Keeping unauthorized intruders from entering a business location is a critical part of protecting corporate assets. Perimeters are the first line of defense but do not conform to a ‘one-size-fits-all’ safeguarding solution. Selection criteria for the most suitable Perimeter Intrusion Detection System (PIDS) must take into consideration perimeter length, topography, environmental conditions, and future site expansion plans.
In many cases, fencing or walls are adequate deterrents. Other times, more sophisticated intrusion detection systems, such as security cameras, thermal energy detectors, sensors, and other tracking and recording devices are required. In these scenarios, the data recorded by these field devices need to be transmitted in real-time over a network to a communication control room.
For data transmission, some perimeter installations may choose to utilize fiber for its higher bandwidth and greater cable run distances. However, the security camera and other devices used in the PIDS may only have copper network connectivity ports. In these cases, a Copper to Fiber Media Converter will be needed. These devices convert electrical signals used in copper UTP cabling into light waves used in Multimode or Single Mode fiber optic cabling. This enables perimeter detection devices with copper ports to transmit data up to 160km [99 mi].
Other perimeter installations will utilize copper cabling that is already installed and cheaper to maintain. However, enabling long-distance Ethernet data transmission over copper cabling is a common problem because the perimeter length may be longer than 325ft, which is the general maximum cable length for copper Ethernet cables. In these scenarios, Ethernet Extenders can be used to forward the data traffic. The benefit of using an Ethernet Extender is that you can use single twisted pair (CAT5/6/7/8), coax, or any existing copper wiring previously used in alarm circuits, E1/T1 circuits, RS-232, RS-422, RS-485, CCTV, or CATV applications.
When choosing the appropriate Fiber to Copper Converter or Ethernet Extender for a PIDS installation, there are a few other things to consider. To reliably know if a perimeter is being breached, don’t choose a product where the end-to-end connection on the network will always appear as if it is up and running, even though the connection may be broken or disconnected. It is critical to ensure the Ethernet Extenders and Fiber Converters have an on-board microcontroller to deal with error detection and recovery by continuously monitoring the status of the links and sending actionable notifications if there is a problem.
Because perimeter security is generally an outdoor application, it is important to choose products with temperature rated components that are fully heat chamber tested. There are a lot of products on the market claiming to operate at -40°F to 167°F (-40°C to 75°C) but, they use “commercial-grade” components that have not been qualified to operate at the claimed temperature ranges. When “commercial-grade” parts are exposed to extremely high or low temperatures, product failures are inevitable. For example, integrated circuits on the PCB overheat causing premature failure of the product. Under-rated connectors do not allow for proper contact between the device and the cables. These failures eventually stop all data communications in these high and low-temperature environments.
And, in environments where network security is critical, choose an Ethernet Extender or Fiber Converter that supports your exiting security protocols and authorization schemes. Deploying devices that support TACACS+, RADIUS, LDAP, Kerberos, NIS, or RSA will ensure an audit trail is possible. And, to further protect IDs and passwords from someone ‘snooping’ on the network, you should also verify that secure management sessions are supported using SSH/SSL/TLS, SNMPv3, Telnet, and HTTPS. These features are used when managing corporate firewalls, switches, and routers. Therefore, it should be expected that they are available in the devices that connect your PIDS system to your corporate network.
This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.