|Access control includes the control of persons, vehicles and materials through entrances and exists of a controlled area or premises. Perimeter detection, in contrast, is the detection of access to the outer limits of a detection area by means of physical barriers, sensors on physical barriers, or exterior sensors. Finally, intrusion alarm systems signal entry or attempted entry of a person or an object into the area or volume protected by the system. Solution technologies include coax and fiber fence sensors, microwave, seismic sensors, radar, and smart thermal video.
Purpose of Perimeter Security:
Since at least the Roman Empire, fortifications, walls and barriers have been an important part of protecting sovereign territories and private property. Perimeter security is designed with the primary purpose to either keep intruders out or captives contained within the area the boundary surrounds. Both natural and man-made barriers can serve as perimeter security.
Governments utilize perimeter security not only for the safety of their citizens, but to control the flow of commerce and immigration, as well as to protect vital infrastructure from vandals and terrorists. Property owners and organizations of all sizes use various man-made technology to achieve varying degrees of perimeter security.
Access control system components:
An access control point, which can be a door, turnstile, parking gate, elevator, or other physical barrier, where granting access can be electronically controlled. Typically, the access point is a door. An electronic access control door can contain several elements. At its most basic, there is a stand-alone electric lock. The lock is unlocked by an operator with a switch. To automate this, operator intervention is replaced by a reader. The reader could be a keypad where a code is entered, it could be a card reader, or it could be a biometric reader. Readers do not usually make an access decision, but send a card number to an access control panel that verifies the number against an access list. To monitor the door position a magnetic door switch can be used. In concept, the door switch is not unlike those on refrigerators or car doors. Generally only entry is controlled, and exit is uncontrolled. In cases where exit is also controlled, a second reader is used on the opposite side of the door. In cases where exit is not controlled, free exit, a device called a request-to-exit (REX) is used. Request-to-exit devices can be a push-button or a motion detector. When the button is pushed, or the motion detector detects motion at the door, the door alarm is temporarily ignored while the door is opened. Exiting a door without having to electrically unlock the door is called mechanical free egress. This is an important safety feature. In cases where the lock must be electrically unlocked on exit, the request-to-exit device also unlocks the door.
In computer security, general access control includes authorization, authentication, access approval, and audit. A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric scans, physical keys, electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated systems.
In any access-control model, the entities that can perform actions on the system are called subjects, and the entities representing resources to which access may need to be controlled are called objects (see also Access Control Matrix). Subjects and objects should both be considered as software entities, rather than as human users: any human users can only have an effect on the system via the software entities that they control.
Although some systems equate subjects with user IDs, so that all processes started by a user by default have the same authority, this level of control is not fine-grained enough to satisfy the principle of least privilege, and arguably is responsible for the prevalence of malware in such systems (see computer insecurity).
In some models, for example the object-capability model, any software entity can potentially act as both subject and object.
Access control systems provide the essential services of authorization, identification and authentication (I&A), access approval, and accountability where:
- authorization specifies what a subject can do
- identification and authentication ensure that only legitimate subjects can log on to a system
- access approval grants access during operations, by association of users with the resources that they are allowed to access, based on the authorization policy
- accountability identifies what a subject (or all subjects associated with a user) did
Key vendors: Bosch, Hitachi, Siemens, United Technologies