Playing It Straight

Securing IP surveillance systems with unidirectional connectivity

In the hit movie “Ocean’s 11,” Daniel Ocean and his crew succeed in robbing $160 million from the Bellagio casino. Ocean’s crew carries out that task by using a wide range of swindling skills and top-notch technological capabilities, not the least of which involves breaking into the casino’s video surveillance system. In the movie, the crew’s computer wiz physically taps into the system from the casino’s own server room.

In reality, the task is actually much simpler when dealing with IP surveillance systems. One merely needs to gain access to a surveillance camera and connect a laptop in its place. This provides the hacker with access to the entire surveillance network, allowing for a range of malicious activities.

The Benefits of IP Surveillance
Despite the aforementioned security risks, IP-based surveillance systems have many benefits over analog and digital systems. For starters, the total cost of ownership of an IP surveillance system can be significantly lower. IP surveillance systems are highly scalable and allow for greater redundancy because control and monitoring can be shifted to other points on the network, if necessary. IP cameras enable on-camera automated alerting in response to predefined events. IP-based surveillance systems also permit advanced and automatic analytics of numerous video feeds to identify predefined events, threats and fraud.

Although some analytic capabilities are available as add-ons to analog systems, the full technological advantages are only available in IP networks, where seamless integration with additional systems provides added functionality, simplicity and efficiency. Such advanced analytics naturally has the effect of making the security officer’s job easier, less prone to human error and less costly in manpower.

The Unguarded Guards
Despite their undisputed advantages, IP-based surveillance systems also bring grave risks that are lacking in analog systems. With IP surveillance, a criminal can gain access to a surveillance network simply by disconnecting the LAN cable of a camera—often located outside the physical security perimeter or in an unattended location—and then connecting it to a laptop. This allows access to other devices on the same network including additional cameras, video servers and gateways.

Hackers can gain access to any other device on the network, including surveillance servers, monitors and storage. If the network is connected to or shared with additional networks, hackers can gain access to these networks as well. Thus, they are able to cause a wide range of damage to a casino, including blocking a camera or a set of cameras, shutting down an entire surveillance system, manipulating employee access and credential information, and changing or deleting stored video footage. And if the surveillance network is connected to other networks, the hacker also has the ability to interrupt IT systems across the casino’s IT infrastructure.

One must note that where wireless technology—WiFi or WiMax—is used to connect cameras in areas with no cable infrastructure, the hacker’s task is even easier as no physical tapping is necessary. In “Ocean’s 11,” for example, connecting to a surveillance camera in some remote casino location may have been a lot simpler than tapping into the system in the server room.

IP cameras function as a guard of the premises and, as such, are not sufficiently guarded themselves. Some of the cameras are deployed outside of the casino or in dark corners to secure not only the main casino floor, but also its perimeter and areas that are less visible. The critical question is, who guards the guard?

It is important not to let these dangers scare end users out of using an IP surveillance system and benefiting from its many advantages. Nevertheless, casino managers and security officers should be well aware of these threats and cope with them in order to ensure the casino remains secure.

Out of Reach
Many security products theoretically reduce the risks introduced by IP surveillance networks. Unfortunately, these products, such as firewalls, content filters, intrusion detection and prevention systems, as well as other traditional IT security methods, do not provide total security for the network.

When seeking a protective solution for a high-profile target such as a casino’s surveillance network, end users must consider the fact that a hacker will invest a large amount of time, resources and money in the attack, because the return on investment of a successful attack is extremely lucrative.

Unfortunately, none of the above-mentioned solutions can provide the adequate level of security that is required to protect a casino surveillance network.

In real life, firewalls are hacked on a daily basis, content filtering gateways can be manipulated and intrusion detection systems mainly identify known attacks. It also is important to note that most security systems and infrastructures suffer from inaccurate configuration and lack up-to-date security patches. Ideally, one must deploy a security solution invulnerable to standard attack technologies and immune to software flaws, bugs and, of course, human errors. To fully protect a network, a foolproof and future-proof solution is required.

A One-Way Solution
Unidirectional connection technology is the only security solution that can provide full protection to an IP-based surveillance network. This solution enables information flow from cameras to the surveillance network, eliminates online attacks, nullifies data leakage from the network and prevents cross-camera hacks while retaining the ability to control and manage cameras.

A unidirectional connection, also referred to as a one-way link, is a communication system that allows data to pass through in one direction only. In such a system, video streams and camera metadata can be transferred only from a camera to the casino’s surveillance network—not vice versa.

A secure unidirectional communication system must enforce its unidirectional data flow by means of physical hardware as opposed to software and other logical methods. The system is comprised of two hardware components that are physically capable of communicating with each other in one direction only. This is accomplished by connecting the two components by fiber-optic cable, with the transmitting component having only a transmitter, such as laser LED, and the receiving unit having only a receiver, such as a photoelectric cell. The data can physically flow only from the transmitter to the receiver.

To facilitate reliable data transfer over a unidirectional medium, a unique communication protocol must be implemented. This protocol adds communication reliability as another layer of security to the system by allowing transfer of the raw video data only, stripping it from headers and other protocol fields that are commonly used to facilitate malicious attacks. Based on patent-pending technology, this unidirectional connectivity concept is implemented for securely transmitting video streams in real time from IP cameras to a casino’s surveillance network.

A small number of cameras can be aggregated, and video feeds are transmitted through a unidirectional link into the surveillance network. This architecture creates an impenetrable gateway, preventing hackers from exploiting a camera’s vulnerabilities. Even if a hacker obtains physical access to a camera, he or she will not be able to affect other cameras, as each of them is located behind a unidirectional gateway.

Another big advantage of a unidirectional system is the protection of the casino’s video surveillance system itself. It is impossible to gain access to a surveillance network from a camera if a unidirectional link is in use because there is no feedback from the network to the hacker. The use of a unidirectional link provides a completely safe connection to IP cameras and other surveillance devices connected to the casino’s surveillance network. Unidirectional connectivity prevents outsiders from hacking into the casino network through a camera, manipulating other cameras or leaking information from the network. This allows casinos to reap the full advantages of modern IP surveillance systems while maintaining full network security. Unidirectional connectivity is indeed a foolproof and future-proof solution.

The unidirectional link transmits data from the cameras to the casino surveillance network only. Therefore, it prevents any data transmission from the surveillance network toward the cameras. This disables the hacker’s capability to remotely control the cameras through the same channel. However, the same technology is used to allow a secure way to remotely control the cameras from a control station, which is separated from the surveillance network. A unidirectional link is deployed from the control station directly to the cameras. This enables commands to be sent to cameras but leaves no inbound link to the control station from the cameras.

This unidirectional, connectivitybased security solution also provides secure connections to other IP-based sensors, such as motion and fire detectors, access control systems and IP-based alarm systems. The advantage of this is the possibility of creating one secure, integrated IT environment for all IP surveillance systems.

The unidirectional link is hardware-based and physically enforced. This is something worth emphasizing, as it is this attribute that enables the system’s security to be foolproof and future-proof. Firewalls, for instance, are softwarebased and prone to remote manipulation and circumvention. It also is important to mention the constant publication of security updates and patches for such products. These evolving threats make current technologies neither foolproof nor future-proof.

Uncompromised Security
A secure unidirectional link is different, mainly due to the fact that it provides security on the physical level. It is therefore immune to remote manipulation. The laws of physics do not enable data to flow in the reverse direction, naturally making the unidirectional connection futureproof as well as foolproof. Unidirectional IP surveillance is extremely cost-effective. In fact, not protecting your IP video surveillance systems with a unidirectional solution is tantamount to not insuring your new car for a penny a day.

Unidirectional connectivity is a dream come true for casino security officers using IP surveillance systems. It provides the highest level of security possible without compromising the advantages of IP surveillance. Had the Bellagio casino invested in unidirectional connectivity for its IP video surveillance system, Daniel Ocean’s plan would have been foiled before it hatched, and “Ocean’s 11” would have been the shortest movie in history.

  • Remembering 9/11 Remembering 9/11

    In this episode, Security Today Editor-in-Chief Ralph C. Jensen Talks with Steve Karoly about security and transportation issues, specifically airport, airline and passenger security. It is the 20th anniversary of the 9/11 terror attacks in New York, the Pentagon and Shanksville, PA. Much has changed concerning security efforts about airport transportation security. The conversation talks about the role that technology plays in protecting the flying public and steps taken to ensure there hasn’t been a successful terrorist attack on a U.S. airliner since 9/11. Checkpoint and screening are evolving at a rapid pace, and the conversation centers on new measures and technologies that are being integrated into checkpoints.

Digital Edition

  • Security Today Magazine - July August 2021

    July August 2021

    Featuring:

    • Tee Up the Security
    • Listen Clearly
    • Turning to the Cloud
    • COVID-19 The Final Push
    • Redefining Security

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety