Given all of the high-profile data breaches that have made headlines recently, the issue of securing surveillance camera networks and other physical security systems has become a hot topic in the security industry of late. With an ever-increasing number of security sensors becoming internet-connected as the industry continues to migrate to IP-based technology, there is realistic possibility that those devices could be accessed by hackers or potentially used as a gateway to enter the larger corporate network.
Perhaps the larger threat that has many systems integrators and end users concerned is that of cyber criminals using unsecured cameras and other devices as a means through which they can penetrate an organization’s network to gain access to sensitive information.
Here is a look at the few best practice topics and how organizations can go about shoring up their safeguards in each of these areas:
Camera Passwords
The security industry has been notorious for leaving default usernames and passwords in place on cameras when they are installed. The problem with this practice is that these usernames and passwords can be easily discovered with a simple internet search which makes them easy prey for hackers.
Port Forwarding
In order to give users remote access to their video systems, an HTTP server must be exposed to the internet to be able to serve up those video feeds. The best practice to prevent against threats posed by port forwarding really depends on the architecture of the network. If it is a traditional system with an NVR, only the minimum number of ports should be forwarded and the organization should implement some type of next-generation firewall.
Firewalls
Firewalls are one of the most complex and misunderstood mechanisms for protecting any network – security or otherwise –from threats that lurk in cyberspace. For this reason, those with traditional surveillance system architectures should consult a professional network security expert to verify and configure their firewall.
Network Topology
Mixing surveillance camera systems with a standard corporate IT network can be a recipe for disaster as it creates doorways for hackers to enter into the main network. An increasing number of DVRs and NVRs are being connected to the internet and many of them are shipped without any antivirus protection on them. One of the problems is that there are numerous applications running on these appliances which, if not properly patched, leave openings for hackers. The best practice, in this case, is to place the camera network on a physically separate network or else should use Virtual LANs.
Operating Systems & Passwords
The threats against operating system are well documented and all surveillance systems run on one of these operating systems, typically Windows or Linux in most cases. Due to the number of exploits that exist, it is critical that organizations know the operating system their network runs on as well as the version used so that their IT team can track, monitor and patch against these vulnerabilities as they become known. As with cameras, there are quite a large number of users that leverage weak passwords for gaining access to their operating system. Once strong passwords are implemented on the cameras and operating systems, administrators should also not forget to do the same for their surveillance system as a whole. Organizations should enforce the same quality passwords with equally stringent requirements for those people that are granted access to the video network.
Remote Access
One of the biggest trends in video surveillance over the past several years has been the drive to push real-time and recorded video to people in the field via mobile devices. With the proliferation of mobile video also comes risk.
For more information on Best Security & Surveillance Solutions for your Business, please contact Hutaib InfoTech Solutions atinfo@hutaibinfotech.com / www.securitysolutionsdubai.com. Our experts will walk you through the Solutions to arm you with the knowledge and best practices to keep you ahead of the curve.
