The Cost of Cybercrime
Consider these best practices to ensure a secure network
- By Jennifer Hackenburg
- Feb 01, 2018
Cybercrime is a large and dangerous business
and it impacts individuals, businesses
and governments worldwide. According to
Forbes, cybercrime costs are projected to
reach $2 trillion by 2019. Hackers are relentless
in their attacks on businesses, governments
and consumers, and cyber-attacks
are continuing at an alarming rate across all industries.
Cybersecurity pertains to every device that is connected to
the internet, including IP networked surveillance cameras. Aside
from their many advantages over analog systems, such as better
resolution, clearer images, cost savings, easy installation and advanced
analytics, they can also be the gateway for hackers into
your organization’s network. Systems that provide total access
for use by outside agencies and/or municipal surveillance increase
cybersecurity vulnerability, since they require network devices to
be placed on public networks outside the protection of local network
firewalls. Wireless technology also poses cybersecurity risks,
as wireless signals can be compromised without penetrating a
physical network — but wirelessly. Add in the Internet of Things,
which allows many ancillary devices to easily be integrated into
physical security networks, and the challenge increases further.
With cyber threats at an all-time high and with so much at
stake, all enterprise stakeholders need to recognize that cybersecurity
is a shared global problem. Security professionals need to
implement appropriate measures to ensure their IP cameras are
secure and their networks are protected.
Lax Procedures
In video surveillance and security operations, cyber intrusions are
often the result of lax operational procedures, such as not resetting
default passwords when new equipment is installed or failure
to implement firmware patches when they are issued. This negligence
can result in vulnerabilities that allow hackers easy network
access and/or the ability to deploy automated scripts to uncover
old firmware that uses default passwords. Once the hackers locate
camera firmware, they can easily access these devices in the host’s
network and affect their operation – for example, by dimming a camera’s brightness or inserting a malicious code that takes the
cameras offline until a ransom is paid. In more serious cases, they
can use their access into the security network as a stepping-stone
to hack other networks.
Human error contributes to the problem as well. According to
NTT Security’s recently released 2017 Global Threat Intelligence
Center Quarterly Threat Intelligence Report, insider threats pose
one of the biggest cybersecurity risks for organizations, with 75
percent due to accidental or negligent activity. Fortunately, most
of these threats can easily be avoided.
Many camera manufacturers have comprehensive, behindthe-
scenes initiatives to help improve IP camera cybersecurity,
which incorporate multiple components including education on
how cameras should be installed and how networks should be
secured. To start, end users and installers should secure IP cameras
and other network access points with strong passwords that
are changed regularly. A strong password is at least eight characters
long and is made up of a combination of special characters,
numbers and upper and lower-case letters. There are reputable
programs and web services that will assist in creating a password
that is difficult to hack. Changing passwords on a regular basis is
also extremely important.
It is also vital to keep all of your cameras and IP devices’ firmware
up to date. Typically, it’s firmware vulnerabilities or coding
errors that allow hackers access to devices, and once published for
correction purposes, become publicly available to hackers. This
makes installed devices that have not had their firmware upgraded
easy prey for hackers. Many companies send updated versions
of firmware regularly, and releases often include important security
updates. Hackers have been known to revert equipment back
to earlier firmware releases in order to expose known vulnerabilities,
and any such change should raise an alarm.
Another necessity is to disable the UPNP, P2P and SNMP
functions and enable HTTPS/SSL on a security camera’s IP filter.
UPNP will automatically try to forward ports in a router or
modem. Normally, this would be a good thing, but if a system
automatically forwards the ports and credentials are left at the
default, you may end up with unwanted visitors.
Remote Access
P2P is used to remotely access a system via a serial number. The
possibility of someone hacking into a system using P2P is highly
unlikely because the system’s user name, password and serial
number are also required. Yet, P2P should be disabled, along with
SNMP if it’s not being used. If it is being used, it should be used
temporarily, for tracing and testing purposes only.
Also, it’s critical for end users and installers to set up an SSL
certificate to enable HTTPS within the network. This will encrypt
all communication between devices and recorders to add another
layer of security.
When installing IP cameras, they ideally should be connected
to the ports on the back of an NVR to keep them isolated and to
prohibit direct access to the surveillance camera through a network.
Additional security actions to take with IP cameras include:
- Enabling the IP filter to prevent everyone, except those with
specified IP addresses, from accessing the system
- Regularly checking a camera’s system log that will show which
IP addresses were used to login to the system and what was
accessed
- Physically locking down the camera to prevent any unauthorized
physical access to the system
- Limiting features of guest accounts
- Isolating the NVR and IP camera network to prevent gainingaccess to the same network the security system needs in order
to function properly
These important actions, along with installing security cameras
on a dedicated security network that is not connected to the
public internet, can go a long way in lessening susceptibility to
cyber attacks.
Additional Initiatives
Many manufacturers are implementing additional initiatives to
help end users secure their networks. For example, one Dahua
initiative focuses on authentication for administrative access to
security system equipment. As part of this initiative, default accounts
are no longer included in new devices. Instead, when installing
the device, the device requires initialization with a strong
password. Management software communicates with the devices
not by sending the strong password itself, but by sending a coded
digest message instead. If anyone were to intercept the digest
message, they would not be able to decode the password. This
comprehensive approach to endpoint security heightens the security
level of the entire system.
In addition, the session security function built into DahuaIP
surveillance equipment includes an adjustable “inactivity time
out” to protect against unauthorized connections. New built-in
security features go much further, tracking session credentials
for subsequent identity authentication. If a particular host IP
address repeatedly generates security issues, the equipment will
automatically lock out that address and refuse further sessions.
Even more, many security camera manufacturers are working
in partnership with independent experts such as DBAPP Security
and Synopsys Technology to ensure the highest security and
quality for their products.
The results of those efforts are being seen in better management
of identities, increased session and data security, smooth
software update processes, prevention of brute force and password
cracking attempts, and the overall improvement in IP surveillance
device and network security.
Organizations with IP networked surveillance systems must
have a comprehensive and holistic cybersecurity program in place
to protect the integrity of their physical security systems and the
data on the enterprise. By taking a proactive approach to cybersecurity
and working more closely with equipment manufacturers
and suppliers, security professionals can better protect their
organizations while supporting global efforts to curtail future
cybersecurity threats and activities.
This article originally appeared in the February 2018 issue of Security Today.