Cybersecure surveillance partnership

CCTV Handbook 2019 Cyber Security, CCTV, Surveillance & Remote Monitoring

As the way we live and work becomes increasingly sophisticated, complex and connected, the benefits are clear to see as things get more streamlined and intuitive with every passing day. But whilst many enjoy the open connectivity that the Internet of Things (IoT) enables, they don’t realise they’re vulnerable to cybercrime.

In recent years, hackers have been responsible for security breaches on every major continent, across every business sector. In fact, according to The Official 2017 Annual Cybercrime Report, cybercrime damages will be costing the world a staggering $6 trillion by 2021. Not overall, but every year.

This trend clearly extended the discussion within video security from delivering the highest quality of relevant images and management of large data volumes, to how to keep video data secure in an increasingly connected world.

How do you safeguard against something that can’t be seen?

Video surveillance data is particularly susceptible to security breaches due to the method often used to connect across local and global networks. Typically, a number of edge components (cameras) send their data to core components (servers) via a network. Sounds simple. And that’s the problem, because to a digital intruder, this method of data transfer is easy pickings.

All it takes is a single weak link in a surveillance network for hackers to gain access to, and jeopardise, an entire data system. There is an obvious way to prevent this: don’t have any weak links. How? By employing a data security system that’s been configured by experts with vast cybersecurity knowledge to make it completely effective from end to end.

Partners in crime prevention

It’s impossible to put a figure on how many video management systems are in use around the world. However, Genetec is a major player in this arena. And when it comes to leading the way in mission-critical video security projects, nobody comes close.

Having access to the VMS expertise of Genetec, combined with the years of constant innovation behind Bosch surveillance cameras, is certainly good news for you, and bad news for cyber criminals. And, because Bosch cameras are fully integrated with Genetec systems, the result is an end-to-end data security solution incorporating all Bosch network video surveillance cameras, plus Genetec Archiver and Security Center.

The key to total security is total trust

There’s little point focusing on the security of a single component when there’s an entire infrastructure to consider; one that could carry a weak link where hackers could gain access. That’s why all network-wide communications between Bosch cameras and Genetec Archiver and Security Center are assigned an authentication key (a Bosch factory default or customer-specific certificate). This electronic signature enables the solution to verify the legitimacy of network components like cameras or storage units, and viewing clients, ensuring you can build an infrastructure of trust before network-wide communications start.

The best form of protection is encryption

A high percentage of online crimes involve the illegal capture of video data, so your chosen method of safeguarding your system needs to be consistently effective and completely reliable, and this is precisely why encryption of data streams and stored data is not just paramount, but non-negotiable.

As you’d expect from a brand like Bosch, it has been implementing encryption at the hardware level for some time. Specifically, all Bosch IP cameras have a Trusted Platform Module (TPM) installed at factory stage. The TPM safely stores cryptographic keys to enable encryption of all live video data, which is then sent from the camera to the Genetec archiver using SRTP (Secure Real-Time Transport Protocol), which further protects the integrity of the data. And for additional reassurance, all encrypted communication between Genetec Archiver and Genetec clients is managed via SRTP or HTTPS.

Another advantage of using SRTP throughout the whole infrastructure is that customers are enabled to setup a secured multicast network, so you get security and good network scalability at the same time.

With all security measures at hardware level combined with SRTP, Bosch and Genetec offer an end-to-end encryption solution. All video data is encrypted at the moment it is captured and remains encrypted throughout the whole video security infrastructure. Compared to transmitting RTSP via an HTTPS tunnel, this can create a saving on computing power of 50%, because additional encryption is not needed.

If the system doesn’t know you, you don’t get into the system

Genetec is the expert in secure video management systems, so it knows that the only way to outsmart a hacker is to think like a hacker. By doing so, it’s developed a software system that offers multiple ways to manage user access rights, ensuring that only authenticated and authorised parties can access data.

Security is established via a ‘permissioning’ scheme based on privileges accumulated by specific users and groups. It’s like an updated version of the familiar ‘user profile’, and is being received positively by clients, if not the digital intruders.

Easy management of user access rights

The Genetec Security Center has a comprehensive set of privileges at its disposal, which gives administrators complete control, at a granular level, over the permissions each user or user group can select in order to gain access to the system. The options include over 300 privileges that can be denied or granted to any user, or to an entire user group.

Any users added to a certain group will automatically inherit all existing privileges assigned to that group. Several examples of how sophisticated these privileges can be include the ability for a user to view live video, view playback, add a bookmark to a video timeline, and even move a PTZ (pan, tilt and zoom) camera.

Synchronised, centralised, better protected

For an extra level of security and support, Security Center also integrates with Active Directory, allowing user management to be monitored and centralised at Windows level. In addition to individual users, user groups from Active Directory can also be synchronised with Security Center, so that when new users are added or removed from an Active Directory User Group, the action will be replicated in Security Center. As mentioned previously, new users will automatically inherit existing Security Center privileges defined for that group.

How Bosch secures its cameras

Passwords as we know them today are still an essential layer of security enforcement at the initial setup stage. Thereafter, the Genetec archiver uses a client certificate to authenticate itself to the Bosch camera. As an extra measure, the client certificate must be signed by a trusted third party whose identity has been previously installed on the root of the camera.

In addition, the cameras can disable any attempt to execute third-party software; only Bosch-approved firmware updates will be accepted. Unique Bosch-authenticated certificates are factory-installed on all cameras and any cryptographic operations for authentication and encryption are only executed inside the built-in TPM.

How Genetec secures its management software and clients

As long as passwords remain in use, the issue of poor entropy will persist; this is when passwords are badly chosen, and therefore at greater risk of being guessed as the majority of words used have a maximum character count and are memorable to avoid being forgotten. If the password can’t be guessed, then a more heavy-handed approach must be taken, such as hacking.

Certificates aren’t affected in the same way, which is why Genetec uses certificate authentication for its Security Center management software and clients. The video management system interacts directly with the Bosch cameras using certificates for authentication. Cryptographic keys used for authentication as well as encryption are safely stored inside the Bosch camera’s TPM.

Genetec Security Center offers, depending on specific requirements, either customer-signed certificates, certificates of the Windows certificate’s store or certificates issued by a trusted authority; an example of a certificate authority (CA) is the Bosch in-house authority, Escrypt.

With Bosch and Genetec, you can feel confident that your data is protected by one of the world’s best security solutions, end to end, day after day.For more information contact:

• Bosch Building Technologies, +27 11 651 9600,,

• Genetec, Brent Cary,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Retail solutions beyond security
Issue 8 2020, Axis Communications SA, Technews Publishing, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring
The need for security technology to deliver more than videos of people falling or stealing from retail stores is greater than ever.

AI-powered hardhat detection
Issue 8 2020, Hikvision South Africa , Industrial (Industry), CCTV, Surveillance & Remote Monitoring
Hardhats save lives, but only if people wear them. Intelligent, AI-powered hardhat cameras are helping to ensure workers in dangerous locations stay safe at all times.

S&ST launches second App Challenge
Issue 2 2021 , Integrated Solutions, CCTV, Surveillance & Remote Monitoring
Security & Safety Things has launched its second App Challenge for the development of creative, specialised video analytic applications for specific use cases in retail, transportation/smart cities, healthcare and entertainment/stadiums.

More is less in cybersecurity
Issue 2 2021 , Cyber Security
Post-pandemic paradox: more solutions do not bring better protection. Despite 80% of organisations running up to 10 different protection and cybersecurity solutions simultaneously, more than 50% of them experienced downtime from data loss last year.

Ransomware and Microsoft Exchange Server attacks are surging
Issue 2 2021 , Cyber Security
Check Point Research sees global surges in ransomware attacks, alongside increases in cyberattacks targeting Microsoft Exchange Server vulnerabilities at a time where CISA has raised the alarm about ransomware attacks against Microsoft Exchange servers.

Surveillance in remote areas
Issue 2 2021, LD Africa , Products, CCTV, Surveillance & Remote Monitoring
The JH016 4G Solar Powered Outdoor Security Camera is designed to meet the security needs for remotely monitoring off-the-grid locations, without Internet/Wi-Fi or power.

All-in-one signalling device
Issue 2 2021, Bosch Building Technologies , Fire & Safety
The Avenar all-in-one 4000 offers a complete solution through the optional combination with all Avenar fire detectors as well as an innovative power concept that permits up to 125 devices per ring bus.

Malware disguised as meeting apps spiked by 1067%
Issue 2 2021 , Cyber Security
Atlas VPN analysis reveals that cyber threats disguised as videoconferencing applications jumped by 1067% in a year. The data analysed was provided by Kaspersky.

The realities of AI in cybersecurity: catastrophic forgetting
Issue 2 2021 , Cyber Security
There is a lot of hype about the use of artificial intelligence (AI) in cybersecurity. The truth is that the role and potential of AI in security is still evolving and often requires experimentation and evaluation.

Cyber makes it secure
Issue 2 2021 , Cyber Security
Stas Protassov, Acronis co-founder and technology president comments on the recent hacking of over 150 000 Verkada surveillance cameras.