Protecting your IP network from external threats

September 2008 CCTV, Surveillance & Remote Monitoring

Nearly all network video installations transmit sensitive information that should be protected from unauthorised users and potential hackers. There are several ways to provide security within a wired or wireless network and between different networks and clients. Everything from the data to the use and accessibility of the network should be controlled and secured.

Today, IP surveillance systems can be made just as secure as those used by banks for ATM transactions. Network cameras and video servers are currently being used in highly sensitive locations such as the air and sea ports security purposes.

Secure transmission

Some of the most common ways to secure communications on a network and the Internet include authentication, authorisation, IP address filtering, VPNs and Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). Some of these methods secure the data as it travels over the network, while others secure the network path itself. Authentication identifies the user to the network and is most commonly done by providing verifiable information like a username and password, and/or by using an X509 (SSL) certificate.

The 802.1X standard is a new port-based authentication framework available for even higher levels of security in a both wired and wireless system. All users' access requests are filtered through a central authorisation point before access to the network is granted.

Authorisation analyses the authentication information and verifies that the device is the one it claims to be by comparing the provided identity to a database of correct and approved identities. Once the authorisation is complete, the device is fully connected and operational within the network.

IP address filtering is another way to restrict communication between devices on a network or the Internet. Network cameras can be configured to only communicate with computers at pre-determined IP addresses - any computer from an IP address that is not authorised to interface with the device will be blocked from doing so.

Privacy settings prevent others from using or reading data on the network. There are a variety of privacy options available, including encryption, virtual private net-works (VPNs) and Secure Socket Layer/Transport Layer Security (SSL/TLS). In some cases, these settings can slow down network performance because data has to be filtered through multiple applications before it is accessed at its final destination. This could have a negative impact on the performance of an IP surveillance installation, which often requires realtime access to video.

Additional network security can be created with the use of firewalls. Firewall software normally resides on a server and protects one network from users on other networks. The firewall examines each packet of information and determines whether it should continue on to its destination or be filtered out. The firewall serves as a gate-keeper, blocking or restricting traffic between two networks, such as a video surveillance network and the Internet.

Wireless security

Wireless network cameras can create additional security needs. Unless security measures are in place, everyone with a wireless device in the network's range is able to access the network and share services.

To better secure IP surveillance installations with a wireless component, users should look at using Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP creates a wireless network that has comparable security and privacy to that of a wired network. It uses keys to prevent people without the correct key from accessing the network, which is the security commonly found in home networks. Data encryption protects the wireless link so that other typical local area network (LAN) security mechanisms - including password protection, end-to-end encryption, VPNs and authentication - can be put in place.

However, WEP has several flaws making it unsuitable for use in a corporate environment. The standard uses a static key, making it easy to hack into the network with inexpensive off-the-shelf software. For additional protection, wireless IP surveillance should employ WPA, which changes the encryption for every frame transmitted. WPA is considered the base level of security for corporate wireless networks, but for even higher security, WPA2 should be used. WPA2 uses Advanced Encryption Standard (AES), the best encryption available for wireless networks today.

Protecting system access

In addition to protecting data, it is critical to protect access to the system via a Web interface or an application housed on a PC server. Access can be secured with user names and passwords, which should be at least six characters long - the longer the better. Passwords should also mix lower and upper cases and use a combination of numbers and letters. Additionally, tools like finger scanners and smart cards can also be used to increase security.

Viruses and worms are also a major security concern in IP surveillance systems, so a virus scanner with up-to-date filters is recommended. This should be installed on all computers and operating systems should be regularly updated with service packs and fixes from the manufacturer. Network cameras and video servers with read-only memory will also help protect against viruses and worms. Viruses and worms are programs that write themselves into a device's memory. By using network cameras and video servers with read-only memory, these programs will not be able to corrupt the devices' internal operating systems.

Employing the outlined security measures makes an IP surveillance network secure and allows users the flexibility of off-site access without the worry that video will fall into the wrong hands. Understanding and choosing the right security options - such as firewalls, virtual private networks (VPNs) and password protection - will eliminate concerns that an IP surveillance system is open to the public.

Technology and products for providing IT and network security is an enormous industry today, providing appropriate security for the most demanding applications within government, military and the financial world. All this technology can be used in an IP surveillance installation.

Roy Alves, country manager, Axis Communications
Roy Alves, country manager, Axis Communications

For more information contact Roy Alves, country manager, Axis Communications, +27 (0)11 548 6780, roy.alves@axis.com



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Qognify VMS adds support for Pelco IP camera series
CCTV, Surveillance & Remote Monitoring Products
The latest IP camera series from Pelco can now be used with Qognify’s advanced video solution for corporate and enterprise projects, increasing the overall number of camera models and third-party devices supported in Qognify VMS to more than 6 500.

Read more...
VIVOTEK launches VAST Security Station
CCTV, Surveillance & Remote Monitoring Products
VIVOTEK officially launched its AI security system, VAST Security Station (VSS), in March, available to users in three flexible tiers: VSS Lite, VSS Standard, and VSS Professional.

Read more...
Keeping students, staff and communities safe
Vumacam News CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
South African schools are facing increasing security challenges, making effective surveillance systems more important than ever. To address this issue, Vumacam is offering advanced security solutions with security partners, aimed at keeping students, staff, and the community safe.

Read more...
Helping to care for zoo animals
Hikvision South Africa CCTV, Surveillance & Remote Monitoring
Zoo keeps an eye on the safety of animals and visitors through the installation of Hikvision 4 MP turret, 12 MP Fisheye cameras, as well as PTZs, NVRs and central management system.

Read more...
Boosting digital-intelligent transformation and AI applications
Dahua Technology South Africa CCTV, Surveillance & Remote Monitoring Products
2022 has been a year full of development and innovation for Dahua. The company has launched various upgrades to its existing product portfolio as well as an artillery of new products and solutions that address specific needs/problems in society.

Read more...
Arcules and IMMIX announce integration
News CCTV, Surveillance & Remote Monitoring Products
Arcules has announced that its integration with Immix Central Station and Guard Force is available. The integration provides Central Station and Guard Force users a way to manage, verify, and respond to security events, while using Arcules-managed video feeds.

Read more...
Developing an effective CCTV control room culture
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
Organisational culture in organisations can be seen as the set of values, practices, focus, standards and behaviours, and ways of interacting with others that are accepted and subscribed to by the people who work there.

Read more...
Eagle Eye Networks releases 2023 Video Surveillance Trends Report
Eagle Eye Networks News CCTV, Surveillance & Remote Monitoring
Eagle Eye Networks has released the 2023 Trends in Video Surveillance ebook, identifying five trends that will have the largest impact on businesses around the globe in 2023.

Read more...
Stainless steel 8 MP dome
Axis Communications SA Products CCTV, Surveillance & Remote Monitoring
Enclosed in marine-grade stainless steel (SS 316L) and DNV-certified, the AXIS Q3538-SLVE can withstand the corrosive effects of seawater and cleaning chemicals.

Read more...
Enhanced image clarity and enriched AI functions
Dahua Technology South Africa CCTV, Surveillance & Remote Monitoring Products
The IPC WizMind S series is equipped with multiple intelligent functions, offers adaptability, and comes in plastic-free packaging, enabling better image performance, promoting environmental sustainability, and providing global clients with smarter vision with a stronger surveillance shield.

Read more...