Know the loopholes in your burglar system

By Muthoga Kioni

This week I want to commence a three part series on burglar alarm attacks. The first of such attacks is the Denial of Service (DoS) attack. This kind of attack has evolved to include devices outside the traditional computer context.

A DoS attack is basically an attempt to make a computer resource unavailable to its intended users by saturating the target machine with numerous communications requests. The target is, therefore, unable to respond to legitimate traffic and either slows down or consumes its processing resources to the point that it can no longer communicate adequately. Imagine hundreds of people simultaneously shouting legitimate instructions at you over a prolonged time. This is how a DoS attack works.

These attacks have slowly crept into burglar alarms. Sophisticated burglars are today more likely to attack the communication cabling between the sensors and the alarm controller.

As computers and communications have converged, alarms have increasingly become digitised. They have either leased lines or use a packet radio service to communicate to a Control Room.

Independent communication

For the packet radio service, a DoS attack is done on the alarm network by intercepting and re-conveying the packets to set off several random alarms.

It is, therefore, important to have two independent means of communication — a leased line and a packet radio service.

You can also have two antennae which will send an alarm if the other is tampered with. Next week I will outline other ways to attack burglar alarms.

NB: Some weeks ago, I wrote about certification for ICT security professionals. For those interested, the Certified Information Systems Security Professional (CISSP) and other ISC2 exams will be offered in Nairobi for the first time on July 11. In the past, Kenyans had to travel mainly to South Africa and Dubai for the exams. Kenya has 11 CISSP certified individuals. Mr Dismas Ong’ondi, one of the certified CISSP’s has agreed to assist in understanding the exam structure and requirements to aspiring candidates. In addition, K-90EA and LANet have organised CISSP boot camps for the forthcoming exams in late May and late June respectively. My commendation and support goes to all parties who have worked so hard to bring the exams locally. This is a boon to the local ICT Security professionals and industry.

—The writer is an ICT Security and Forensic Specialist. Email: [email protected]