How secure is your security device
We are often content with our false sense of security. We may even be prone to believe that ABS braking systems will stop us securely, until the day we aquaplane.
The same applies to the world of security. A device, whether it be intrusion, access, electric fence or a video monitoring system is not security in itself. There are limitations and precautions that need to be understood and observed if the system is to deliver the value we want. The following few points go a long way to ensure that your systems remain secure.
Start with using equipment that has a traceable history and ongoing development. There are hundreds of products on the market and we can be inclined to consider devices based on price as they all seem to have the same features. But have you ever wondered if there is a backdoor into the device? Is there a way to recover a lost password, and who controls this? Is there a method to default a device (make it revert to its default settings), and what are the results of such an action? Are there security updates?
You need to password protect every device. More importantly, you need to choose a decent password that can’t be easily guessed. Stay away from common words and sequential characters. ADMIN, ADMINISTRATOR, 1234, 12345, 123456 are all examples to avoid. Do not fool yourself that your company’s phone number or address will be secure in the hope of having something easy to remember and seemingly difficult.
The best is to consider a random set of characters. There are many software applications that can generate these, so use them.
Host network protection
Any piece of electronic equipment that connects to a network will have a calculable risk of getting attacked. Threats can emanate from both inside and outside the company. Internally, a network should have specific rights applied to users to eliminate prying into areas that need to be restricted.
All equipment on the inside of a network should ideally not be accessible from the Internet unless such access is essential. Firewalls are designed for the purpose of filtering incoming information.
Unfortunately not every organisation or school or private home will have all these facilities. It is therefore imperative to consider the device itself.
Irrespective of the design of the host network, there should be proper considerations given to the actual device. Most important is to change the default password. You can’t consider a system as hacked if the default password is not changed, this is regarded as legitimate authorised access. Make sure that all passwords and user names, if possible, are changed. Use a complex alphanumeric code with special characters.
Control who has access to this password. Front door keys can very quickly be copied for ease of access, and the same can happen to user names and passwords. Depending on the risk profile, passwords should be changed on a regular basis.
Devices also have multiple user profiles. This is specifically designed so that different users have different access levels within a device. Use it.
Physical protection is also important. Make sure that the equipment is not readily accessible. Direct access to a device provides an opportunity for tampering, defaulting and theft.
Occasionally we might see articles or hear the urban legends, of Trojans. This is where any device running software can be manipulated to perform other malicious functions. Generally, Linux-based operating systems were considered safe, but this is no longer the case. Does your manufacturer respond regularly and timeously with new updates, and are you implementing them? The more common and well known the system the more activity there is to compromise it, but conversely, there are also more engineers working to make it secure.
Spend some time understanding and considering how access is gained to a device. A software package may have user restrictions, but this may not apply to hardware devices. Network cameras are all configurable via a browser such as Internet Explorer, Chrome, Safari or Firefox, so it is imperative to ensure that each device has proper security implemented.
Do not assume everything is safe and secure. Operate from a point of knowledge. In the drive-through world of quick setup, there are many features available to help speed up an installation and make it easily accessible. Features such as UPnP, Bonjour and Network and Sharing Centre make devices easily discoverable. This progresses to a stage where links are automatically created in a router for access from the Internet. Disable this if not required.
Tools such as ONVIF Device Manager are great help for an installer to discover a device, but are just as easily useable for the intruder. Teamviewer and Remote Desktop are again great tools for installers, integrators and support divisions, but just as easily grant access to anyone knowing the logon credentials.
There is not always a hacker looking at every single network and device, but they do exist and are focused on exploiting systems, whether for fun or financial gain. From the perspective of securing yourself and your business, it may be better to work from a point of paranoia, conspiracy theories and suspicion.
By Marco della Peruta technical head at Sensor Security Systems.