Security devices on your network, such as surveillance cameras and recording equipment, must be cyber-secure as well physically secure. Penetrable devices provide a security gap, allowing criminals access to your organization. A cyber penetration is typically executed against a device, or group of devices, for two reasons.
First, the attack could be used to access another part of the network that contains desirable information, such as personal data or business intelligence. Without proper safeguards built into the camera or other device, it can be used as a “portal” into other parts of the network. A similar type of attack happened at Target in 2013 when network-attached HVAC devices were compromised. This breach cost Target $202 million, an $18.5 million settlement, and exposed nearly 40 million of their customers’ credit card information to criminals. Additionally, Target’s brand name and reputation was damaged, along with future sales revenue.
Second, a hacked device can be taken out of service to create a physical security vulnerability. For instance, a group of security cameras at the perimeter of a secure facility could be incapacitated by a hacker. Corroborating criminals could then climb the fence without being seen. This may still trigger a fence mounted detection alarm, but the alarm is typically verified by a security team watching the cameras. Without cameras to verify the fence alarm, there may be a delayed response providing time and cover for the criminals.
The bottom line: any device on a network is vulnerable to a cyber-attack. This could be a security camera, VoIP telephone, or even a wireless printer. Security devices that are networked-attached and should be evaluated include:
· Video cameras and recording appliances
· Intrusion detection panels
· Access control devices
· Perimeter detection devices and barriers
· Any other system or device attached to a network
Security devices are designed and built by a multitude of manufacturers on various hardware and software platforms. Platforms range from Windows operating systems to embedded Linux software to proprietary operating systems. A thorough inventory will be required to evaluate your potential vulnerability from a security device or other network appliance.
Each device type has its own requirements and vulnerabilities. Devices should be hardened against threats using the following:
· OS patches
· firmware updates
· software updates
· user & device password best practices
· Required device authentication
· IPv4 Filtering
· Locking down or blocking little used service ports, such as telnet, FTP and SSH
· Utilizing signed X.509 trusted certificates for commercial (NFI) or federal (SCC)
· Utilizing Trusted Platform Modules (TPM) where available and applicable
· Employing SSL or Transport Layer Security (TLS) to secure authentication
· Windows security, such as password policy settings, disabling nonessential services, etc.
To ensure a secure desktop computing initiative is properly implemented, security staff policies and procedures should be reviewed to uncover operational vulnerabilities such as password sharing, leaving workstations unattended and unsecured among other vulnerabilities.
Threats from inside your network are much more common than external threats, so even if your network is disconnected from the public internet, your systems may still be vulnerable to ”social” threats.
Following secure desktop computing practices will ensure only authorized access to security devices is maintained.
The Vision Security Technologies team has a wide range of resources available to properly evaluate your entire security solution from a cybersecurity perspective. Once the evaluation is complete you’ll have a comprehensive plan of action for securing all your systems.