How to maintain cybersecurity across all your devices

April 2018 Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions

Network administrators are under significant and increasing pressure to make sure their networks are designed and operated securely, so it is important that they have the right knowledge and tools to manage cybersecurity throughout the lifecycle of the system.

In this post, we will explore the cybersecurity best practices specific to managing their network devices as well as how device management software can empower administrators to efficiently achieve their cybersecurity goals on their own.

As the sheer numbers of network devices continue to grow, so too does the workload of a network administrator. Often this not only adds to already stretched work and time schedules, but can potentially result in compromising security. Recent Axis field tests compared the time required to carry out some basic device management tasks on a network of 200 cameras. These basic tasks – installing add-on applications (ACAPs), upgrading firmware, configuring devices and hardening devices – took 106 hours to complete when manually using a camera web interface. However, the time required was reduced to just 30 minutes when using device management software.

Constantly seek awareness

Broadly speaking, businesses should approach cybersecurity readiness in two steps. Awareness is step one. If your business is not aware of potential cyber vulnerabilities, threats and issues, it cannot do anything to prevent them. This requires businesses to adopt a continuous learning and improvement mentality. It is about continually educating yourself and embracing a good cybersecurity culture within your organisation. In this context, suppliers need to work according to clear vulnerability management policies, processes and best practices.

Get help to mitigate the risks

Step two is mitigation: once aware of a potential problem, what can your business do to resolve it? Assuming a business cannot fix something by itself, outside support and assistance are often required. A good starting point when selecting vendors and partners is to look at those that have a track record of cyber maturity:

• The ones that understand the threats and ways to counter those threats.

• The ones that have control over their own offerings, have experience and apply best practice routines properly when needed.

• The ones that are open, transparent and provide long-term support of patching firmware for the products you have selected.

• As important, the ones that are able to offer tools that enable you to apply the security controls you need to mitigate threats you face – through device hardening and device management, for example.

Keeping a complete device inventory

A fundamental aspect of ensuring the security of an enterprise network is maintaining a complete inventory of the devices on it. When creating or reviewing an overall security policy, it is important to have knowledge and clear documentation about each device and not just critical assets. That is because any single overlooked device can be a means of entry for attackers. You can’t protect devices which you overlook or are not fully aware of.

Device management software gives network administrators an automated means to gain access to a real-time inventory of network devices. It lets them automatically identify, list and sort the devices on a network. As important, it lets them use tags so that they can group and sort devices based on criteria that suit a business’s unique requirements. This makes it easy to gain an overview of and document all devices on your network.

Account and password policy

Authentication and privilege control are important parts of protecting network resources. Implementing an account and password policy helps reduce the risk of accidental or deliberate misuse over a longer period of time. While one of the fundamentals of this policy should always be to create strong passwords, a key part is to reduce the risk of those passwords being compromised – particularly your administrative password. When they are, you lose control over who may access your services and resources.

Device passwords tend to be shared within an organisation. For example, employees occasionally need to adjust, optimise or troubleshoot a camera. The whole organisation may eventually know the camera password which could result in deliberate or accidental misuse. One way of addressing this issue is to create a multi-layered system of accounts with varying privilege levels, creating temporary accounts to grant temporary access as required – instead of sharing a single account. This would be a time-consuming process to handle manually, but device management software lets you easily manage these multiple accounts and passwords.

Protecting against new vulnerabilities

New vulnerabilities are continuously being discovered. While most are non-critical, occasionally a critical vulnerability is discovered. A camera, like any other software-based device, needs to be patched to prevent adversaries exploiting known vulnerabilities. It’s important that network administrators stay on top of these threats by staying up-to-date with new developments and following industry best practice. Responsible manufacturers will release firmware to counter known vulnerabilities and engage in an open conversation about cybersecurity to improve knowledge amongst their customers.

It is essential to always update quickly once this firmware becomes available, as attackers may try to exploit any vulnerabilities that have been discovered. As important, rapid deployment of new firmware boosts operational capabilities and removes bottlenecks related to manually rolling out new release upgrades. Patching firmware in a system that is operational could introduce unexpected behavioural issues. It is recommended to use LTS (Long-Term-Support) firmware for security patching. These firmware versions will only include bug fixes and security patches.

Once again, the larger the network the more effort it will take to update all your devices. Axis field tests revealed that on a network of 200 cameras, upgrading the firmware using a manual web interface would take 1000 minutes compared to just 10 using device management software. In addition to the time saved, automatic notifications of new patch releases help ensure that the software is updated promptly – minimising your network’s exposure to attack.

Cost-efficient HTTPS management

Video systems may be subject to policy or regulations that require encrypting traffic between the clients and the camera, preventing network eavesdropping. There may also be a threat of spoofing, where a malicious computer on the network tries to impersonate a network device. These threats are countered with HTTPS.

HTTPS uses certificates, and the vast number of cameras can make the management costly in both deployment and lifecycle maintenance. Device management software can reduce this cost to a fraction, managing certificates and HTTPS configuration for all cameras. They can act as a local Certificate Authority (CA) for cameras. By installing the root certificate in the Video Management Software (VMS) server it will secure what the VMS server can detect if it is accessing a legitimate camera or not.

The root certificate can also be installed in additional administrative clients. Video clients will not (and should not) access cameras directly. They do not need to have the certificate installed. End-to-end encryption will require that the VMS server has a CA certificate to provide a trusted connection to its video clients.

Efficient, effective device management

Effective device management software not only helps to ensure cybersecurity, but delivers efficiencies that grow exponentially as you add more devices to your network. By saving your network administrator time managing the network, you can free them up to fulfil other aspects of their job role and use their expertise to deliver additional benefits to your business. They will also have more time to stay on top of industry best practice and emerging threats – an essential part of maintaining a secure network.

For more information contact Axis Communications, +27 (0)11 548 6780, sasha.bonheim@axis.com, www.axis.com


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

Read more...
Augmented security with drones
August 2019, Drone Guards , Editor's Choice, Integrated Solutions
Drone Guards is moving into an untapped market of using drones to secure residential estates and other high-value assets such as mines, farms and commercial properties.

Read more...
The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Read more...
Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

Read more...
10 things to consider when shopping for a VMS
August 2019, Genetec , CCTV, Surveillance & Remote Monitoring, Integrated Solutions
Today’s video management systems (VMS) provide a wide range of tools and capabilities that help make security personnel more efficient by allowing them to focus on what really matters.

Read more...
How far are we really at with artificial intelligence?
August 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Residential Estate (Industry)
Justin Ludik unpacks exactly how far AI has come and what it potentially can do for society and more importantly, surveillance.

Read more...
The importance of effective perimeter security
August 2019, Elf Rentals - Electronic Security Solutions, Stafix , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Protecting the perimeter is critical for any residential estate; how does one go about making sure your perimeter is as secure as possible?

Read more...
Multiple methods for motion detection
August 2019, Axis Communications SA , Perimeter Security, Alarms & Intruder Detection
There are strengths and weaknesses with all motion detection solutions, and their effectiveness will be dictated by the environment and the components they are being used with.

Read more...
Security playing speedcop
August 2019, Axis Communications SA, Hikvision South Africa , CCTV, Surveillance & Remote Monitoring, Residential Estate (Industry)
Estates now have a legal precedent to manage their traffic and fine people in the estate for violations of the rules; all they need do is find solutions that will support them.

Read more...
CathexisVision video management software
August 2019, Cathexis Technologies , Products, CCTV, Surveillance & Remote Monitoring
The CathexisVision IP video management software (VMS) helps clients get the most out of their surveillance investment and reap rewards for their companies.

Read more...