Private and Secure

Private and Secure

What it takes to ensure your infrastructure is safe

Cyberattacks are on the rise. Whether via IT infrastructure or internally, the Security Industry faces the challenge of guaranteeing that the data in their systems remains private, properly protected and encrypted.

We are confronted with how our privacy is impacted almost daily. Whether you are part of a multinational organization, run a retail store, work for a local school board, or are simply a member of the public, our privacy— and who has access to it—is always a concern.

To get a sense of just how far-reaching these concerns are, in North America, there is a weekly network television drama focused entirely on cyber threats and cyberterrorism. When you are in the business of providing security, you take these issues very seriously. But, you also know the difference between mitigating real danger and worrying about fictional scenarios crafted to maximize dramatic impact.

It is no surprise that security professionals are paying closer attention than ever before to the growing number of cyberattacks that have the potential to cause breaches and expose sensitive data. As IP-based security systems continue to be implemented and used to keep citizens, cities, governments, municipal infrastructure and private corporations safe, the need to assure all parties that recorded content is being kept secure and private is increasing. With advanced encryption, authentication, and authorization technologies, the security industry is meeting their customers’ requirements and assuring them that their security is kept private and secure.


Flexibility and accessibility are some of the main benefits of implementing IPbased security systems. In addition to supporting on-premises, cloud, and hybrid security applications for video surveillance and access control that protect people and assets, end-users can benefit from the ability to access the system through multiple means, including desktop, web, and mobile apps. With real-time events, instantaneous notifications and advanced reporting, IP-based security systems have helped reduce security concerns related to hardware tampering and unauthorized access and have enhanced investigations when something does happen.

These new systems, when not properly protected, can be vulnerable to new kinds of threats. The majority of these threats relate to the valuable data shared, stored and moved within these systems. In light of these potential threats, safeguarding the integrity of the data and protecting it against hacking are increasingly important for today’s security and IT staff.

Hacking a security system can take any number of forms. In a brute-force attack, a hacker simply guesses at passwords, but a hacker can also use more sophisticated tactics to recover longer, more complex data that is being stored or transmitted by a security system.

Using a packet-sniffer, a hacker can capture data packets that can be used to obtain passwords and other sensitive data, like video content, in-transit over the network. A man-in-the-middle attack occurs when a user gets between a sender and a receiver and sniffs information. Oftentimes, the hacker listens until the client sends a user name and password to the server, which gives the hacker the credentials necessary to access the system.

In addition, after reading and potentially altering the data, the attacker can then send it along without the receiver having any knowledge that the exchange is not secure. Since neither the sender nor the receiver is aware that this has occurred, they have no way of knowing that their data has been tampered with or corrupted.

Even though IP-based physical security systems may be vulnerable to new types of threats, the good news is that they can take advantage of new methods of protecting against these same threats. In fact, security professionals can now look to a new class of security systems that leverage several technologies, including the latest encryption protocols and advanced forms of authentication, to keep their security system’s infrastructure secure, to protect the privacy of the subjects or environments under surveillance, and to ensure that only authorized personnel have access to sensitive data.


Security and IT professionals began reading about the Security-of-Security in 2015. More than simply securing people and buildings, it refers to a greater need for securing all assets, including the networks and data, that comprise a physical security system. This includes the ability to keep these systems safe from cyber- threats and attacks as well as illegal or unauthorized access from both inside and outside an organization.

The main concerns related to the security of physical security systems include:

Securing communications between client apps and servers

  • Protecting data within the system, including video streaming from a camera or recording device or server
  • Authenticating users when logging into a system
  • Assigning the proper access rights to users with access

Ensuring the privacy of video surveillance data means encrypting the data both in-transit and at-rest, whether it is on-premises or in the Cloud, and providing ways to authenticate and verify who can have access to the data at any given time.


A key strategy for keeping sensitive data private, whether in-transit or at-rest, is encryption. Encryption helps protect private information and sensitive data and can enhance the security of communication between client apps and servers. When an organization encrypts the data in its physical security system, it is essentially protecting or hiding it from unauthorized users.

To encrypt data, the system uses an algorithm to translate plaintext into unreadable cypher text. This data can then be read only by an authorized user employing a decryption key to translate it back to readable plaintext. There are two types of encryption algorithms: symmetric and asymmetric.

With a symmetric algorithm, both encryption and decryption keys are the same. This means that the same key must be used to enable secure communication. Asymmetric algorithm encryption utilizes two separate-but-mathematically linked encryption keys. A public key is used to encrypt the data and can be distributed while the private key is used to decrypt the data and, therefore, is kept private.


While encryption can effectively hide the contents or ensure the confidentiality of a message, additional security measures are required to protect the integrity and authenticity of a message. Encryption can keep a hacker from reading the contents of a message, but it cannot protect its integrity. Even if a hacker is unable to read the content, simple encryption cannot keep a message from being changed and neither can ensure that the sender of the message is who they say they are.

The process of authentication allows a user, client, or server to determine whether an entity is who they claim to be. For example, through authentication, an operator can be certain that they are connected to their security system when logging on to a video surveillance server. There are several methods of authentication, including tokens, user name/password combinations, biometrics, and digital signatures and certificates.

Claims-based authentication is one method used by applications to acquire identity information about users inside or outside of their organization. This form of authentication allows an application to know certain things about users without interrogating them as the claims are transported in an envelope called a Security Token. One of the benefits of this method of authentication is that an application can use third-party claims providers who offer well-established systems for authenticating users. Active Directory Federation Services (ADFS) is one example of claims-based authentication through third-party claims providers.

Another effective method of authentication is the use of a digital certificate, an electronic document that proves the ownership of a public key. The certificate includes information about that key, the owner’s identity, and the signature of the digital entity that attests to the correctness of the certificate’s contents. Through the exchange of this authentication data between the server and the client application, a user can validate the authenticity of the server and prevent man-in-the-middle attacks. While an organization can issue its own self-signed certificates, it can also further enhance security by purchasing certificates from trusted third-parties, such as a reputable Certificate Agency (CA).

Transport Layer Security (TLS) uses both encryption and authentication and is one of the latest encryption protocols that can be employed to better protect physical security systems. TLS provides secure communications over a network by protecting communication channels between a server, such as a video recording server, and the client application, such as an alarm monitoring application, as well as between servers. Using digital certificates, TLS first authenticates the counterpart in the communication and then negotiates a symmetric session key that is used to encrypt data during the conversation.


When it comes to video surveillance systems, security professionals are working hard to guarantee that video data is secure from unauthorized access. This means ensuring that surveillance content stays private and accessible only to authorized users, even in the event of a theft or interception and developing additional measures to secure access to system data.

It also means treating video differently based on its contents. Even when your surveillance data is secure, you still need mechanisms that allow you to flag video that is sensitive and to define how it should be treated. Through authorization, administrators are able to assign specific rights and privileges to system users.

Security staff can ensure privacy by defining all access rights for private data, computing resources, and applications. This means that only authorized entities are allowed to see sensitive data and that video transfers in a system have to be explicitly authorized. Additionally, when video effects, such as blurring or pixelization are employed to mask identities and protect sensitive areas, permission can again be required to view the unaltered footage.

Genetec’s newest security measures will help organizations mitigate the risk of cyber-threats by implementing both digital certificates to guarantee trust within a system and new levels of encrypted communication between all Security Center components.

The new video encryption methods help ensure that both live streams and archived video are only viewable by authenticated and authorized users. Security Center can also protect recorded streams so that, even if the recording server is compromised, the archived video remains encrypted and protected.

Additionally, by establishing secure and trusted connections, Security Center will help security professionals authenticate communications within their system and ensure that neither data nor video can be exchanged with outside sources. Organizations will also have the ability to leverage specialized third-party claims services, including Active Directory Federation Services (ADFS), for user authentication.

Keeping your data safe is an ongoing and increasing concern. With the rise in IT cyber-attacks, keeping unauthorized parties from accessing your data or Security Platform is more important than ever before. We need to ensure that security operators are who they claim to be and that your data is encrypted and out of the grasp of hackers or interceptors.

This article originally appeared in the March 2016 issue of Security Today.


Featured Cybersecurity

New Products

  • HID Signo Readers

    HID Signo Readers

    HID Global has announced its HID® Signo™ Biometric Reader 25B that is designed to capture and read fingerprints in real-world applications and conditions. 3

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3