Monthly Archives: June 2017

Blog

Camera Protocols

Communication protocols are important so you want to review what you are using with your cameras and ensure that they adhere to your network’s security requirements.   Some common protocols available on cameras include the following:

  • Web Access – HTTP and HTTPs which provide access to the camera’s web interface. If possible, disable HTTP and use HTTPS which encrypts the communication using the Transport Layer Security (TLS) protocol.  You will need to load a digital certificate onto the camera if it doesn’t come preloaded with one.
  • Remote Access – Telnet and SSH which provide remote access to the camera’s operating system. If you don’t need remote access to the camera and have the option to disable these protocols, do so, so that they are not available for hackers to exploit.  If you need remote access to the camera’s operating system, use SSH if it’s available, as it encrypts the communication.
  • File Transfer – FTP and SFTP which provide file transfer to and from the camera’s operating system. Like remote access, if you don’t need to transfer files to the camera’s operating system and have the option to, disable these protocols so that they are not available for hackers to exploit.  If you need to transfer files to the camera’s operating system, use SFTP if it’s available, as it encrypts the transfer.
  • Network Management – SNMP which is used by some people to manage and monitor network devices. Depending on the functionality supported by the camera, you can use SNMP to write commands to the device – for example re-configure the IP address, or read device status information to generate alerts.  You should be using SNMP v3 because it has security features that overcome the weaknesses in v1 and v2c.
  • Post-based Authentication – IEEE 802.1X which is used to provide port-based authentication and authorization for devices to connect to the network. It will prevent malicious devices from connecting to your network, which helps improve security if your cameras or their connections are physically accessible. To use 802.1X you will need to set-up an authentication server and an authentication method such as Protected Extensible Authentication Protocol (PEAP).

Reviewing your camera’s protocols will provide you an opportunity to make sure it meets your site’s security needs.  This is not something you should do once and then set it and forget it.  You should conduct this review periodically to make sure that it still meets your needs and make any changes that are necessary. To learn more about the Cyber Protection Program visit our website at tycosecurityproducts.com/CyberProtection.aspx. For any questions you may have on the Cyber Protection Program, email jeffbarkley@tycoint.com.