When the botnet is holding the camera

Digital video surveillance provides security. And yet hackers continually gain access to these video systems and can thus observe offices and buildings without anyone noticing. But how can you lock out those uninvited guests? And what are the features of a stable, good and secure IP camera system?

AUTHOR Christian Jourdan, Expert in video security for Konica Minolta Business Solutions Deutschland
 

IOTROOP, MIRAI
Malware to establish a botnet

These digital pests attack smart devices such as surveillance cameras, routers and video recorders and make it possible for hackers to remotely control the devices. This can then cause serious damage.


Good intentions are not the same as good implementation. Unfortunately, that still applies in the digital age of the 21st century. Security cameras are one example.

The problem: video data is often not sufficiently protected. Some systems have no basic protection at all or critical security gaps in their operating system. This makes it simple for cybercriminals to enter the Local Area Network (LAN) and access data there. While putting off criminals at the front entrance, you are inviting others in through the back door.

 


TURNING YOUR CAMERAS TO CRIME

This invitation can have far-reaching consequences. Intruders can deactivate cameras or adjust settings remotely.

This is a risk to all users of the company network. In addition, these IoT devices themselves can be compromised and made part of a botnet, as in the case of Mirai or IoTroop.

Security and configuration tools make video systems more secure. End-to-end encryption, for example, is helpful during data transfer. It keeps out any curious observers.

In addition to the Internet entry point, hackers can also access installed cameras in the real world. In many cases, all it takes is a ladder. All video systems must thus also be installed in such a way as to not be directly accessible by outsiders. Otherwise it would be easy for criminals to switch the camera off or manipulate it.


Additional traffic can reduce the stability and security of the whole system.


TAKING A CAMERA TO COURT

In addition to the security aspect, companies often forget that digital security camera systems produce data and thus have a significant influence on the company’s network. If the corporate network is not designed for this quantity of data, performance or stability problems can quickly occur.

For this reason, companies should first consider very carefully what goals they are pursuing with the integration of security cameras.
  • Do I really need high-resolution images that can be used later in court?
  • Should the camera identify licence plates to control access to the company premises?
  • Or is a lower image resolution sufficient to provide the necessary information?
The quality of the security cameras depends on the aims of the purchase.


MORE TRAFFIC, MORE PROBLEMS?

At the latest when several video cameras are filming, the existing network often reaches its limits. This overload becomes a problem if the company is using the data from the IP video systems within its productive systems. The additional traffic can reduce the stability and security of the whole system.

Therefore, before integrating a video solution, whether the productive network can handle the additional load should be checked. Otherwise, a parallel network that ensures both network separation and the required performance is advisable.
 
PRODUCTIVE SYSTEM
Part of the IT system

The productive environment of an IT system runs applications that are necessary for everyday business. It is also where most data is stored.


DATA. CAMERA. PROTECTION.

When setting up video security, data protection aspects must
also be taken into account.
  • Which areas should and may be monitored?
  • How long is data stored?
  • Who has access to the data?
The General Data Protection Regulation (GDPR) provides very clear rules for action here. Among other things, companies are required to delete data that is no longer relevant. This deletion process can be automatically controlled with a high-quality IP video solution. As soon as a previously defined point in time is reached, the recordings are then automatically overwritten.

At the same time, organisations must protect all data by assigning individual access rights. For example, the gatekeeper only needs access to live images, while other employees also need access to archived recordings.


WORK WITH PROS

Since there are many aspects to creating and implementing the right concept, companies should seek the support of specialised IT service providers.

They use consulting workshops to show their customers the options offered by IP video systems. In addition, they work with them to develop operational requirements and acceptance criteria, as well as an appropriate concept.

Such specialists take over all necessary operational tasks as well as maintenance and ensure the video security system’s continuous availability. With custom-fit cameras, integrated backup and configuration tools and some fundamental security measures, companies ensure that they reliably get exactly the images they need. And at the same time, they reduce the attack surface for hackers.

Focus Security

Overview Security

WannaCry?

The biggest bunker will not help if the keys left in the lock

How many days does it take you to detect a cyberattack?

When the botnet is holding the camera