It’s an understatement to say that IP networks have been a game changer for specifying, installing, or managing video security and surveillance systems. When it comes to the health of an organization in today’s highly connected environment, it’s critical to understand network security vulnerabilities that may leave you or your customers open to compromise.
High-profile data breaches have been in the news for several years. While the security of networked video management systems has not made headlines, this may be about to change as it becomes increasingly common for surveillance to migrate to enterprise data network environments.
Everyone in an organization must understand at least the basics about network and software security. Attempts to compromise critical IT infrastructure are becoming more frequent, so everyone must take hardening and security seriously.
The recently released Milestone Systems XProtect Hardening Guide provides basic and advanced information for Milestone end users, system integrators, consultants, and component manufacturers. The guide describes security and physical security measures and best practices that can help secure XProtect Expert and XProtect Corporate video management software (VMS) networks against cyber attacks. This includes security considerations for the hardware and software of servers, clients and network device components of the video surveillance system.
The Hardening Guide adopts standard security and privacy controls and maps them to each of the recommendations. The document is a valuable resource for compliance across industry and government security and network security requirements.
What is “Hardening”?
Unauthorized access to a video security network can impact system confidentiality, integrity and availability. Security flaws within IT-attached devices could potentially provide a platform from which to launch attacks on other IT systems. It must be acknowledged that all systems contain vulnerabilities, and that there are external as well as internal attackers looking for ways to exploit these vulnerabilities.
Developing and implementing security measures and best practices is known as “hardening” – a continuous process of identifying and understanding security risks, and taking appropriate steps to counter them. The process is dynamic because threats, and the systems they target, are continuously evolving.
Most of the information in the Hardening Guide focuses on IT settings and techniques, but it’s important to remember that physical security is also a vital part of hardening. For example, use physical barriers to servers and client computers, and make sure that things like camera enclosures, locks, tamper alarms, and access controls are secure. The following actionable steps for hardening a VMS are outlined within the guide:
- Understanding what components need to be protected
- Hardening surveillance system components including physical and virtual servers, client computers and devices, the network and cameras
- Documenting and maintaining security settings for each system
- Training and investing in the right people and skills, including the supply chain
Hardening System Components
To harden system components, technicians change configurations to reduce the risk of a successful attack. Attackers look for a way in, for vulnerabilities in exposed parts of the system. Surveillance systems can involve hundreds or even thousands of components: failure to secure any one component can compromise the system.
The need to maintain configuration information is sometimes overlooked. XProtect Advanced VMS provides features for managing configurations, but organizations must have a policy and process in place, and commit to doing the work.
In order to be as universally applicable as possible, the Milestone VMS Hardening Guide leverages country, international, and industry standards and specifications. In particular, it refers to the United States Department of Commerce National Institute of Standards and Technology Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations. Additionally, camera manufacturers provide guidance for their hardware devices.
In addition to software, the components of an XProtect Advanced VMS installation typically include hardware devices, such as cameras, encoders, networking products, storage systems, servers and client computers (physical or virtual machines), as well as mobile devices, such as smartphones and tablets. It is important to include the hardware devices in all efforts to harden a VMS installation. For example, cameras often have default passwords. Some manufacturers publish these passwords online so they’re easy for customers to find. Unfortunately, that means the passwords are also available to attackers.
For the XProtect community, it’s highly recommended to frequently review Milestone Knowledge Base articles and regularly check system logs for signs of suspicious activity. A first step in the VMS protection process is to download and review the new Milestone Systems XProtect Hardening Guide.
Read the full version of this article on SecurityToday.com.
by Bjorn Skou Eilertsen, Chief Technology Officer, Milestone Systems