Join or Sign in

Register for your free asmag.com membership or if you are already a member,
sign in using your preferred method below.

To check your latest product inquiries, manage newsletter preference, update personal / company profile, or download member-exclusive reports, log in to your account now!
Login asmag.comMember Registration
https://www.asmag.com/project/micron_edge_storage_for_video_security/
INSIGHTS

The most important video security system vulnerabilities to know about

The most important video security system vulnerabilities to know about
Rather than highlight the ways you can defend your video security system against hackers and other intruders, we decided to do something different. This article comes at the issue from the other direction, focusing on vulnerabilities, some very “close to the metal” and obvious, though often overlooked.
Rather than highlight the ways you can defend your video security system against hackers and other intruders, we decided to do something different. This article comes at the issue from the other direction, focusing on vulnerabilities, some very “close to the metal” and obvious, though often overlooked. 

No humans means bigger risk

Surveillance systems work as a deterrent and in obtaining evidence, but they’re vulnerable to sabotage and intrusion by bad actors on the ground. Security personnel that patrol areas of installations provide a superb layer of protection, though of course at added expense and complexity. But with guards on site, walking up to a camera, switch, or even server gets a lot riskier, and in most cases no longer worth the downside. 

Open doors invite trouble

You’d be surprised how many surveillance and security system centers operate with no locked doors. The logic revolves around the need for team members to have access, which is problematic on its own. Access to surveillance centers must be limited to those that need it. Your IT team qualifies, but folks from marketing, sales, or customer support don’t. When personnel aren’t onsite, high grade locks and robust hurdles to forced entry should be implemented. 

Factory defaults spell easy prey

Too many people overlook the need to change factory security settings. Admin accounts and passwords issued by manufacturers pop up in a quick Google search, hence they’re a huge risk even if used for a short time. Upon setup, make sure every admin account name and password are changed. It’s the same as you’d do with a new credit card. 

Neglect updates and invite trouble

Whether on Windows or other operating system, getting behind on updates opens you up to an attack. Ditto for the firmware of cameras, switches, and other security-related devices in your video security system. Also applies to your Active Directory and overall VMS (video management system). A good IT team is always on top of the latest updates to minimize vulnerability. Since updates happen frequently, this requires high awareness. 

Hackers hope you share passwords

The more people use the same passwords, the easier they are to obtain by would-be intruders. Compartmentalize and individualize passwords and login credentials as much as possible, ideally with each team member having their own. This also applies to guest users such as contractors. Do not repeat passwords or login IDs for guests and employees. 

Skip virus and malware protection? Bad idea

If your video security system connects to the internet, you’re at risk from harmful software like viruses and malware. Surveillance demands protection, whether through an anti-virus suite or even better, a security information and event management software platform (also known as SIEM).

Non-HTTPS protocols beckon intruders

Cameras that don’t work with HTTPS present a major vector of risk and intrusion, so we strongly caution against using them. For cameras that support multiple protocols, make sure HTTPS is the one selected. 

Remote and roaming users make snooping easier

With the rise of remote work, so rose the risk of attack due to longer lines of communication. Managers should limit the use of smartphones by team members, as excellent security tools such as self-signed certificates don’t work on those, plus they’re always online. And while port forwarding is simpler to enable remote connections, we recommend avoiding this practice. Using a VPN has become standard for good reason, as it’s much more secure. 

Make certificates a certainty

Speaking of certificates, self-signed beats certificate authority, or CA. Much more ad hoc and thus more secure, though they require more work and time. A big plus is that self-signed certificates don’t need an internet connection. Always encrypt certificates and discard them after a maximum of one year. Longer usage increases risk of interception and intrusion. Also, encryption must be enabled across your VMS. If you ever see a “not secure” message anywhere, take immediate action. 

Poorly secured wired connections

Wire snooping becomes a breeze when the measures to secure cables and connections aren’t in place. In addition to the above mentioned human security presence, the use of IEEE 802.1X and MACsec vastly reduces wire snooping risks. Even more so when the two protocols work together.

Other and more insidious vulnerabilities exist in video security systems, and we’ll have more advice soon. Stay tuned! 


Product Adopted:
Others
Subscribe to Newsletter
Stay updated with the latest trends and technologies in physical security

Share to: