Restrictions On Engineer Manuals And Codes

[goncall]

I agree with you.

Damn, thats another time now

stop it...how the fishing going,been a fisherman myself years ago,but as ive been parking up here now for my dinner hour for a while i feel the need again..

 

[cybergibbons]

A few people on here know my name, where I work. I don't think that should really be a concern. People above board are more than willing to part with their cash for what I can do, and I like my kneecaps.

 

I don't really want anything technical or specific from installers. It's more about the attitudes to things. The reason behind this thread was genuine curiosity. If someone gave me a network switch and said "Hey, make sure you don't let anyone see the manual - it's got a password in it that loads of people don't change", I'd seriously question the security. There's just some serious differences between IT and alarms.

[matthew.brough]

A few people on here know my name, where I work. I don't think that should really be a concern. People above board are more than willing to part with their cash for what I can do, and I like my kneecaps.

 

I don't really want anything technical or specific from installers. It's more about the attitudes to things. The reason behind this thread was genuine curiosity. If someone gave me a network switch and said "Hey, make sure you don't let anyone see the manual - it's got a password in it that loads of people don't change", I'd seriously question the security. There's just some serious differences between IT and alarms.

I think the alarm world could learn alot from the IT industry

[james.wilson]

There's just some serious differences between IT and alarms.

there is and there shouldn't be regarding security.

[Joe Harris]

I thought ATM's and cell sites etc were all armed/disarmed via the arc and entry prevented until disarmed?

re the grade 4 sites with the ra.

 

Some are - We've done some ARC assisted/validated remote arm/disarm ATMs.

 

There's doesn't appear to be any requirement for this, no. 

 

No requirement - but risk assessed and implemented.  Standards are a baseline, many rise above this.

 

its a strange one this..cg is some joe public with a hobby/healthy interest in defeating alarms and everyone seem to bend over backwards to help..granted the lad is clever but should he be getting so much help? no one knows who he is really..all in public too..just a thought

 

Security through obscurity is not security.  Like encryption it should be so infallible that it can be known and public and still secure.

 

I for one would rather know or at least have doubts if the gear I choose to recommend has issues. cg has to be public, may be trade I don't know, but without vetting info he has to stay public.

I do have confidence in the kit I choose and id be happy for cg to tell me if it has any flaws or anyone else for that matter. We have no genuine open and fair reviewing system for kit here, we either read and believe the magazines that review the gear of the people that advertise with them, believe the manufacturer and their self certificate, or test it ourselves. None of those seem ideal to me.

The idea of a forum is to pool skills etc for everyones benefit. I see what cg is doing as valid and usefull info. Id say he knows more than both of us goncall put together on how to break an rf system at the level he is doing it.

 

Agreed.

 

A few people on here know my name, where I work. I don't think that should really be a concern. People above board are more than willing to part with their cash for what I can do, and I like my kneecaps.

 

I don't really want anything technical or specific from installers. It's more about the attitudes to things. The reason behind this thread was genuine curiosity. If someone gave me a network switch and said "Hey, make sure you don't let anyone see the manual - it's got a password in it that loads of people don't change", I'd seriously question the security. There's just some serious differences between IT and alarms.

 

Agreed, though the IT analogy is probably not the best given some of my recent investigations.

[matthew.brough]

there is and there shouldn't be regarding security.

Agreed. How many of us are using security methods on our IT networks that the function of how it all works is sat right on google.

 

Would I be scared if someone was aware of what VPN system we use. Not at all as I'm confident it is secure.

[MrHappy]

If someone gave me a network switch and said "Hey, make sure you don't let anyone see the manual - it's got a password in it that loads of people don't change", I'd seriously question the security.

 

The only IT I do is in house or bits connected with cctv ect... jobs

 

If I appointed somebody to look after our modest network, I doubt would have got a manual or password for the switch.

[matthew.brough]

The only IT I do is in house or bits connected with cctv ect... jobs

 

If I appointed somebody to look after our modest network, I doubt would have got a manual or password for the switch.

Google?

[MrHappy]

Google?

 

proliant thing, done by me.

 

as alarms the defaulting & manual is all on the net.

 

the point I'm making is the maintainer or a forum largely made up of maintainers is unlikley to offer a huge amount of help to help me bugger around with kit ?

[james.wilson]

h, probably cos like our network it would be an unmanaged switch. So not the same imho.

I stopped our windows server being our vpn point as ive never been a fan of windows servers being public. I feel I/we should carry the same security concerns with what we choose to fit. We have always based the decisions on the kit we use on reliability, detection and cost of ownership.

However we cannot test hacking and defeating. What is bleeding edge today (in our world that is behind the times anyway) will be common knowledge in a few years. Id rather use a product that is secure to this today and can be updated to future risks tomorrow