Meeting Modern Video Surveillance Cybersecurity Challenges
How one manufacturer’s comprehensive, multi-pronged approach to security helps prevent successful cyberattacks and simplify operations
In the past, security considerations for video surveillance were far simpler and easier to address. Typically, video surveillance systems were separate from the Local Area Networks (LAN) and the Internet, using direct connections via coaxial cable to send data directly to a recorder. Cybersecurity requirements were low due to this isolation, and primary concerns were physical attacks, including destruction of the equipment (most often the cameras), unauthorized deleting or copying of recorded data, severed video cabling, or the obstruction of lenses and views.
Today, many video surveillance systems use IP-based equipment, which sends recorded video across ethernet cabling to local, remote, and cloud-based recorders, often using the same LAN infrastructure that is used by general office workers. Additionally, remote monitoring and control of these systems via network clients or mobile applications is common. Modern systems also support data communication with third-party systems for access control, intrusion detection, and video analytics. Each opens up new cyber vulnerabilities and challenges, complicating the security picture for users as never before.
In the modern environment, the threat of cyberattack against a video surveillance system has greatly increased, making cybersecurity a top area of concern for customers and operators. The same local security issues of past systems are also still present and must be addressed in the overall security posture, while the integrity, confidentiality, and accessibility of video surveillance data must be further protected during recording, retrieval, and while in-transit—whether across the local network or across a public network to a remote location. Users look to manufacturers and the leveraging of modern technology, best practices, and features to meet these modern challenges.
South Korean technology innovator IDIS has consistently and aggressively considered cybersecurity concerns in their R&D process, focusing on developing a rich and comprehensive set of technologies and features to ensure maximum protections for end users of their popular end-to-end line of hardware and software solutions, a total solution hardening process that begins with a key best practice: the IDIS Total Solution uses a dedicated IP camera subnet for video transmission, separate from a customer’s corporate network, making it very difficult to establish an unauthorized connection into the corporate network. IDIS educates installers and integration partners to design a physically separate network, or to partition an isolated VLAN on shared network equipment, which begins making a difference from the time of installation through a fundamental first step: keeping video surveillance data away from the end-users existing corporate network.
The IDIS total solution features a comprehensive, layered, and multi-pronged approach to ensuring maximum cybersecurity for users. This approach incorporates enhanced secure data access, data transmission, and recording.
SECURE DATA ACCESS
Network security through a powerful mutual authentication system
IDIS DirectIP® is a proprietary mutual authentication system, supported by all IDIS IP products. When IDIS IP cameras are connected to an IDIS NVR, both devices mutually authenticate each other automatically through DirectIP. This ensures both sides identify and recognize who they are communicating with before the communication session is established. The authentication data is stored and protected on both the IP camera and the NVR.
Firewall on NVR
IDIS Firewall on NVR utilizing IP and port authentication system
IDIS NVR products have their own firewall installed that monitors and controls incoming and outgoing network traffic based on a predetermined set of security rules, including IP, MAC address, and port authentication. The firewalls on IDIS NVR products are designed and pre-configured to prevent unauthorized access.
Multi-factor authentication system utilizing user accounts and a registered mobile app
Two-factor authentication (2FA) is a type of multi-factor authentication system. To gain access to an IDIS NVR, the user needs to certify themselves with the IDIS Mobile App after going through the usual login process by typing in a user ID and password. All IDIS NVRs safely protect user accounts with 2FA.
SECURE DATA TRANSMISSION
TLS (Transport Layer Security)
Data transmission security system combines IDIS’s proprietary technology with TLS
TLS (Transport Layer Security) is a cryptographic protocol designed to provide communications security and data integrity over networks. By integrating TLS into IDIS’s proprietary data security solutions, there is minimal performance impact on video surveillance data transmission. TLS helps prevent malicious activities such as sniffing, modification, and destruction of data as it is transmitted between devices across a network.
FEN Security (For Every Network Security)
Access and data transmission security system over a public network
FEN from IDIS is an access and data transmission security system independently developed by IDIS using point-to-point (P2P) technology. FEN is an automated network configuration service which simplifies installation of networked surveillance systems. FEN enables the user to setup and configure secure surveillance systems without needing a professional knowledge of the routers and NAT devices on the network.
SECURE DATA RECORDING
Protect data using IDIS’s proprietary database system
IDIS iBank is a database system, independently developed by IDIS, specifically for video recording. This system maximizes storage efficiency and enables fast data processing. In addition, storage devices that implement the iBank solution cannot be read by external devices such as PCs, keeping the data safe from forgery and alterations. The iBank system is used in all IDIS’s recording systems.
Preventing data forgery and maintaining data integrity
IDIS’s Chained Fingerprint technology extracts distinctive features of recorded video data to create fingerprints for each frame and then embeds each fingerprint into the data of the next frame, connecting each frame together with the next like a blockchain. Video data created with Chained Fingerprint technology can be submitted to courts as evidence since an alteration to any frame is easily and quickly detectable, making it simple to prove the footage is authentic and unchanged. It is a highly efficient technology for ensuring and proving the integrity of users’ recorded video data.
Edge Encryption Recording
Efficient and powerful technology for encrypted video data recording
Edge Encryption Recording technology encrypts the video data at the IP camera before storing and sending it over the network. Therefore, additional encryption and decryption processes on storage and data transmission systems are not necessary. The encrypted data is recorded directly to the SD cards and HDDs, so the stored data is safe from unauthorized access and alteration if the SD cards or HDDs are stolen.
To learn more about the IDIS Total Solution and comprehensive cybersecurity protections, visit idisglobal.com/index/cybersecurity .