If you were not already familiar with the term Distributed Denial of Service (DDoS), then over the past several weeks you probably have become aware of it through various news articles.
A few key points in the media about the DDoS attacks:
Some of the largest DDoS attacks ever launched in late September
Release of the Mirai source code used to create the DDoS attacks in early October
Growth of devices infected by Mirai malware is growing from 213,000 to 493,000, by mid-October
Twitter, Netflix and PayPal and many popular site being unreachable for part of Friday as a result of a new DDoS attack
Were Tyco Products Affected?
These attacks are of special interest for companies such as Johnson Controls because they were launched from botnets composed of “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders. There is no indication that any Tyco Security Products devices were involved in these attacks.
Illustra cameras are designed to prevent user access to the camera’s operating system and as a result of that decision: telnet is not available on any Illustra camera model.
VideoEdge NVRs do not support telnet. Also, all known botnet scanners look for a different version of Linux than used on VideoEdge.
iSTAR controllers do not support any remote access protocol and will not be detected by the malicious scanners.
DCM controllers, AC200 (RTC) Ethernet Controller and Emerald Intelligent, multi-function access terminals do not support Telnet
exacqVision network video recorders and video management system (VMS) software has SSH disabled making it unaffected.
Kantech access control system also remains unaffected.
Applications such as AC2000, C•CURE 9000 and victor are not affected. These applications also do not require remote access protocols.
Background: What are Distributed Denial of Service Attacks?
If you are not familiar with a Distributed Denial of Service (DDoS) attack, it is an Internet attack, which typically targets websites in an attempt to bring down the site so that it is inaccessible to other Internet users. It is a common tactic for activists and groups looking to suppress information or as a form of extortion; demanding money from the victim to cease to attack. These attacks work by flooding the target website with large amounts of data, or requests for data, that use up a website’s resources. With a small attack, the site may appear to be slow, but large attacks can bring down a website making it inaccessible.
What is a botnet?
These recent attacks have used a ‘botnet’, or a network of devices, infected with malware. The attacker is able to remotely control the device. The owner of the device will not know it has been infected because the malware does not affect the devices normal operation.
This malware is only able to be loaded onto the device if it has a remote protocol such as telnet or SSH enabled on the device. Telnet and SSH are common among physical security products and devices with the protocols enabled will be detected by the scanner. The Mirai malware uses a table of common factory default usernames and passwords to log into devices.
Recommendations for Installers and End Users
If you have a device which is using the default password and a remote access protocol enabled, you are at risk. To prevent your device from becoming a bot, you should immediately:
Disable remote access if it is not required.
Reboot the device. This does not have to be a factory reset, just turning the power off, wait a minute and turning it back on is sufficient
Change the password to a complex password. If you do not change the password or have a device that doesn’t allow you to change the password, you run the risk of becoming infected.
Again , the following Tyco Security Product devices are not affected:
AC2000 RTC Controllers
Emerald Intelligent Access Terminals
Sign Up to Receive Security Advisories Tyco Security Products dedicated Cyber Response Team generates notices, typically within 24 hours, advising which products, if any, might be vulnerable along with mitigation steps. If it’s a critical security vulnerability, the team will develop, test and release patches to resolve issues. Sign up to receive security advisories and access compliance guidelines.
VideoEdge NVR Centralized Licensing Administrators can now manage all VideoEdge NVR licenses centrally from the victor Application Server through the new license manager. Licenses can be combined into a single file for an easy upload. There is a new option to centralize all camera licenses and analytics throughout the entire system and synchronize SSA end dates, greatly reducing the time spent on licensing. To update licenses across the enterprise, go to ‘System’ and then select ‘Licensing.’ From there, users can view license status, chose license type and configure the Enterprise license. Watch the training video to learn more about setting up the licensing.
Advanced Searching victor Web offers several of the powerful search tools available in victor including motion, thumbnail and text stream search. These high performance video analytic searches drastically reduce investigation time and quickly identify suspicious activity, people, objects and events.
Motion Search allows users to search for a movement in a specific camera field of view to find areas of interest quicker. To conduct a motion search, users can select search and retrieve, Execute Search Wizard and then choose ‘Motion Detection’ from the Type of Search dropdown menu and then specify the start and end date. The video metadata detects pixel changes generated by VideoEdge. For a quick view of areas of interest, users can see the areas of motion indicated in yellow.
Thumbnail Search presents search results in 16 thumbnail images for a quick view of frames to identify Users can perform a thumbnail search in the same way they can a motion search by going to the Execute Search Wizard and then selecting Thumbnail Search. By selecting the + in the lower right hand corner of an image, the users can see a new set of images to further drill down the time frame.
Text Stream Search associates video with point-of-sale text data. Users can search recorded video to see a live overlay of the associated text stream data with that video. For example, cash register data can be associated with video to promptly find the transaction where the fraudulent action occurred. Watch the victorWeb text stream search video.
Maps victorClient maps can now be imported into victorWeb to provide faster navigation to cameras by their physical location and more easily see the layout of a location. When a user is signed in as a victor Application Server Users, he or she will have access to the maps.
Under the monitor menu, select maps to view a list of all the maps on the victor application server. Simply zoom in and out of the map with a mouse, show and hide any layers, text, health indicators, or dock menu within the map. Users can also reset the map to return to the scaled out map. Select ‘Show all icons’ to highlight all cameras with a colored circle for easier navigation . Select ‘Show all shapes’ to see the fields of view. Click on the camera itself to view live video from that specific camera on the left hand side. Watch this video to set up victorWeb Maps.
Salvos Salvos displays multiple, simultaneous video streams to give users a more effective way to monitor multiple areas of interest.
To create a salvos in victorWeb, select the setup icon and go to Salvos. Select the + icon and give the salvo a name, description and layout. After configuring the basic information, add the recorder and cameras to the salvo. Learn how to configure and use Salvos in victorWeb.
Tours victorWeb supports tours so users can pre-define a sequence of cameras to automatically cycle through.
To create a tour, select the setup button and ‘Camera Tours’ from the drop down menu. Choose the + icon to create a new tour. Give the tour a name, description, and default dwell time. The minimum value for the dwell time is 5 seconds. Then select the plus button to select the recorder and cameras to add to the tour. Add a preset or pattern if it is pre-configured on the camera. The trash can icon on the right side enables users to delete the camera from the tour. Select a camera line and then the up or down arrow keys to rearrange the camera order. After the configuration is complete, click the save button. Watch this video to view more about updated tours functionality.
System Diagnostics Monitoring victorWeb diagnostics monitor the health status of multiple devices simultaneously. This new dashboard tracks real-time recording, streaming and information processing statistics from every connected device from any supported browser to avoid system outages and instantaneous alert of a potential issue.
Within the diagnostics monitoring system are three dashboards: alert, device health and system. The alert dashboard displays identifies health for recorder, camera, storage, alert and unit statuses. Similar to the alert dashboard, the device dashboard functions in the same way but is organized by device type instead of status. The system dashboard shows specific system information such as:
Connected cameras per recorder
Current firmware version
Select Diagnostics from the Monitor menu drop down. Until a users has enabled the health event monitoring, he/she will receive a message to select the bell icon to select devices and enable health monitoring. The bell icon is in the upper right hand corner. All the devices added to victorWeb will be in the drop down menu. Simply select the ones to select the alerts or choose the ‘enable all’ button to show them all.
Select the alert to see all the information on the system including hardware information, storage and connected devices. To go back, select the back arrow in the upper left hand corner. The alert dashboard can be snoozed in specific intervals. Users can select to show live, all or snoozed events or cancel all snooze alarms.
To generate a report, select the report icon in the right hand menu. Select all the details to be included in the report including the following:
Reports can be downloaded to PDF or CSV or emailed. Watch this video to learn more.
victor Web Unified Swipe and Show Introduced in victor in 4.8, swipe and show is now available in victor Web. Swipe and show displays the most recently swiped CCURE 9000 access control cards. Users can view details about personnel and perform a momentary admittance.
Under the Monitor menu, select Swipe and Show. Users may receive a message “Swipe and show is not enabled. Select doors or elevators on the left to start swipe and show.” To select the objects, choose the doors or elevators icon on the left hand side. To select all the doors on the system, choose the ‘select all’ option at the top.
To view the information for a specific person, click on that swipe. On the right hand side the following swipe data will appear:
Card access data
Last 10 card swipes
When a person has been selected, the live stream is automatically paused. Under the menu in the upper right hand corner, users can limit the swipe shows to admits only or rejects only. Users can also show or hide text, change the orientation to horizontal or vertical and the number of cards. Watch this video to learn more.
victor Web Unified Personnel Management Software House CCURE 9000 users with the victor application server can better manage personnel from one, intuitive interface. With the new personnel management features, users can:
Add, edit or delete personnel
View and edit personnel credentials
View and edit personnel clearances
Go to the Setup icon and select Personnel, users can view all of the personnel in the system. Select an individual and view their information on the right hand side on multiple tabs including: person, credentials, clearances, documents, portrait, preview badge, previous doors and find. View this video for more information on creating personnel records.
VideoEdge Second Stream Auto Configuration The new second stream auto configuration reduces bandwidth usage with victor for streams displayed in constrained environments. This also enables motion detection to be configured automatically out of the box. Automatic motion detection supports SmartSearch and SmartStreaming capabilities so users will always have these features available to them without any additional setup upon installation.
VideoEdge Operating System Upgrade The new SLE12 SP1 enables enhancements needed for cyber security, driver enhancement and additional features. The new operating system supports Broadwell Processors and TPM2 security module.
To upgrade, you must use the VideoEdge upgrade tool from americandynamics.net. This upgrade is available for version 4.4 and later. Login to the VideoEdge system. In the upper right hand corner, you can see the version number you are currently operating on.
Click the “Add Recorder” button and enter the VideoEdge IP address. Then input the VideoEdge account username, password and base port. Then click Check Credentials. The upgrade procedure is comprised of three steps: upload, install and finalize. You will see an “operating in temporary upgrade mode” message until installation is finalized.
VideoEdge Support for Illustra Analytics VideoEdge introduces support for analytics on Illustra Pro IP mini-dome cameras. VideoEdge can incorporate video intelligence analytics such as object detection, linger, dwell, crowd and queue alarms, abandoned object and enter/exit.
Virtual PTZ Operators can select a view from a fixed camera and utilize virtual PTZ to zoom in on a particular area of interest to see greater detail.
Today’s businesses are faced with unprecedented threats from sabotage, theft of intellectual property and compromised sensitive data. Have you considered how your physical security products affect your cyber security?
Take a look at our infographic and assessment quiz to see if you are asking the right questions and taking the next step to be cyber secure.
Security breaches are in the news today more than ever before. Security integrators and security officers must work with IT departments to ensure the physical security system is successfully deployed, maintained and upgraded on the network with minimal impact and without compromising network security.
To create a complete cyber secure environment, IT and security departments must effectively work together. However, physical security and IT often use the same words to mean different things – resulting in everyone being confused. Sometimes security integrators and security officers even avoid the IT department due to the misunderstanding.
For example, IP may mean intellectual property to a corporate security officer but internet protocol to IT security professionals. Or perimeter may mean the exterior building wall to the security officer and network connection to the outside to the IT professional.
To make sure all departments are speaking the same, common language, we suggest developing a list of terminology definitions that everyone can use.
Terms to be Clearly Defined:
Having a common subset of terms will help you understand how to ask the right questions and quickly comprehend the answers. After establishing your company common language, clearly explain the information you need from IT to be able to define the network and security requirements.
Designed for use with victor, the new surveillance keyboard is designed to improve video surveillance operation surveillance. Simply “plug and play” via the USB connection — the keyboard is automatically recognized by victor software.
The surveillance keyboard offers greater control of PTZ cameras with an intuitive joystick. With 30 pre-programmed buttons mapped to victor’s most common controls, navigation is simple. Operators can program controls and call ups (guard tours, salvos, view switches) and change layouts. Buttons can be customized for specific security operation function.
An intuitive joystick enables precision control of Illustra PTZ cameras, while the jog shuttle wheel quickly manages video, cameras and PTZ preset controls. With its LED backlit buttons, the keyboard is visible even in low lighting.
The surveillance keyboard can be rotated for either right- or left-handed operation. It can be used as a stand-alone device or along with other common peripheral PC devices (mouse, keyboards, etc.)
It’s common knowledge that encrypted communication and other device hardening features are necessary for cybersecurity, but it’s vitally important to think beyond hardening. Now that the security industry has adopted IP technology, manufacturers and integrators must consider not only the security operator’s needs, but also those of the IT manager.
An unsecured device can be the target of a cyber attack that might affect the entire network. While IT managers in government agencies, utilities, transportation, retail operations and financial enterprises are most acutely aware of the dire consequences of a successful hack, IT managers in all sectors are demanding security measures that go well beyond hardening before accepting devices onto their networks.
Fond-du-Luth Casino in Minnesota recently went through a major renovation. During construction, Fond-du-Luth wanted to upgrade to a full IP video surveillance system while still remaining open to the public 24/7. The casino needed a video management system that would simplify everyday tasks and IP cameras that would provide clear image quality and greater coverage.
Fond-du-Luth Casino selected a complete Tyco Security Products solution to cost-effectively migrate from analog to IP.
Tyco Security Products adds American Dynamics victor video management system software and Kantech EntraPass access control system and Hatrix managed access control system to its Connected Partner Program.
This program gives third-party technology partners including access control, alarm/intrusion, building management, elevator, emergency communication and RFID the opportunity to integrate with our security solutions. Our robust integration development packages, including software, documentation, sample codes and engineering support time, offer partners the tools to achieve a direct integration.
Benefits of partnering with Tyco Security Products through the Connected Partner Program:
Provide a unified solution to your customers and increase your business potential
Access to Tyco Security Products fully equipped labs
Easily complete the self-certification process
Support from dedicated Connected Partner Program, technical and engineering teams
Access the development system from anywhere with a remote login [Kantech only]
While hardening is important, it does not guarantee that the device you install today will be secure tomorrow. Potential problems can lie dormant for years and then provide easy access for hackers when uncovered. For example, Shellshock was actually introduced as a product feature in 1989. Its vulnerability existed undetected in numerous products — including “hardened” versions of Linux and Unix operating systems — for 25 years. But within a single day of the vulnerability announcement in 2014, hackers reportedly were taking advantage of this critical bug.
At Tyco Security Products, we understand that a vulnerability discovered in one of our security products could potentially put your entire business at risk. That’s why we’ve put a team and process in place designed to deliver a fast, actionable response to help protect your investments from harm.
Our Cyber Protection Team continuously monitors for vulnerabilities using multiple resources. When a new bug is discovered, the Cyber Protection Team and key product engineers work quickly to tackle and resolve security concerns before they become critical to your operation.
This dedicated response enables us to create a security advisory, typically within 24 hours. The notification includes information about which products are vulnerable along with mitigation steps. It also lists products that we have confirmed are not vulnerable for greater peace of mind.
In the case of significant vulnerabilities, advisories are updated as needed until the issues are resolved. Quality engineers ensure that software patches are fully tested and validated. While we cannot predict how long it will take to resolve an issue, it took the team just two weeks to deliver patches for ShellShock and Heartbleed, both critical vulnerabilities.