Tag Archives: Camera Protocols

Security Practices

Video Management Systems play an integral role in tracking down perpetrators of all types as well as preventing criminal incidents in general. You need to protect the integrity of your camera’s and the information it collects by making sure your security practices minimize unauthorized access .  Here are some practices that you can follow to help manage the overall security of your cameras:

  1. Create an inventory of all the cameras on your network, including the information for the primary and secondary contact person who manages the cameras, the camera manufacturer, model, location, IP address, current firmware version.
  2. Ensure that there is no physical access to the cameras, the supporting network equipment, the server and video storage for your system (i.e. cables, switches, etc.). These should all be in located in access-controlled areas.
  3. Ensure that there are no default passwords used by any of the cameras and operating system if they are accessible to the administrator or user accounts. If there is a need to update a password, use a complex and lengthy password for each individual camera.
  4. Set the idle session timeout for your camera’s interface to ensure that the web session is terminated even for those users who don’t log off of the camera.
  5. Place your camera system on a separate network from your operational network. This helps to reduce the impact of camera traffic on your operational network, and makes it harder for an attacker on one network to gain access to the other.

Periodically reviewing and updating your practices and settings will provide you an opportunity to make you camera still meets your security needs.  To learn more about the Cyber Protection Program visit our website at tycosecurityproducts.com/CyberProtection.aspx. For any questions you may have on the Cyber Protection Program, email jeffbarkley@tycoint.com

Camera Auditing and Back-Up

Video Management Systems play an integral role in tracking down perpetrators of all types as well as preventing criminal incidents in general. Given the broad base of applications for video management systems, there are many instances of large quantities of useless footage due to poor quality recording.  Regular audits and evaluations are to ensure that the best possible procedures are being followed can cut down on time wasted by sifting through unusable footage.

Consider the following best practices around logging, auditing and back-up processes to guarantee the most secure results:

  • Security Event Log – Supports reliable, fine-grained, and configurable logging of a variety of security relevant system events. This includes logins, configuration changes, and file and networks access.
  • Log Security – A log should be protected from unintentional and malicious. Limited access and proper authentication are required for good security.
  • Date and Time – Accurate date and times are extremely important for auditing and backup as this information will enable auditors and investigators to know exactly when specific events have occurred. During device set up, it is required that the date and time is either automatically set to the workstation or that the device uses Network Time Protocol (NTP) to synchronize the camera to the Coordinated Universal Time (UTC).
  • Logs by Default – Logs should not be optional, but created by default as a part of the device setup since they are the essence of detecting and uncovering malicious activity.
  • Backup/Restore – Maintaining your security position is very important as it is critical to quickly restoring the system to operation after an incident. There needs to be a method to back up a working camera and then to restore the data on the current or replacement camera.

Reviewing your camera’s logging and backup setting will provide you an opportunity to make sure it meets your site’s needs.  You should also verify that you can successfully restore a camera to ensure that your backups are not corrupt.  To learn more about the Cyber Protection Program visit our website at tycosecurityproducts.com/CyberProtection.aspx. For any questions you may have on the Cyber Protection Program, email jeffbarkley@tycoint.com.

Camera Protocols

Communication protocols are important so you want to review what you are using with your cameras and ensure that they adhere to your network’s security requirements.   Some common protocols available on cameras include the following:

  • Web Access – HTTP and HTTPs which provide access to the camera’s web interface. If possible, disable HTTP and use HTTPS which encrypts the communication using the Transport Layer Security (TLS) protocol.  You will need to load a digital certificate onto the camera if it doesn’t come preloaded with one.
  • Remote Access – Telnet and SSH which provide remote access to the camera’s operating system. If you don’t need remote access to the camera and have the option to disable these protocols, do so, so that they are not available for hackers to exploit.  If you need remote access to the camera’s operating system, use SSH if it’s available, as it encrypts the communication.
  • File Transfer – FTP and SFTP which provide file transfer to and from the camera’s operating system. Like remote access, if you don’t need to transfer files to the camera’s operating system and have the option to, disable these protocols so that they are not available for hackers to exploit.  If you need to transfer files to the camera’s operating system, use SFTP if it’s available, as it encrypts the transfer.
  • Network Management – SNMP which is used by some people to manage and monitor network devices. Depending on the functionality supported by the camera, you can use SNMP to write commands to the device – for example re-configure the IP address, or read device status information to generate alerts.  You should be using SNMP v3 because it has security features that overcome the weaknesses in v1 and v2c.
  • Post-based Authentication – IEEE 802.1X which is used to provide port-based authentication and authorization for devices to connect to the network. It will prevent malicious devices from connecting to your network, which helps improve security if your cameras or their connections are physically accessible. To use 802.1X you will need to set-up an authentication server and an authentication method such as Protected Extensible Authentication Protocol (PEAP).

Reviewing your camera’s protocols will provide you an opportunity to make sure it meets your site’s security needs.  This is not something you should do once and then set it and forget it.  You should conduct this review periodically to make sure that it still meets your needs and make any changes that are necessary. To learn more about the Cyber Protection Program visit our website at tycosecurityproducts.com/CyberProtection.aspx. For any questions you may have on the Cyber Protection Program, email jeffbarkley@tycoint.com.