How to maintain cybersecurity across all your devices

April 2018 Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions

Network administrators are under significant and increasing pressure to make sure their networks are designed and operated securely, so it is important that they have the right knowledge and tools to manage cybersecurity throughout the lifecycle of the system.

In this post, we will explore the cybersecurity best practices specific to managing their network devices as well as how device management software can empower administrators to efficiently achieve their cybersecurity goals on their own.

As the sheer numbers of network devices continue to grow, so too does the workload of a network administrator. Often this not only adds to already stretched work and time schedules, but can potentially result in compromising security. Recent Axis field tests compared the time required to carry out some basic device management tasks on a network of 200 cameras. These basic tasks – installing add-on applications (ACAPs), upgrading firmware, configuring devices and hardening devices – took 106 hours to complete when manually using a camera web interface. However, the time required was reduced to just 30 minutes when using device management software.

Constantly seek awareness

Broadly speaking, businesses should approach cybersecurity readiness in two steps. Awareness is step one. If your business is not aware of potential cyber vulnerabilities, threats and issues, it cannot do anything to prevent them. This requires businesses to adopt a continuous learning and improvement mentality. It is about continually educating yourself and embracing a good cybersecurity culture within your organisation. In this context, suppliers need to work according to clear vulnerability management policies, processes and best practices.

Get help to mitigate the risks

Step two is mitigation: once aware of a potential problem, what can your business do to resolve it? Assuming a business cannot fix something by itself, outside support and assistance are often required. A good starting point when selecting vendors and partners is to look at those that have a track record of cyber maturity:

• The ones that understand the threats and ways to counter those threats.

• The ones that have control over their own offerings, have experience and apply best practice routines properly when needed.

• The ones that are open, transparent and provide long-term support of patching firmware for the products you have selected.

• As important, the ones that are able to offer tools that enable you to apply the security controls you need to mitigate threats you face – through device hardening and device management, for example.

Keeping a complete device inventory

A fundamental aspect of ensuring the security of an enterprise network is maintaining a complete inventory of the devices on it. When creating or reviewing an overall security policy, it is important to have knowledge and clear documentation about each device and not just critical assets. That is because any single overlooked device can be a means of entry for attackers. You can’t protect devices which you overlook or are not fully aware of.

Device management software gives network administrators an automated means to gain access to a real-time inventory of network devices. It lets them automatically identify, list and sort the devices on a network. As important, it lets them use tags so that they can group and sort devices based on criteria that suit a business’s unique requirements. This makes it easy to gain an overview of and document all devices on your network.

Account and password policy

Authentication and privilege control are important parts of protecting network resources. Implementing an account and password policy helps reduce the risk of accidental or deliberate misuse over a longer period of time. While one of the fundamentals of this policy should always be to create strong passwords, a key part is to reduce the risk of those passwords being compromised – particularly your administrative password. When they are, you lose control over who may access your services and resources.

Device passwords tend to be shared within an organisation. For example, employees occasionally need to adjust, optimise or troubleshoot a camera. The whole organisation may eventually know the camera password which could result in deliberate or accidental misuse. One way of addressing this issue is to create a multi-layered system of accounts with varying privilege levels, creating temporary accounts to grant temporary access as required – instead of sharing a single account. This would be a time-consuming process to handle manually, but device management software lets you easily manage these multiple accounts and passwords.

Protecting against new vulnerabilities

New vulnerabilities are continuously being discovered. While most are non-critical, occasionally a critical vulnerability is discovered. A camera, like any other software-based device, needs to be patched to prevent adversaries exploiting known vulnerabilities. It’s important that network administrators stay on top of these threats by staying up-to-date with new developments and following industry best practice. Responsible manufacturers will release firmware to counter known vulnerabilities and engage in an open conversation about cybersecurity to improve knowledge amongst their customers.

It is essential to always update quickly once this firmware becomes available, as attackers may try to exploit any vulnerabilities that have been discovered. As important, rapid deployment of new firmware boosts operational capabilities and removes bottlenecks related to manually rolling out new release upgrades. Patching firmware in a system that is operational could introduce unexpected behavioural issues. It is recommended to use LTS (Long-Term-Support) firmware for security patching. These firmware versions will only include bug fixes and security patches.

Once again, the larger the network the more effort it will take to update all your devices. Axis field tests revealed that on a network of 200 cameras, upgrading the firmware using a manual web interface would take 1000 minutes compared to just 10 using device management software. In addition to the time saved, automatic notifications of new patch releases help ensure that the software is updated promptly – minimising your network’s exposure to attack.

Cost-efficient HTTPS management

Video systems may be subject to policy or regulations that require encrypting traffic between the clients and the camera, preventing network eavesdropping. There may also be a threat of spoofing, where a malicious computer on the network tries to impersonate a network device. These threats are countered with HTTPS.

HTTPS uses certificates, and the vast number of cameras can make the management costly in both deployment and lifecycle maintenance. Device management software can reduce this cost to a fraction, managing certificates and HTTPS configuration for all cameras. They can act as a local Certificate Authority (CA) for cameras. By installing the root certificate in the Video Management Software (VMS) server it will secure what the VMS server can detect if it is accessing a legitimate camera or not.

The root certificate can also be installed in additional administrative clients. Video clients will not (and should not) access cameras directly. They do not need to have the certificate installed. End-to-end encryption will require that the VMS server has a CA certificate to provide a trusted connection to its video clients.

Efficient, effective device management

Effective device management software not only helps to ensure cybersecurity, but delivers efficiencies that grow exponentially as you add more devices to your network. By saving your network administrator time managing the network, you can free them up to fulfil other aspects of their job role and use their expertise to deliver additional benefits to your business. They will also have more time to stay on top of industry best practice and emerging threats – an essential part of maintaining a secure network.

For more information contact Axis Communications, +27 (0)11 548 6780, sasha.bonheim@axis.com, www.axis.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Camera Selection Guide 2020
CCTV Handbook 2020 , Camera Selection Guide, CCTV, Surveillance & Remote Monitoring
The Camera Selection Guide 2020 includes a range of IP, analogue, thermal and speciality cameras aimed at a broad range of surveillance functions.

Read more...
Storage Selection Guide 2020
CCTV Handbook 2020 , Storage Selection Guide, CCTV, Surveillance & Remote Monitoring
The Storage Selection Guide 2020 includes a range of video storage and management options for small, medium and large surveillance operations.

Read more...
Taking a hands-on approach to community security
Issue 7 2020 , Editor's Choice
Taking a more hands-on approach to community security is definitely paying dividends for Gallo Manor residents.

Read more...
Adaptors can be a danger to the South African consumer
Issue 7 2020 , Editor's Choice
The increased use of devices and appliances has resulted in the increased use of adaptors as well as adaptors-on-adaptors in South Africa.

Read more...
The arms race of AI in cybersecurity
CCTV Handbook 2020, Axis Communications SA , Cyber Security
Cybersecurity goes further than network video and audio, but these are as likely to be targeted as much as any network-connected device.

Read more...
The future of open standards
CCTV Handbook 2020, Milestone Systems, Technews Publishing, Avigilon , Editor's Choice
Despite the many benefits of open standards, some companies still produce proprietary solutions. Are the surveillance and broader security markets still committed to open standards?

Read more...
The impact of AI on surveillance
CCTV Handbook 2020, Technews Publishing, Axis Communications SA, Hikvision South Africa, Cathexis Technologies, Dahua Technology South Africa , Editor's Choice
Artificial intelligence is a popular buzzword in the security industry that has us expecting real-life science fiction, but what is its real impact?

Read more...
Evaluating AI technologies for control room operations
CCTV Handbook 2020, Leaderware , Editor's Choice
Can AI systems improve the performance of control room operators, or even replace them completely? Maybe one day they will, but not today.

Read more...
The future of the VMS
CCTV Handbook 2020, Technews Publishing, Cathexis Technologies, Arteco Global, XtraVision , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Will AI-enhanced video analytic apps that can be downloaded and installed directly onto cameras take business away from the VMS market?

Read more...
A fresh look at TCO
CCTV Handbook 2020, Axis Communications SA , Editor's Choice
Total Cost of Ownership is a way for strategic buyers to move beyond looking at the upfront price to understanding all costs associated with procuring, deploying and operating a system.

Read more...