12.06.2020 Products

Reconciling Cybersecurity and Product Is Often Herculean Task

Security by Design and on Device are the keys to a secure future. Datensicherheit.de in an interview with Tomáš Vystavěl, Chief Product Officer at 2N

Author: Carsten Pinnow

In practice, cybersecurity is demonstrated by the protection of devices, systems, networks and programs against digital attacks. These attacks are typically designed to access, modify, destroy or disrupt sensitive information or normal business processes.

Implementing effective practices, not only against network threats but also for physical security, is a major challenge. To find out more about the commitment to cybersecurity, I am talking today to Tomáš Vystavěl, Chief Product Officer of 2N, a European developer and manufacturer of IP intercom and access system technology. His solutions have multiple layers of protection that span all products and applications, design and testing, GDPR Privacy by Design and access control.

"All 2N components together form an effective defence. A weakness in a single product can endanger the entire system, which is why it is crucial to focus on the security of each level and application. Our IP-based devices are key components in door access and access control solutions. In order to ensure cyber security here, 2N focuses on physical security. As early as in the development of new equipment, security is given a high priority, which is incorporated into the design from hour one," explains Vystavěl.

"So for us the first step towards cybersecurity is the physical security of the products. In addition to the reinforced materials, a built-in mechanical or optical tamper switch helps to prevent unauthorized entry into the product. Basically, it can be held on: Integrated security is not new: secure communication is the backbone of IT security and attention must be paid to it, especially in areas where sensitive data is stored. Customer data in companies is therefore protected by functions and protocols integrated in devices. For example, through a combination of mechanisms. On the one hand, HTTPS data encryption is used for the connection between web browsers and servers. Port hijacking is also prevented by a point-to-point connection using the 802.1X protocol. This prevents unauthorized access to the LAN port. SIP messages are encrypted using a specific protocol, thus preventing man-in-the-middle attacks or even identity theft. Voice data is encrypted using another protocol".

The 2N CPO also provided us with information about passwords:

"Our systems have password control. This function ensures that the administrator has changed the login information after the first login and that this new password is strong enough. For 'weak' passwords, the system gives direct feedback. The passwords are then stored in encrypted form, which prevents hackers from obtaining login information from the configuration. Different levels of user permissions restrict access to the extent that everyone only has the rights they need".

A weak point is often patching, how do you ensure that your customers always work with the latest version?

"The special thing about it is that the 2N IP software solution developed in-house is used for most parts of the product range. This ensures that the products are able to perform their functions optimally. All security-relevant interfaces are thus in our hands. The remaining products run either on Android or a software solution based on Linux".

"To patch these devices, the admin will also receive a message if a new patch is available. Originally it was planned not to involve the user in this process and to patch centrally through the company, but this is not always desired. Patching is a continuous process and so major updates are offered every four months. These are free for all customers. To make this possible, about 15 percent of the annual profit is invested in development. If the technology allows it, old devices are also patched. In addition to this page, comprehensive technical support is offered. One might think that since many of the users are not technically affine, it is better to leave the product alone once it is installed, but this is not the right approach. Products connected to the Internet always ask for the latest firmware. The 'make it easy to update' approach is paramount".

Are usability and security mutually exclusive?

"The 2N® Mobile Key app and Bluetooth readers enable users to enter buildings using their mobile phones only. This means that mobile credentials should be safe from misuse. We have taken special security measures in this area as well. Encryption is carried out at the highest level. Bluetooth communication is possible via its own channel separately for key exchange and for subsequent communication. The validity period of the initial pairing code can be defined by the system administrator and starts at ten minutes. The maximum distance range for Bluetooth communication with devices can also be set individually, starting at just 50 centimetres. Multi-factor authentication prompts users to combine their Bluetooth credentials with other types, such as an RFID chip or a PIN code via an in-app keyboard. If a smartphone is lost, administrators can quickly delete access rights via the reader's web interface or the Access Commander, both of which are encrypted," explains the 2N CPO.

How does remote maintenance work at 2N?

"With My2N we deliver a trusted cloud platform. It enables administrators to remotely manage installation sites, 2N products and services, thus saving costs for on-site maintenance and travel. 2N® Mobile Video is the most important service offered via the My2N platform".

Biometric data as "keys" to buildings - what about security?

"The fingerprint reader uses the small details and main features of a fingerprint. These are filtered and stored as an encrypted biometric key or mathematical representation. The fingerprint reader module uses only a series of numbers in the form of a binary code. No image of any fingerprint is stored at any time. This type of algorithm cannot be converted back into an image of a fingerprint. And it is important to mention that no other types of personal data are used or processed when the product is in use.

Moreover, the fingerprint modules and scanners contain an anti-poof technology. This effectively blocks attempts to fool the system with fake fingerprints made of paper, latex, silicone, rubber or gelatine. This green label equipment is used in many industries, including banking, education, and government programs. Accuracy and safety are essential in these applications. At 2N, for example, we focus on comprehensive security measures related to access control and data security in the IoT area and in building security and data protection," Tomáš Vystavěl concludes to his commitment to security.