Application of Network Security Technology in Access Control System

1. Networking and Security

At present, there are two networking methods for network access control systems. One is the access control system based on RS485 bus networking. The other is the “IP network access control” of the network access control system. The “IP network access control” refers to the access control system of the access control controller and the access control server using the TCP/IP protocol.

In the past, most of us were concerned about the reliability of access control systems. At present, the security of access control systems has received more and more attention. In particular, the security requirements for access control systems of certain countries' confidential departments and confidential departments are even higher.

Compared with the traditional access control system based on 485 bus network, the advantages of IP network access control are mainly reflected in: (1) greatly improve the system response speed, for more than 100 access control points above the access control system, especially for video linkage requirements occasions, Should be the first choice; (2) improve system reliability, RS485 twisted pair bus technology is mature, easy to use, but poor anti-jamming performance; (3) improve system scalability, IP architecture is more suitable for the standardization of the system expansion, and off-site It is the best choice for the networking users to use. (4) Improve the maintainability of the system. The IP network access control facilitates remote diagnosis and maintenance. Compared with the traditional access control system based on the 485 bus network, the IP network access controller should be higher than the RS485 access controller.

Regarding the network security of the two networking systems, any kind of network communication has the risk of being eavesdropped or modified by a third party. RS485 bus communication technology is simpler than the IP network access control using TCP/IP protocol networking. "Easier to be attacked.

The TCP/IP protocol is the most widely used network communication protocol and has powerful communication capabilities. However, TCP/IP protocol packets are easily monitored and intercepted by dedicated software during the transmission process. The TCP/IP protocol in the network is easily communicated by third parties. Eavesdropping or modification.

The main danger of this kind of threat is that the access authority in the access control system and the administrator's user information and password are easily intercepted. The most terrible danger is the possibility of legal communications being modified, the modified information being used for illegal access, and even blocking the interception of real-time alarm events, etc. will cause incalculable losses to the customer's security.

TCP/IP communication packets are intercepted and executed in many ways. Changing the direction of the message causes the hosts on the network to change the address of the packets they send during the network session.

A spoiler interested in truncating a conversation may use one method to set up relays. A relay failure can occur anywhere in the network, even at a distance from the client system. The relay machine can adjust traffic in real time or record packets for later analysis. The relay machine can also change the content of the transmitted communication.

The method of obtaining the communication content only requires a passive packet monitor (often referred to as a "packet sampler"). The packet sampler can provide the logged network information to the deliberately destructive system security in a relay-broken manner.

Currently, 99% of the TCP/IP access control systems used in large-scale projects such as subways, banks, unattended equipment rooms, telecommunication power, and national government agencies have no anti-intrusion security mechanisms at the network layer. Since customers do not understand the potential risk of being hacked at any time, once attacked will directly threaten the normal operation of the customer; it will even result in major loss of personnel and property, so solving the security problem of TCP/IP access control system becomes anxious. The problem to be solved.

2. Application of Network Security Technology in Access Control System

At present, in order to ensure the security of data and communication in access control systems, the main network security technologies used are: security cryptography, counterfeit card protection technology, equipment authentication technology, intrusion detection, data transmission encryption technology, data storage, backup, and disaster recovery technology. Wait. The following lists the application of several common network security technologies in ensuring access control systems.

Borrow VPN Network Channel Method

This method solves the threat of illegal computer attacks outside the VPN tunnel. The disadvantage is that there is also the possibility of illegal computer attacks from inside the VPN tunnel.

This method provides each controller with a separate VPN device. The advantage is that each device in the system has an independent security channel, which effectively solves the threat of internal and external computer attacks. The disadvantages are very high investment costs and high maintenance costs.

High-security encryption technology of the network door vegetable equipment

Such as Siemens company's SIPASS access control system, this type of product communication service uses SSL encryption technology, communication service software and management of customer full and controller communication between all through SSL encryption, decryption, authentication and other strict security detection mechanism To be done.

At present, online banking security encryption uses SSL encryption technology. The comprehensive system security mechanism in this kind of access control system products ensures the security of customers in complex network environments. It is characterized by satisfying customers' high security of the entire system. The requirements are relatively cost-saving, and can also significantly save on subsequent use and maintenance costs. This is a very valuable option.