Network design considerations for video management systems (VMS) are key to ensuring system performance, data integrity and threat mitigation. The challenge is that system integrators are confronted with many situations that often do not meet best-practice standards in today’s dynamic cybersecurity-centric world.
Engineers, integrators and administrators of IP video management and other network-based security systems are connecting edge devices of all types, and especially cameras, which are a vulnerable part of a network. And because one solution does not fit all applications or address all threats, a multi-layered approach is best for deploying an optimally functional and secure network.
Unauthorized access to a video security network can impact system confidentiality, integrity and availability. Security flaws within IT-attached devices could potentially provide a platform for launching attacks on other IT systems. It must be acknowledged that all systems contain vulnerabilities, and that there are external as well as internal attackers looking for ways to exploit these.
Dynamic System Hardening
Developing and implementing security measures and best practices is known as “hardening.” Hardening is a continuous process of identifying and understanding security risks and taking appropriate steps to counter them. The process is dynamic because the threats and the systems they target are continuously evolving.
Most hardening information focuses on IT settings and techniques, but it’s important to remember that physical security, education and awareness are also vital parts of hardening. For example, use physical barriers to servers and client computers, and make sure that things like camera enclosures, locks, tamper alarms, and access controls are secure.
Actionable steps for hardening a video management system include:
- Understanding which components need to be protected
- Hardening surveillance system elements such as servers, client computers and devices
- Documenting and maintaining software updates and security settings for each system
- Training and investing in the right people and skills — including the supply chain
Fortunately, there are proven, standardized frameworks available that systematically bring together best practices. There’s no reason for video surveillance and security professionals to re-invent the wheel. Taking an IT industry standards approach makes it easy to design and deploy secure video networks. (See the regularly updated Milestone Hardening Guide for XProtect VMS.)
These are just some of the security topics often overlooked by video surveillance professionals:
- Brute Force Attacks
- Microsoft Active Directory for Central User Management
- Network segmentation separation by a firewall or isolation
- Encryption to protect sensitive data
- Physical Layer Compromise barriers to server rooms and data centers
- Keeping Staff Informed, Educated and Updated
Read the complete article describing these approaches and useful tools for dealing with them. Written by Milestone’s Learning & Performance Manager Evan Stuckless, it is published in the January issue of Security Today.