Securing Network Video

They don’t call it video security for nothing. People buy CCTV systems, for the most part, to provide a level of security. Whether it’s for live monitoring or gathering evidence after the fact, we sell these systems to allow people to feel safer, to keep things more secure.

But what about keeping the video information itself secure? We’ve all seen the movies where somebody gains access to a video system cable infrastructure and either cuts the coax or pushes some kind of device into the cable to intercept the signal, allowing them to see what the command center is seeing or even introduce a false image to cover up some nefarious activity. Of course most of it is Hollywood license, but analog video can be intercepted relatively easily.

Networked video is another story. The cable itself can’t be plugged into a monitor directly, obviously, but how easy is it to intercept networked video data? Let’s look at some ways it can be done, and some ways to prevent it.

WEBCAM OPENS THE WINDOW
It is logical to stop first at the place where it all began. Before we had IP and megapixel cameras in our industry, Webcams started showing up on PC users’ desks in droves. It was only a matter of time before someone said, “Hey, why can’t we make these a little better and use them for security cameras?”

And just like Webcams, people started streaming security video out over the Internet. Some did it purposefully, but I fear some people don’t realize their systems are accessible from the outside, even today.

It is pretty easy to do a simple Google search for the right string of text that brings up hundreds, if not thousands, of IP security cameras visible over the Internet. I have seen systems in banks, schools, stores, you name it. Like I said, some of these have been put out there on purpose. But I know some definitely were not. Just having these cameras accessible is a security hole.

LEAVING THE DOOR UNGUARDED
With any IP video system, especially if it’s accessible over the Internet, changing the default administrator password is an extremely important step — and one I see ignored over and over again.

With all of the cameras you can find on the Internet, it is disturbing to realize how many allow access to config and admin screens. It isn’t hard at all for anyone to get the default passwords for just about any product. If they can’t fi nd one on the search engine of choice, they are usually very easy to guess. Admin/admin is way too common.

I’ve had access to pan/tilt/zoom (p/t/z) controls and even administrator DVR menus that would allow someone to turn off recording if they wanted. This is exposing way too much for such a simple change.

Even if the system allows no access from the outside world, it is still imperative to lock it down as much as possible. Even if you don’t want the everyday users to have to deal with a login screen, you absolutely need to set a good, strong password for administrator-level access. So the first tip: Close the front door.

ENGAGE ENCRYPTION TECHNOLOGIES
So once the video is on the network, is there a way to protect its integrity? Is that even necessary? The answer is yes to both questions.

Even though, as we mentioned, intercepting networked video isn’t quite as easy as intercepting analog video, it is still possible. There are applications all over the Internet that allow people to directly observe all the packets of data streaming across a network. These are called packet sniffers. And yes, you can find them for free.

A packet sniffer basically captures each packet of data that flows past it and displays the content of that packet. The information you get is generally things like source and destination IP addresses, the different protocols that generated the packet and, in some cases, the content or payload that the packet is carrying. Now of course a single packet isn’t going to contain a whole image. Each one will only have a small piece. But if you can capture all the data from that stream, it is possible to reconstruct it elsewhere.

So how do we protect ourselves from the network hacker? Encryption. All networked data can be encrypted. Online banking and shopping wouldn’t be possible without it. The same technologies used for those kinds of Web sites can also be used for video data.

RSA is the company that developed most of the highly secure encryption technology in use today. When people refer to some of their encryption schemes they often use the size of the algorithm key as the name, such as RSA256, which has a 256-bit-long “key.” These keys are exchanged between two devices. If the keys match, access is granted to the data. The higher the number of bits in the key, the more secure it is.

Now, encrypting every frame of video from a camera streaming 30 images a second can be a daunting task for even well equipped CPUs. What some companies do is encrypt the “header,” or control information, in a data stream. With the headers encrypted only a device or software application authorized by the system has the necessary security token to decode the video. This assumes, of course, that the video is being encoded in some sort of proprietary format that requires special software to view anyway.

Security keys can also be used to grant user or administration access to Web-based client systems. Again, the same types of technology used for online banking can be employed to control access to video streams. Tip No. 2: Look for systems that take advantage of security and encryption technologies.

HIGH WATER MARK
Another technology used to preserve the integrity of a video stream is sometimes referred to as watermarking. A watermark is code added to a digital video file, invisible to the eye, that can be used to determine if the video file has been tampered with. When it becomes necessary, watermarked video can be run through an application that checks the watermark code against its own algorithm, and if it checks out the video is authentic. Any alteration of the image will change the algorithm and the video file will be flagged as altered.

One thing to keep in mind is that watermarking generally only works in a proprietary video file format. Once that video is exported to a common format like .avi or .mov the watermark is usually lost. It is important in these cases that if the video is to be used for court evidence, it is exported in that proprietary format.

Tip No. 3: Take advantage of watermarking.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters