Managing Physical Network Security with Remote Monitoring Systems

Managing network security is more than simply making sure that everyone on the network is has the correct firewall or antivirus installed and running. Managing your network's security also means protecting your network's physical resources and ensuring that your hardware-based security devices are always up and running. You will have to secure your network not only from online threats, but from physical ones, so your network is always available for colleagues and clients to access.

As your network grows, you'll find yourself increasingly relying on hardware to secure your network. Sophisticated firewalls, routers, intrusion protection systems, and other such devices will make it much easier on you and take the pressure off of your software protection systems.

You may find yourself finding ways to route information within the network. A good VLAN setup will help you effectively control the flow of information on your network. Compartmentalizing your network helps you better control your things and can narrow your focus when a breach occurs or another security problem arises.

However, this level of network sophistication and security requires your network resources to be functioning at all times. If a firewall loses power, it could create a serious breach. If a router goes offline, it could cut off parts of your network, leaving clients and employees unable to access the resources they require.

As your network grows and resources spread out, not simply throughout one building, but across multiple sites it becomes increasingly imperative that you remotely monitor your network's resources. This helps you both maintain security against malicious threats, but from accidents, equipment failures, and otherwise unforeseeable network threats. Properly managing your network's security with remote monitoring systems will also reduce the amount of work you have to put in to manage your network. (The alternative to remote monitoring being a trip out to a site whenever there's a problem or, worse, that a problem occurs and you don't know about it until a service outage or security breach occurs.)

Managing Network Security with Monitoring Systems

A series of remote telemetry units will become the backbone of your network's security. You'll need to monitor your equipment's discrete points to know whether your network hardware is working properly or not. If it isn't, you'll see an alarm, before a client calls in to report a network outage or your network is compromised. More than that, you'll need to monitor conditions near your network hardware to ensure that it isn't in danger from the elements. To properly manage your network's security, you'll use analog sensors to monitor temperature, to make sure that your equipment isn't overheating (or, however unlikely, freezing). You'll have to monitor generator levels or battery voltages to make sure that your powered equipment isn't in danger of losing power. You'll monitor other environmental factors like humidity and airflow to make sure that the HVAC systems at your sites and in your server room are all working properly to maintain the integrity of your network.

It may also help to utilize devices with a series of control relays, so that you can operate equipment remotely as necessary. Or, even better, so you can derive control operations to occur in the event of an alarm. This way, if you need to remotely turn on a generator to keep your network equipment powered, or you need to operate HVAC services, you don't have to make a trip out to a site. It saves you time and helps keep your network in check.

However, you don't want to have to dial in and check up on all your network resources individually. You'll need a master station to collect alarms and report them to you, so you're not stuck in your NOC, staring at a terminal all day. DPS Telecom recommends the T/Mon LNX master station, which is capable of collecting your network alarms and even mediating your alarms from different brands of equipment. It can also send acknowledgeable email notifications, so you can see alarms from your smartphone, laptop, or wherever you can get your mail. The point is, with a solid master station to collect your network alarms, you can manage your network's uptime and security from anywhere you have network access without sacrificing network visibility.

But that's not all. Managing network security doesn't stop at simple hardware monitoring. You'll have to control physical access to your network's resources. A person with access to your equipment will have a much easier time circumventing your network's defenses than someone who doesn't. Or, rather than breaking into your network, a person with access could just as easily steal or break your expensive network hardware.

T/Mon and NetGuardian in a network monitoring and building-access application. Monitor your physical network resources and door access all with the same equipment.

The Old Lock and Key Compromise Security

With all of that expensive equipment at stake, especially at your unmanned sites, you can't rely on an old-fashioned lock-and-key system for security any longer. Not only to locks get picked, but a technician who forgets his keys while on a trip to a site will waste time going back for his keys. Even if he doesn't forget his keys, finding the right one is a waste of time when a single proxy card or key code can be configured to let the user access sites as necessary. As a network security manager, you'll need a sophisticated access control system to manage entry at your sites.

Ideally, you'll integrate building access functionality into your existing remote telemetry and monitoring networks, to reduce complications and cost involved in implementing a building access system. You'll want proxy readers or keypads at sites housing equipment only authorized personnel should access. At your remote sites, you may even want to employ a CCTV system to deter potential threats and catch those responsible in the event of a physical breach.

Managing Building Access from the NOC

To control building access using your network security systems, you'll first install Entry Control Units (ECU) at every door with access to your sensitive network resources. You can manage access with an ECU by keypad, proxy reader, or motion sensor. You'll connect up to 16 ECUs to the serial ports on your RTUs. The RTUs will store access profiles from your master station and issue control logic for the ECU units at your doors.

At sites where you don't have an RTU or don't need RTU functionality (because you presumably aren't housing network resources that need to be monitored), but still need to integrate building access, you can install door control equipment that communicates directly with the NOC. DPS Telecom makes a new ECU unit that connects via LAN and executes control logic for a single door. Or, at offices and other high density sites, areas where you obviously need to control access but don’t have an abundance of network resources to control, you could install a stand-alone, high capacity door controller.

The Building Access Control system allows you to manage your doors like network alarms and manage building access from your NOC.

IP cameras like the SiteMON IP series from DPS Telecom can be integrated into your building access system as well. This camera, which also monitors a couple of discrete contacts and analog inputs to augment monitoring at your site, can be configured to capture images on a "trigger," such as motion or a door-breach alarm. Not only will the cameras help deter intrusion at your sites, but if someone does attempt to circumvent your network's physical security, you can capture the image. SiteMON will even send triggered images to your T/Mon master station too, so you can turn your NOC into a surveillance room as well.

Once you've databased access profiles in your NOC, you can manage building access just like your standard network alarms. Breaches, open doors, and other sorts of alarms can be sent via email, SMS, pager, or even voice notifications if you so choose, just like your network alarms.

While physical network security is every bit as important as information security, there's no reason that managing your physical resources has to be hard. A robust (but secure) network of remote telemetry devices and a solid master station can both alert you when you're suffering a network-equipment related failure and control building access.