Glossary for hardening Security Center - Security Center 5.11

Security Center Hardening Guide 5.11

Applies to
Security Center 5.11
Last updated
2022-10-12
Content type
Guides > Administrator guides
Language
English (United States)
Product
Security Center
Version
5.11

action

An action is a user-programmable function that can be triggered as an automatic response to an event, such as door held open for too long or object left unattended, or that can be executed according to a specific time table.

Active Directory

Active Directory is a directory service created by Microsoft, and a type of role that imports users and cardholders from an Active Directory and keeps them synchronized.

Active Directory (AD)

Acronym: AD

Activity trails

The Activity trails task is a maintenance task that reports on the user activity related to video, access control, and ALPR functionality. This task can provide information such as who played back which video recordings, who used the Hotlist and permit editor, who enabled hotlist filtering, and much more.

Archiver

The Archiver role is responsible for the discovery, status polling, and control of video units. The Archiver also manages the video archive and performs motion detection if it is not done on the unit itself.

archive transfer

Archive transfer is the process of transferring your video data from one location to another. The video is recorded and stored on the video unit itself or on an Archiver storage disk, and then the recordings are transferred to another location.

Area activities

The Area activities task is an investigation task that reports on access control events pertaining to selected areas.

Auxiliary Archiver

The Auxiliary Archiver role supplements the video archive produced by the Archiver role. Unlike the Archiver role, the Auxiliary Archiver role is not bound to any particular discovery port, therefore, it can archive any camera in the system, including cameras federated from other Security Center systems. The Auxiliary Archiver role cannot operate independently; it requires the Archiver role to communicate with video units.

automatic license plate recognition

Automatic license plate recognition (ALPR) is an image processing technology used to read license plate numbers. ALPR converts license plate numbers cropped from camera images into a database searchable format.

automatic license plate recognition (ALPR)

Acronym: ALPR

automatic enrollment

Automatic enrollment is when new IP units on a network are automatically discovered by and added to Security Center. The role that is responsible for the units broadcasts a discovery request on a specific port, and the units listening on that port respond with a message that contains the connection information about themselves. The role then uses the information to configure the connection to the unit and enable communication.

AutoVu™

The AutoVu™ automatic license plate recognition (ALPR) system automates license plate reading and identification, making it easier for law enforcement and for municipal and commercial organizations to locate vehicles of interest and enforce parking restrictions. Designed for both fixed and mobile installations, the AutoVu™ system is ideal for a variety of applications and entities, including law enforcement, municipal, and commercial organizations.

bookmark

A bookmark is an indicator of an event or incident that is used to mark a specific point in time in a recorded video sequence. A bookmark also contains a short text description that can be used to search for and review the video sequences at a later time.

camera (Security Center)

A camera entity represents a single video source in the system. The video source can either be an IP camera, or an analog camera that connects to the video encoder of a video unit. Multiple video streams can be generated from the same video source.

cardholder

A cardholder entity represents a person who can enter and exit secured areas by virtue of their credentials (typically access cards) and whose activities can be tracked.

cardholder group

A cardholder group is an entity that defines the common access rights of a group of cardholders.

certificate authority

A certificate authority or certification authority (CA) is an entity or organization that signs identity certificates and attests to the validity of their contents. The CA is a key component of the public-key infrastructure (PKI)

certificate authority (CA)

Acronym: CA

credential

A credential entity represents a proximity card, a biometrics template, or a PIN required to gain access to a secured area. A credential can only be assigned to one cardholder at a time.

digital certificate

A digital certificate, also known as X.509 certificate, is a digitally signed document that binds the identity of the certificate owner (a person, a computer, or an organization) to a pair of electronic encryption keys. Digital certificates are used for identity verification, asymmetric cryptography, data-in-transit security, and so on. Digital certificates are the basis for the HTTPS protocol.

digital signature

A digital signature is cryptographic metadata added to video frames by the Archiver or Auxiliary Archiver to ensure their authenticity. If a video sequence is manipulated by adding, deleting, or modifying frames, the signature of the modified content will differ from the original, indicating that the video sequence has been tampered with.

Directory gateway

Directory gateways allow Security Center applications located on a non-secured network to connect to the main server that is behind a firewall. A Directory gateway is a Security Center server that acts as a proxy for the main server. A server cannot be both a Directory server and a Directory gateway; the former must connect to the Directory database, while the latter must not, for security reasons.

Directory server

A Directory server is any one of the multiple servers simultaneously running the Directory role in a high availability configuration.

discovery port

A discovery port is a port used by certain Security Center roles (Access Manager, Archiver, ALPR Manager) to find the units they are responsible for on the LAN. No two discovery ports can be the same on one system.

encryption certificate

An encryption certificate, also known as a digital certificate or public-key certificate, is an electronic document that contains a public and private key pair used in Security Center for fusion stream encryption. Information encrypted with the public key can only be decrypted with the matching private key.

event

An event indicates the occurrence of an activity or incident, such as access denied to a cardholder or motion detected on a camera. Events are automatically logged in Security Center. Every event has an entity as its main focus, called the event source.

Federation™

The Federation™ feature joins multiple, independent Genetec™ IP security systems into a single virtual system. With this feature, users on the central Security Center system can view and control entities that belong to remote systems.

fusion stream encryption

Fusion stream encryption is a proprietary technology of Genetec Inc. used to protect the privacy of your video archives. The Archiver uses a two-level encryption strategy to ensure that only authorized client machines or users with the proper certificates on smart cards can access your private data.

Genetec™ Server

Genetec™ Server is the Windows service that is at the core of Security Center architecture, and that must be installed on every computer that is part of the Security Center's pool of servers. Every such server is a generic computing resource capable of taking on any role (set of functions) you assign to it.

Genetec™ Update Service

The Genetec™ Update Service (GUS) is automatically installed with most Genetec™ products and enables you to update products when a new release becomes available.

Genetec™ Update Service (GUS)

Acronym: GUS

Global Cardholder Synchronizer

The Global Cardholder Synchronizer role ensures the two-way synchronization of shared cardholders and their related entities between the local system (sharing guest) where it resides and the central system (sharing host).

Global Cardholder Synchronizer (GCS)

Acronym: GCS

Hardware inventory

The Hardware inventory task is a maintenance task that reports on the characteristics (unit model, firmware version, IP address, time zone, and so on) of access control, video, intrusion detection, and ALPR units in your system.

identity certificate

An identity certificate is a digital certificate used to authenticate one party to another in a secure communication over a public network. Identity certificates are generally issued by an authority that is trusted by both parties, called a certificate authority (CA).

identity provider

An identity provider is a trusted, external system that administers user accounts, and is responsible for providing user authentication and identity information to relying applications over a distributed network.

LPM protocol

The License Plate Management (LPM) protocol provides a Sharp camera with a secure and reliable connection to Security Center. When The LPM protocol is enabled on a Sharp camera, the protocol manages the camera’s connection to the ALPR Manager role.

load balancing

Load balancing is the distribution of workload across multiple computers.

macro

A macro is an entity that encapsulates a C# program that adds custom functionalities to Security Center.

main server

The main server is the only server in a Security Center system hosting the Directory role. All other servers on the system must connect to the main server to be part of the same system. In a high availability configuration where multiple servers host the Directory role, it is the only server that can write to the Directory database.

Map Manager

The Map Manager is the central role that manages all mapping resources in Security Center, including imported map files, external map providers, and KML objects. It acts as the map server for all client applications that require maps and as the record provider for all Security Center entities placed on georeferenced maps.

Media Router

The Media Router role is the central role that handles all stream requests (audio and video) in Security Center. It establishes streaming sessions between the stream source, such as a camera or an Archiver, and its requesters (client applications). Routing decisions are based on the location (IP address) and the transmission capabilities of all parties involved (source, destinations, networks, and servers).

Media Gateway

The Media Gateway role is used by Genetec™ Mobile, Web Client, and the Genetec™ Web App to get transcoded video from Security Center. The Media Gateway role supports the Real Time Streaming Protocol (RTSP), which external applications can use to request raw video streams from Security Center.

multi-factor authentication

Multi-factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Multi-Factor Authentication (MFA)

Acronym: MFA

Genetec Mission Control™

Genetec Mission Control™ is a collaborative decision management system that provides organizations with new levels of situational intelligence, visualization, and complete incident management capabilities. It allows security personnel to make the right decision when faced with routine tasks or unanticipated situations by ensuring a timely flow of information. To learn more about Genetec Mission Control™, refer to the Genetec™ resource center.

Mobile Server

The Mobile Server role provides Security Center access on mobile devices.

Omnicast™

Security Center Omnicast™ is the IP video management system (VMS) that provides organizations of all sizes the ability to deploy a surveillance system adapted to their needs. Supporting a wide range of IP cameras, it addresses the growing demand for HD video and analytics, all the while protecting individual privacy.

partition

A partition is an entity in Security Center that defines a set of entities that are only visible to a specific group of users. For example, a partition could include all areas, doors, cameras, and zones in one building.

Plan Manager

(Obsolete) Plan Manager is a module of Security Center that provides interactive mapping functionality to better visualize your security environment. The Plan Manager module has been replaced by the Security Center role, Map Manager, since version 5.4 GA.

privacy protection

In Security Center, privacy protection is software that anonymizes or masks parts of a video stream where movement is detected. The identity of individuals or moving objects is protected, without obscuring movements and actions or preventing monitoring.

private task

A private task is a saved task that is only visible to the user who created it.

task cycling

A task cycling is a Security Desk feature that automatically cycles through all tasks in the active task list following a fixed dwell time.

third-party authentication

Third-party authentication uses a trusted, external identity provider to validate user credentials before granting access to one or more IT systems. The authentication process returns identifying information, such as a username and group membership, that is used to authorize or deny the requested access.

recording mode

Recording mode is the criteria by which the system schedules the recording of video streams. There are four possible recording modes:
  • Continuous. Records continuously.
  • On motion/Manual. Records according to motion detection settings, and when a user or system action requests it.
  • Manual. Records only when a user or system action requests it.
  • Off. No recording is permitted.

restricted camera

Restricted cameras are cameras that Genetec Inc. has identified as cybersecurity risks.

Security Center Mobile

(Obsolete) See Mobile Server and Genetec™ Mobile.

self-signed certificate

A self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies, as opposed to a certificate authority (CA). Self-signed certificates are easy to make and do not cost money. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.

sharing guest

A sharing guest is a Security Center system that has been given the rights to view and modify entities owned by another Security Center system, called the sharing host. Sharing is done by placing the entities in a global partition.

sharing host

A sharing host is a Security Center system that gives the right to other Security Center systems to view and modify its entities by putting them up for sharing in a global partition.

SharpV

SharpV is a Sharp unit that is specialized for fixed installations and is ideally suited for a range of applications, from managing off-street parking lots and facilities to covering major city access points to detect wanted vehicles. SharpV combines two high-definition cameras (1.2MP) with onboard processing and illumination in a ruggedized, environmentally sealed unit. Both lenses are varifocal for ease of installation and the camera is powered via PoE+.

SharpX

SharpX is the camera component of the SharpX system. The SharpX camera unit integrates a pulsed LED illuminator that works in total darkness (0 lux), a monochrome ALPR camera (1024 x 946 @ 30 fps), and a color context camera (640 x 480 @ 30 fps). The ALPR data captured by the SharpX camera unit is processed by a separate hardware component called the AutoVu™ ALPR Processing Unit.

Sharp Portal

Sharp Portal is a web-based administration tool used to configure Sharp cameras for AutoVu™ systems. From a web browser, you log on to a specific IP address (or the Sharp name in certain cases) that corresponds to the Sharp you want to configure. When you log on, you can configure options such as selecting the ALPR context (for example, Alabama, Oregon, Quebec), selecting the read strategy (for example, fast moving or slow moving vehicles), viewing the Sharp’s live video feed, and more.

Synergis™

Security Center Synergis™ is the IP access control system (ACS) that heightens your organization’s physical security and increases your readiness to respond to threats. Synergis™ supports an ever-growing portfolio of third-party door control hardware and electronic locks. Using Synergis™, you can leverage your existing investment in network and security equipment.

Secure Socket Layer

The Secure Sockets Layer (SSL) is a computer networking protocol that manages server authentication, client authentication and encrypted communication between servers and clients.

Secure Socket Layer (SSL)

Acronym: SSL

Transport Layer Security

Transport Layer Security (TLS) is a protocol that provides communications privacy and data integrity between two applications communicating over a network. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

Transport Layer Security (TLS)

Acronym: TLS

user level (Security Center)

A user level is a numeric value assigned to users to restrict their ability to perform certain operations, such as controlling a camera PTZ, viewing the video feed from a camera, or staying logged on when a threat level is set. Level 1 is the highest user level, with the most privileges.

video analytics

Video analytics is the software technology that is used to analyze video for specific information about its content. Examples of video analytics include counting the number of people crossing a line, detection of unattended objects, or the direction of people walking or running.

video archive

A video archive is a collection of video, audio, and metadata streams managed by an Archiver or Auxilliary Archiver role. These collections are catalogued in the archive database that includes camera events linked to the recordings.

video sequence

A video sequence is any recorded video stream of a certain duration.

video unit

A video unit is a video encoding or decoding device that is capable of communicating over an IP network and that can incorporate one or more video encoders. The high-end encoding models also include their own recording and video analytics capabilities. Cameras (IP or analog), video encoders, and video decoders are all examples of video units. In Security Center, a video unit refers to an entity that represents a video encoding or decoding device.

VSIP port

The VSIP port is the name given to the discovery port of Verint units. A given Archiver can be configured to listen to multiple VSIP ports.