Category: Uncategorized

The Eidola platform is delivered in a number of different formats and on a variety of devices.  All of the hardware platforms are solid state products with no moving parts.  Different builds exist to support different platforms primarily x86 and ARM.  At present, there are 3 different hardware platforms, EiBlock™, EiBrick™, and EiPi™.  The EiBlock is a high-end solution typically used to support a test or integration lab or extensive network use cases, a variety of Intel processors up to i7 and Xeon are available.  The EiBrick™ is an x86 platform with a lot of functionality built into a small package with options as well.  The EiPi™ is an ARM Raspberry Pi based device, including industrial versions and provides excellent price performance.  Any of the devices can be configured to operate in Infrastructure or Stand Among (including EiWrench) mode.

Eidola can also be delivered as an efficient virtual machine running on hypervisors such as VMware™ and VirtualBox™ or as an agent piggybacking on existing Linux builds and resources.  3rd parties that have an interest can contact IDmachines directly to work through the configuration and original equipment manufacturer (OEM) licensing.

An Eidola Diagnostic (an EiDiag™) can be run in any device mode for licensed instances.  Running the device in Stand Among means that the infrastructure services are not enabled and that the Eidola device is functioning primarily as a device and system tester.

The use of the Eidola platform and the EiDiag™ tools need to be closely coordinated with customer IT department as these same techniques are used by hackers in an adversarial manner to probe networks for vulnerabilities. It is easy to run Eidola services and generating reports and follow on actions. There is a base set of ever-expanding infrastructure and network diagnostics.  The following are the base set.

1089, 1090, 1091 NMAP

The Network Mapper (NMAP) diagnostic provides a means of scanning networks and locating the devices on the designated network. There are 3 different default scans available in the NMAP menu.  The NMAP diagnostic scans ports and examines a number of different protocols and the related services. These typically include Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and others. The diagnostic is set with default scans but does have the flexibility to take customized (browser, settings file and API) input.

A typical scan yields the following for each device mapped on the network:  

• IP address
• Ports
• Services and Status
• MAC address
• Network service vendor[1]

[1] Depending on the device this may also be the product vendor, in other cases it is the vendor of the network interface components.

---

1203 TLS

The Transport Layer Security (TLS) diagnostic performs a check to see if strong authentication using digital certificates is implemented properly. This is a system fundamental.  Vendors and integrators need to connect over secure channels to send security data for access, video, metadata, and other purposes. It is simply not just the need to use HTTPS and TLS but very importantly the need to do it correctly. This diagnostic looks to see if the TLS cipher-suite is properly implemented in line with the current version (1.2)[2]. The information gathered includes:

• Digital Certificate
• Issuer
• Validity
• Subject
• Public Key
• Signature

[2] IDmachines has maintained close watch on the evolution of the standards deployed in the Eidola platform for decades and participates globally in the development and maintenance of these standards.

• TLS Version
• TLS Cipher Analysis

---

7101 Infrastructure Health Check

This is a system check that performs a network scan and stores a sample for analysis.  It makes it easy for someone with little network experience to gather a sample that can be analyzed prior to the next steps in virtual support of the technician.

---

7102 Digital I/O Dashboard

This provides a means to test and simulate inputs and outputs.  Many physical systems make use of contacts, inputs and outputs.  In component and system lifecycle management this tool provides a flexible test harness easily configured to support a wide range of devices.

---

8100, 8200 OSDP

The Open Supervised Device Protocol (OSDP) toolbox provides a means of testing configuring and maintaining physical access control readers and physical access control door controller (panels) and other devices using the protocol. The diagnostic allows the simulation of either a reader or a controller or can act as a monitoring device to gather information on implementations of the protocol.  This diagnostic is also available as a standalone tool (See OSDP EiWrench™).

---

9901 PKI

The 9901 Public Key Infrastructure (PKI) diagnostic provides a number of PKI test tools including the following:

• Certificate Authority
• Certificate Requests – Public Key Cryptography Standard (PKCS) -10 PEM
• Certificate and Key Bundle – PKCS-12
• Root Certificate
• Certificate Revocation List (CRL)

This diagnostic provides and ability to set up a test Certificate Authority or federation.  It can be set up as part of the infrastructure mode to support component and system testing.   See also EiPIV™ tools for FIPS-201 and related NIST PIV data model.[3]

[3] Personal Identity Verification

---

9902 Power Scanner

The 9902 Power Scanner diagnostic works with instrumented (networked) power supplies and is dependent on the support of vendor and their Simple Network Monitoring Protocol (SNMP) and their management information base (MIB). Output is available SQL database, CSV and JSON formats for further analysis.  IDmachines supports some specific manufacturers power supplies, contact eidola@idmachines.com for details.

---

9903 SNMP

The Simple Network Monitoring Protocol (SNMP) diagnostic provides a more detailed set of information for each device. The information obtained is dependent on the manufacturer’s implementation of the protocol and is described in a Management Information Base (MIB) and is a combination of system status and configuration data. Among the information of interest that can be obtained:

• Make 
• Model
• Firmware
• Last update

---

9905 One Button

The One Button diagnostic takes the NMAP, SNMP and TLS diagnostics and runs them together. It takes the output of the NMAP diagnostic as the input for the SNMP and TLS diagnostics. In the process it creates a valuable set of information about the devices on the network that can be used to capture as-built information, system vulnerabilities and perform audits of systems for compliance and other enterprise reporting.   SQL, JSON, XML and log.txt outputs are rec orded.  Results can be integrated via and application programming interface (API) for example ERM integration can associate results of the One Button with a job ticket or project milestone during different phases of the system integration lifecycle.

Infrastructure mode means that the Eidola device is set up to provide the network infrastructure to support a network and the communications required for a functioning security system. This typically means that there is no other network infrastructure, that is no other DNS, Gateway, DHCP, etc. Alternatively, you can enable specific services as necessary.

Uses include:

• No network connectivity present for a service visit. 
• Test bed or “sandbox” for incoming component inspection.
• Test bed or “sandbox” to mimic the network on which the system or component will be deployed.   Does not require Information Technology (IT) resources.
• API and data structures for configuration and lifecycle maintenance input and output for both end-user and service provider.
• A “pop-up” network able to gather network, system and device telemetry

Infrastructure mode complements the EiDiags™that gather information about how components and networks are configured and communicating.

The Eidola technical automation platform helps users manage the lifecycle of their security devices and systems.  It supports edge devices including readers, cameras, intercoms, and controllers as well as the network, workstations and servers. 

Eidola incorporates multiple open source libraries to create a set of tools to build, integrate, manage and diagnose complex physical security and other systems. 

Eidola provides a way for anyone to configure, test and deliver cyber-secure components and systems. 

Eidola telemetry bridges technical knowledge and system gaps.  By leveraging global and industry standards Eidola devices interact across vendor platforms and provide an instant, lightweight and powerful measure of the state of a security system.  In doing so, it improves service levels and product performance addressing vulnerabilities and generating business value in the process.  Our standards-based approach provides an ability to work across physical security components; physical access control, video surveillance and analytics, intrusion, fire and life safety, building automation, network communication and process control and importantly to integrate these into the rest of an organization’s information technology (IT) infrastructure.  No other platform provides as comprehensive an ability to deliver and support modern security systems. 

Eidola diagnostics and infrastructure tools test conformance against multiple industry, national and international standards and legislation.  This is an integral and objective basis to establish requirements to manage the security supply chain.

IDmachines has used these references and the resulting tools over the last decade in our consulting practice.  We have packaged solutions that simply require a connection to the target network to provide extensive services.  The Eidola platform adds value from receipt of components and their subsequent configuration, integration, installation and maintenance.  The Eidola toolbox provides the means to facilitate this without the need to install any new software or hardware on the end-user’s network.

Technicians and service providers greatly increase productivity and the value of the services they deliver, these include:

• Testing potential supply chain solutions and components for features and functionality to meet the cybersecurity and privacy challenges inherent in the deployment of security systems today.  See Eidola Application Note #3 on secure security system configurations.
• Confirming and setting configurations and functionality of system components upon receipt.
• Integrating components to determine proper network as well as device configurations.
• Maintaining components through firmware, digital certificate and configurations changes.
• Certification and accreditation of systems including the performance of security and privacy control to meet compliance and regulatory requirements and the associated reduction in security and privacy risks.
• Provide pop-up infrastructure and networks to support service and integration efforts.  The Eidola platform can be enabled in either infrastructure or diagnostic (stand among) mode.  In infrastructure mode a full set of network services are available.  Among the uses is the case where there has been a loss of network functionality.  This allows integration and maintenance to take place without the dependency of network connectivity on site.  This reduces the mean time to diagnose and repair, dependency on information technology resources and an audit trail that captures conditions met in the integration, operation and maintenance processes.

Special purpose tools to support the specific requirements of physical security systems such as the Open Supervised Device Protocol (OSDP).

IDmachines brings 30+ years of experience meeting the requirements of mission-critical, Internet-scale and extreme environments.  We look across technical, business and legal layers, listen carefully and closely to our customers’ needs and use whatever means we have available to make our clients, and their customers and supply chains, achieve the best possible outcomes.

IDmachines brings extensive subject matter and practical expertise across a range of business, legal and technical perspectives.  This approach informs everything we do at IDmachines.

Our technical consulting services include embedded engineering and development teams as well as advice on product development and roadmaps.  We are closely involved in the development of industry, national and international standards and regulations.

Our tactical consulting practices provide assessment of sales and distribution channels as well as market and competitive conditions. 

Our strategic consulting practice takes these into account to provide guidance and resources that address the dynamic challenges of the identity, security and privacy marketplaces.

End-users

IDmachines’ end-user clients include large enterprises, regulated industries, and governments. Our clients run from C-suite and cabinet-level to project and operations managers to project design and engineering support.  We provide evaluation, proof-of-concept and piloting of identity, authentication and authorization systems in our test environments.  We improve the performance of the supply chain and minimize risk across identity, security, privacy, business, technical and legal layers.

Consultants

IDmachines has established a set of requirements that have global relevance and that make the work of our consultant partners better able to achieve their clients’ desired outcomes.  We often collaborate with other teams to address gaps across logical and physical domains for cybersecurity and privacy. 

Solution Providers

IDmachines has supported many of the leading vendors and solution providers in the world in strategic, tactical and technical roles.  We have worked with vendors to develop specific capabilities around public key infrastructure (PKI), strong authentication, the Personal Identity Verification (FIPS 201) data model and other international identity, security and privacy standards.  We support sales and channel development based on our longstanding business relationships.  We bring an international perspective as our experience with global markets helps define overarching and specific requirements.

System Integrators

IDmachines works closely with system integrators through our Eidola platform and our consulting services.  This includes training and support on topics including the Open Supervised Device Protocol (OSDP), identity, PKI, cyber and network security and privacy.  We have extensive experience in government, regulated industry and critical infrastructure and in practice meet the the requirements for delivering security systems without compromise in these industries. IDmachines maintains test facilities in Massachusetts and California. We create test environments where we regularly examine the current capabilities of security solutions.  Our centers of excellence can be replicated at integrator facilities or leveraged from our locations (Eidola Kits (Ei-Kits™).  We help our system integrator customers put together functionality-based systems as opposed to vendor-based ones by leveraging standards such as OSDP and IP.