Private and Secure

Private and Secure

What it takes to ensure your infrastructure is safe

Cyberattacks are on the rise. Whether via IT infrastructure or internally, the Security Industry faces the challenge of guaranteeing that the data in their systems remains private, properly protected and encrypted.

We are confronted with how our privacy is impacted almost daily. Whether you are part of a multinational organization, run a retail store, work for a local school board, or are simply a member of the public, our privacy— and who has access to it—is always a concern.

To get a sense of just how far-reaching these concerns are, in North America, there is a weekly network television drama focused entirely on cyber threats and cyberterrorism. When you are in the business of providing security, you take these issues very seriously. But, you also know the difference between mitigating real danger and worrying about fictional scenarios crafted to maximize dramatic impact.

It is no surprise that security professionals are paying closer attention than ever before to the growing number of cyberattacks that have the potential to cause breaches and expose sensitive data. As IP-based security systems continue to be implemented and used to keep citizens, cities, governments, municipal infrastructure and private corporations safe, the need to assure all parties that recorded content is being kept secure and private is increasing. With advanced encryption, authentication, and authorization technologies, the security industry is meeting their customers’ requirements and assuring them that their security is kept private and secure.

SYSTEM VULNERABILITIES

Flexibility and accessibility are some of the main benefits of implementing IPbased security systems. In addition to supporting on-premises, cloud, and hybrid security applications for video surveillance and access control that protect people and assets, end-users can benefit from the ability to access the system through multiple means, including desktop, web, and mobile apps. With real-time events, instantaneous notifications and advanced reporting, IP-based security systems have helped reduce security concerns related to hardware tampering and unauthorized access and have enhanced investigations when something does happen.

These new systems, when not properly protected, can be vulnerable to new kinds of threats. The majority of these threats relate to the valuable data shared, stored and moved within these systems. In light of these potential threats, safeguarding the integrity of the data and protecting it against hacking are increasingly important for today’s security and IT staff.

Hacking a security system can take any number of forms. In a brute-force attack, a hacker simply guesses at passwords, but a hacker can also use more sophisticated tactics to recover longer, more complex data that is being stored or transmitted by a security system.

Using a packet-sniffer, a hacker can capture data packets that can be used to obtain passwords and other sensitive data, like video content, in-transit over the network. A man-in-the-middle attack occurs when a user gets between a sender and a receiver and sniffs information. Oftentimes, the hacker listens until the client sends a user name and password to the server, which gives the hacker the credentials necessary to access the system.

In addition, after reading and potentially altering the data, the attacker can then send it along without the receiver having any knowledge that the exchange is not secure. Since neither the sender nor the receiver is aware that this has occurred, they have no way of knowing that their data has been tampered with or corrupted.

Even though IP-based physical security systems may be vulnerable to new types of threats, the good news is that they can take advantage of new methods of protecting against these same threats. In fact, security professionals can now look to a new class of security systems that leverage several technologies, including the latest encryption protocols and advanced forms of authentication, to keep their security system’s infrastructure secure, to protect the privacy of the subjects or environments under surveillance, and to ensure that only authorized personnel have access to sensitive data.

THE SECURITY-OF-SECURITY

Security and IT professionals began reading about the Security-of-Security in 2015. More than simply securing people and buildings, it refers to a greater need for securing all assets, including the networks and data, that comprise a physical security system. This includes the ability to keep these systems safe from cyber- threats and attacks as well as illegal or unauthorized access from both inside and outside an organization.

The main concerns related to the security of physical security systems include:

Securing communications between client apps and servers

  • Protecting data within the system, including video streaming from a camera or recording device or server
  • Authenticating users when logging into a system
  • Assigning the proper access rights to users with access

Ensuring the privacy of video surveillance data means encrypting the data both in-transit and at-rest, whether it is on-premises or in the Cloud, and providing ways to authenticate and verify who can have access to the data at any given time.

KEEPING VIDEO SURVEILLANCE DATA PRIVATE VIA ENCRYPTION

A key strategy for keeping sensitive data private, whether in-transit or at-rest, is encryption. Encryption helps protect private information and sensitive data and can enhance the security of communication between client apps and servers. When an organization encrypts the data in its physical security system, it is essentially protecting or hiding it from unauthorized users.

To encrypt data, the system uses an algorithm to translate plaintext into unreadable cypher text. This data can then be read only by an authorized user employing a decryption key to translate it back to readable plaintext. There are two types of encryption algorithms: symmetric and asymmetric.

With a symmetric algorithm, both encryption and decryption keys are the same. This means that the same key must be used to enable secure communication. Asymmetric algorithm encryption utilizes two separate-but-mathematically linked encryption keys. A public key is used to encrypt the data and can be distributed while the private key is used to decrypt the data and, therefore, is kept private.

THE IMPORTANCE OF AUTHENTICATION IN VIDEO SURVEILLANCE

While encryption can effectively hide the contents or ensure the confidentiality of a message, additional security measures are required to protect the integrity and authenticity of a message. Encryption can keep a hacker from reading the contents of a message, but it cannot protect its integrity. Even if a hacker is unable to read the content, simple encryption cannot keep a message from being changed and neither can ensure that the sender of the message is who they say they are.

The process of authentication allows a user, client, or server to determine whether an entity is who they claim to be. For example, through authentication, an operator can be certain that they are connected to their security system when logging on to a video surveillance server. There are several methods of authentication, including tokens, user name/password combinations, biometrics, and digital signatures and certificates.

Claims-based authentication is one method used by applications to acquire identity information about users inside or outside of their organization. This form of authentication allows an application to know certain things about users without interrogating them as the claims are transported in an envelope called a Security Token. One of the benefits of this method of authentication is that an application can use third-party claims providers who offer well-established systems for authenticating users. Active Directory Federation Services (ADFS) is one example of claims-based authentication through third-party claims providers.

Another effective method of authentication is the use of a digital certificate, an electronic document that proves the ownership of a public key. The certificate includes information about that key, the owner’s identity, and the signature of the digital entity that attests to the correctness of the certificate’s contents. Through the exchange of this authentication data between the server and the client application, a user can validate the authenticity of the server and prevent man-in-the-middle attacks. While an organization can issue its own self-signed certificates, it can also further enhance security by purchasing certificates from trusted third-parties, such as a reputable Certificate Agency (CA).

Transport Layer Security (TLS) uses both encryption and authentication and is one of the latest encryption protocols that can be employed to better protect physical security systems. TLS provides secure communications over a network by protecting communication channels between a server, such as a video recording server, and the client application, such as an alarm monitoring application, as well as between servers. Using digital certificates, TLS first authenticates the counterpart in the communication and then negotiates a symmetric session key that is used to encrypt data during the conversation.

MAINTAINING PRIVACY THROUGH AUTHORIZATION

When it comes to video surveillance systems, security professionals are working hard to guarantee that video data is secure from unauthorized access. This means ensuring that surveillance content stays private and accessible only to authorized users, even in the event of a theft or interception and developing additional measures to secure access to system data.

It also means treating video differently based on its contents. Even when your surveillance data is secure, you still need mechanisms that allow you to flag video that is sensitive and to define how it should be treated. Through authorization, administrators are able to assign specific rights and privileges to system users.

Security staff can ensure privacy by defining all access rights for private data, computing resources, and applications. This means that only authorized entities are allowed to see sensitive data and that video transfers in a system have to be explicitly authorized. Additionally, when video effects, such as blurring or pixelization are employed to mask identities and protect sensitive areas, permission can again be required to view the unaltered footage.

Genetec’s newest security measures will help organizations mitigate the risk of cyber-threats by implementing both digital certificates to guarantee trust within a system and new levels of encrypted communication between all Security Center components.

The new video encryption methods help ensure that both live streams and archived video are only viewable by authenticated and authorized users. Security Center can also protect recorded streams so that, even if the recording server is compromised, the archived video remains encrypted and protected.

Additionally, by establishing secure and trusted connections, Security Center will help security professionals authenticate communications within their system and ensure that neither data nor video can be exchanged with outside sources. Organizations will also have the ability to leverage specialized third-party claims services, including Active Directory Federation Services (ADFS), for user authentication.

Keeping your data safe is an ongoing and increasing concern. With the rise in IT cyber-attacks, keeping unauthorized parties from accessing your data or Security Platform is more important than ever before. We need to ensure that security operators are who they claim to be and that your data is encrypted and out of the grasp of hackers or interceptors.

This article originally appeared in the March 2016 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3