How to maintain cybersecurity across all your devices

April 2018 Editor's Choice, Surveillance, Information Security, Integrated Solutions

Network administrators are under significant and increasing pressure to make sure their networks are designed and operated securely, so it is important that they have the right knowledge and tools to manage cybersecurity throughout the lifecycle of the system.

In this post, we will explore the cybersecurity best practices specific to managing their network devices as well as how device management software can empower administrators to efficiently achieve their cybersecurity goals on their own.

As the sheer numbers of network devices continue to grow, so too does the workload of a network administrator. Often this not only adds to already stretched work and time schedules, but can potentially result in compromising security. Recent Axis field tests compared the time required to carry out some basic device management tasks on a network of 200 cameras. These basic tasks – installing add-on applications (ACAPs), upgrading firmware, configuring devices and hardening devices – took 106 hours to complete when manually using a camera web interface. However, the time required was reduced to just 30 minutes when using device management software.

Constantly seek awareness

Broadly speaking, businesses should approach cybersecurity readiness in two steps. Awareness is step one. If your business is not aware of potential cyber vulnerabilities, threats and issues, it cannot do anything to prevent them. This requires businesses to adopt a continuous learning and improvement mentality. It is about continually educating yourself and embracing a good cybersecurity culture within your organisation. In this context, suppliers need to work according to clear vulnerability management policies, processes and best practices.

Get help to mitigate the risks

Step two is mitigation: once aware of a potential problem, what can your business do to resolve it? Assuming a business cannot fix something by itself, outside support and assistance are often required. A good starting point when selecting vendors and partners is to look at those that have a track record of cyber maturity:

• The ones that understand the threats and ways to counter those threats.

• The ones that have control over their own offerings, have experience and apply best practice routines properly when needed.

• The ones that are open, transparent and provide long-term support of patching firmware for the products you have selected.

• As important, the ones that are able to offer tools that enable you to apply the security controls you need to mitigate threats you face – through device hardening and device management, for example.

Keeping a complete device inventory

A fundamental aspect of ensuring the security of an enterprise network is maintaining a complete inventory of the devices on it. When creating or reviewing an overall security policy, it is important to have knowledge and clear documentation about each device and not just critical assets. That is because any single overlooked device can be a means of entry for attackers. You can’t protect devices which you overlook or are not fully aware of.

Device management software gives network administrators an automated means to gain access to a real-time inventory of network devices. It lets them automatically identify, list and sort the devices on a network. As important, it lets them use tags so that they can group and sort devices based on criteria that suit a business’s unique requirements. This makes it easy to gain an overview of and document all devices on your network.

Account and password policy

Authentication and privilege control are important parts of protecting network resources. Implementing an account and password policy helps reduce the risk of accidental or deliberate misuse over a longer period of time. While one of the fundamentals of this policy should always be to create strong passwords, a key part is to reduce the risk of those passwords being compromised – particularly your administrative password. When they are, you lose control over who may access your services and resources.

Device passwords tend to be shared within an organisation. For example, employees occasionally need to adjust, optimise or troubleshoot a camera. The whole organisation may eventually know the camera password which could result in deliberate or accidental misuse. One way of addressing this issue is to create a multi-layered system of accounts with varying privilege levels, creating temporary accounts to grant temporary access as required – instead of sharing a single account. This would be a time-consuming process to handle manually, but device management software lets you easily manage these multiple accounts and passwords.

Protecting against new vulnerabilities

New vulnerabilities are continuously being discovered. While most are non-critical, occasionally a critical vulnerability is discovered. A camera, like any other software-based device, needs to be patched to prevent adversaries exploiting known vulnerabilities. It’s important that network administrators stay on top of these threats by staying up-to-date with new developments and following industry best practice. Responsible manufacturers will release firmware to counter known vulnerabilities and engage in an open conversation about cybersecurity to improve knowledge amongst their customers.

It is essential to always update quickly once this firmware becomes available, as attackers may try to exploit any vulnerabilities that have been discovered. As important, rapid deployment of new firmware boosts operational capabilities and removes bottlenecks related to manually rolling out new release upgrades. Patching firmware in a system that is operational could introduce unexpected behavioural issues. It is recommended to use LTS (Long-Term-Support) firmware for security patching. These firmware versions will only include bug fixes and security patches.

Once again, the larger the network the more effort it will take to update all your devices. Axis field tests revealed that on a network of 200 cameras, upgrading the firmware using a manual web interface would take 1000 minutes compared to just 10 using device management software. In addition to the time saved, automatic notifications of new patch releases help ensure that the software is updated promptly – minimising your network’s exposure to attack.

Cost-efficient HTTPS management

Video systems may be subject to policy or regulations that require encrypting traffic between the clients and the camera, preventing network eavesdropping. There may also be a threat of spoofing, where a malicious computer on the network tries to impersonate a network device. These threats are countered with HTTPS.

HTTPS uses certificates, and the vast number of cameras can make the management costly in both deployment and lifecycle maintenance. Device management software can reduce this cost to a fraction, managing certificates and HTTPS configuration for all cameras. They can act as a local Certificate Authority (CA) for cameras. By installing the root certificate in the Video Management Software (VMS) server it will secure what the VMS server can detect if it is accessing a legitimate camera or not.

The root certificate can also be installed in additional administrative clients. Video clients will not (and should not) access cameras directly. They do not need to have the certificate installed. End-to-end encryption will require that the VMS server has a CA certificate to provide a trusted connection to its video clients.

Efficient, effective device management

Effective device management software not only helps to ensure cybersecurity, but delivers efficiencies that grow exponentially as you add more devices to your network. By saving your network administrator time managing the network, you can free them up to fulfil other aspects of their job role and use their expertise to deliver additional benefits to your business. They will also have more time to stay on top of industry best practice and emerging threats – an essential part of maintaining a secure network.

For more information contact Axis Communications, +27 (0)11 548 6780, [email protected],


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Horn speakers from Sunell
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
Horn speakers are an effective tool for actively deterring intruders from entering estates. By emitting loud, clear audio warnings, horn speakers can alert trespassers that they have been detected and are being monitored.

Sunell’s range of thermal cameras
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
Thermal cameras offer significant value to estate security. Their ability to provide reliable surveillance in all lighting and weather conditions ensures continuous monitoring, providing a constant sense of security and reducing the likelihood of security breaches.

Integrating radar and surveillance
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
Integrating radar with CCTV video systems significantly enhances estate security by providing long-range threat detection and comprehensive monitoring capabilities. This combination leverages the strengths of both technologies, offering several key benefits.

Sunell anti-corrosion cameras
Forbatt SA Products & Solutions Surveillance Residential Estate (Industry)
With Sunell’s anti-corrosion range of cameras, the initial investment in anti-corrosion CCTV cameras may be higher than standard cameras, but the long-term benefits outweigh the upfront costs.

Latest AI solution to manage guards
DeepAlert Products & Solutions Surveillance AI & Data Analytics
No guard at the guardhouse? Guard under duress? Guard asleep? DeepAlert’s AI technology delivers real-time alerts to mobile phones and video management systems, helping you manage your guards more effectively.

Dynamic Dashboard enhances security and operational efficiency
Suprema neaMetrics Products & Solutions Integrated Solutions Residential Estate (Industry)
In today’s data-driven world, security systems are overwhelmed by an unprecedented volume of data, from video surveillance and access control logs to intrusion alerts and a variety of IoT sensor data.

HELLO visitor access management
Products & Solutions Access Control & Identity Management Integrated Solutions Residential Estate (Industry)
HELLO is an on-premises visitor and contractor access management solution designed to be fully integrated and complementary with smart, on-trend technologies, securing estates and businesses alike.

Axis advanced radar system
Axis Communications SA Products & Solutions Surveillance Residential Estate (Industry)
The Axis D2210-VE also offers a radar-video fusion model, combining the strengths of both technologies to provide comprehensive monitoring and enhanced situational awareness.