Securing security systems

CCTV Handbook 2015 Surveillance

Francois Malan.
Francois Malan.

This year hackers have exposed some serious flaws regarding the security of surveillance systems on our networks. In particular, what is also apparent, is that network video recorders cannot be administrated or secured by traditional network tools. At best they can be isolated.

The greatest concern is that this information is freely available on the Web for any weekend hacker to gain access, and how easily embedded appliances can be compromised. A trend that has developed is that IT professionals are choosing Windows-based server appliances for video surveillance recording, simply because these are easier to administer and secure.

The following is a basic check list to safeguard against hacking:

1. Windows Server for recording video

IT professionals can secure a Windows recording server as part of their domain, they generally cannot manage an embedded network video recorder. Using a Windows server allows the IT department to apply group policy, use a domain server for central password administration and apply updates and virus patches. Not using a Windows server gives hackers or viruses a platform to attack an entire network or simply render the device or information on the device useless. Using an embedded NVR adds uncertainty and therefore risk to an enterprise network.

2. Password management

Most sites are compromised because of poor password management and using default or simple passwords. Often installers use a set of default passwords for all their sites, these passwords are never erased from the system, even after the company is long gone, leaving a backdoor. A Windows Active Directory allows for central password management for Windows devices on the domain. This allows for an audit trail of individual user activity and a central control of all passwords. It is also important to change all default passwords on cameras after installation.

3. Segment network

Segmenting a network can be done with a recording sever with two or more network adapters; typically one adapter is used to access the camera side of the network and the other network adapter is presented to the control room. This allows a user to use a good video management platform to control who sees which cameras, and does not expose the whole camera network to a would-be-hacker that wants to see something he should not.

Best practice would be to have a completely separate network for security equipment or implement VLANS between existing networks. Additional networks should be setup to monitor any unauthorised devices.

4. Secure video feed

We have spoken about changing the password on the camera, but it would be important to also secure the video feed to the recording server so that no one else has access. Cameras could also support a white list of IP addresses that may log onto them and camera logs can be checked for unauthorised access.

5. VPN (Virtual Private Network)

It is recommend to use a VPN when connecting remotely via the Internet to view video. Using port forwarding on a router is the industry standard, but this method allows a hole in your firewall and exposes devices to the Internet. There are websites that can provide a list of these exposed devices geographical for a small fee.

Some reference articles from the Web

73 000 surveillance cameras hacked by one website: http://goo.gl/xehmSE

Chinese surveillance camera supplier confirms hacking loophole: http://goo.gl/Ne9T1s

Hackers can delete surveillance DVRs remotely – report: http://goo.gl/M75lY9

About the Hikvision zombification: http://goo.gl/2MN92L

Hackers turn security camera DVRs into worst Bitcoin miners ever: http://goo.gl/X6x8PW





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Hikvision launches AcuSeek NVR
Surveillance Products & Solutions AI & Data Analytics
By integrating natural language interaction, Hikvision’s AcuSeek NVR enables precise video and image retrieval within seconds, marking a transformative milestone for the security industry's advance into intelligent and efficient applications.

Read more...
2025 video surveillance market set for improved fortunes
News & Events Surveillance
Novaira Insights has unveiled its latest report, World Market for Video Surveillance Hardware and Software – 2025 Edition, forecasting a healthy growth rate of 8,1% until 2029, excluding China.

Read more...
Dallmeier and Hexagon form a technology partnership
Surveillance
Dallmeier and Hexagon have agreed to form a technology partnership, which will see the two companies combine their expertise to develop integrated security solutions for various application areas, particularly critical infrastructures.

Read more...
Analyse, automate, and optimise logistics processes
neaMetrics Surveillance Transport (Industry) Products & Solutions Logistics (Industry)
In today’s rapidly evolving logistics sector, the pressure to improve process efficiency, optimise resource usage, and ensure seamless security is more intense than ever. Smart, proactive surveillance is no longer a luxury — it is a critical operational necessity.

Read more...
Safer spaces through smart surveillance
NEC XON Surveillance
Advances in facial recognition technology are transforming surveillance from a mere recording tool into an intelligent, integrated system that enhances real-time safety, moving beyond the traditional expansion of CCTV efforts.

Read more...
Next generation of AI-powered video telematics
IoT & Automation Surveillance Transport (Industry)
Webfleet, Bridgestone’s fleet management solution in South Africa, has launched Webfleet Video 2.0, an AI-powered solution designed to enhance fleet safety, security, compliance with local regulations and operational efficiency through real-time video insights.

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
Smart cities and the role of video security
Surveillance Integrated Solutions
As cities around the world continue to embrace smart technology, including IoT that not only connects to people, but also the surrounding activity, the integration of advanced video security systems is crucial to ensure safety and efficiency in environments.

Read more...
How intrusion protection helps secure O&G operations
Surveillance Perimeter Security, Alarms & Intruder Detection Industrial (Industry)
For O&G operators in Africa, physical security remains one of the biggest considerations, particularly when it comes to perimeter protection and the ability to mitigate intruder-related incidents.

Read more...
Axis secures the Waterfront
Surveillance Entertainment and Hospitality (Industry) Retail (Industry)
Axis Communications shares insight into its longstanding partnership with the V&A Waterfront, one of Africa’s premier retail and mixed-use precincts, through its latest, updated customer success story.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.