Cyber-Security for IP cameras
Any device connected to the network, like IP cameras, has the risk of being cyber-attacked. Are your cameras really protected against cyber-attacks?
The following article include numerous recommendations that will help you strengthen the environment and protect your IP cameras against possible Internet threats.
1. Limiting access to the Network
The first step to protect your cameras is to protect the network they are connected to. For that purpose, the most effective and usual procedure is to place the recorders and cameras in a network isolated from the corporate network physically or virtually.
2. Authentication
SECURE PASSWORDS
The password is the second main protection measure when one camera is installed and connected to the network.
It is recommended to set a strong password containing at least 8 characters including uppercase letters, lowercase letters, numbers and special characters. (Find out the 5 key points to create a secure password)
BLOCKING IMPROPER ACCESS
Illegal login blocking is used to limit the number of the user’s login attempts. If the maximum number of attempts is exceeded, the IP address can be blocked for a period of time.
DIGEST AUTHENTICATION
RTSP and WEB authentication support the “digest” mode. This authentication method prevents web customers from sending the access passwords in plain through the network.
PERMIT MANAGER
It is recommended to have a permit manager with different access levels or users’ groups (roles) so that everyone can access the minimum essential information to develop their work.
3. Encrypting
Based on SSL/TLS and HTTP, the HTTPS protocol encrypts traffic between the customer and the camera improving the web access security.
We recommend you using a certificate signed by a CA (Public or private Certified Authority), although it means an additional cost, to reduce the risk an attacking system makes itself out to be a camera. A self-signed certificate is suitable for providing encrypting, but web customers will notice that it is an untrusted certificate.
4. Ports and Services
To minimise the possibility of attacks and reduce security risks you will only need to enable the ports and services needed for their environment.
SNMP
If necessary, you can enable the SNMP function to recover the state of the camera, parameters and information related to the alarm, and manage the camera remotely when connected to the network.
UPNP
The Universal Plug and Play (UPnP) protocol is a network protocol allowing for the discovery and automatic connection between network devices, as it is an automatic communication protocol, it is recommendable to disable it whenever possible.
QOS
QoS (Service Quality) is a mechanism that prioritises network traffic for specific applications. It can help solve the network delay and congestion through configuring the priority of data transmissions.
LOG FILES
Useful to register operations carried out with the cameras. It will help you search.
From the point of view of security, it is important that the date and time are correct so that, for example, the log registers have the date with the correct information.
Remember to synchronise the camera clock with a local or public server of network time protocol (NTP).
USERS’ AUDIT
Register of every connected user and IP.
AUTHORISED CUSTOMERS
Enabling IP filtering only for authorised customers will avoid the camera responding to the network traffic of other customers. It allows generation of white/blacklists for IP, to which access can be allowed or denied.
Do you have any questions after reading this post? Our cyber-security experts will be pleased to solve them.
About SCATI
SCATI, a manufacturer of IP video systems, is specialized in offering comprehensive, flexible and intelligent solutions in large networks of facilities.
At the cutting edge of digital technology, SCATI solutions are designed considering the highest levels of cybersecurity and they guarantee the protection of any facility.