Easy Steps to Harden Your Cloud-Based Video Surveillance System’s Cybersecurity
The Cloud is the perfect place to ensure cybersecurity through adherence to standards and best practices. Here’s how to secure a video surveillance system.
Security is a top priority for companies doing business in the Cloud. As the number of Cloud-connected devices grows, so does the risk of data breaches.
The following are tips for hardening your system.
- Secure the network gateway. The gateway device (usually a router or modem that provides access to the Internet) has a firewall that protects against cyber-attacks. Verify that the firewall is on and that exceptions exist to allow outbound traffic on the ports used by your Cloud-enabled devices, if applicable.
- Change the password of the gateway device. Most modems and routers have a widely published or easily guessed default password. Even if remote configuration of the gateway device is disabled, the password should be changed to help ensure protection.
- Audit the open inbound ports on your gateway’s firewall. Some Cloud platforms include networking features that eliminate the need to open inbound ports on a firewall to enable remote access.
- Install cameras on an isolated network. Exposing cameras to the Internet or any devices beyond the recorder adds risk and should be avoided whenever possible.
- Connect cameras either to a PoE switch connected to the camera port on the recorder or directly to the recorder’s internal PoE ports, if included in the recorder.
- Audit all devices on your network. Every device on a network is a potential security risk if improperly configured. Ensure default passwords have been changed on all devices on your network, firmware and software are up to date, and anti-virus software is installed where applicable.
- Protect against physical tampering. Physical tampering with a camera is the easiest way to compromise it. Consider using vandal resistant cameras where applicable and when possible, mount cameras so they are out of reach without the aid of a ladder.
- Keep firmware current. An important part of preventing cyberattacks is keeping firmware updated to ensure the latest security patches are applied.
- In systems using recorders on-premise, the recorder should be designed to provide a secure recording environment, but there are a few steps that can be taken to further ensure security.
- Change the default password. One of the simplest ways to reduce vulnerability of a recorder is to change the password of the default admin account.
- Use Secure passwords. Passwords of at least 12 characters including numbers and both lower and uppercase letters are recommended.
- Avoid the use of real words or names in the password.
- Avoid local user accounts. Adding user accounts to local recorders increases the probability of orphaned or outdated user accounts remaining on systems and potentially compromising them.
- User account management via the Cloud is recommended as it allows for a single point of control for multiple recorders and easy configuration at a platform level.
- Keep software current. An important part of preventing cyberattacks is keeping software updated to ensure the latest security patches are applied, the recording software is no exception.
- Software updates are typically digitally signed and can easily be installed from a secure Cloud server.
- Avoid untrusted networks. When connecting to the recorder outside of the local network, be aware that not all networks are secure and it is usually not possible to know if a public network has been compromised.
- Use only trusted devices. Client systems that are infected with malware can have unpredictable results. Ensure all devices that connect to the recorder are running antivirus software, updated OS environment and follow established security practices.
- Use multifactor authentication to add an extra layer of protection.
- Create a user account for each user. Avoid sharing accounts between multiple users as this makes it difficult to restrict access to one of the users should the need arise.
- Manage user access with groups. Set up user groups to manage users by job description and level of access. Instead of setting up every user individually, user groups will save time during initial setup and when making changes and will also improve security by ensuring that any single individual isn’t left out of updates or changes.
- Manage remote client access users. Access to remote clients should be restricted by need and location. This gives administrators the flexibility to enforce policies such as preventing access to clients when a user is not on the corporate network.
Eric Fullerton is Executive Director at OpenEye.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!