matthew.brough Posted February 3, 2013 Share Posted February 3, 2013 The Secure ID that got hacked? http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/ Thats one of the reasons we don't use that particular solution but even this is much better than no 2 form. It is frustrating sometimes as the rulebook doesn't seem to have the answer but when these 2 standards were written, let alone all the drafts before them people didn't want to control their lives by an app. It's quite a new technology in the evolution of things. The rules in BS5979 are clear but as all these ARC Gold companies blatently ignore them and NSI don't take them to task, seems no one really cares about it. (Until something happens that is) MAS Mobile is a good example that southern and northern monitoring are allowing engineers to use. It doesn't have, and currently has nothing in the product roadmap to comply with BS5979 yet this doesn't seem to bother them. www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
SoupDragon Posted February 3, 2013 Share Posted February 3, 2013 Re RSA: you still needed the serial number of the token as well as one or more current output samples at a known time. Who doesn't want to check the status of their alarm via a smartphone? Link to comment Share on other sites More sharing options...
matthew.brough Posted February 3, 2013 Share Posted February 3, 2013 Re RSA: you still needed the serial number of the token as well as one or more current output samples at a known time. Who doesn't want to check the status of their alarm via a smartphone? I seriously doubt we are going to see any standards around it anytime soon. I don't believe is you asked the chief technical whiz at both NSI or SSAIB, I'm not sure they would even know anything about the whole security and issues regarding this type of access as I don't believe anyone will have ever asked. By the time they research is, their advisors, standard, draft, draft 2, draft 3, rewrite 1 etc I think we will be years down the line. That opens up another question, if the standards don't specifically say something's banned, do we presume its ok? www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
alterEGO Posted February 3, 2013 Share Posted February 3, 2013 IMO they do make their case, I.E. all CIE must be graded. Unless I was told otherwise I would assume I can only use graded CIE to set/unset a system. The only work around I see in your case is the ARC. Link to comment Share on other sites More sharing options...
matthew.brough Posted February 3, 2013 Share Posted February 3, 2013 IMO they do make their case, I.E. all CIE must be graded. Unless I was told otherwise I would assume I can only use graded CIE to set/unset a system. The only work around I see in your case is the ARC. But what about when using an app to control a graded piece if kit. What then? You assume unless told otherwise you just always use graded kit to set and unset. I presume unless told otherwise doing the opposite is fine. The issue of using virtual keypads under dd263 also isn't clear. If using a virtual keypad (as people do) this means with your argument as not graded, setting and netting isn't allowed. This is the frustration. The rules are far from clear. Like my previous points, even when the rules are clear, seems everyone ignores them anyway without any issue from their inspectorates. www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
alterEGO Posted February 3, 2013 Share Posted February 3, 2013 Why bother posting about it then? There are loads of reasons not to, standard wise. CIE within protected area is another, system status not being displayed. The list goes on and on, its clear if you want to see it. However I do agree this needs looking at, as I like the idea of apps, then again I always liked status LED's, but I don't use them anymore. Link to comment Share on other sites More sharing options...
matthew.brough Posted February 3, 2013 Share Posted February 3, 2013 Why bother posting about it then? There are loads of reasons not to, standard wise. CIE within protected area is another, system status not being displayed. The list goes on and on, its clear if you want to see it. However I do agree this needs looking at, as I like the idea of apps, then again I always liked status LED's, but I don't use them anymore. The reason I post about it is that it is far from clear. Lets look at the example you mention. 1 standard says no, another says yes. Which is right? System has to be compliant to both standards. Which do you listen to? Can you draw me up a list of the reasons, standards wise you believe say its prohibited? Another interesting thought, on a galaxy, Emizon, Webway, Chiron all are seen as a keypad in the bus as well as a comma mod. If its a keypad, where's the tamper on the signalling device as a keypad? Where's the grade, as the grade is for the unit as a signalling device, not a keypad. www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
alterEGO Posted February 3, 2013 Share Posted February 3, 2013 Another interesting thought, on a galaxy, Emizon, Webway, Chiron all are seen as a keypad in the bus as well as a comma mod. If its a keypad, where's the tamper on the signalling device as a keypad? Where's the grade, as the grade is for the unit as a signalling device, not a keypad. Now your being silly, thats just a way to connect to the data. An app that is being used as a keypad (not siting on a data line as a keypad) is very different. Like a said, I think from an installation point of view its a no, via an ARC maybe yes. I can't see the sense in listing the standard, its clear enough to me. In some respects I hope they change, I never saw an issue with system status(which I think is one of the issues with apps at the min) etc, not having it on display causes more FA and problems on area based systems than it ever solved. Link to comment Share on other sites More sharing options...
matthew.brough Posted February 3, 2013 Share Posted February 3, 2013 It's clear enough to you, but you're not prepared to share with the rest of us? The debate is a valid one. www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
goncall Posted February 3, 2013 Share Posted February 3, 2013 The reason I post about it is that it is far from clear. Lets look at the example you mention. 1 standard says no, another says yes. Which is right? System has to be compliant to both standards. Which do you listen to? Can you draw me up a list of the reasons, standards wise you believe say its prohibited? Another interesting thought, on a galaxy, Emizon, Webway, Chiron all are seen as a keypad in the bus as well as a comma mod. If its a keypad, where's the tamper on the signalling device as a keypad? Where's the grade, as the grade is for the unit as a signalling device, not a keypad. it might take up a keypad address matt,but its not a functional keypad as you know so wont need a tamper,im guessing here you may know the correct answer,but isnt it to monitor the status of the connected mod,ie anything connected to say com 4 will report missing keypad 15,com 4,why its progd like that i havent a clue tbh..wich begs the question does a ipad take up a keypad address or is it possible to take up a key address Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.