5 Ways to Protect Video Surveillance Camera Systems from Cyber Attacks
23
May, 2017
Recently, a number of high-profile cyber attacks have used IP surveillance cameras as a point of access to the organization’s IP network including governments, businesses, retailers, public safety and more. There are millions of devices that are creating vulnerabilities to organizations as the internet of things (IoT) concept is growing rapidly.
Whether IP surveillance cameras are considered an IoT device or not, they are IP devices connected to the network. And although they are intended to provide protection, surveillance cameras can also be a security exposure. Hackers can use the IP cameras as a point of entry to tap into the organization’s data or shut down the surveillance system. Both of these scenarios represent real risk that requires immediate attention.
There are a number of immediate, high-impact measures that security professionals and system integrators can take today without demanding deep expertise. Physical and IT security leaders need to make it a top-priority to address these issues.
The Following presents the top five measures to take to avoid cyber incidents:
lock-down your surveillance network
IP surveillance cameras are by nature located outside of the secure space, and often outside buildings. Unplugging the camera and replacing it with a laptop allows access to any camera on your network. This presents a great security risk.
Your network must be configured so that only the cameras you installed are allowed to communicate over the network ports. Your network must be configured only to allow certain MAC addresses on each port. With this solution in place, outside connections get thrown away and hackers can’t get to your cameras.
Setup VLANs to isolate your cameras
If the attackers can’t communicate with your cameras, they can’t attack you. Don’t put your IP surveillance cameras on the same network as your PCs and workstations. Isolate your surveillance camera network from your corporate network with virtual LANs (VLANs). Only the Network video recorders (NVRs) should be able to communicate with the IP cameras.
Update the camera passwords
Installed cameras come preconfigured with default passwords from the manufacturer that are incredibly weak and easy to guess. This can create a huge door for hackers to walk through. Hackers write programs that try hundreds of passwords very quickly to stumble on one that works. In fact, the Mirai virus works in exactly the same way, using a list of 61 passwords like “54321” or “admin.” The fact that this malware was able to infect more than 400,000 devices on the Internet speaks to how many people ignore the how passwords are important.
Setup monitoring system for suspicious events
The camera will go offline if it gets unplugged so the hacker can plug in his laptop. With that said, the hacker may try to plug the camera back in, so even a short outage should be regarded with suspicion. If a new set of firmware is uploaded, the camera will reboot. Viruses often place a load on the camera and reduce performance. You might get lucky and notice one of these during your normal use of the system, but good security takes more than luck. The best practice is to set up the system to monitor for events like these with immediate notification.
Separate logins for lower risk
IT departments discovered a long time ago that computers should use at least two logins: an administration login with full privileges and a user with a minimal amount of privileges. This separation of users minimizes the chances of a frequently used login falling into the wrong hands. Cameras should be set up the same way: one login used by the NVRs that allows for streaming video only, and an admin login that is only used on rare occasions, such as updating the firmware.
Acting tomorrow is too late
Security is more complex than ever and the convergence of physical and IT security is upon us. There are pragmatic efforts that organizations should take right away. DNF Security video surveillance solutions designed to handle the most complex video surveillance and physical security make the job easier and cost effective. Our intelligent video storage appliances are dedicated to support the unique needs and requirements of video surveillance, providing our customers with enhanced storage protection, redundancy, high availability, and superior scalability in each configuration.
The Falcon series of video storage appliances provide advanced storage technology that meets the most demanding and sophisticated surveillance environments. Falcon VME engines balance the load and keep the camera LAN separate from the storage SAN for increased security.