The security industry is deeply concerned with cybersecurity. Multiple security device manufacturers are known to be operating from China and other untrusted regions. The United States government and other entities have taken a hard look at country of origin given the recently publicized risks of using devices from those countries.
It’s no surprise to the IT team, but the security department may be shocked by the impact this will have on planning and deploying system upgrades. The heightened level of concern can slow the procurement process by adding new layers of scrutiny and testing. It can also increase the overall cost of the project.
Network-connected detection and surveillance devices, like security cameras and intrusion detection control panels, are subject to ongoing cyber-attacks to penetrate the local network. This may be done for a variety of reasons, like taking a security system offline to interrupt or divert operations, or using one or more devices as a bridge to the primary network. A vulnerability can also be used to “weaponize” a security device by interrupting the local network or other networks across the world.
The reality is that individuals and groups will continue their attempts to identify and exploit network security vulnerabilities. While we benefit from the convenience of a growing number of network-accessible devices, those devices only increase the likelihood of unauthorized network access.
It’s vital that all devices and networks are properly secured to prevent an open door for hackers and malicious attacks. Below are several measures that should be taken when deploying new network-connected security devices.
• Update device firmware and workstation software on a regular schedule. Manufacturers often release new firmware on a monthly basis or as critical vulnerabilities are realized. A service and maintenance agreement is critical.
• Consider deploying devices that include TPM modules or other methods of securing the operating system.
• Have a password policy. Always change the factory default password and use a complex password.
• Disable unused services on the device such as DDNS, FTP, QoS, RTSP, Multicast, Bonjour, Telnet, and SSH.
• Use HTTPS with a certificate instead of HTTP. Change default Port numbers for HTTP and HTTPS.
• Use IP Filtering to allow or deny access from specific IP addresses.
To explore all security and cybersecurity best practices, take the time to meet with your security professional and IT department. Depending on the manufacturer of your network-connected security devices, many of the bullet points may be enabled or disabled by default. It’s critical to completely understand each setting and the potential vulnerability created by an unavailable feature on one or more devices.
Professional Security Partner
The Vision team can survey your building, coordinate a design, and professionally install and integrate hardware and software. Vision can also create a custom Managed and Hosted Services plan, freeing up your staff to perform their core responsibilities of providing a safe working environment, and making system updates a breeze.
The Vision Investment Protection plan, like your system, can grow and change with your organization. Together, you’ll uncover potential problems before they arise. Additionally, Vision Investment Protection provides onsite and remote response, safeguarding your staff and securing your facility.
Vision has a full-time AutoCAD engineer on staff. Our engineering team can provide planned drawings, riser diagrams, and as-built diagrams in both electronic and hard copy formats for every project. We provide complete network installations, maintenance, database conversions, software installations, and upgrades. Our engineering team has both Cisco and Microsoft certifications.