IP cameras – don’t leave your network door open

Fred Juhlin

While the vision of IoT is enticing for the convenience, capabilities and flexibility vast networks of connected devices offer, there is a growing risk for security threats and breaches as the number of entry points into a network dramatically increases.  In a recent survey by Cisco, 73% of business decision makers said they expect the IoT to cause security threats to increase in severity over the next two years. More worrying, 78% of IT security professionals are either unsure about their capabilities, or believe they lack the visibility and management required to secure new kinds of network connected devices.

Increasing availability of access to the network increases the risks of breaches. A thorough system threat/risk analysis should be taken into consideration when designing a system. As with any application you add to the system, the attack exposure area will increase as new components are added.  Adding a video system will increase the exposure area similar to installing Microsoft Office Suite in all PCs increases additional cyber risks.  Video system components may add risks to other network resources, while at the same adding additional resources on the network introduces risks to the video system. Minimizing the attack surface area is a common cyber protection measure.  If devices, services and applications do not need to interact, you should try to limit the connection between them.  Isolating the video system from the remaining network is a good overall protection measure, reducing risks of video resources and business resources affecting each other in a negative or risky way.

Unlike other devices on the networks such as laptops, desktop or mobile devices, a network camera is not exposed to the common threat of users visiting potentially harmful websites, opening malicious email attachments or installing untrusted applications. However, as a network device with an interface, a camera or other connected physical security devices may expose risk. So it is important to reduce the exposure area of these risks.

The process of securing a video security system – or hardening it – is an increasingly necessary one for installers and IT personnel to understand. A good hardening guide provides a configuration strategy suited to specific user requirements to deal with the evolving threat landscape. Axis uses the SANS Top 20 Critical Security Controls as a baseline for its hardening guide. A first step is an understanding and use of industry standard security protocols, including multi-level user authentication/authorization, password protection, SSL/TLS encryption, 802.1X, IP-filtering and certificate management.

In addition, camera suppliers, like Axis continuously update their cameras firmware with new features, bug fixes and security patches.  To deal with the increasing risk, variety and volume of security risks, security systems users will need to stay on top of updates from their suppliers and take heed of best practices for preventing attacks through network camera-based systems.