4 Ways to Prevent IP Video Surveillance Hacks
IP video hacks can be a major threat to institutions that don’t take the proper steps to mitigate them.
It should come as no surprise that, considering the progression of enhanced quality and enriched intelligence provided, IP video surveillance is one of the most widely used technologies in the security industry.
This only continues to mount as video is increasingly regarded as not only a detection and apprehension tool, but also as a means to gain valuable insight into employee, customer and operational activities across any number of industries.
In short, video is rich in data — but in a vastly networked IoT (Internet of Things) world, video along with many other interconnected devices have become a source of risk in certain environments.
The rapid growth of IP video in particular and the surge of IoT across security platforms demands more timely collaboration among integrators, manufacturers and other vendors against ever-evolving cyber threats, as well as the fundamental best practices necessary to maintaining cybersecurity in the video realm.
Following are just a few activities to consider when addressing cybersecurity threats to an end user’s video data. From these foundational tactics and standards, a multifaceted prevention and response program can be built.
1. Conduct regular vulnerability tests and reviews for all IP video products and systems.
This should include testing all associated protocol, hardware and firmware to ensure each video surveillance component has been thoroughly and consistently evaluated and can readily mitigate or squelch an attempted cyberattack.
Hardware testing should focus on physical as well as software and connectivity features of the IP video surveillance devices, making certain all elements remain as tamper-proof as possible.
Protocol testing examines the security of network communications to and from the device, including the strength of encrypted transmissions and whether these communications can be intercepted for unauthorized capture or modification.
Finally, a firmware analysis should review for any buffer overflows, injection flaws, backdoor accounts or other vulnerabilities and should include the installation of any device firmware upgrades available.
2. Limit the number of privileged users and minimize physical access to IP video.
Apply the principle of least privilege when considering those who will be granted high-level access to IP surveillance settings and data. No matter how trusted an employee might be or how significant an asset to the organization, the more people that are exposed to the system’s components or data the more likely a system is left open to cyberattacks and vulnerabilities.
Encourage and offer guidance in implementing a comprehensive vetting and selection process for privileged system users, deploy auditing processes to track these users’ movements within devices, appliances and servers, and help to develop strict policies that ensure the immediate disabling of privileged accounts in the event suspected vulnerabilities are detected.
Keep all physical video equipment under lock and key. Do not allow system components to fall victim to interference by the public or otherwise unauthorized individuals by storing securely within restricted areas with similar limited access standards.
3. Don’t use default passwords or ports.
Many complex hacker applications have been designed to readily guess most simple passwords. This has been made an easy vulnerability based on many video manufacturers publishing their default user names and passwords.
Augmenting the risk, many dealers and integrators do not make it common practice to change to a strong password format. Inspire a culture of password uniqueness from the onset of system deployment.
While not every password is guaranteed to be completely hacker-proof, the more intricate and randomized, the less likely malicious individuals will be able to infiltrate or gain control over the system. Similarly, make a habit of configuring IP video and network-based cameras on ports that differ from the ones programmed in manufacturer factory settings.
These logical infrastructure pathways by which video data and other information are transmitted offer targeted gateways for hackers. Oftentimes information regarding the default ports of major video system manufacturers can be easily located by the public, and leaves camera systems ripe for attack.
By selecting uncommon ports from the thousands defined, camera brands become harder for hackers to identify and a road-map of the system more difficult to pin down.
4. Speak with integrators, manufacturers and service providers to stay current on new threats, mitigation tactics and emerging technologies.
Collaboration among every level and division of the security industry is key. Pull from and rely on the knowledge base of others to make sure end users are receiving the most expert, adaptable and informed security services and technologies possible.
There are many cyber consultants and groups found in the IT world that you can leverage. With new threats surfacing every minute, an industry-wide alliance can bolster end users’ data protection and deepen a far-reaching trust in the security industry as a whole.
Don’t sit back and hope this never happens to you or your customers. It’s only a matter of time before a vulnerability impacts your business in some way. Take the proper steps today and be the security consultant you’ve been entrusted as by your customer.
Rich Mellott is Senior Manager & Technologist in Video Security, Analytics, Data & Cloud-Based Solutions for Stanley Security.
The above article originally ran in Campus Safety’s sister publication Security Sales & Integration.