Protecting your IP network from external threats

September 2008 CCTV, Surveillance & Remote Monitoring

Nearly all network video installations transmit sensitive information that should be protected from unauthorised users and potential hackers. There are several ways to provide security within a wired or wireless network and between different networks and clients. Everything from the data to the use and accessibility of the network should be controlled and secured.

Today, IP surveillance systems can be made just as secure as those used by banks for ATM transactions. Network cameras and video servers are currently being used in highly sensitive locations such as the air and sea ports security purposes.

Secure transmission

Some of the most common ways to secure communications on a network and the Internet include authentication, authorisation, IP address filtering, VPNs and Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). Some of these methods secure the data as it travels over the network, while others secure the network path itself. Authentication identifies the user to the network and is most commonly done by providing verifiable information like a username and password, and/or by using an X509 (SSL) certificate.

The 802.1X standard is a new port-based authentication framework available for even higher levels of security in a both wired and wireless system. All users' access requests are filtered through a central authorisation point before access to the network is granted.

Authorisation analyses the authentication information and verifies that the device is the one it claims to be by comparing the provided identity to a database of correct and approved identities. Once the authorisation is complete, the device is fully connected and operational within the network.

IP address filtering is another way to restrict communication between devices on a network or the Internet. Network cameras can be configured to only communicate with computers at pre-determined IP addresses - any computer from an IP address that is not authorised to interface with the device will be blocked from doing so.

Privacy settings prevent others from using or reading data on the network. There are a variety of privacy options available, including encryption, virtual private net-works (VPNs) and Secure Socket Layer/Transport Layer Security (SSL/TLS). In some cases, these settings can slow down network performance because data has to be filtered through multiple applications before it is accessed at its final destination. This could have a negative impact on the performance of an IP surveillance installation, which often requires realtime access to video.

Additional network security can be created with the use of firewalls. Firewall software normally resides on a server and protects one network from users on other networks. The firewall examines each packet of information and determines whether it should continue on to its destination or be filtered out. The firewall serves as a gate-keeper, blocking or restricting traffic between two networks, such as a video surveillance network and the Internet.

Wireless security

Wireless network cameras can create additional security needs. Unless security measures are in place, everyone with a wireless device in the network's range is able to access the network and share services.

To better secure IP surveillance installations with a wireless component, users should look at using Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP creates a wireless network that has comparable security and privacy to that of a wired network. It uses keys to prevent people without the correct key from accessing the network, which is the security commonly found in home networks. Data encryption protects the wireless link so that other typical local area network (LAN) security mechanisms - including password protection, end-to-end encryption, VPNs and authentication - can be put in place.

However, WEP has several flaws making it unsuitable for use in a corporate environment. The standard uses a static key, making it easy to hack into the network with inexpensive off-the-shelf software. For additional protection, wireless IP surveillance should employ WPA, which changes the encryption for every frame transmitted. WPA is considered the base level of security for corporate wireless networks, but for even higher security, WPA2 should be used. WPA2 uses Advanced Encryption Standard (AES), the best encryption available for wireless networks today.

Protecting system access

In addition to protecting data, it is critical to protect access to the system via a Web interface or an application housed on a PC server. Access can be secured with user names and passwords, which should be at least six characters long - the longer the better. Passwords should also mix lower and upper cases and use a combination of numbers and letters. Additionally, tools like finger scanners and smart cards can also be used to increase security.

Viruses and worms are also a major security concern in IP surveillance systems, so a virus scanner with up-to-date filters is recommended. This should be installed on all computers and operating systems should be regularly updated with service packs and fixes from the manufacturer. Network cameras and video servers with read-only memory will also help protect against viruses and worms. Viruses and worms are programs that write themselves into a device's memory. By using network cameras and video servers with read-only memory, these programs will not be able to corrupt the devices' internal operating systems.

Employing the outlined security measures makes an IP surveillance network secure and allows users the flexibility of off-site access without the worry that video will fall into the wrong hands. Understanding and choosing the right security options - such as firewalls, virtual private networks (VPNs) and password protection - will eliminate concerns that an IP surveillance system is open to the public.

Technology and products for providing IT and network security is an enormous industry today, providing appropriate security for the most demanding applications within government, military and the financial world. All this technology can be used in an IP surveillance installation.

Roy Alves, country manager, Axis Communications
Roy Alves, country manager, Axis Communications

For more information contact Roy Alves, country manager, Axis Communications, +27 (0)11 548 6780, [email protected]



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Avoiding human error at ports
LD Africa Transport (Industry) CCTV, Surveillance & Remote Monitoring Products Logistics (Industry)
LD Africa introduced a local port to the AxxonSoft Port Security System ,a solution that helps overcome the element of human error and eliminate paperwork.

Read more...
Compact, lightweight bullet cameras with support for analytics
Axis Communications SA Products CCTV, Surveillance & Remote Monitoring
Axis Communications announced two new outdoor-ready bullet-style cameras featuring deep-learning processing units for analytics based on deep learning on the edge.

Read more...
Numerous challenges for transport and logistics
Transport (Industry) CCTV, Surveillance & Remote Monitoring Security Services & Risk Management Logistics (Industry)
Operators are making significant investments in automation and digitalisation in order to address security concerns, improve loss prevention as well as efficiency, and reduce unit order costs.

Read more...
A key to urban transport challenges
Axis Communications SA Transport (Industry) CCTV, Surveillance & Remote Monitoring Integrated Solutions Logistics (Industry)
There are many enabling technologies that can impact transportation in South Africa, but a good place to start is by considering the applications for smart physical technology with the ability to collect and respond to data.

Read more...
Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

Read more...
Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

Read more...
A new full-colour era
Dahua Technology South Africa CCTV, Surveillance & Remote Monitoring
Traditionally, there have been two options for using surveillance cameras in the dark: flooding the scene with visible light, or alternatively using infrared (IR) illumination.

Read more...
AIoT delivers dynamic digital platforms
Hikvision South Africa CCTV, Surveillance & Remote Monitoring
Many stadiums or venues are seeking new, smart solutions that can help venue operators to stay on top of real-time situations dynamically on digitally driven platforms, and to achieve more efficient and sustainable venue management.

Read more...
Upgraded security and AI monitoring at upmarket estate
Watcher Surveillance Solutions Editor's Choice CCTV, Surveillance & Remote Monitoring Integrated Solutions Residential Estate (Industry)
Estate upgrades and enhances its security through a partnership between surveillance specialist Watcher and the incumbent guarding company.

Read more...
Security solutions that go the distance
Avigilon Logistics (Industry) CCTV, Surveillance & Remote Monitoring Asset Management, EAS, RFID Transport (Industry)
Avigilon self-learning video analytics help detect potentially critical events and issue an alert within the ACC dashboard, allowing officers to then verify event alarms.

Read more...