How to enhance protection of your surveillance system against cyber attacks

Find out if someone is looking in on you when you are looking out at them.

surveillance system
Thinkstock (Thinkstock)

Turning the tables on you

Surveillance video is a valuable data asset, and like any other sensitive data, video data can be used for many nefarious purposes. Criminals can observe stolen video to identify high-risk asset areas, follow VIP patterns or even use it to disrupt operations via camera sabotage. Tampering, vandalism and denial of video service are other potential threats.

IP surveillance systems reside on the local area network and should be considered in any IT policy. And like all network devices, IP video devices may need to be protected just like devices, clients and servers.

The majority of surveillance video breaches are due to human error, negligence and misconfigurations.

John Bartolac, Manager, Industry Segments Team and Cyber Strategy, at Axis Communications, provides the following nine areas of a network surveillance system that are most vulnerable, and how IT departments, with their security and facility management departments, can mitigate those risks.

Weak passwords
Thinkstock (Thinkstock)

Weak passwords

Most IP-based cameras and systems ship with default passwords and default settings. Sometimes these passwords are easy to guess, and is the most common way that a cyber criminal can gain unauthorized access to a surveillance system. Setting strong passwords, using good password management and use of certificates in lieu of passwords are the most effective ways to stop attacks.

Surveillance systems
Ludovic Bertron (One-Time Use)

Poor deployment

Leaving unused services enabled when deploying a video surveillance system leaves it vulnerable to attacks. As an example, a cyber criminal could install malicious applications and scripts using file transfer protocol (FTP) or an application platform from an untrusted developer. Disabling unused services and only installing trusted applications reduces the chances that a would-be perpetrator could exploit a surveillance system vulnerability.

04 roles
Thinkstock (Thinkstock)

No clear roles or ownership

In many organizations, network surveillance security failures happen simply because there have not been clear rules and procedures established for which employees have particular access rights. For example, it may not be clear who’s responsible for reviewing security measures for the surveillance system to ensure best practices are being followed. It’s recommended that IT organizations use a principle of “least privileged accounts,” in which users are limited to only the resources they need to perform their job.

Software bugs
Thinkstock (Thinkstock)

Software bugs

Remember the Heartbleed bug, which was a security vulnerability in OpenSSL software that could allow attackers to steal usernames and passwords? Bugs or flaws in the software code used by network surveillance cameras can put those devices at risk. Failing to update cameras, equipment and software with the latest software or firmware patches opens up potential security vulnerabilities in the system. Always updating to the latest firmware can help ensure that those bugs won’t become a problem. Many vendors post public common vulnerabilities and exposures reports that document solutions or workarounds to a specific vulnerability.

Physical installation problems
Eric (One-Time Use)

Physical installation problems

There are many examples of poor physical installation of cameras, wiring and other infrastructure, which can cause security problems. For example, placing a camera within a person’s reach puts that camera in danger of being tampered with or vandalized. Cameras should be installed not only where they’re out of reach to a potential attacker, but where they provide the best angle of view to clearly detect people and objects.

Poor physical protection of cabling, servers or gear
Thinkstock (Thinkstock)

Poor physical protection of cabling, servers or gear

If cabling, servers or other gear are not well protected, they put the network at risk of not functioning properly. For example, even a small kink or damage to a cable can cause a camera to respond intermittently or even cause a power failure. If the camera and wiring are exposed to severe weather conditions or extreme heat, they should be appropriately protected with adequate housing and conduits for cabling.

08 maintenance
Thinkstock (Thinkstock)

Poor maintenance

Not performing routine maintenance on surveillance cameras, gear and cabling can lead to equipment downtime or poor performance. It’s critically important to have a preventative maintenance program that includes a checklist of issues to look for, and prevent small problems from becoming big ones. These include damaged or loose cameras and equipment, cabling that has become exposed, damaged or loose, and dirt or moisture on camera lenses. It also ensures that the system owner is aware of any potential abnormalities indicating the system has been tampered with.

Flaws and weaknesses in standard network protocols
Thinkstock (Thinkstock)

Flaws and weaknesses in standard network protocols

Many network surveillance systems use standard network protocols, like FTP or TCP/IP, to copy video and other data, from one host to another on the network. Weaknesses or flaws in the protocols can expose these data to attacks. IT departments should use the latest advanced encryption methods for any video streams sent over the network.

Failure to align hardware or software on the network with IT policy
Thinkstock (Thinkstock)

Failure to align hardware or software on the network with IT policy

Adding hardware or software that doesn’t meet the IT organization’s network security policy can create more security headaches. For example, third-party software or apps are often poorly supported or the vendors don’t update them with security patches, making them vulnerable to security breaches. Building a strong IT policy, and diligently enforcing it, is crucial for any organization. In addition, many IT vendors offer best practices when it comes to deploying their products.