Securing security systems

April 2015 CCTV, Surveillance & Remote Monitoring

Francois Malan.
Francois Malan.

This year hackers have exposed some serious flaws regarding the security of surveillance systems on our networks. In particular, what is also apparent, is that network video recorders cannot be administrated or secured by traditional network tools. At best they can be isolated.

The greatest concern is that this information is freely available on the Web for any weekend hacker to gain access, and how easily embedded appliances can be compromised. A trend that has developed is that IT professionals are choosing Windows-based server appliances for video surveillance recording, simply because these are easier to administer and secure.

The following is a basic check list to safeguard against hacking:

1. Windows Server for recording video

IT professionals can secure a Windows recording server as part of their domain, they generally cannot manage an embedded network video recorder. Using a Windows server allows the IT department to apply group policy, use a domain server for central password administration and apply updates and virus patches. Not using a Windows server gives hackers or viruses a platform to attack an entire network or simply render the device or information on the device useless. Using an embedded NVR adds uncertainty and therefore risk to an enterprise network.

2. Password management

Most sites are compromised because of poor password management and using default or simple passwords. Often installers use a set of default passwords for all their sites, these passwords are never erased from the system, even after the company is long gone, leaving a backdoor. A Windows Active Directory allows for central password management for Windows devices on the domain. This allows for an audit trail of individual user activity and a central control of all passwords. It is also important to change all default passwords on cameras after installation.

3. Segment network

Segmenting a network can be done with a recording sever with two or more network adapters; typically one adapter is used to access the camera side of the network and the other network adapter is presented to the control room. This allows a user to use a good video management platform to control who sees which cameras, and does not expose the whole camera network to a would-be-hacker that wants to see something he should not.

Best practice would be to have a completely separate network for security equipment or implement VLANS between existing networks. Additional networks should be setup to monitor any unauthorised devices.

4. Secure video feed

We have spoken about changing the password on the camera, but it would be important to also secure the video feed to the recording server so that no one else has access. Cameras could also support a white list of IP addresses that may log onto them and camera logs can be checked for unauthorised access.

5. VPN (Virtual Private Network)

It is recommend to use a VPN when connecting remotely via the Internet to view video. Using port forwarding on a router is the industry standard, but this method allows a hole in your firewall and exposes devices to the Internet. There are websites that can provide a list of these exposed devices geographical for a small fee.

Some reference articles from the Web

73 000 surveillance cameras hacked by one website:

Chinese surveillance camera supplier confirms hacking loophole:

Hackers can delete surveillance DVRs remotely – report:

About the Hikvision zombification:

Hackers turn security camera DVRs into worst Bitcoin miners ever:


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Securing Savannah Hills Estate
August 2019, Rhyco Risk Projects , CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection
Savannah Hills Estate in Midrand planned a security upgrade which was awarded to Rhyco Risk Projects. The project started in March 2019 and was completed in May 2019.

10 things to consider when shopping for a VMS
August 2019, Genetec , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Today’s video management systems (VMS) provide a wide range of tools and capabilities that help make security personnel more efficient by allowing them to focus on what really matters.

How far are we really at with artificial intelligence?
August 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Residential Estate (Industry)
Justin Ludik unpacks exactly how far AI has come and what it potentially can do for society and more importantly, surveillance.

Enhancing security with AI
August 2019, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring
Hikvision explains how residential estates can revolutionise their security strategies and outcomes with artificial intelligence.

More than simply a camera
August 2019, Forbatt SA, Secutel Technologies , CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
With the human element being the weakest link in all security solutions, Hi-Tech Security Solutions looks at the pros and cons of using body-worn cameras in estates.

The importance of effective perimeter security
August 2019, Elf Rentals - Electronic Security Solutions, Stafix , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Protecting the perimeter is critical for any residential estate; how does one go about making sure your perimeter is as secure as possible?

Security playing speedcop
August 2019, Axis Communications SA, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Estates now have a legal precedent to manage their traffic and fine people in the estate for violations of the rules; all they need do is find solutions that will support them.

CathexisVision video management software
August 2019, Cathexis Technologies , Products, CCTV, Surveillance & Remote Monitoring
The CathexisVision IP video management software (VMS) helps clients get the most out of their surveillance investment and reap rewards for their companies.

Capture every detail with Smart PIR kits
August 2019, Longse Distribution , Home Security, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Longse Technology offers DIY smart security kits that are easy to install and offer a Wi-Fi range that can reach up to 300 metres.

Future-facing cameras
August 2019, Bosch Building Technologies , Products, CCTV, Surveillance & Remote Monitoring
All FLEXIDOME IP starlight 8000i cameras feature built-in Intelligent Video Analytics, making them intuitive, and elevates their importance far beyond security alone.