In recent months, several high profile cyber-attacks have used surveillance cameras as a point of entry into the IP networks of organizations of all types: public safety, government, retailers, enterprises, and more. As the “Internet of Things” (IoT) proliferates, there are millions of devices that create vulnerabilities for organizations. Researchers have discovered “more than 178 million Internet of Things (IoT) devices visible to attackers in the ten largest US cities.” Imagine the multiplier effect worldwide.
Whether you consider surveillance cameras an IoT device or not, they are IP connected devices and while they are intended to provide protection for organizations, they can also be a security exposure. As an IP based device and without proper measures to protect them, hackers can use them to shut down surveillance or to tap into the organization’s data. Both represent real risks that need immediate attention.
The good news is that there are immediate, high impact measures that security professionals and system integrators can take today without deep expertise. In 2017, physical and IT security leaders need to make it a priority to address these issues. The right administration, architecture and tools will be needed to make it scalable and manageable. Read 6 Cybersecurity Measures White Paper
The following six steps identify common tactics hackers use to break into cameras and the simple things you can do to thwart their efforts:
1. Camera Passwords Matter
If your security cameras still use the default manufacturer password or a weak, common password, you are at immediate risk for a security breach. Hackers can write programs that will attempt hundreds of passwords in the blink of an eye. If your passwords aren’t updated regularly with significant difficulty, you are making it even easier for hackers to take down your cameras.
2. Isolate Your Cameras
Don’t put cameras on the same corporate network as your workstations. Isolate your cameras with a Virtual LAN (VLAN) so that the only thing that can talk to them is the Video Management System (VMS).
3. Lock Down the Network
Because cameras are often located in unsecured places around the perimeter of a building or in hallways, it is essential to ensure that your cameras are the only devices that can communicate across your network. Your network has a feature called Mac Binding that configures each network port to only accept the specific, unique MAC address from the camera bound to that port. This way, if a hacker tries to replace the camera with a laptop, the network will reject the communication. Seek tools to make this management easy and scalable.
4. Two Operators = Less Risk
Your cameras should be set up with two logins the same way that your computers are set up; one login is a user with limited privileges, the other is an administrator with full access. The camera admin login should be used rarely for updates, and the user login should handle everyday tasks, like streaming video. That way, the more commonly used login cannot do as much damage if it falls into the wrong hands.
5. Don’t Ignore Unusual Events
Take note of even short outages or sudden camera reboots. These small, seemingly insignificant events can indicate security breaches, such as foreign firmware uploads or hacker devices being introduced to the network.
6. Purchase Cameras from Companies with a Reputation for Security
Not all camera brands are created equal. The security of certain brands and cameras with certain countries of origin have been questioned. Reputable companies should be on the forefront of security concerns, and have rapid response time to vulnerabilities. Do your research before a major system purchase.
Want to find out how to create a surveillance architecture that is inherently more secure and technology that offers easy to use tools that keep the bad people out? Download our white paper to learn how to get an edge on cyber-attacks.