Don’t Reinvent the Wheel Six critical cybersecurity issues for video networks
BAy Moses Anderson
s engineers, integrators, and administrators of IP video management and other network-based security systems, we have a heavy reliance on the network. If the core network system isn’t working correctly— or is under attack from internal as well as external
threats—the system will not be able to perform its functions as in- tended, and any security breach can reach far beyond the security network to the rest of the organization’s digital infrastructure.
Edge devices of all types, including cameras, are a vulnerable part of a network. Any video security system design must take this into account. Because no single solution can meet all applications or ad- dress all threats, a multi-layered approach is best for deploying an optimally functional and secure network.
Fortunately, there are proven, standardized frameworks available that systematically bring together network best practices. There’s no reason for video surveillance and security professionals to re-invent the wheel. Taking an IT industry standards approach makes it easy to design and deploy secure video networks. Here are several network security topics often overlooked by video surveillance professionals.
Brute Force Attack
A brute force attack is a trial-and-error method used to obtain infor- mation such as user passwords or PIN numbers. Hackers use soft- ware that tries different character combinations in quick succession to crack passwords. Short and simple passwords—those that only use alphabetical characters—are easier to break than longer passwords with a mix of letters, numbers and special characters. Hackers often
68
JULY/AUGUST 2019 | SECURITY TODAY
persist for hours, days, or even years in finding a way into a target. Edge devices are some of the most vulnerable pieces in installa- tions. Most cameras today can encrypt command and control traffic, but to do this, a certificate needs to be assigned to it. Typically, a self- assigned certificate is used, but which in itself is not inherently secure. So how do we introduce some certificate authority and manage the certificates from the devices and the recording servers, with a third-
party, certificate/policy enforcement utility.
Policy management utilities can dictate password changes and
password hygiene. Administrators can request that they want all cam- eras to have a password, say, with 25 characters, and the server will randomly generate and assign the passwords. No one involved would know the passwords, and that information is not needed as long as it resides in both the recording platform and on the camera. The policy management server can even go out to the cameras and apply pass- word changes on a schedule, and at the same time update the video management system to ensure zero downtime.
Active Directory Attack
Active Directory is a Windows OS directory service that facilitates working with interconnected network resources. Active Directory was launched almost twenty years ago, and the security landscape has changed dramatically since. Unfortunately, businesses have not adapted their Active Directory environment to meet these new secu- rity needs and, as a result, we are seeing attackers exploit this weak- ness more frequently.
One of the first steps in preventing an attack on Active Direc-
CYBERSECURITY
Wright Studio/Shutterstock.com