Symphony IT Security Part1

IT Security is calling the tune

  • Symphony Blog Product News cLibrary News

Bruce Schneier is right. In his keynote address at Defcon 2019 the well-known IT security pundit said, “The Internet is no longer a separate thing. It’s part of everything.” The “Net” has spread to include everything from desktop and mobile web access to smart appliances and controls in the mushrooming “Internet of things” (IoT). In fact, the Web stretches even further, as consumer and industrial policies up to national security and liberty itself are becoming intricately linked (or inter-linked) in one way or another to/over the Internet.

It is against this background and with the help of latest IT security research that Commend Symphony has been developed based on the principle of “privacy and security by design”.

Symphony “Privacy and Security by Design”: A tale of four layers

The basic idea behind this policy is both simple and obvious: making IT Security an integral part of the product instead of adding it on top of the finished product.

    Without getting too much into the technical details, on the cloud-native Commend Symphony platform this policy translates into an IT security model with four basic layers:

    1. Physical Security
    2. Network Security
    3. Data Security
    4. Fail Safety

    Let’s turn to Physical Security first. In the upcoming posts we’ll deal with the other topics.

    Symphony IT Security Layer 1: Physical Security

    Where physical device security is concerned, Commend has more than 50 years’ experience in vandalism-protected product design under its belt. A lot of this went into the design of the Symphony platform.

    Symphony’s physical devices – specifically, its door call stations – and related IT infrastructures are, of course, the most visible attack vector in need of security hardening. Here several defence mechanisms come into play, including:

    • Impact resistance and protection against the ingress of fluids and solids, achieving high IK and IP ratings
    • Physical tamper protection: all outdoor capable, cloud-based terminals are fitted with anti-tamper contacts that respond to manipulation attempts and, for example, trigger an alarm or activate other security components
    • Full end-to-end encryption of the entire communication stream (more on that in our upcoming post on Data Security)

    Now what if an attacker tries to hijack a Symphony Door Call Station’s network connection via its Ethernet port? This is where Commend’s IP Secure Connector IP-CON comes in.

    Beware of the network guard dog!

    Installed inside the building, the IP Secure Connector is constantly on guard to ensure secure network connections – even for exposed Intercom terminals, e.g. at a publicly accessible front gate or door. Attempt to remove the terminal to access its Ethernet cable, and the IP Secure Connector will instantly cut the LAN network connection. As a result, access to the in-house network is blocked and the door or shutter cannot be opened.

    The IP Secure Connector also provides a power supply in the form of PoE+ as well as two inputs and three outputs. The associated functions are provided independently of a switch, SIP server or the Internet. The IP Secure Connector operates completely independent of these connections whenever required.

    Best of all, configuring the IP Secure Connector is extremely convenient. For example, device pairing and secure network registration are sorted out 100% automatically.

    IT security threats are a challenge. But proper security hardening via “Privacy and Security by Design” can go a long way towards meeting that challenge, as Bruce Schneier would surely agree.

    Next time we’re going to take a closer look at the next layers of Symphony IT Security: Network and Data Security.

     

    To learn more about Symphony, visit the Symphony homepage or contact your local Commend representative.