High-tech vs. Low-tech Locks

/in /by

High technology doesn’t necessarily mean better, stronger or faster. It does usually mean more convenient, as the word technology is defined as “including the use of materials, tools, techniques, and sources of power to make life easier or more pleasant and work more productive.”

1L

This is the opposite of low-tech, which is essentially utilizing equipment and production techniques that are relatively unsophisticated—but unsophisticated doesn’t necessarily mean insecure. For example, all Schlage Grade 1 deadbolts, keys or touchscreen locks endure 300,000 cycles of testing in the company’s state-of-the-art testing facility…which is 50,000 more than required for Grade 1 certification. A bad guy with intent is going to have a hard time compromising even a low-tech lock

And then there are high-tech locks, such as Schlage’s Touchscreen Deadbolt, which is the best keyless lock out there. It’s a motorized bolt that automatically locks and unlocks when a four-digit user code is entered, and its lock-and-leave functionality requires only one touch to instantly safeguard the home. The Touchscreen Deadbolt can hold up to 30 unique access codes and is designed to support temporary codes when used with Nexia Home Intelligence for homeowner convenience. For example, codes can be tailored to specific days and times of the week to provide home access only when scheduled, such as for cleaning service personnel – a benefit of having an easy to use keyless lock with a built in alarm.

The biggest difference between high-tech and low-tech locks is the ability to remotely manage a high-tech lock. Nexia Home Intelligence makes it high-tech. This is a home automation system that allows you to control locks, thermostats, lights, cameras and more from wherever you and the internet happen to be. Lock or unlock your door from anywhere with your cell phone, or schedule lock codes to be active only on certain days at specific times. You can also receive text alerts when an alarm triggers or when specific codes provided to your kids are entered at the lock.

Robert Siciliano home security expert to Schlage discussinghome security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Seminar to Feature ISECOM’s OSSTMM v3

/in /by

Pete Herzog, Founder of ISECOM, will be discussing the revised Open Source Security Testing Methodology Manual (OSSTMM v3) and how it applies to web application security today (10-13-2010) in Raleigh, NC.

Pete rarely gets to the US, so this is a unique opportunity for security professionals to have an open discussion with him about trust-based security models and how to apply sound logic to securing and testing web applications.

“About 5 years ago, while searching for any existing methodologies, I stumbled across ISECOM and the Open Source Security Testing Methodology Manual. It changed the way my company and I engaged with clients at every angle,” Michael Menefee of WireHead Security recently wrote.

“As a security consultant, I’ve always looked for ways to increase consistency, efficiency and value when conducting security analysis on a client’s network or business,” Menefee stated. “This would, of course, require both a data collection methodology as well as a reporting methodology in order to work properly.”

The OSSTMM is a peer-reviewed methodology for performing security tests and metrics, and the test cases are divided into five channels (sections) which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

On the origins of the OSSTMM, Pete Herzog wrote that, “in the research for factual security metrics, factual trust metrics and reliable, repeatable ways for verifying security, including concretely defining security, we found that the practice of guessing forecasting risk was not only non-factual but also backwards. Risk stuck us into a never-ending game of cat and mouse with the threats.”

“Beginning with version 3, the OSSTMM is no longer just about security testing. The break-throughs we’ve had in security had us re-visit how we work with security. This includes risk assessments.”

Christoph Baumgartner, CEO of OneConsult GmbH in Switzerland – whose firm has been using the OSSTMM methodology since its inception – recently commented on the value proposition the methodology standard offers, stating that, “the most important aspect is that we have an easier time keeping our clients. Most of the companies and organizations which order security audits on a regularly basis are fairly well organized and have a strong interest in gaining and keeping an adequate level of security.”

“Having the attack surface metrics, the ravs, means that they can watch trends and keep a close eye on how changes in operations affect their security directly. I can definitely confirm that many of our clients who have to change the supplier for security policy reasons expect their future suppliers to apply the OSSTMM.”

OSSTMM was developed by the Institute for Security and Open Methodologies (ISECOM), a non-profit collaborative community established in January 2001.

ISECOM is dedicated to providing practical security awareness, research, certification and project support services for non-partisan and vendor-neutral projects to assure their training programs, standards, and best practices are truly neutral of national or commercial influence.