Latin America. Reducing the vulnerability of a network-connected video surveillance system depends on a constantly preventive stance by manufacturers, service providers and users. Learn 10 steps to protect your IP cameras from permissionless access to images.
Appearances, also in technology, can be misleading. Two seemingly similar videos captured by monitoring cameras of different origins can be fundamentally different. Although they record the same scene, they can have different levels of security against cyberattacks – a growing concern for IT staff in government agencies and in the financial sector (due to the confidential nature of their operations), in industries (especially concerned about their intellectual property) and in hospitals (where patient privacy is a priority).
In these and other applications, the creation of safer networks depends on a continuous and collective effort, which involves three axes: the commitment of the manufacturer, the know-how of the integrators and a preventive attitude on the part of the users.
This coordination is important given the risks associated with these crimes. When we talk about network attacks, we can classify them into two main types:
- • Opportunistic attack: occurs when the attacker takes advantage of a known weakness to attack; if the attack fails, the offender will move to the next victim. An opportunistic attack focuses on users and improperly configured systems.
- • Targeted attack: Usually involves a clever plan and occurs when a criminal selects a specific target. The attacker will target vulnerable users and fragile or poorly protected systems.
The first type of attack is the most common and easy to perform, while the second is undoubtedly more dangerous, because the risks are higher, such as the appropriation and cancellation of confidential data or the theft of copyrighted materials.
How to protect a video surveillance system
To ensure the highest level of protection, it is necessary that the video system that is part of the network meets certain requirements that will allow the levels of protection of the existing infrastructure and the protection policy established by the person responsible for the network. The system must also have adequate protection taking into account the previous level of risk calculated for all its components (servers, clients and devices connected to the network), based on a preliminary risk analysis of extreme importance.
Regarding the protection of customers, Axis cybersecurity experts recommend the protection of all "nodes" of the network in accordance with IT policies through the use of a correct and appropriate password management and execution firewall, antivirus software and encryption processes. And finally, provide accurate maintenance service management to the customer with up-to-date operating systems and applications.
Overall, here are the top 10 cybersecurity recommendations from Axis Communications:
1. Do a risk analysis of potential threats and potential harms/costs if the system has been hacked.
2. Gain knowledge in system protection and potential threats. Work closely with resellers, system integrators, consultants, and product suppliers.
3. Protect the network. Violating network protection increases the risk of interception for sensitive information from individual invasion server and network devices.
4. Use individual and strong passwords, changing them regularly.
5. Don't rely on a predefined factory configuration of network devices
- Change the default password.
- Enable and configure device protection services.
- Disable services that are not being used.
6. Use cryptographic connections when possible, even on local networks.
7. To reduce video exposure, customers' cameras should not be allowed to be accessed directly, unless required by the system/solution. Customers should only access videos through a VMS (Video Management System) or media proxy.
8. Check access logs regularly for unauthorized access attempts.
9. Monitor devices regularly. Enable the notification system when appropriate and justified.
10. Use the latest version of the software, which may include security fixes.
In addition to these recommendations, it makes sense for government and private entities to be cautious about the origins of video surveillance devices that will connect to the network. When choosing a video surveillance system, the behavior of manufacturers should be observed with the identification and resolution of vulnerabilities to minimize damage. On the other hand, the experience of integrators is essential to increase the security of their customers, and users themselves must take responsibility for the protection of devices that, in turn, protect what is valuable to them.
By Rodrigo Sánchez, Sales Engineer, Axis Communications
