With IP camera hacks becoming more rampant, it has become critical for end user entities to work with professional systems integrators who are well versed in IT and cybersecurity.
With IP camera hacks becoming more rampant, it has become critical for end user entities to work with professional systems integrators who are well versed in IT and cybersecurity.
That was according to
Axis Communications in a recent
blog post titled “How to improve surveillance device and network security.”
It goes without saying that the concept of securing your security devices has taken shape rapidly, especially amid reports of intrusion and attacks. Examples range from baby cams moving on their own to capture people in the household to the horrific DDoS attacks against Dyn in 2016.
These incidents underscore the importance of protecting the end user organization against attacks on security cameras and devices. A necessary step towards that goal, according to the post, is to first find a capable systems integrator. “It’s imperative organizations work with a skilled, experienced and knowledgeable security professional who is well-versed in cybersecurity best practices and the ability of available products to provide the highest level of protection for networks and devices,” it said.
According to the post, choosing an effective, knowledgeable SI can help end users with the following:
Hardening devices
Amid cyber threats, devices now often come with a hardening guide, and the installer’s job is to match the hardening guide with the end user’s security policy. “In many cases, this involves manual configuration, which can be time-consuming,” the post said. “Recognizing this challenge, Axis has developed technology that can streamline the process … allowing installers to quickly configure multiple devices at once, reducing the time and cost of installing surveillance and security systems.”
Set up trust between devices
The post pointed out that Active Directory is the Microsoft implementation of LDAP that covers a range of directory-based, identity-related services to authenticate and authorize users within a network. “Working with Active Directory is unfortunately a skillset some physical security professionals lack. This reality underscores the need to choose an installer or integrator carefully, looking for those who have Active Directory and other critical network proficiencies, which will only become more crucial as we move farther into the cyber age,” it said.
Actively monitoring vulnerabilities
According to the post, IP cameras must be regularly patched, but end user organizations often fail to do so. “The main reason is because of the time and effort involved in updating each and every device on the network. This is where an experienced security professional can help by ensuring these updates and patches are installed as they become available, and thus devices and systems are in continued security policy compliance,” Axis said.
Security documentation
Perhaps the best thing an integrator can provide, according to the post, is documentation that the technical controls of all devices on the network have been configured to meet the customer’s security policy. “This documentation provides organizations with peace of mind that their security devices and systems comply with the established security policy,” it said. “In the event that a breach or DDoS attack does occur, this documentation can help a forensic investigation team pinpoint the vulnerability or other problem that was exploited. For example, in the case that an employee added a camera or other device to the network without properly configuring it, or he or she may have changed the configurations on an existing camera, the documentation will show the difference between the settings at present and at the time of installation.”
According to the post, many organizations have developed information security policies to help guide cybersecurity practices, and it’s important a user entity share its policy with the SI. “It will give them an understanding of the actions they must take to ensure your installed devices and systems will meet the requirements set forth in the policy. This will also enable the installer to choose devices from manufacturers with the proper capabilities,” the post said.