Securing security systems

CCTV Handbook 2015 CCTV, Surveillance & Remote Monitoring

Francois Malan.
Francois Malan.

This year hackers have exposed some serious flaws regarding the security of surveillance systems on our networks. In particular, what is also apparent, is that network video recorders cannot be administrated or secured by traditional network tools. At best they can be isolated.

The greatest concern is that this information is freely available on the Web for any weekend hacker to gain access, and how easily embedded appliances can be compromised. A trend that has developed is that IT professionals are choosing Windows-based server appliances for video surveillance recording, simply because these are easier to administer and secure.

The following is a basic check list to safeguard against hacking:

1. Windows Server for recording video

IT professionals can secure a Windows recording server as part of their domain, they generally cannot manage an embedded network video recorder. Using a Windows server allows the IT department to apply group policy, use a domain server for central password administration and apply updates and virus patches. Not using a Windows server gives hackers or viruses a platform to attack an entire network or simply render the device or information on the device useless. Using an embedded NVR adds uncertainty and therefore risk to an enterprise network.

2. Password management

Most sites are compromised because of poor password management and using default or simple passwords. Often installers use a set of default passwords for all their sites, these passwords are never erased from the system, even after the company is long gone, leaving a backdoor. A Windows Active Directory allows for central password management for Windows devices on the domain. This allows for an audit trail of individual user activity and a central control of all passwords. It is also important to change all default passwords on cameras after installation.

3. Segment network

Segmenting a network can be done with a recording sever with two or more network adapters; typically one adapter is used to access the camera side of the network and the other network adapter is presented to the control room. This allows a user to use a good video management platform to control who sees which cameras, and does not expose the whole camera network to a would-be-hacker that wants to see something he should not.

Best practice would be to have a completely separate network for security equipment or implement VLANS between existing networks. Additional networks should be setup to monitor any unauthorised devices.

4. Secure video feed

We have spoken about changing the password on the camera, but it would be important to also secure the video feed to the recording server so that no one else has access. Cameras could also support a white list of IP addresses that may log onto them and camera logs can be checked for unauthorised access.

5. VPN (Virtual Private Network)

It is recommend to use a VPN when connecting remotely via the Internet to view video. Using port forwarding on a router is the industry standard, but this method allows a hole in your firewall and exposes devices to the Internet. There are websites that can provide a list of these exposed devices geographical for a small fee.

Some reference articles from the Web

73 000 surveillance cameras hacked by one website:

Chinese surveillance camera supplier confirms hacking loophole:

Hackers can delete surveillance DVRs remotely – report:

About the Hikvision zombification:

Hackers turn security camera DVRs into worst Bitcoin miners ever:

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Reinventing network camera security
Issue 1 2020, Axis Communications SA , CCTV, Surveillance & Remote Monitoring
Now in its seventh generation and celebrating its 20th anniversary, the Axis ARTPEC chip was launched in 1999 designed to optimise network video.

Cloud-based fleet and driver management
Issue 1 2020, Graphic Image Technologies , CCTV, Surveillance & Remote Monitoring
Graphic Image Technologies (GIT) has announced the availability of a cloud-based dashcam designed to improve on-the-road behaviour and assist in improving fleet management.

Cathexis specialises in integration
Issue 1 2020, Cathexis Technologies , CCTV, Surveillance & Remote Monitoring
The integration of multiple systems is intrinsic and essential to the goal of creating an effective and efficient operational environment.

Do wireless networks meet modern surveillance demands?
Issue 1 2020, Duxbury Networking, RADWIN , CCTV, Surveillance & Remote Monitoring
It is predicted that video will account for 15,1 zettabytes (1 zettabyte = 1 trillion gigabytes) of data annually, which is more than any other IoT application.

Traffic doesn’t have to be this way
Issue 1 2020, Dahua Technology South Africa, Axis Communications SA , CCTV, Surveillance & Remote Monitoring
More effective traffic management is something that would save us all a lot of frustration and wasted time, and it’s one of the areas where AI and big data can have a significant impact.

Dahua launches Hunter Series
Issue 1 2020, Dahua Technology South Africa , CCTV, Surveillance & Remote Monitoring
Dahua launches a new dual-PTZ camera that enables flexible and multi-scene panoramic monitoring.

8 MP fisheye camera
Issue 1 2020, Dallmeier Electronic Southern Africa , CCTV, Surveillance & Remote Monitoring
Dallmeier’s new 8 MP fisheye camera combines AI-supported object classification and H.265 in a compact design.

Using ANPR to enhance security
Issue 1 2020, Duxbury Networking , CCTV, Surveillance & Remote Monitoring
Deep learning and AI-based algorithms enable ANPR cameras and their associated software to detect and recognise number plates with an extremely high level of accuracy.

AI supercharges surveillance
Issue 1 2020 , CCTV, Surveillance & Remote Monitoring
The ability to analyse live video through AI techniques means that untapped footage from existing, passive cameras can be used to identify patterns, trends and anomalies.

IDIS launches new cameras with on-board analytics
Issue 1 2020 , CCTV, Surveillance & Remote Monitoring
IDIS has launched a lineup of Edge VA bullet and dome cameras, featuring on-board analytics that will transform the efficiency of security operations.