Issue link: https://securitytechnologyexecutive.epubxp.com/i/870734
52 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2017 • www. SecurityInfoWatch.com opportunistic and targeted attacks. If you think that network video systems are somehow immune to the problem of cybersecurity, let me disabuse you of that notion. Malware can infect any unprotected network surveillance device – from cameras and video record- ers to routers, video management systems and serv- ers. And once there, it's an easy jump to the IT net - work and into the company's valuable digital assets. Change Default Settings Ignoring the danger won't make it disappear. But addressing the problem isn't as difficult as you might think. Sometimes the fix can be as simple as chang- ing manufacturers' default usernames and pass- words for a device. Hackers think of default settings as low hanging fruit. So don't become easy pickings. Change those default settings into something stron- ger before the device goes live. Reduce Your Surface Area for Attack Oftentimes devices come preconfigured with proto- cols and services that you don't need or use. Be sure to disable and/or remove them if you're not going to use them. Also, keep an accurate inventory of what surveillance devices you have your network. If you don't know what's there how can you update it with the latest security measures? The goal of all this is to reduce your surface area for potential attack. Check Your Audit Logs Regularly If you think retrieving system reports or audit logs should only be a priority when there's an incident, think again. It's important to review logs on a regular basis because they might reveal whether there have been any failed attempts to breach, which may help you prepare to fend off a full-blown attack. Lockdown Multiple Devices at Once Cybersecurity features are inherent in most IP sur- veillance products on the market today. But they We all have to come to grips with the fact that IP surveillance isn't just about physical security anymore. have to be configured one device at a time. For enter- prise-sized video systems, the time and resources to do that become prohibitive. So security departments have tended to be less than diligent about turning those features on. Yet this hardening of devices is exactly what's needed to prevent their exploitation as conduits into the network. Not to worry, help is on the way. New mass-con- figuration tools are now coming onto the market to address that scaling issue. They're designed to make it easy to lock down multiple devices simultaneously. What may have taken days or weeks before can now be done in a matter of hours. With a few keystrokes, security can align their video systems and devices to the same rigorous corporate cybersecurity standards adopted by their IT counterparts. Some of those cyber protection features include: • 802.1x network port-based security. This digital certificate-based service protects the net- work by authenticating the devices connected to it. For example, if you had an outside camera with 802.1x and someone removed the camera and attached a laptop into that same network port, that laptop couldn't get into the network because it would lack the 802.1x certificate needed for network authentication. • SRTP encryption. Secure Real-Time Transport Protocol or Secure RTP is the newest encryption protocol on the horizon for IP Video Surveil- lance. While SRTP has been used for years to provide encryption on VOIP networks, it is quickly gaining traction in the IP video sur- veillance world. SRTP is an extension to RTP (Real-Time Transport Protocol) that incorporates enhanced security features. It is specifically designed to maintain a secure data connection between surveillance devices such as IP cam- eras and the video management system. When SRTP is used to encrypt the video stream it also automatically encrypts all data communications between the server and the endpoint. SRTP has the added benefit of working in both unicast and multicast environments. • HTTPS encryption. This is also a digital certifi- cate-based service. It encrypts any data commu- nications that you're transmitting across the net- work. It's similar to the way online banking and online shopping sites protect your transaction data. HTTPS works in layers giving you different configuration options depending on what you want to encrypt: commands, metadata, audio files, video files, etc. VIDEO TECHNOLOGY