Protecting your IP network from external threats

September 2008 Surveillance

Nearly all network video installations transmit sensitive information that should be protected from unauthorised users and potential hackers. There are several ways to provide security within a wired or wireless network and between different networks and clients. Everything from the data to the use and accessibility of the network should be controlled and secured.

Today, IP surveillance systems can be made just as secure as those used by banks for ATM transactions. Network cameras and video servers are currently being used in highly sensitive locations such as the air and sea ports security purposes.

Secure transmission

Some of the most common ways to secure communications on a network and the Internet include authentication, authorisation, IP address filtering, VPNs and Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). Some of these methods secure the data as it travels over the network, while others secure the network path itself. Authentication identifies the user to the network and is most commonly done by providing verifiable information like a username and password, and/or by using an X509 (SSL) certificate.

The 802.1X standard is a new port-based authentication framework available for even higher levels of security in a both wired and wireless system. All users' access requests are filtered through a central authorisation point before access to the network is granted.

Authorisation analyses the authentication information and verifies that the device is the one it claims to be by comparing the provided identity to a database of correct and approved identities. Once the authorisation is complete, the device is fully connected and operational within the network.

IP address filtering is another way to restrict communication between devices on a network or the Internet. Network cameras can be configured to only communicate with computers at pre-determined IP addresses - any computer from an IP address that is not authorised to interface with the device will be blocked from doing so.

Privacy settings prevent others from using or reading data on the network. There are a variety of privacy options available, including encryption, virtual private net-works (VPNs) and Secure Socket Layer/Transport Layer Security (SSL/TLS). In some cases, these settings can slow down network performance because data has to be filtered through multiple applications before it is accessed at its final destination. This could have a negative impact on the performance of an IP surveillance installation, which often requires realtime access to video.

Additional network security can be created with the use of firewalls. Firewall software normally resides on a server and protects one network from users on other networks. The firewall examines each packet of information and determines whether it should continue on to its destination or be filtered out. The firewall serves as a gate-keeper, blocking or restricting traffic between two networks, such as a video surveillance network and the Internet.

Wireless security

Wireless network cameras can create additional security needs. Unless security measures are in place, everyone with a wireless device in the network's range is able to access the network and share services.

To better secure IP surveillance installations with a wireless component, users should look at using Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP creates a wireless network that has comparable security and privacy to that of a wired network. It uses keys to prevent people without the correct key from accessing the network, which is the security commonly found in home networks. Data encryption protects the wireless link so that other typical local area network (LAN) security mechanisms - including password protection, end-to-end encryption, VPNs and authentication - can be put in place.

However, WEP has several flaws making it unsuitable for use in a corporate environment. The standard uses a static key, making it easy to hack into the network with inexpensive off-the-shelf software. For additional protection, wireless IP surveillance should employ WPA, which changes the encryption for every frame transmitted. WPA is considered the base level of security for corporate wireless networks, but for even higher security, WPA2 should be used. WPA2 uses Advanced Encryption Standard (AES), the best encryption available for wireless networks today.

Protecting system access

In addition to protecting data, it is critical to protect access to the system via a Web interface or an application housed on a PC server. Access can be secured with user names and passwords, which should be at least six characters long - the longer the better. Passwords should also mix lower and upper cases and use a combination of numbers and letters. Additionally, tools like finger scanners and smart cards can also be used to increase security.

Viruses and worms are also a major security concern in IP surveillance systems, so a virus scanner with up-to-date filters is recommended. This should be installed on all computers and operating systems should be regularly updated with service packs and fixes from the manufacturer. Network cameras and video servers with read-only memory will also help protect against viruses and worms. Viruses and worms are programs that write themselves into a device's memory. By using network cameras and video servers with read-only memory, these programs will not be able to corrupt the devices' internal operating systems.

Employing the outlined security measures makes an IP surveillance network secure and allows users the flexibility of off-site access without the worry that video will fall into the wrong hands. Understanding and choosing the right security options - such as firewalls, virtual private networks (VPNs) and password protection - will eliminate concerns that an IP surveillance system is open to the public.

Technology and products for providing IT and network security is an enormous industry today, providing appropriate security for the most demanding applications within government, military and the financial world. All this technology can be used in an IP surveillance installation.

Roy Alves, country manager, Axis Communications
Roy Alves, country manager, Axis Communications

For more information contact Roy Alves, country manager, Axis Communications, +27 (0)11 548 6780, [email protected]



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The future of the surveillance channel
Duxbury Networking Technews Publishing Elvey Security Technologies SMART Security Solutions Surveillance
The video surveillance market has evolved from camera-based specifications to integrated solutions that solve customers’ problems. Moreover, the growth of AI and cloud has changed the channel even more, with more to come.

Read more...
The benefits of offsite control rooms
Astrosec Surveillance Integrated Solutions
As the security landscape grows more intricate, control rooms – the crucial hub of security operations – need to adapt. With escalating costs, mounting threats, and a heightened demand for immediate responses, many organisations are reassessing the operations of their control rooms.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
Hikvision launches latest range of cameras
Hikvision South Africa Surveillance AI & Data Analytics
Hikvision has launched its latest network cameras with ColorVu 3.0 technology and EasyIP 4.0 Plus, which elevate video security by delivering improved image quality, enhanced intelligent functions, superior audio capabilities, and a refined product design and materials.

Read more...
Platform to access data and train AI models
Milestone Systems AI & Data Analytics Surveillance
Milestone Systems has announced Project Hafnia to build services and democratise AI-model training with high-quality, compliant video data leveraging NVIDIA Cosmos Curator and AI model, fine-tuning microservices.

Read more...
The capabilities of visual verification
Secutel Technologies Surveillance AI & Data Analytics
Secutel Technologies has provided locally developed visual verification solutions for some time. SMART Security Solutions requested more insight into these solutions from the company.

Read more...
AI means proactive surveillance
DeepAlert Technews Publishing SMART Security Solutions AI & Data Analytics Surveillance
SMART Security Solutionsasked DeepAlert for some insight into how AI is transforming video surveillance, even to the extent of it being taught to protect the privacy of those in the cameras’ view.

Read more...
Integration is the key to smarter surveillance
Duxbury Networking Surveillance
According to recent market projections, the local security industry is expected to grow by more than 10% annually through 2029, reflecting the increasing demand for smarter, more proactive security solutions.

Read more...
edgE:Tower video analytics integrated with SEON
Surveillance Integrated Solutions AI & Data Analytics
Sentronics has announced a new integration between its edgE:Tower advanced AI-driven video analytics solution and SEON, a Central Monitoring Software (CMS) platform. This integration enhances real-time situational awareness and automated threat detection for control rooms.

Read more...
The state of the VMS market
Arteco Global Africa Milestone Systems Cathexis Technologies Technews Publishing Surveillance
SMART Security Solutions asked three platform vendors in South Africa, one that is developed and maintained in the country with an international market, for their views on the state of the VMS market and where it is headed.

Read more...