Security without compromise
Eidola Note 1 – Quick EiPi Setup
Eidola Note 2 – Eidola Value Propositions
Eidola Note 3 – Cybersecurity and Privacy Best Practices from the Start
Eidola Note 4 – The Certificate Fashion Show and the Fashion Police
Eidola Note 5 – Reader Lifecycle and OSDP Scenarios
Eidola Note 6 – EiWrench Getting Started
Social media practices surveillance capitalism, yet IDmachines like most companies make use of these methods to communicate and market. We are committed to content without strings attached and provide video and other media outside of the social channels. IDmachines cannot protect your personal information when you visit these locations. Same is true for our twitter feed @IDmachines, LinkedIn, Facebook and other accounts.
https://medium.com/@IDmachines
IDmachines has developed, curates and makes available an extensive knowledge base related to identity, security and privacy and automation. In addition to the documentation sets that support the Eidola platform there are application notes and supporting videos that provide guidance from start to full exercise of the platform. IDmachines also provides in-person and remote training and support including bootcamps and specialized programs.
The Eidola platform is delivered in a number of different formats and on a variety of devices. All of the hardware platforms are solid state products with no moving parts. Different builds exist to support different platforms primarily x86 and ARM. At present, there are 3 different hardware platforms, EiBlock™, EiBrick™, and EiPi™. The EiBlock is a high-end solution typically used to support a test or integration lab or extensive network use cases, a variety of Intel processors up to i7 and Xeon are available. The EiBrick™ is an x86 platform with a lot of functionality built into a small package with options as well. The EiPi™ is an ARM Raspberry
Eidola can also be delivered as an efficient virtual machine running on hypervisors such as VMware™ and VirtualBox™ or as an agent piggybacking on existing Linux builds and resources. 3rd parties that have an interest can contact IDmachines directly to work through the configuration and original equipment manufacturer (OEM) licensing.
An Eidola Diagnostic (an EiDiag™) can be run in any device mode for licensed instances. Running the device in Stand Among means that the infrastructure services are not enabled and that the Eidola device is functioning primarily as a device and system tester.
The use of the Eidola platform and the EiDiag™ tools need to be closely coordinated with customer IT department as these same techniques are used by hackers in an adversarial manner to probe networks for vulnerabilities. It is easy to run Eidola services and generating reports and follow on actions. There is a base set of ever-expanding infrastructure and network diagnostics. The following are the base set.
The Network Mapper (NMAP) diagnostic provides a means of scanning networks and locating the devices on the designated network. There are 3 different default scans available in the NMAP menu. The NMAP diagnostic scans ports and examines a number of different protocols and the related services. These typically include Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and others. The diagnostic is set with default scans but does have the flexibility to take customized (browser, settings file and API) input.
A typical scan yields the following for each device mapped on the network:
[1] Depending on the device this may also be the product vendor, in other cases it is the vendor of the network interface components.
The Transport Layer Security (TLS) diagnostic performs a check to see if strong authentication using digital certificates is implemented properly. This is a system fundamental. Vendors and integrators need to connect over secure channels to send security data for access, video, metadata, and other purposes. It is simply not just the need to use HTTPS and TLS but very importantly the need to do it correctly. This diagnostic looks to see if the TLS cipher-suite is properly implemented in line with the current version (1.2)[2]. The information gathered includes:
[2] IDmachines has maintained close watch on the evolution of the standards deployed in the Eidola platform for decades and participates globally in the development and maintenance of these standards.
This is a system check that performs a network scan and stores a sample for analysis. It makes it easy for someone with little network experience to gather a sample that can be analyzed prior to the next steps in virtual support of the technician.
This provides a means to test and simulate inputs and outputs. Many physical systems make use of contacts, inputs and outputs. In component and system lifecycle management this tool provides a flexible test harness easily configured to support a wide range of devices.
The Open Supervised Device Protocol (OSDP) toolbox provides a means of testing configuring and maintaining physical access control readers and physical access control door controller (panels) and other devices using the protocol. The diagnostic allows the simulation of either a reader or a controller or can act as a monitoring device to gather information on implementations of the protocol. This diagnostic is also available as a standalone tool (See OSDP EiWrench™).
The 9901 Public Key Infrastructure (PKI) diagnostic provides a number of PKI test tools including the following:
This diagnostic provides
[3] Personal Identity Verification
The 9902 Power Scanner diagnostic
works with instrumented (networked) power supplies and is dependent on the
support of vendor and their Simple Network Monitoring Protocol (SNMP) and their
management information base (MIB). Output is available SQL database, CSV and
JSON formats for further analysis.
IDmachines supports some specific manufacturers power supplies, contact eidola@idmachines.com
for details.
The Simple Network Monitoring Protocol (SNMP) diagnostic provides a more detailed set of information for each device. The information obtained is dependent on the manufacturer’s implementation of the protocol and is described in a Management Information Base (MIB) and is a combination of system status and configuration data. Among the information of interest that can be obtained:
The One Button diagnostic takes the NMAP, SNMP and TLS diagnostics and runs them together. It takes the output of the NMAP diagnostic as the input for the SNMP and TLS diagnostics. In the process it creates a valuable set of information about the devices on the network that can be used to capture as-built information, system vulnerabilities and perform audits of systems for compliance and other enterprise reporting. SQL, JSON, XML and log.txt outputs are rec orded. Results can be integrated via and application programming interface (API) for example ERM integration can associate results of the One Button with a job ticket or project milestone during different phases of the system integration lifecycle.
Infrastructure mode means that the Eidola device is set up to provide the network infrastructure to support a network and the communications required for a functioning security system. This typically means that there is no other network infrastructure, that is no other DNS, Gateway, DHCP, etc. Alternatively, you can enable specific services as necessary.
Uses include:
Infrastructure mode complements the EiDiags™that gather information about how components and networks are configured and communicating.
The Eidola technical automation platform helps users manage the lifecycle of their security devices and systems. It supports edge devices including readers, cameras, intercoms, and controllers as well as the network, workstations and servers.
Eidola incorporates multiple open source libraries to create a set of tools to build, integrate, manage and diagnose complex physical security and other systems.
Eidola provides a way for anyone to configure, test and deliver cyber-secure components and systems.
Eidola telemetry bridges technical knowledge and system gaps. By leveraging global and industry standards Eidola devices interact across vendor platforms and provide an instant, lightweight and powerful measure of the state of a security system. In doing so, it improves service levels and product performance addressing vulnerabilities and generating business value in the process. Our standards-based approach provides an ability to work across physical security components; physical access control, video surveillance and analytics, intrusion, fire and life safety, building automation, network communication and process control and importantly to integrate these into the rest of an organization’s information technology (IT) infrastructure. No other platform provides as comprehensive an ability to deliver and support modern security systems.
Eidola diagnostics and infrastructure tools test conformance against multiple industry, national and international standards and legislation. This is an integral and objective basis to establish requirements to manage the security supply chain.
IDmachines has used these references and the resulting tools over the last decade in our consulting practice. We have packaged solutions that simply require a connection to the target network to provide extensive services. The Eidola platform adds value from receipt of components and their subsequent configuration, integration, installation and maintenance. The Eidola toolbox provides the means to facilitate this without the need to install any new software or hardware on the end-user’s network.
Technicians and service providers greatly increase productivity and the value of the services they deliver, these include:
Special purpose tools to support the specific requirements of physical security systems such as the Open Supervised Device Protocol (OSDP).