Building secure IP-based video surveillance systems

August 2013 IT infrastructure

Is IP-based video surveillance really secure? This question is commonly asked by customers who have to take a decision what type of video surveillance system they want to use. IP-based video surveillance offers many advantages over traditional analogue CCTV systems but there is a fear that the system could be attacked by hackers. This fear is fuelled by newspaper articles that explain how easy it is to gain unauthorised access and to manipulate the surveillance system.

To start with, an IP-based system is as open or protected as you wish. Many users want to have open access to live videos to share information with family and friends or in Web attraction applications. However, surveillance systems have to be protected against unauthorised access both of insiders and outsiders.

There is no doubt that the usage of a standard network infrastructure for the video surveillance system has many benefits. First of all, installation and maintenance is less costly because a common infrastructure can be used for many different systems including VoIP, building management etc. IP-based video systems do not face the same limitations as standard analogue systems concerning resolution and frame rate.

Security levels

Network security has to be implemented on three levels. It should start with a definition how safe the system should be, who should use it and how and what potential exists to gain unauthorised access.

Based on this information physical security measures should be taken. And, most of all, it is vital to constantly monitor the effect of the taken measures. It is often overlooked that one of the major benefits of IP-based video surveillance systems is the usage of already existing techniques. These techniques are not specific to video and have been developed over the years to prove that they actually work.

Building a secure IP-based video surveillance system is like securing a house. A house has doors that have locks. When leaving the house windows and doors are closed and the doors are properly locked to prevent thieves to get an easy access. When there are more valuable items in the house, an alarm system will be installed. To secure a video system works in the same way. Having a public camera to show everybody the wonderful surroundings and the actual weather does not require special measures.

Password protection for the administration section of the camera might be sufficient. Having video surveillance using the corporate network requires more measures. And having a video surveillance system in a sensitive area requires even harder measures such as authentication of the network device to ensure that it is not replaced by a different source. Data traffic needs to be encrypted to prevent intruders to read and to manipulate video information. Any manipulation of the network infrastructure should result in alarm and the disabling of the part of the network.

Authentication and authorisation: Who are you and do you have permission to be here?

Creating secure communication means not only addressing security issues within a network, but between different networks and clients. Effective solutions need to control everything from the data sent over the network to who actually uses and accesses the pipeline. They not only need to authenticate and authorise the source of the message but also ensure the privacy of the communication as it flows through the network.

The first step requires the user or device to identify itself to the network and the remote endpoint – the recipient. There are a number of ways to authenticate this identity to the network or system. The most typical is through a username and password. Once the identity is authenticated, the second step is to verify whether that user or device has authority to operate as requested. Once authorisation is confirmed, the user is fully connected and allowed to send a transmission.

As a basic protection, this technology might be sufficient for installations where a high level of security is not required, or where the video network is separated from the main network to prevent authorised users from having physical access to it.

Privacy: can you keep the transmission from prying eyes?

The second step involves encrypting the communication to prevent others from using or reading the data as it travels through the network. There are a number of technology options open to integrators, each with its pros and cons.

A restrictive firewall: IP filtering

Some network cameras and video encoders use IP filtering to prevent all but one or a few IP addresses from accessing the network video components. IP filtering provides a function similar to a built-in firewall.

This technology would be a good fit for installations that require a higher level of security. Typically, you would configure the network cameras to accept commands only from the IP address of the server hosting the video management software.

A secure pathway: virtual private network

An even safer alternative is a virtual private network (VPN) which uses an encryption protocol to provide a secure tunnel between networks through which data can travel safe from prying eyes. This allows secure communications across a public network, such as the Internet, because only devices with the correct key will be able to work within the VPN itself.

A VPN typically encrypts the packets on the IP or TCP/UDP layers and above. The IP Security Protocol (IPSec) is the most commonly used VPN encryption protocol. IPSec uses different encryption algorithms: either the Triple Data Encryption Standard (3DES) or the Advanced Encryption Standard (AES). AES, which uses either 128-bit or 256-bit key lengths, offers higher security and needs considerably less computing power than 3DES to encrypt and decrypt data.

VPNs are commonly used between different offices in larger organisations, or for telecommuters connecting to the network. Remote cameras are tied into a corporate wide surveillance system in much the same way.

For more information contact Axis Communications, +27 (0)11 548 6780, roy.alves@axis.com, www.axis.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Reinventing network camera security
Issue 1 2020, Axis Communications SA , CCTV, Surveillance & Remote Monitoring
Now in its seventh generation and celebrating its 20th anniversary, the Axis ARTPEC chip was launched in 1999 designed to optimise network video.

Read more...
Video surveillance multicast networks made easy
Issue 1 2020, Duxbury Networking , IT infrastructure
Many businesses are struggling to realise the full potential of modern video surveillance technology due to limitations of the underlying network.

Read more...
Three data protection predictions for 2020
Issue 1 2020 , IT infrastructure
Byron Horn-Botha from Arcserve Southern Africa relates the company’s top three data predictions to be on the alert for in 2020.

Read more...
Axis gives a brighter future for children
Issue 1 2020, Axis Communications SA , Editor's Choice
Fully networked camera solution provides visibility and accountability, letting orphanage focus on what’s important – its children.

Read more...
An open foundation for 2020
Issue 1 2020 , IT infrastructure
The migration to open hybrid cloud technologies will be the way to go as we head into the new decade.

Read more...
Will 5G be the answer to all prayers?
Issue 1 2020 , IT infrastructure
There is a lot of understandable confusion about the role Wi-Fi will play once 5G arrives, and how they might work together.

Read more...
So what is 5G?
Issue 1 2020 , IT infrastructure
With all the noise about 5G, Hi-Tech Security Solutions asked Deon Geyser, head of the Southern Africa sub region at Nokia for some insights.

Read more...
Traffic doesn’t have to be this way
Issue 1 2020, Dahua Technology South Africa, Axis Communications SA , CCTV, Surveillance & Remote Monitoring
More effective traffic management is something that would save us all a lot of frustration and wasted time, and it’s one of the areas where AI and big data can have a significant impact.

Read more...
Securing perimeters of secure locations
November 2019, Axis Communications SA, Modular Communications, Hikvision South Africa, Nemtek Electric Fencing Products, Technews Publishing, Stafix , Government and Parastatal (Industry), Perimeter Security, Alarms & Intruder Detection, Integrated Solutions
Hi-Tech Security Solutions asked a number of companies offering perimeter security solutions for their insights into protecting the boundaries of national key points.

Read more...
What are the cybersecurity issues in video surveillance?
November 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
he importance of the data captured by surveillance cameras – and what can be done with it – has led to a new breed of cybercriminals, looking for insights to steal and sell.

Read more...