Securing security systems

CCTV Handbook 2015 CCTV, Surveillance & Remote Monitoring

Francois Malan.
Francois Malan.

This year hackers have exposed some serious flaws regarding the security of surveillance systems on our networks. In particular, what is also apparent, is that network video recorders cannot be administrated or secured by traditional network tools. At best they can be isolated.

The greatest concern is that this information is freely available on the Web for any weekend hacker to gain access, and how easily embedded appliances can be compromised. A trend that has developed is that IT professionals are choosing Windows-based server appliances for video surveillance recording, simply because these are easier to administer and secure.

The following is a basic check list to safeguard against hacking:

1. Windows Server for recording video

IT professionals can secure a Windows recording server as part of their domain, they generally cannot manage an embedded network video recorder. Using a Windows server allows the IT department to apply group policy, use a domain server for central password administration and apply updates and virus patches. Not using a Windows server gives hackers or viruses a platform to attack an entire network or simply render the device or information on the device useless. Using an embedded NVR adds uncertainty and therefore risk to an enterprise network.

2. Password management

Most sites are compromised because of poor password management and using default or simple passwords. Often installers use a set of default passwords for all their sites, these passwords are never erased from the system, even after the company is long gone, leaving a backdoor. A Windows Active Directory allows for central password management for Windows devices on the domain. This allows for an audit trail of individual user activity and a central control of all passwords. It is also important to change all default passwords on cameras after installation.

3. Segment network

Segmenting a network can be done with a recording sever with two or more network adapters; typically one adapter is used to access the camera side of the network and the other network adapter is presented to the control room. This allows a user to use a good video management platform to control who sees which cameras, and does not expose the whole camera network to a would-be-hacker that wants to see something he should not.

Best practice would be to have a completely separate network for security equipment or implement VLANS between existing networks. Additional networks should be setup to monitor any unauthorised devices.

4. Secure video feed

We have spoken about changing the password on the camera, but it would be important to also secure the video feed to the recording server so that no one else has access. Cameras could also support a white list of IP addresses that may log onto them and camera logs can be checked for unauthorised access.

5. VPN (Virtual Private Network)

It is recommend to use a VPN when connecting remotely via the Internet to view video. Using port forwarding on a router is the industry standard, but this method allows a hole in your firewall and exposes devices to the Internet. There are websites that can provide a list of these exposed devices geographical for a small fee.

Some reference articles from the Web

73 000 surveillance cameras hacked by one website:

Chinese surveillance camera supplier confirms hacking loophole:

Hackers can delete surveillance DVRs remotely – report:

About the Hikvision zombification:

Hackers turn security camera DVRs into worst Bitcoin miners ever:

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Avoiding human error at ports
LD Africa Transport (Industry) CCTV, Surveillance & Remote Monitoring Products Logistics (Industry)
LD Africa introduced a local port to the AxxonSoft Port Security System ,a solution that helps overcome the element of human error and eliminate paperwork.

Compact, lightweight bullet cameras with support for analytics
Axis Communications SA Products CCTV, Surveillance & Remote Monitoring
Axis Communications announced two new outdoor-ready bullet-style cameras featuring deep-learning processing units for analytics based on deep learning on the edge.

Numerous challenges for transport and logistics
Transport (Industry) CCTV, Surveillance & Remote Monitoring Security Services & Risk Management Logistics (Industry)
Operators are making significant investments in automation and digitalisation in order to address security concerns, improve loss prevention as well as efficiency, and reduce unit order costs.

A key to urban transport challenges
Axis Communications SA Transport (Industry) CCTV, Surveillance & Remote Monitoring Integrated Solutions Logistics (Industry)
There are many enabling technologies that can impact transportation in South Africa, but a good place to start is by considering the applications for smart physical technology with the ability to collect and respond to data.

Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

A new full-colour era
Dahua Technology South Africa CCTV, Surveillance & Remote Monitoring
Traditionally, there have been two options for using surveillance cameras in the dark: flooding the scene with visible light, or alternatively using infrared (IR) illumination.

AIoT delivers dynamic digital platforms
Hikvision South Africa CCTV, Surveillance & Remote Monitoring
Many stadiums or venues are seeking new, smart solutions that can help venue operators to stay on top of real-time situations dynamically on digitally driven platforms, and to achieve more efficient and sustainable venue management.

Upgraded security and AI monitoring at upmarket estate
Watcher Surveillance Solutions Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Residential Estate (Industry)
Estate upgrades and enhances its security through a partnership between surveillance specialist Watcher and the incumbent guarding company.

Security solutions that go the distance
Avigilon Logistics (Industry) CCTV, Surveillance & Remote Monitoring Asset Management, EAS, RFID Transport (Industry)
Avigilon self-learning video analytics help detect potentially critical events and issue an alert within the ACC dashboard, allowing officers to then verify event alarms.