Consider Data Security
Every project must ensure best practices
- By Paul Garms, Sean Murphy
- Sep 01, 2018
Data security is just as important
as the premises we
safeguard, making it imperative
to consider both
physical and cybersecurity
simultaneously. As security
technology becomes increasingly connected—allowing it to
take advantage of the Internet of Things and offer enhanced
integration capabilities—we must ensure data security best
practices in every project.
As with any connected device, there are risks to security technology
that must be addressed. Similar to other devices attached
to a network, these can include unauthorized access, denial of
service attacks, and repurposing a device by downloading malware.
We have seen increasing use of data security best practices
in our industry, but there is still room for improvement. Do you
know what to look for when considering data security? Let’s
break down some of the key points for minimizing risk.
Full featured operating systems, such as Linux or Windows,
provide services to install and run applications and support file
systems and general purpose remote sessions, and these services
can be used to attack the system. Most VMS servers and
NVRs reside on either a Windows or Linux operating system,
making it imperative that the most current updates and patches
are applied. Also, ensure the VMS can work with a firewall up, anti-virus software, and within network policies. This includes
hardened passwords, restricted physical and network access, and
disabling USB ports.
As for IP cameras and intrusion system devices, their operating
systems should be closed and run in limited memory space.
There should be no capability to create files, and nothing should
be able to be written to the device itself with the exception of digitally
signed firmware. Devices that can run third-party apps can
be weaponized and used as an attack platform against a network.
User accounts and access to devices is one of the largest issues today.
For example, many IP cameras are installed with the default
user name and password. If installed on an accessible network, a
connection can be established from anywhere in the world. Devices
should have a force password feature that also adheres to
User Access Rights
For remote access, users should be required to use a password to
access system functionality. Apps or other means of remote command
and control should limit user access to only the features
they are authorized to use at the system level. This ensures only
authorized people have access to data.
Encryption and Authentication
To reduce the possibility of data being intercepted, viewed, and
analyzed by packet sniffers, unencrypted communication channels
should be avoided. Systems should support encryption of
data transmitted over the network and to the cloud using up to
256-bit AES Encryption. AES encryption that uses Cipher Block
Chaining (CBC), which changes the key with each message, can
also greatly reduce the possibility of decoding. Systems should
also support certificates used in secure network scenarios, such as Public Key Infrastructure (PKI).
For end-to-end security of video systems, all network-wide
communications between the cameras, recording devices and
video management system should be assigned an authentication
key. This ensures that an infrastructure of trust is built before
network-wide communications start. Video devices should also
include a built-in Trusted Platform Module to safely store cryptographic
keys used for authentication and encryption. All cryptographic
operations for authentication and encryption should only
be executed inside the Trusted Platform Module.
For mission critical video applications, consider taking authentication
a step further by using a system that supports the
use of certificates as well as highly-secure identification and authentication
through multi-factor smart card credentials.
For intrusion systems, end-to-end encryption is essential for
remote programming data. Authentication of control panel communications
is also important. The receiver at the monitoring
center should perform authentication on all messages to prevent
replay or substitution of the control panel. Replay of messages
occurs when a network sniffer is used to record messages and attempt
to play them back. Substitution occurs when a panel is replaced
by another panel. These tactics attempt to fool the receiver
that a panel is still online and working when there is actually a
problem. Authentication can be done by using a key to verify
each message that is received. The key should be changed with
each message, including supervision, openings and closings, and
Network and vulnerability scanners are designed to scan a specific
range of ports and the protocols associated with those ports.
The more ports that are open on a system, the more opportunity
there is to leverage a device or the services on that device. Ports
that are not needed in a particular installation should be disabled.
Today, internet access to security devices, such as IP cameras
and intrusion control panels, is desired for maintenance, updates
and remote access, especially to cut costs. It is recommended to
only use cloud connecting cameras and no port-forwarding configurations.
Also, protocols such as Telnet should not be used.
For cloud-ready control panels, ensure they are programmed with
a unique cloud ID and PKI certificate that will allow a mutually
authenticated Transport Layer Security (TLS) connection to the
cloud services. These advanced cryptology standards help to prevent
eavesdropping, substitution, and data tampering. The cloud
should also be continuously monitored and updated to maintain
the security of connected devices.
Prevention of Denial-of-Service
All computing systems have a finite set of resources, such as processing
power and memory, to use, and this is especially true for
embedded devices. A DoS attack can occur when a hacker opens
multiple TCP sessions with a device, rendering it unable to receive
additional messages. Consider ways to minimize the risk of a denial
of service attack caused by a flood of network traffic.
For example, although a flood of network traffic will not
cause a failure of a security control panel that prevents it from
monitoring the physical security of the premises, very high levels
of traffic may cause the loss of received packets. If the high
volume of traffic is over an extended time, the loss of received
packets could result in communication failures. To prevent this,
connections with remote programming software should be authenticated.
For monitoring center receivers, the receiver should
only process data that is expected and in the proper format. If the
account is not in the receiver’s account database or the data isn’t
in the correct format, the receiver should not spend time processing
and responding to the message.
The Highest Standards
Given today’s environment, where a single weak link is all it takes
for a hacker to jeopardize an entire data system, it is imperative
to protect all facets of a system. Make sure you are taking the
proper precautions with the systems you are purchasing or installing
and understand how to achieve the highest standards in
end-to-end data security.
This article originally appeared in the September 2018 issue of Security Today.