Building secure IP-based video surveillance systems

August 2013 Infrastructure

Is IP-based video surveillance really secure? This question is commonly asked by customers who have to take a decision what type of video surveillance system they want to use. IP-based video surveillance offers many advantages over traditional analogue CCTV systems but there is a fear that the system could be attacked by hackers. This fear is fuelled by newspaper articles that explain how easy it is to gain unauthorised access and to manipulate the surveillance system.

To start with, an IP-based system is as open or protected as you wish. Many users want to have open access to live videos to share information with family and friends or in Web attraction applications. However, surveillance systems have to be protected against unauthorised access both of insiders and outsiders.

There is no doubt that the usage of a standard network infrastructure for the video surveillance system has many benefits. First of all, installation and maintenance is less costly because a common infrastructure can be used for many different systems including VoIP, building management etc. IP-based video systems do not face the same limitations as standard analogue systems concerning resolution and frame rate.

Security levels

Network security has to be implemented on three levels. It should start with a definition how safe the system should be, who should use it and how and what potential exists to gain unauthorised access.

Based on this information physical security measures should be taken. And, most of all, it is vital to constantly monitor the effect of the taken measures. It is often overlooked that one of the major benefits of IP-based video surveillance systems is the usage of already existing techniques. These techniques are not specific to video and have been developed over the years to prove that they actually work.

Building a secure IP-based video surveillance system is like securing a house. A house has doors that have locks. When leaving the house windows and doors are closed and the doors are properly locked to prevent thieves to get an easy access. When there are more valuable items in the house, an alarm system will be installed. To secure a video system works in the same way. Having a public camera to show everybody the wonderful surroundings and the actual weather does not require special measures.

Password protection for the administration section of the camera might be sufficient. Having video surveillance using the corporate network requires more measures. And having a video surveillance system in a sensitive area requires even harder measures such as authentication of the network device to ensure that it is not replaced by a different source. Data traffic needs to be encrypted to prevent intruders to read and to manipulate video information. Any manipulation of the network infrastructure should result in alarm and the disabling of the part of the network.

Authentication and authorisation: Who are you and do you have permission to be here?

Creating secure communication means not only addressing security issues within a network, but between different networks and clients. Effective solutions need to control everything from the data sent over the network to who actually uses and accesses the pipeline. They not only need to authenticate and authorise the source of the message but also ensure the privacy of the communication as it flows through the network.

The first step requires the user or device to identify itself to the network and the remote endpoint – the recipient. There are a number of ways to authenticate this identity to the network or system. The most typical is through a username and password. Once the identity is authenticated, the second step is to verify whether that user or device has authority to operate as requested. Once authorisation is confirmed, the user is fully connected and allowed to send a transmission.

As a basic protection, this technology might be sufficient for installations where a high level of security is not required, or where the video network is separated from the main network to prevent authorised users from having physical access to it.

Privacy: can you keep the transmission from prying eyes?

The second step involves encrypting the communication to prevent others from using or reading the data as it travels through the network. There are a number of technology options open to integrators, each with its pros and cons.

A restrictive firewall: IP filtering

Some network cameras and video encoders use IP filtering to prevent all but one or a few IP addresses from accessing the network video components. IP filtering provides a function similar to a built-in firewall.

This technology would be a good fit for installations that require a higher level of security. Typically, you would configure the network cameras to accept commands only from the IP address of the server hosting the video management software.

A secure pathway: virtual private network

An even safer alternative is a virtual private network (VPN) which uses an encryption protocol to provide a secure tunnel between networks through which data can travel safe from prying eyes. This allows secure communications across a public network, such as the Internet, because only devices with the correct key will be able to work within the VPN itself.

A VPN typically encrypts the packets on the IP or TCP/UDP layers and above. The IP Security Protocol (IPSec) is the most commonly used VPN encryption protocol. IPSec uses different encryption algorithms: either the Triple Data Encryption Standard (3DES) or the Advanced Encryption Standard (AES). AES, which uses either 128-bit or 256-bit key lengths, offers higher security and needs considerably less computing power than 3DES to encrypt and decrypt data.

VPNs are commonly used between different offices in larger organisations, or for telecommuters connecting to the network. Remote cameras are tied into a corporate wide surveillance system in much the same way.

For more information contact Axis Communications, +27 (0)11 548 6780, [email protected], www.axis.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Hytera supports communication upgrade for Joburg
News & Events Infrastructure Government and Parastatal (Industry)
By equipping Johannesburg’s metro police and emergency services with multimode radios which integrate TETRA and LTE networks, Hytera is bridging coverage gaps and improving response times across the city.

Read more...
Combining TETRA or DMR with 5G broadband
Infrastructure IoT & Automation
As enterprises face rising complexity and connectivity demands, hybrid networks offer a transformative path, combining the proven reliability of TETRA or DMR with the innovation and coverage of 5G broadband.

Read more...
Questing for the quantum AI advantage
Infrastructure AI & Data Analytics
The clock is ticking down to the realisation of quantum AI and the sought-after ‘quantum advantage’. In many boardrooms, however, quantum remains mysterious; full of promise, but not fully understood.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
IoT-driven smart data to stay ahead
IoT & Automation Infrastructure AI & Data Analytics
In a world where uncertainty is constant, the real competitive edge lies in foresight. Businesses that turn real-time data into proactive strategies will not just survive, they will lead.

Read more...
Hydrogen is green but dangerous
Fire & Safety Infrastructure Power Management
Hydrogen infrastructure is developing quickly, but it comes with safety challenges. Hydrogen is flammable, and its small molecular size means it can leak easily. Additionally, fires caused by hydrogen are nearly invisible, making them difficult to detect and respond to.

Read more...
A whole-site solution to crack the data centre market
Fire & Safety Infrastructure Facilities & Building Management
Fire safety consultants and contractors who can offer a comprehensive fire safety solution to the data centre market can establish themselves as a supplier of a key safety features that help guarantee the smooth operation of critical infrastructure.

Read more...
Wireless network security market
Infrastructure
The wireless network security market is experiencing significant growth, driven by the increasing adoption of wireless technologies, a surge in cyberthreats, and rising demand for secure data transmission.

Read more...
Acronis and Metrofile Cloud announce partnership
Infrastructure Integrated Solutions
Acronis has appointed Metrofile Cloud as its premier disaster recovery (DR) partner in southern Africa, combining Acronis' technologies with Metrofile Cloud's local expertise to deliver secure and adaptable disaster recovery solutions for businesses across the region.

Read more...
Managing stock efficiently and cost-effectively
Asset Management Infrastructure Logistics (Industry)
Rina Redelinghuys, customer services executive at Cquential, a member of the Argility Technology Group, examines stock management across various industries, including retail, fast-moving consumer goods, food and dairy, automotive, apparel, industrial, accessories, paint and chemicals, and pharmaceuticals.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.