Difficulties in the operation of the security alarm

Security and fire systems can be divided into two categories. The first category is the security system, where the user controls it independently (for example, via a mobile application) and responds to alarms. The second is a console alarm, i.e. when the security company is responsible for the protected object, monitors and responds to alarms, and the customer pays a subscription fee. Just about the second category here and will be discussed. I will talk about several problematic situations during operation, and touch on the development a bit.

There are now quite a lot of companies in Russia that develop security systems, and in general the security services market is actively developing. Probably, this happened historically in the 90s and 2000s, and the topic does not lose its relevance to this day. For example, only in Chelyabinsk we have three fairly large development firms and a couple of very small ones. What can I say, even if some large private security companies are trying to develop and produce security equipment for themselves. In general, Russian manufacturers occupy a large part of the security monitoring systems market. At the same time, the industry is quite narrow, there are no big monopolists, and competitors are well aware of each other. Some old firms that grabbed their market share another 15 years ago, when the competition was lower, and the demand was higher, they sat on this “needle” for a long time and didn’t invest much in development. Until recently, it all looked not very modern, but in general it worked, which is the most important thing.

During the operation of the security system often occur different incidents. Previously, for example, security devices were particularly common, sending signals to the console through a radio channel. Usually this is a range of about 150-170 MHz and the transmitter power of watts of commercials 8. Of such:


With an unfortunate set of circumstances, when such a transmitter “stuck”, he could drown out and leave almost the whole area unguarded. And then the technicians started the classic “fox hunt”. But it is not enough to find a transmitter, you need physical access to it, and as quickly as possible, which does not always work. To work in this frequency range, you need permission, and according to the law, these transmitters cannot be sold to end customers, only rented. Upon termination of the contract, the technicians arrive and pick up the transmitter, but it is not uncommon for the client to simply leave or stop paying for security, or for some other reason, the equipment “left” somewhere, because it was bought by the client except for the transmitter about which the client , of course, forgot. Instruments operating in the unregistered frequency range also have a hard time. In the city, this range is very noisy and it’s not clogged up with, work there only makes sense for very short distances.

Now, for the most part, the transfer of data from security devices is shifted to the shoulders of cellular operators, but there are also incidents. In 2013, for example, when a meteorite zhahnul over Chelyabinsk, then almost all the objects working through GPRS were lost, it was, to put it mildly, quite exciting for security companies.


But as time goes on and cellular communication becomes more reliable, and mobile Internet becomes faster, so most manufacturers use the GSM network as the main channel for delivering messages to the server and two SIM cards from different cellular operators. In this case, as a rule, all the SIM cards of protected objects are associated with one personal account and problems with it, for example, a delay in payment, leads to the fact that all objects fall out of protection. When choosing how to send an SMS about the state of the object to the client, from the device itself or centrally from the server, the choice is clearly in favor of the second (for console devices) - it is cheaper and more convenient. I remember cases when old, buggy devices, which sent SMS themselves, nearly drove old clients away, sending hundreds of SMS messages. More problems may arise if negligent technicians / installers / customers pull a SIM card out of the device and insert, say, into their tablet, spend gigabytes of traffic in some YouTube. Sim card is the property of the chop and find out who uses it (through the cellular operator and IMEI) is quite possible. The main danger is not even the fact that money is illegally spent, but that exceeding the traffic limit on the personal account again leads to the Internet being turned off for all SIM cards linked to the account. And this limit is quite realistic to exceed, since the security device in normal operation consumes quite a bit of traffic. As one of the measures to combat this kind of problems use the limitation of the maximum data transfer rate. Some security companies, under a contract with a cellular operator, generally allocate a separate subnet for their devices, prohibit access to the global Internet, and work only with their servers.

Nevertheless, part of the state structures and enterprises still prefers the radio channel, therefore, in tenders and government orders it is explicitly indicated that it should be the main channel. Speaking of tenders. A very large business, like some government agencies, can afford to set their own security system requirements, often very intricate. The manufacturer, in fact, is forced to release a separate line of devices only for them. Therefore, developers try to limit themselves to software changes in the server, console program, or firmware devices. If the tender is very bold and worthwhile, then a planned update of the hardware version can be timed for this event and kill two birds with one stone.

Summing up, it can be said, despite all the possible disadvantages, console protection is a good solution for those who want to ensure security with a minimum of problems. Especially if liability is provided.

PS: and just in case, I will show one entertaining tablet from the book by А.А. Torokina "Engineering and technical protection of information"


Nothing else, as an example of the time to overcome obstacles in the premises of a skilled attacker, equipped with technical means)