Australia’s Leading Network Solutions & Distribution Company

Security within security - cybersecurity for the surveillance network

Security cameras were traditionally isolated on the network, which means that cybersecurity of security systems has not really been an important focus.

But now, because customers want remote video access and also because cloud storage is more affordable, security camera systems are increasingly connected to the internet.

This changes everything, because ultimately these cameras are connected to the same network as mission-critical servers and applications and offer a route for hackers to compromise an entire network.

It doesn’t matter whether the system is a cloud-managed surveillance system, DVR/VMS/NVRs connected to the internet or a traditional system connected to a local network which in turn is connected to the internet… the risk of compromise is still the same.

Why are IP cameras hacked?

Today, the major motivation for hacking is financial. When it comes to monetisation, IP surveillance cameras are great targets because:

Constant connection:
High exposure to the internet makes it easy for hackers to find the device. Once hacked, the device will be constantly available to serve the hackers’ needs.

Low hacking investments:
Unlike hacking a PC, once the hackers see a way to hack a device, the same approach can usually be applied to other devices of similar models, making a very low per-device hacking cost.

Lack of supervision:
Unlike office PCs, IP surveillance cameras are not well managed by cybersecurity knowledgeable staff. Installing an after-market anti-malware application is not an option.

High performance:
The idle computing power inside an IP surveillance camera is usually good enough to perform hackers’ specified tasks like cryptocurrency mining, even without being noticed by end users.

High internet facing bandwidth:
The always-connected fast and huge bandwidth designed for video communication is the perfect target for hackers to initiate DDoS attacks.

Start with strong passwords

It’s important that security camera systems get the same level of attention to, and protection from, cybersecurity attack as traditional IT systems.

The place to start is camera passwords. Security cameras come with a default user name and password that you must change immediately after installation to something complex and robust.

This seems a simple step, but amazingly, weak passwords were to blame for the massive distributed denial of service (DDoS) attack that caused outages at Amazon and Twitter in 2016. Hijackers took over 100,000 devices, including network security cameras.

Encrypted video feed

It’s also important to make sure the video feed between camera and the storage site is encrypted.

During set up you can generally choose between two or three options for stronger or weaker encryption. The right choice is a balance between risk and resources. Product experts at OSA can help if you’re not sure which setting to use.

And as part of the general system maintenance, make sure your video systems are scanned regularly for vulnerabilities. Apply patches as soon as the manufacturer sends them through.

vivotek multilayered cybersecurity

Vivotek's multi-layered solution

Market leaders Vivotek recognise the increasing cybersecurity risks in the surveillance industry and have partnered with Trend Micro to deliver a multi-layered protection solution.

  1. Brute force attack detection
    When the system detects brute force attacks, based on a defined number of failed login attempts, it will automatically block that IP address and prevent further attacks.
  2. Intrusion detection and prevention
    After shutting down if any malware or abnormal access behaviour is detected, any attempt to control the console, access controversial websites, or any intrusion behaviour will be automatically secured by the mechanism.
  3. Instant damage control
    If an unknown attack occurs, the system will remotely patch all data and transfer it to the anti-intrusion team to analyse and solve it, effectively decreasing the spread of internal infections, and letting users get back to work safely and quickly.

Learn more about Vivotek’s cybersecurity solution here or contact OSA for more information.

© Copyright 2019 Optical Solutions Australia. All Right Reserved. Website by Brilliant Digital.