facility card at the CMS.
3. Describe the detectors.
3 minutes 1. Invite the PRO user.
2. Fill in the facility address and description.
Employees involved2 persons Engineer at the site and CMS operator.1 person Ajax PRO Desktop operator.
Error probabilityHigh The facility profile in the CMS is filled in manually.Excluded Data is synchronized between the Ajax applications.

What can Ajax PRO Desktop do?

Using the Ajax PRO Desktop application, a single operator of security or service company can manage up to 2500 Ajax security systems.

The monitoring functions are opened in a separate window and do not block other features of the Ajax PRO Desktop application. By monitoring security system events, you can change their settings, manage access rights, and view the statuses of the guarded facilities.

The event window is as informative as possible and provides filtration by types of alarms, malfunctions, general events, and security events. Each type of event is assigned a specific color, which simplifies navigation:

How does the system respond to alarms?

When a guarded facility is trespassed, caught on fire or is flooded, the operator receives an audible notification of an event in Ajax PRO Desktop. All the necessary information is available in the Alarm handling menu:

  • Where exactly the incident occurred.
  • What caused the alarm: entrance door opening detector and subsequent movement in the hallway detected trespass; smoke detected in the kitchen; alarm button is pressed in the application or on the keyfob; the user was forced to enter the code, etc.
  • The real-time update of the facility security system event history.
  • Who are the users of this security system and their contacts.

The operator sends an alarm to the rapid response teams by radio or other means adopted by the company. He/she reports on the nature of the event — this affects how exactly the security guards will act. If there is reason to believe that residents are in danger, it is crucial to get to the apartment (house) as fast as possible. In the event of a robbery, it makes sense to cordon off the building first and check for suspicious vehicles nearby. The best way to prevent flooding is to shut off the water supply to the floor or the building.

Having notified the rapid response team, the operator contacts the security system users and reports on the measures taken.

When the problem is resolved, the alarm is marked as processed in the Ajax PRO Desktop and is supplemented with comments of the operator and the security guards. Comments, together with the information about the time of alarm reading and processing stored in the event history, will be useful in the case of client’s complaints.

The Ajax PRO Desktop application is designed for macOS, Windows 7/8/10. Minimum computer requirements:

CPUIntel / AMD 1.2 GHz
GPU3D accelerator
RAM2 GB
ROM400 MB
Jan 08

Updating the Operating System is vital to keep the Ajax wireless alarm system up to date with all new features, firmwares and fixes. The updating procedure is an integral part of the product development and product improvement. Updates for Ajax Hubs increase the stability and security of the system, optimise the systems performance, ensure it’s compatability with new devices and expand the systems capability list.

  • The firmware updates only when the security system is disarmed.
  • The file size of the firmware does not exceed 0.5 MB.
  • The firmware downloading process runs in the background without affecting the functioning of the system.
  • The update installation takes less than 10 seconds.
  • The OS Malevich update is optional and can be disabled in the settings, although this is not advised.

Hub Operating System Update

1. The Hub determines if there is an update for operating system on the server

Firmware files for the Hub are stored in the encryted form on the Ajax Cloud Server, and the server does not know the keys or the encryption method of the update files. All access to the firmware database is provided to only a select set of people in the company from the internal network of Ajax Systems, and have different levels of access. No one can make critical changes and sabotage the system. All actions are logged and monitored, and Ajax know exactly who made the changes and when. Internal safety reulations prohibit the use of passwords to access the firmware database. SSH or Secure Shell keys are used instead, which are a cryptographic network protocol for operating network services.

Protection technologies:

  • Access to the firmware database by SSH keys only.
  • Access privileges and logging of changes to the server.
  • Server authentication and verification systems.
  • Using the proprietary encrypted communication protocol.

2. Transferring the update file from the server to the Hub

Once an update file has been detected, the Hub will download the firmware to the external flash memory using any available communication channel with the server, whether it be via ethernet, GSM or WiFi. The update is downlaoded in the background and will not effect system operation. Protection of the transmitted data between the Hub and the Ajax server is provided by Transport Layer Security (TLS), combined with the security methods within the closed binary protocol.

Protection technologies:

  • TLS.
  • Using the proprietary encrypted communication protocol.

3. Checking the update file

The Hub firmware is encrypted and signed with a checksum. If the firmware file has been corrupted, either intentionally or due to a transmission error, it is ignored, since the checksums will not match. If an intruder corrupts the encrypted firmware file and substitutes the checksum, the checksum inside the decrypted firmware file will still not match the signature, and the Hub will reject the update.

At most the firmware file can be read from the external flash memory of the Hub, however the decryption of this file, even with the capabilities of modern computers, would take thousands of years.

The firmware file includes a system of markers and properties that are checked before the install. Information about them in available to a limited set of people to exclude any possibilty of a sabotage attempt. If any marker or property fails validation, the update is canceled.

Protection technologies:

  • Verification of checksums, markers and properties.
  • Encryption.

4. Hub firmware update

During the update, the encrypted firmware file is read from the external flash memory of the Hub by the bootloader, stored in the device microcontroller’s ROM.

The firmware is decrypted only inside the microcontroller, which cannot be accessed from the outside, therefore there is no possibility to read or substitute the firmware. Having decrypted the firmware file, the checksums are verified once more in order to make sure that no data was corrupted during the decryption process.

The bootloader inside the Hub also controls the correct operation of the Hub with a new firmware. If critical errors or malfunctions are detected, the Hub deletes the corrupted firmware version and reflashes the latest stable release.

Only a limited set of people know how the stable firmware is selected and how the correct operation is controlled, which complicates any attempt to sabotage. The bootloader itself is not updated, thereby excluding the possibility of sabotage of the firmware rollback mechanism.

Protection technologies:

  • Checksum verification after decryption.
  • Critical error control.
  • Control of correct operation of the Hub with a new firmware.

5. After firmware update

The firmware update and the subsequent reboot of the Hub takes less than 10 seconds. After that, the Hub will reconnect to the server. The connection time depends on the number of active communication channels and does not exceed 30 seconds. Notifications about alarms and events are stored in the events feed even during the Hub update.

The Ajax APP will display notifications when there is an update available, when the system is updating the firmware and when the firmware has been successfully updated.

Jan 06

AJAX Wireless Alarm System. The Professional Grade wireless security system meets the strictest security demands. Ajax propietary technology, devices and production have proven theur reliability in independent laboratoy tests in Europe, earning certification reserved for the most trustworthy professional security systems.

AJAX Wireless Alarm System

No wires. No worries

Ajax looks more like a smart gadget rather than a piece of complicated security equipment. No hard sell or lenghty consultations, Ajax is easy to understand. It provides the opportunity to protect property from intruders, fire, and leakage, allows you to connect IP cameras for monitoring and turn on home appliances, all remotely with a few taps from your smartphone. More than 200,000 people all over the world have entrusted the security of their property to the Ajax Wireless Security System.

AJAX Wireless Alarm System

AJAX Wireless Alarm System can connect to devices of up to 2,000 metres away, making it suitable for apartments, houses and commercial premises. Devices can operate up to 7 years on the bundled batteries, that come complete with all devices, and are configured remotely via the APP providing effortless maintenance for installers.

As well as effortless maintenance, the Ajax system can be effortlessly installed too, with the average time of a full system install and confirguration, consisting of 9 devices, averaging just 26 minutes!

The secuirty system is managed through the free apps, available for the installer and end user. The Hub Operating System will receive regular updates for free adding new features. All users who are authorised to operate the system are notified of any significant event via push notifications, SMS and calls. The system may also be monitored by a trusted central station to alert secuirty or police for the end user.

Shop our full product range on Ajax Wireless Alarm Systems here.

You can find more information and FAQ on Ajax Systems website here .

Jan 29

Tough European Union Standards Are Set to Impact Cyber Security and Compliance Worldwide

As an early adopter and leader in the development of drive-level encryption technologies, Seagate understands that the most valuable asset in any storage system is the data itself. And while encryption is only a small part of any true security strategy, it can also help with privacy compliance.

Recent high profile mass data breaches, such as Equifax and Yahoo, have brought cyber security issues virtually to the mainstream. The General Data Protection Regulation (GDPR) means tough European Union (EU) standards on security and compliance will also become the norm in the US and worldwide. There is now greater emphasis on accountability, and drive-level encryption technologies are one method by which organizations can demonstrate this.

Changes to the GDPR

The GDPR is the most significant change in the world of data protection in a generation. It updates the law to recognize the significant advancements in technology during the last 20 years, and to address those technologies that will likely emerge in the future. The goal is twofold: 1), balance an individual’s right to protection and 2), allow a data-based economy to thrive without stifling innovation.

Key changes at a glance:

Scope. The GDPR applies to organizations based in the EU and any organization anywhere in the world which offers goods or services or monitors the behavior of people located in the EU. Citizenship or residency status is not pertinent. The GDPR also contains direct obligations on service providers (known as processors) for the first time. Furthermore, the European concept of personal information is broader than the US concept of personally identifiable information (PII), and includes online identifiers such as IP addresses.

Accountability. This is a critical thread running throughout the GDPR. Accountability leads to a number of obligations for organizations in charge of personal information (known as controllers). It will not be sufficient for organizations to simply comply, they must demonstrate their compliance. Organizations will have to keep records, record and justify their decisions, record an individual’s consent, and may have to prove all this to a European regulator.

Security. The GDPR requires that organizations put “appropriate technical and organizational measures” in place to protect personal information. Technical measures include drive-based encryption, passwords, access controls, two factor authentication, etc. Organizational measures include information management policies, and having an information governance structure in place. What defines appropriate depends on the circumstances: the type of data being processed, how sensitive it is, the volume, and the overall risk of data breaches.

Breach notifications. Data breaches are any inadvertent loss or sharing of personal information. This can be due to hacking incidents, loss of an unencrypted hard drive or failing to dispose of old records securely. Controller organizations must report these to the regulator within 72 hours and may have to respond to the affected individuals. Processor organizations have to inform their customer as soon as possible.

Fines. One of the aims of the GDPR is to push data protection/security to a board level issue. As a result, the fines are significantly increased by up to 4% of global annual gross turnover or €20 million, whichever is greater. EU regulators also have significantly broader powers to investigate and put sanctions in place—including ordering an organization to cease processing data.

Pseudonymization. Any form of reversible encryption is known as pseudonymization in the GDPR. It refers to masking the data using some process, and keeping the key required to undo the process separate. Encryption and pseudonymization are greatly encouraged throughout the GDPR as they are considered methods of significantly lowering the risks to individuals.

Principles. The GDPR is principles-based legislation, based on the same basic and relevant data protection principles that have been around since the 1980s. They include: acting within the law; informing individuals how their data will be used; only using data for a specific purpose; collecting the minimum data necessary; not keeping data longer than necessary, etc. Data protection by design and by default. These GDPR concepts state that privacy/security considerations should be baked into all data processing. Organizations should consider protection principles when designing all new products/services. Parameters should be set to collect the minimum amount of personal data necessary.

Individuals’ rights. Under GDPR individuals will have new and expanded rights. These include the right to ask any organization handling their information for a copy of it, to have it corrected if inaccurate, or deleted if no longer necessary.  There are also rights to object to certain processing or have one’s information moved to another organization. These rights are not absolute, so organizations must understand how they should apply.

Data processing agreements. The GDPR contains specific terms that must be in place between controllers (ie customers) and processors (ie vendors). Organizations will need to put these terms, which cover items such as security obligations, in place by May 2018.

Transfers. As with the current law, transfers of personal information outside the EU are prohibited, unless one of a limited number of safeguards are in place. For US organizations the most relevant are the EU/US Privacy Shield, the EU Model Clauses or– for larger organizations – Binding Corporate Rules.

 

Data Security/Encryption as a Compliance Tool

Seagate’s Self-Encrypting Drives (SEDs) encrypt all data as it enters the drive using an encryption key stored securely on the drive itself. The drive is encrypted at rest by default. To retire or repurpose the drive, the drive owner sends a command to the SED to perform an Instant Secure Erase (ISE). The ISE uses the SED’s cryptographic erase capability to change the data encryption key. The data becomes unreadable and cannot be recovered.  Encryption and pseudonymization are encouraged throughout the GDPR and, in fact, are mentioned 20 times in the text. While not specifically required, they are powerful tools and organizations that use them will benefit from lower compliance obligations. In particular, encryption can help in the following areas:

Security. While the GDPR leaves it to organizations to determine what appropriate security is, encryption is one of just four measures that are specifically suggested. When deciding which measures are appropriate, organizations must take into account the state of the art, costs of implementation, the type of processing and the risks to individuals. This is an obligation for both controllers and processors.  Encryption is one simple step organizations can take to lower risk, and is always something that is taken into account by regulators in determining whether to levy a fine, and if so, the amount.

Fines. The GDPR sets out the factors a regulator will take into account in determining the level of a fine to impose on an infringing organization. One factor is the technical and organizational measures that were taken to adhere to Privacy by design/default and Security. Encrypted hard drives, removable drives and laptops are a simple way of demonstrating compliance with these obligations, thereby reducing the amount of any fine.

The regulator will also consider the negligence of the organization. Most regulators would consider encryption of data-at-rest and in transit to be a basic measure, particularly if the data is sensitive. Regulators have little patience for organizations that don’t put such obvious measures in place and so without SEDs an organization increases its risk of a much larger fine under GDPR.

Breach notification. An organization must notify the regulator about a data breach unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. Where data have been securely encrypted, e.g., after ISE, then the data would be largely useless to any hacker or identity thief. The risk to individuals is lowered and so it may not be necessary to notify the regulator, thus avoiding negative press for the organization. If the organization decides to notify the regulator in any case, it will need to describe measures taken to mitigate the breach, which will include its strong encryption.

The test of whether or not to notify the individuals affected is whether the breach results in a high risk to their rights and freedoms. The GDPR specifically states that such notification is not required where the data has been encrypted.

Principles. The problems of secure data deletion have led some organizations to securely store data rather than delete it. Not only is this expensive and increases the risk of data breaches but it breaches the principle of data minimization. Seagate SEDs allow organizations to repurpose defunct drives, confident that the data has been sanitized.

Further, there is an exception to the principle against using data for a further purpose if certain criteria are fulfilled. One criterion is whether the data has been pseudonymised.

Data protection by design. The GDPR lists pseudonymization as an example of a measure which implements data protection principles in their products/services. Data on Seagate SEDs is always encrypted at rest.

Data processing agreements. The GDPR requires that a controller and processor have terms in place to cover, among other things, security and data deletion. The customer must help to ensure that the vendor has appropriate security measures in place, and the vendor must agree to return or delete the customer’s data at the end of the contract. While the data is not technically deleted, it is sanitized to an extent that it is not feasible for it to be recovered, which will be sufficient for most customer’s needs. Seagate’s data sanitization technology has been recognized as ISO 27001 and NIST compliant.

Individuals’ rights. Individuals have the right to have their data deleted but only when the controller can identify that individual. With ISE, it will be impossible for an organization to link data to a specific individual and means that organization is not obliged to respond to the request, greatly reducing its administrative burden.

 

Conclusion

GDPR readiness is a major project for most organizations, and compliance will be an ongoing process following the May 2018 implementation. Organizations that have not yet considered how they will adapt to the changes list above need to formulate a strategy and take action immediately.

GDPR is broader than just data security. However, putting secure storage and encryption in place is one straightforward technical step organizations can take to, and crucially for the accountability principle, demonstrate they have become compliant. Seagate SEDs can be an important tool in the overall compliance armory.

X