On May 12, 2017, the worldwide WannaCry ransomware attack was reported to have infected more than 230,000 computers in 15 countries. This attack takes an affected computer hostage and holds it for ransom, asking for bitcoin payments in order to release the machine. On June 27, 2017, another cyber attack called Petya struck companies across Ukraine, Europe, the United States, and continues to spread globally. The impact of these attacks could have been prevented if businesses had kept their machines up-to-date with the latest security software and taken some additional precautionary measures.
The challenge for some organizations and integrators is that cyber security is not necessarily their core business. It is perceived as hard to address and manage, especially with hundreds or thousands of devices and cameras on a network. Here are some tips and solutions to make it easier to manage and automate camera hardening and surveillance protection.
Convergint Technologies, in partnership with Razberi Technologies, can help to reduce video surveillance system vulnerabilities and plug “cyber holes”. This includes protecting surveillance cameras, networks, and servers. Here’s how.
1. Cameras
Cameras are frequently installed outdoors and close to perimeters, leaving the camera and the network ports physically accessible to anyone. Some ways to protect cameras include:
- Place cameras behind intelligent surveillance appliances where cameras do not have their own IP address using a secure appliance architecture and a simple VLAN set up.
- Restrict services such as FTP, Telnet, and Bonjour.
- Automate password management that prevents common, default, or weak passwords. The system needs to provide a dashboard to flag the use of generic passwords across a network of cameras.
2. Networks & Video Management Systems
Variations in the VMS client, switch configuration, and firewall configuration complicates the job of properly hardening a video surveillance network. Some ways to protect the network include:
- Isolate the system by creating whitelists and firewalls.
- Either require expert configuration knowledge of camera vendor tools and VMS port and service requirements or utilize intelligent automation software to address these configurations.
- Maintain current firmware and release versions.
3. Servers
Even companies with great server policies and security measures in place are vulnerable to cyber attacks and risk being infected by malware or ransomware. To protect server infrastructure:
- Consider moving to a purpose-built surveillance appliance as opposed to using general-purpose servers. This reduces cybersecurity holes by putting the server, switch, PoE and VMS into one system to apply protection.
- Because VMS software can be interrupted by signature-base, Internet-reliant antivirus software, seek solutions that have a low impact on the VMS and server using artificial intelligence.
- Isolate servers and appliances from cyber attacks by requiring a thoughtful VLAN and firewall configuration.
In addition, Razberi ServerSwitchIQ can be installed in a secure appliance architecture using simple VLANs that can be set up in minutes, along with real-time alerts to leading VMS or Razberi VyneWatch for dynamic threat protection. To protect the appliance and the VMS, all Razberi ServerSwitchIQ appliances include CylancePROTECT®, which provides artificial-intelligence-powered antivirus and malware protection for the server.
Cyber security threats are here to stay and will likely become even more common. Contact Convergint to address camera, network, and server protection.
Razberi CameraDefense™
Razberi CameraDefense™ cybersecurity software works in conjunction with Razberi ServerSwitchIQ™ intelligent surveillance appliances to automate best practice camera hardening and system protections. It provides security managers and integrators with an intuitive dashboard to identify vulnerabilities and reduce installation time while ensuring consistent cybersecurity policies and protections are implemented immediately and ongoing.
It helps security leaders:
- Block unauthorized Internet of Things (IoT) devices: Binds cameras and other IoT security devices to the network and prevents unauthorized devices from using Ethernet ports.
- Limit access to cameras: Restricts camera access to white-listed IP addresses, blocks camera traffic to the public Internet, and flags weak passwords.
- Protect fromcyber attack: Denies unneeded and potentially dangerous camera services with a next-generation firewall.