Pinnacle Security Solutions

?? Celebrating a Feature in Security Systems News! I am thrilled to announce my feature in the latest edition of Security Systems News. This article delves into my journey in the realm of security consulting and sheds light on the evolving trends and future prospects of our industry. Thank you to Ray Coulombe (SecuritySpecifiers.com) and Cory Harris (Security Systems News) for the opportunity! ?? Link to full article below: https://lnkd.in/eJ6VqXx6 ???? Struggling with your security program? Let’s connect! Our team at Pinnacle Security Solutions excel in delivering high-touch, innovative security assessments, designs, and management services. I encourage you to explore the insights shared in the article and engage with us to craft bespoke security strategies that align with your business's unique requirements. ?? Contact us: https://lnkd.in/e68PDcda #PinnacleSecuritySolutions #IAPSC #Security

Here is a great primer on Credential Basics. It goes over Credential technologies, frequencies and encryption. Did you know there are ENTIRE TRAINING COURSES for all HID technologies hosted at the HID Academy? I'll throw a link in the comments section. Anyone installing or using HID products should have an Academy account. There are fantastic resources available provided to you FREE of charge! And, of course, lots of materials for MOBILE ACCESS! ?????? Book a Time with me to discuss your Mobile Strategy by clicking the link next to my profile picture. ---------------------- ???Hi! I am Phil Coppola, PSP! ??My goal is to ensure you have all the info you need to make an informed decision around the ever-evolving Mobile Marketplace for Access Control! Did you Like this post? Want to see more? ???Give me a Thumbs Up ???Connect with me Subscribe to my Newsletter on LinkedIn:?Link in my BIO Check out my Youtube Channel:?Google Phil Coppola + YouTube or just search Phil Coppola on YouTube Email or send me a DM; my email can be found in my bio. Cell: +1 (917) 447-2016 #accesscontrol?#securityindustry?#securitysolutions?#applewallet?#nfcwallet?#securityprofessionals?#sustainability?#chiefsustainabilityofficer?#mobileaccess?#mobilecredentials

I understand this post is light-hearted, but it highlights a significant issue in our industry. We should aim for excellence rather than just being slightly better than our competitors. #SecurityExcellence

??GSX 2024 Show Notes! ?? It was fantastic to reconnect with familiar faces and establish new connections at GSX. Here’s my distilled list of key observations, trends, and insights from the event ??. What are your thoughts? Did you notice any other significant trends? #ASIS #GSX #Security #ExcellenceSecured

The "Do Not Duplicate" stamp on keys means NOTHING without a patent to back up that promise! https://loom.ly/moayNdk

The attacks target the AVM1203, a surveillance device from Taiwan-based manufacturer AVTECH, network security provider Akamai said Wednesday. Unknown attackers have been exploiting a 5-year-old vulnerability since March. The zero-day vulnerability, tracked as CVE-2024-7029, is easy to exploit and allows attackers to execute malicious code. The AVM1203 is no longer sold or supported, so no update is available to fix the critical zero-day. https://lnkd.in/geafCdqR

Our K-12 School Security Guide Product Suite provides K-12 districts and campuses with resources, tools and strategies to improve school physical security. The suite outlines action-oriented practices and helps schools and districts learn the steps necessary to assess vulnerabilities, strengthen security, and better protect against targeted violence and a range of other threats. Learn more: https://go.dhs.gov/ZvF. #BacktoSchoolSafety month

?? Happy International Dog Day! ?? Having Macy around is a wonderful reminder of the importance of work-life balance. Taking breaks to walk her not only keeps me active but also helps me stay refreshed and focused. ??Often, I find that some of my best ideas come to me during our walks!??? Pinnacle Security Solutions

?? Have you examined your security program lately? Complexities in security systems often go unnoticed, leading to issues such as faulty door hardware, offline cameras, excessive alarms, and obsolete access control panels. ?? Our team specializes in identifying gaps through comprehensive assessments. As Independent Consultants, we analyze your security needs, document existing conditions, and collaborate with your stakeholders to provide straightforward, practical recommendations for improvements. ?? Below is an overview of our proven process. Together we can enhance the safety and security of your organization. ???Looking to design a new system, manage a project through implementation, or enhance your system administration and support? Contact us today for a free consultation! ?? Let’s discuss how we can strengthen your security measures and support your goals. https://lnkd.in/eynjuaVA #PinnacleSecuritySolutions #ExcellenceSecured #Assess,Design,Manage

Seeing lots of stuff swirling around about the hack of the secure keys in HID readers. It's an impressive feat by the researchers, they destroyed several readers in the process of refining their attack and getting into the chips. A few things worth pointing out: 1) This is kind of a "yeah, no shit" exploit. It has long been understood that physical access to a device all but guarantees an eventual exploit by a dedicated and knowledgeable team. 2) The researchers have not disclosed or publicized the keys (at least so far, and it seems unlikely). So the net threat level to users with these readers is about the same as it was before. The keys *can* be extracted with enough effort, but that as already a given (see #1 above). 3) For attackers wanting to gain physical access to a property secured by these devices the odds are they would use older, and easier, proven methods that require nothing fancy: tailgating, social engineering, stealing (vs cloning) an employees credential, etc. 4) This risk can be essentially circumvented by using custom encryption keys, which HID supports, but frankly does not make it easy enough for customers to implement without additional costs. 5) Even if the keys are leaked, that alone does not give an attacker immediate access to a facility. They would still need to know, clone, or guess an existing valid credential ID in order to make a duplicate to gain access. In short, I think this exploit showcases a common issue we see in physical security, which is that customers are not willing or motivated enough to spend more money to get proportionally better security. "Good enough" is often, well, good enough. Some things you can do, which are general best practices: 1) Educate employees on risks of tailgating, social engineering, and other more common attack vectors. 2) Maintain and monitor access logs/credential uses to spot anomalous behavior. 3) Implement Badge In/Badge Out policies to reduce the chance that a cloned credential can be easily used. 4) Add video coverage to all ingress points to maintain visual access log data. 5) Consider two-factor methods like Badge + PIN. 6) Consider harder to clone credentials, primarily ones based on standard mobile wallets 7) Consider biometric credentials. Please comment on any other ideas you have about balancing security with the realities of the market.