How to keep the hackers away
Cyber security was never a concern with traditional analogue CCTV systems.
As IP surveillance systems grew in popularity, most integrators struggled to keep up with the IT skills required and had little time for cyber security. Now, however, with increasing publicity around the hacking of various surveillance systems, cyber security has become a hot topic.
Being a surveillance integrator a decade ago required few to no IT skills. Installers built systems that operated independently of any network and often times were only accessible through the local DVR. As the industry evolved, those same installers and technicians sought out basic IT training that would allow them to install IP surveillance systems. Unfortunately, in many cases these skills were only the bare minimum they required.
IP systems now make up the majority of surveillance systems being sold and installed, but many of the installers deploying those systems still only have the limited IT skill set they developed over the last decade. This has created an IT centric industry that often does not understand the bigger IT challenges such as cyber security. There are however a few simple things installers can do to drastically improve cyber security for their systems without an enormous amount of training.
IP surveillance systems should have clear separation on the network. Cameras should be networked back to the head end NVR on their own LAN. The NVR should always have two network cards, one of which all the cameras are connected to, and one that connects the NVR to the Internet or client’s network. In larger deployments or where using existing network infrastructure is required, cameras should be setup on a virtual LAN (VLAN).
Another method for securing network connections is through the use of a virtual private network (VPN). VPNs extend private networks across public networks or the Internet while maintaining a high security level. VPNs act as a point-to-point connection between the user’s device and the network that hosts the cameras. This can provide a reliable connection with similar security levels as if the device was not connected to the Internet at all.
Passwords are simple to change without any advanced IT skills, yet they rarely are. Camera passwords should always be changed from the manufacturers defaults. Some manufacturers force users to change the administrator password, but many do not. Besides camera passwords, installers should also be changing passwords on the VMS and NVR. Any password that is left as the default creates a significant cyber security risk which can easily be avoided.
Port forwarding has become a common requirement for integrators but few realize that ports can be another opportunity to improve cyber security. Hackers target certain ports and integrators need to be aware of what these ports are. Standard ports used by cameras and VMS software can be changed from their default settings making them far more difficult to hack. Rather than simply using the default settings, integrators should consider using their own port numbers whenever possible.
Without extensive IT knowledge the security industry can easily improve its cyber security measures. Best practices should be followed that reduce the risk of cyber attacks occurring since every device connected to the Internet is susceptible to being hacked.
By making simple changes integrators can reduce the chance of cyber security attacks and provide their clients with the reliable systems they desire.
Colin Bodbyl is the director of technology for UCIT Online.
BICSI Canada Regional Meeting
November 21, 2017
November 22, 2017
November 29-1, 2017
Fraud and Anti-Counterfeiting Conference
December 6-8, 2017
Focus On Health Care Security
December 6, 2017
January 9-12, 2018