classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018


Be prepared for these three cyber threats
April 2017, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions

When talking about information security, CIA stands for Confidentiality, Integrity and Availability. It is a model designed to guide efficient information security policies within an organisation.

J.O.S. Svendsen, Milestone Systems.
J.O.S. Svendsen, Milestone Systems.

• Confidentiality is roughly equivalent to privacy. This means ensuring that the VMS infrastructure is only accessed by the right people.

• Integrity entails maintaining optimal consistency, accuracy, and trustworthiness throughout the entire data life cycle.

• Availability is best ensured by designing the entire infrastructure to be as robust as possible. It also means maintaining a correctly functioning operating system and continuously updated application environment.

A person or organisation with malicious intent can harm or sabotage a VMS system in several ways. This means that people or assets could be at risk.

Hijacking can happen

A VMS system can quite easily be hijacked, by form of remote control with malign intent or for ransom or espionage purposes. A breached VMS-system’s data and recordings can be used in an array of negative contexts. User accounts, camera placement or general VMS data can be used as a stepping stone to get closer to an organisation’s total infrastructure.

If the location and capabilities of all cameras and alarms are known, it is easy to plan a break-in. And you’re not likely to discover it in the process: Spies do their utmost to avoid detection, as this would lead to countermeasures.

Some of the biggest cybersecurity risks include the following.

Systems with bad perimeter defences

Today’s VMS systems are often part of a business IT infrastructure. A successful attack in one part of the infrastructure might lead to confidentiality breaches in other parts. Therefore, it is generally recommended to isolate VMS systems from the rest of the IT infrastructure: If you can’t get to a system, you can’t harm it.

If the VMS system needs integration to other systems, it should be done via a secure bridge. Software should always be updated to the latest versions, as all serious software vendors will update it as new security threats are discovered.

It is important to remember that this not only goes for computers: All cameras, mobile clients and NVR systems need the same level of attention and precautions. In these cases, it is vital to be able to document the entire security infrastructure to ensure that no devices or computers have slipped under the radar.

Any system functions not needed for visual security should be shut down, like browsers, mail clients and file transfers. Again, if you can’t access a function, you can’t harm it.

This also means that access to the Internet should be avoided for any device in the VMS infrastructure. In the case of mobile clients, ensure that the mobile server is secured.

Stolen identities

It does not help to have a well-defended VMS system if anyone can guess user accounts and corresponding passwords. A password policy for VMS systems and mobile devices needs to ensure that all necessary passwords are changed regularly.

Depending on the system, stronger types of user identification might be used. Two-level authentication (where a user is identified by more than just a password) is a way of securing the system even further. Biometric identification in combination with a password gives an extra layer of security.

The inside factor

People are an organisation’s biggest asset. In some cases, they also pose a risk. As organisations implement increasingly sophisticated physical and cybersecurity measures to protect their assets from external threats, the recruitment of insiders becomes a more attractive option for those attempting to gain access.

An insider is a person who exploits or intends to exploit their authorised access to an organisation’s assets for unauthorised purposes. It could be a full-time or part-time employee, a contractor or even a business partner. An insider could deliberately seek to join your organisation to conduct an insider act or be triggered to act at some point during their employment.

Employees may inadvertently trigger security breaches by ignoring rules or through non-compliance due to the work pressure or an oversight.

Physical access controls to VMS-systems should be in place, as should procedures for screening personnel. It is essential that all staff be trained in security measures. A second security system securing the primary security VMS system is becoming a more relevant option as VMS systems turn increasingly business critical.

It is important to harden all VMS systems as much as possible, by following the general guidelines as outlined by CERT (https://ics-cert.us-cert.gov/Standards-and-References, short URL: securitysa.com/*ics) and the Milestone Hardening guide (http://news.milestonesys.com/is-your-network-secure-hardening-guide-for-deploying-milestone-ip-video/, short URL: securitysa.com/*msys1).

A good place to get more informed about all aspects on cybersecurity is the Microsoft cybersecurity blog (https://blogs.microsoft.com/microsoftsecure/category/cybersecurity/cybersecurity-policy-cybersecurity/, short URL: securitysa.com/*mscs1).


Credit(s)
  Share via Twitter   Share via LinkedIn      

Further reading:

  • ASIS Security Technology Concepts day
    April 2019, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    ASIS SA kicked the tyres of a few technologies at its first Security Technology Concepts day in February.
  • Is everything-as-a-service worth it?
    April 2019, iPulse Systems, Verifier, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
    Security-as-a-service seems like a good idea to reduce technology and labour expenses. Hi-Tech Security Solutions find out more.
  • Watching the game
    April 2019, Technews Publishing, Pelco by Schneider Electric, Dallmeier Electronic Southern Africa , Entertainment and Hospitality (Industry), CCTV, Surveillance & Remote Monitoring
    Video surveillance plays a larger role in the casino market than simply watching people gambling and trying to catch pickpockets.
  • Wide-area surveillance on estates, farms and other large properties
    April 2019, Protoclea Advanced Image Engineering, Access Control & Identity Management, Integrated Solutions
    Using the right solution to protect large, open areas can be accomplished with the right technology and planning.
  • Visible light facial recognition
    April 2019, ZKTeco, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    ZKTeco recently expanded its reach in the facial recognition market with the launch of its new series of visible light facial recognition (VLFR) products.
  • 2019 Internet of Things (IoT) Barometer
    March 2019, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    A majority of businesses that use IoT technology agree that it has either disrupted their industry or will do so in the next five years.
  • Video observation in the hotel industry
    March 2019, Dallmeier Electronic Southern Africa , Entertainment and Hospitality (Industry), CCTV, Surveillance & Remote Monitoring
    The best is just good enough: Hamburg's new luxury hotel The Fontenay relies on video security technology from Dallmeier.
  • 2 MP Starlight fixed camera
    April 2019, Longse Distribution, Products, CCTV, Surveillance & Remote Monitoring
    With the help of the Longse Starlight cameras, darkness becomes visible and your properties can always be kept under control.
  • When cybercrime affects health and safety
    April 2019, This Week's Editor's Pick, Cyber Security
    The threat of a category-one cyber-attack is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work – yet danger could still unfold.
  • Cathexis wraps up successful national roadshow
    April 2019, Cathexis Technologies, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, News, Conferences & Events, Training & Education
    Cathexis Technologies successfully concluded its national CathexisVision Roadshow. With events held in Durban, Port Elizabeth, Johannesburg and Cape Town.
  • Milestone Systems launches Milestone Marketplace
    April 2019, Milestone Systems, This Week's Editor's Pick
    Milestone Systems introduces Milestone Marketplace, a digital platform for the video technology industry that connects buyers and sellers to co-create solutions.
  • Biodegradable security seals for SA
    April 2019, TruSeal, This Week's Editor's Pick, Asset Management, EAS, RFID, News, Security Services & Risk Management
    The new TruSeal product extension is produced from a special biodegradable material sourced from Malaysia.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.