How Cyber-Secure Are Your IP Video Surveillance Devices?
Ask yourself: How secure is your network? IP video surveillance devices are another node on your network and need to be treated with the same care that you take to secure your wireless access points, printer connections, scanners and other traditional network-attached technology. Any network node left unprotected could become a potential threat to overall network security.
Let’s look at three key things you can do now to help secure your network:
1. Understand your risk
When it comes to securing your network, ignorance is not bliss. Knowing your risks will help you determine what you need to do to harden your network connections. First, identify what assets need protection and then investigate what threats or vulnerabilities pose a risk to those assets. Once you have that information in hand you can decide whether those risks are worth mitigating.
Two simple ways to consider your risk include asking:
- Do you need to separate any data on your network? Separating network resources that shouldn’t interact or have no need to interact with each other increases overall network protection levels and assists in optimizing resource management. This can be done either through physical wiring or a VLAN.
- Do you have non-traditional network devices on your network? One recent, highly publicized and massive retail customer data breach stemmed from the hijacked login credentials of a third-party HVAC service provider. As a result, confidential customer data was compromised. The moral of the story? Keep a close eye on all network-connected systems. They could be your Achille's Heel when it comes to securing sensitive corporate and client data. Once you understand what impact a successful breach might have on your business–financial penalties, loss of company reputation and market share, or perhaps negligible repercussions–you can plan your security spending accordingly.
2. Secure your network ports
Your network ports are the door to outside intruders. Consider these three cyber-security best practices.
- User/administrator credential management: Credential management can be as simple as changing default logins and passwords from factory defaults. You can add another layer of protection by creating separate user and administrative logins, passwords and privileges. IT can install other credential security measures, such as multifactor authentication if the camera/access control manufacturer supports this feature. Many of the major VMS application platforms can help you automate the setup and maintenance of those attached device credentials.
- Physical port security: The simplest network standard authentication measure you can deploy is a port-based MAC address lockdown that requires manual provisioning when a port link is lost and then recovered. Other options depend on which measures are supported by the cameras and access control devices you’ve installed. For instance, many cameras support basic .X or RADIUS client for edge device authentication. Some camera manufactures support PKI or token-based resident certificate authentication. The bottom line is that you should include port-based/edge-connection cyber security on all your network edge devices no matter what they are. The cyber security of those devices should align with the high security standards your company already has in place to protect other devices and data residing on the network.
- Video and data flow protection: Protecting the transmission of video or data focuses on preventing the wrong people from putting eyes on or having access to your organization’s video. The goal is to protect the data flowing from end to end: from the camera or access control device through the network to the server and ultimately the storage devices. Network camera and access control system encryption generally adhere to IT methodologies standards such as .x, SSL/TLS, HTTPS and PKI certificates. There are also appliance-based heavier encryption methods available. Since video transmissions are extremely sensitive to transmission latency, anything short of zero latency encryption will likely disrupt recoding capabilities. Make sure to research what options you have based on your installed hardware and software.
3. Know what security options are out there
Cyber security is a fast-paced topic that is only as current as the latest information. Keep yourself current on encryption and other physical security technologies that are on the horizon. You can start by surfing the Web for online content or attending seminars and trade shows that focus on physical security or IT. Get in front of cyber challenges and harden your network with a unique solution to fit your infrastructure.
Vince Ricco is Business Development Manager for Axis Communications Technology Partner Program in North America. Guest blogs such as this one are published monthly and are part of The VAR Guy's annual platinum sponsorship.