Cybersecurity and CCTV cameras
Closed Circuit Television Cameras (CCTV) has been in the market even before the internet. CCTV has become an essential part of crime prevention and security measures. Government, private firms, houses every place is monitored using CCTV. CCTV captures the video and transfers them to the monitoring-recording device where they can be watched or stored. Depending upon the need there are various types of CCTV cameras. They are available based on quality, types of images, types of transmission, movement of the camera.
Internet-connected CCTV cameras
With the increased use of internet security cameras are becoming internet-connected. Various devices around us are now working on “IoT” or Internet of Things. Depending on the type of CCTV they can be connected to the internet by multiple ways like cloud-managed surveillance systems or the traditional DVR/VMS/NVRs connected to the internet. The traditional CCTV storage systems are connected to the internet for remote video access or support and maintenance. The person sitting in Delhi can view the CCTV camera installed in Kerala. Internet-connected security camera has various cybersecurity threats.
Cyber Security issues
Internet usage and cyber-attacks run parallel to each other. With the increase in internet-connected CCTV camera, the chances of cyber-attacks also increase. Everyone remembers the Mirai botnet. Mirai botnet took advantage of the insecure IoT devices. It scanned the big blocks of the internet for open telnet ports and attempted to log in with default passwords. CCTV cameras played a major role in the spread of Mirai botnet and brought down the internet. It is not just the camera which is attacked but also it gives the way to the hacker to enter the main network. CCTV security issue is the least discussed topic nowadays. CCTV data breach can cause a lot to harm to society. CCTVs are mainly used for surveillance and if its data is altered it is of no use. It is important to deal with cybersecurity issues of CCTV cameras.
Preventive measures against CCTV security breach
- Change camera passwords
This may look very obvious but this is a security measure which needs to be discussed. People often use easy-to-hack passwords. Users use passwords such as 123456, qwerty, abc123, etc. The cameras come with a default username and password which are published on the internet. Some users don’t change the password and leave the same with default passwords. So, if the hackers get the network access then using the GUI he can guess the password. It is just like putting a lock on your door whose keys are available with everyone.
It is always advised to keep a unique and long password for each camera. The password should be non-obvious. If the cameras are on a VLAN or Physical private network you can use the same password for all the cameras but the password should be strong.
- Port Forwarding
Everyone now excepts video access from remote mobile devices. This feature needs the DVR/NVR/VMS connected to the internet. If the server is HTTP then it is extremely dangerous. It is very easy to exploit and unsecure server. It is advised that you use HTTPS servers if you want to do “port forwarding”. Cloud-based systems do not have port forwarding, so no such vulnerability exists in that system.
- Using Firewall
When these CCTV storage devices are connected to the internet for remote access they need to have a firewall for protection. Firewalls analyze and verify that protocols that are going over the port.
A modern firewall should be configured by a security expert. Firewall configuration should be documented. The configuration should be monitored and the necessary changes to be done whenever required.
- Using Encryption
The video is stored on the disk and is transmitted to various devices when a request occurs. The video if not encrypted can cause security risks. The hacker can steal the video and can edit or view the same. The video should always be encrypted, both when it is in transit and when it is stored.
- Secure Physical Access
Hacking of data does not happen only by online means but the intruder can also try to hack into onsite physical equipment. The room where DVR/NVR/VSS, switches and video storage servers are located need to be secure and accessible by only authorized personnel. Proper security rules should be followed to keep physical access safe and secure.
- Network Topology
It is necessary to keep the cameras on a different network. Keeping cameras on a standard network is giving providing an easy way to the hacker. As stated earlier, by connecting a camera to your main network, you are giving a free way to the hacker to enter your main network through your surveillance system and vice versa. If a DVR is shipped with a virus, it will corrupt your whole network which may cause a huge loss. The cameras should be kept on a physically separate network or use a VLAN.
- Securing Operating Systems
Every device uses an operating system. From DVR to recording system every device has an operating system. Various vulnerabilities are present in the operating systems. Windows-based OS has some vulnerabilities and even Linux has some vulnerabilities. The OS should always be monitored for vulnerabilities and they should be dealt with by keeping the OS up to date with all security patches.
One can always contact their OS vendor to know which OS is used by your devices and which all patches are needed to be installed. IT department should always focus on upgradation and modifications to make the system secure.
- Securing Operating System Passwords
Just as camera passwords, OS password also needs to be strong. In an organization, various employees have the admin password which increases the security risk. The password of the OS should be unique and strong. The organization should make it a practice to change the admin password whenever an employee having the password leaves the organization or changes role.
- Using MAC Addressing
Every product in an IP-based security system has a unique MAC (Media Access Control) address. MAC address with the help of switches can be used to control access to the computer, cameras and network video recording devices.
Using MAC addressing, cameras can be assigned to specific ports for control and monitoring. With this one can prevent unrecognized MAC addresses gaining access.
This is the last measure but not the least. Training is a very essential part of using any technology. With properly trained professionals we can prevent cybercrimes. The service provider should provide proper training and also provide support for users. It will make the operators understand their obligations to keep the cameras and the network secure.
Cyber-attacks and data breaches are increasing day by day throughout the world. The hackers are becoming smarter and it the need of the hour to keep yourself updated. You should protect yourself from such crimes through preventive measures. It is suggested that you define your own set of rules for your company. With this, you can make access to the system secure. An unsecured system can do a lot of harm to the company and the users. It is necessary to keep your system safe physically also.