Issue link: https://securitytechnologyexecutive.epubxp.com/i/956571
8 SECURIT Y TECHNOLOGY E XECUTIVE • Februar y/March 2018 • www. SecurityInfoWatch.com CONVERGENCE Q&A; By Ray Bernard P SP, CH S -III • Email: ConvergenceQA@go-rbc s.com. How can we manage the firmware updates and user account passwords for our 357 network cameras? Right now, it's a 100 percent manual task, and we are not able to keep up with it? Most organizations with large numbers of cameras can't keep up without incurring a huge labor cost that's out of proportion to the cost of the camera system. It's typically been a lost cause. Now, however, if you have AXIS cameras with firmware 4.40 or later, you can use the newly-released free AXIS Device Manager software. This is the biggest news for video surveillance systems that the security industry has seen since the network (IP) camera was introduced by AXIS in 1996. The AXIS Device Manager (https://www. axis.com/us/en/products/axis-device-manager) is an on-premise tool that positively impacts several aspects of camera management: • Cybersecurity: A network of thousands of cameras can be automatically hardened per the Axis harden- ing guide and kept up to date with automatic firm- ware updates. Device Manager enables centralized IP address management, account, password and digital certificate management for HTTPS and 802.1x certificates. • Documentation: Device Manager automatically scans the network and locates all online AXIS devic- es, including audio and access control devices, creat- ing a database of devices and their configurations. • Backup and Restore: Camera configuration settings can be backed up for later quick restoration. I c on st a n t l y r e c e i v e t h is s a m e q u e st ion at s e c ur it y c on f er en c e s , a n d I h e a r t h em in dis c us sion s w h en e v er t h e s u bje ct of c a m er a m a n a g em en t is r a is e d b y p e op le w h o a r e r e sp on sib le f or h un dr e ds , t h o us a n ds , or t en s of t h o us a n ds of c a m er a s . How to Manage High-Camera-Count Deployments • Deployment: Settings from one configures camera can be partially or completely copied to multiple other cameras. • Auditability: Device Manager maintains an activ- ity log with sort and search functions showing per- formed actions and changed device status. • Total Cost of Ownership: The manual labor involved in deploying and maintaining cameras is significantly reduced. I have seen the embarrassment caused to secu- rity managers and directors, when they have had to explain to IT personnel or higher-ups that the cam- era system in which their organization has invested hundreds of thousands to millions of dollars doesn't meet IT department requirements, can't be secured like the organization's other computer and network systems are, and has huge labor costs involved in keeping the camera firmware up to date. Now, this can come to an end. Moving Beyond the Status Quo At one-time system, security was mostly thought of as "bolted-on" protection rather than something built into products. That is outdated thinking. For over a decade after network cameras were intro- duced, if you questioned a camera vendor about camera cybersecurity weaknesses, the standard vendor reply was, " We expect you to install the cameras on a secure network." From a historical perspective, this is understandable, due to the decades-old mindset established by CCTV (closed circuit television) cameras. Cameras were connect- ed directly to display monitors and/or recorders. Video was viewed from a single monitoring room. Initially, network cameras were looked upon as a replacement for CCTV cameras and were installed on closed local area networks. Enterprise networks of the kind and capacity that we have today didn't exist at that time. Putting video onto a corporate network wasn't feasible. Then networks changed and networked cam- eras changed, but even though cameras became computers with operating systems and built-in web servers, the video industry has been slow to adopt computer and network security designs and practices. Q: A: Ray Bernard PSP, CHS-III Ray Bernard Consulting Ser v ices (RBCS; w w w. go-rbcs; 9 4 9-83 1-6788), a firm that prov ides securit y consulting ser v ices for public and private facilities. Member of the Content E xpert Facult y of the Securit y E xecutive Council (w w w.Securit y- E xecutiveCouncil.com). Follow Ray on Twitter: @RayBernardRBCS