Safeguarding Your Video Surveillance System From Cyber Attacks
By Todd Robinson, Product Manager, March Networks
Recent high-profile attacks against video surveillance systems underscore the importance of choosing cyber secure video technology. It’s imperative to choose products you can trust from a manufacturer with a solid reputation for investing in cybersecurity and data-protection measures.
Here are some important things to consider:
What’s encrypted and what’s not?
While many video surveillance systems offer encryption in transit, complete end-to-end encryption is the highest level of data protection. This includes encryption in transit and also at rest, which is the process of encrypting data that is stored on physical media. With complete end-to-end encryption, data is encrypted as it travels from camera to recorder and from recorder to client software, as well as on stored physical media.
Operating System (OS) security
There’s much debate about the security of Linux versus Windows Operating Systems (OS) in network video recorders. I would argue that appliances with embedded Linux-based OS are more secure when they have been customized for the sole purpose of recording video. The Linux-based OS in March Networks recorders, for example, is hardened, removing unnecessary services so that there are fewer opportunities for cyberattacks.
Furthermore, when a Linux-based OS system is customized, it isn’t dependent on a third party for security updates, and there’s no risk of auto-applied system updates that could have a negative impact on the system.
Who has access?
The high-profile breach that took place earlier this year allegedly involved the use of a “super-admin” account, where one person had unlimited access to all cameras on the cloud-based system. Obviously, this type of unrestricted access is a security threat.
A good video surveillance provider should offer tight controls over user rights and management, allowing administrators to make specific profiles that give or restrict access for individuals using the system.
It’s amazing how many breaches occur due to lost or stolen passwords. A good video surveillance provider will not use fixed or hard-coded passwords on its devices, and will also encourage frequent password changes and the creation of complex passwords.
With March Networks recorders, for example, every client receives a unique one-time password for initial set up and is then prompted to change that password to a complex, multi-character one.
Scanning for ongoing threats
It’s important to consider what other features can be built into your video surveillance solution to notify you of a potential attack. Some systems have security alarms built-in, so you’ll receive an alert of any unusual attempts to access the recorder, such as repeated log-in failures or a potential distributed denial-of-service (DDoS) attack.
Choosing a video surveillance provider that constantly monitors for vulnerabilities and communicates all necessary information is also imperative so that issues can be fixed before an attack occurs. March Networks’ Security Updates and Advisories Program assesses vulnerabilities, determines how they affect the products or software you’re using, and alerts you so that it can be addressed.