How to Protect IP Camera System from Cyber Attack

By | Published on

Protecting Your IP Camera from Hacking

IP camera protection conceptIP camera systems are supposed to protect us. That is their purpose. However, do we need to protect the camera system?  It turns out that in this brave new world of cyber threats, even our cameras are vulnerable.

 

There are some things you can do to protect your IP camera system from cyber-attack. Some of them seem obvious, yet many of us have not implemented them. Your IT staff can implement many of these things, but we do have a simple solution that can be installed by almost anyone. Here is a list of things you should do to protect your IP camera system.

 

Camera Password

Late in 2016, there was a massive distributed denial of service (DDoS) attack that prevented access to major websites such as Amazon and Twitter.  The hackers were able to use many different network-attached devices including IP cameras to participate in the attack. Unfortunately, many IP cameras are installed with default or weak passwords that made it easy for the “Mirai” virus to penetrate the cameras.  What is interesting is that the cameras still worked, they just sent some additional messages. When you get over 100,000 cameras and other devices working together, it can overwhelm the targeted system.

It is very easy for a hacker to log in to an IP camera if you have not changed the password. The default username and passwords are even listed on the manufacturer’s website. Even the simplest hack can get into a camera that uses “root” and “pass” or “admin” and “1234”.

 

We have all learned that it is critical to use strong usernames and passwords to protect our computers. It is just as important to change the username and password to protect your IP cameras. By adhering to this simple rule, we can block most incursions.

 

Isolate the Cameras

IP camera recording systemThe best practice for installing your IP camera system is to place all the IP cameras on an isolated network that is controlled by the video recording system.

 

The video recording server should have two network connections, one for all the cameras and the other for the general network.

 

When the cameras are placed on an isolated network, it reduces the bandwidth on the general network and moreover, prevents any outside connections to the cameras. The security person (or assigned person) can still view the video from the cameras on their workstation located on the general network side.

 

Assure that Your Network Connections are Secure

Network connections can be secured by locking a port to a MAC address of the camera, as well as adding encryption to the camera video feed.

 

In some cases, our IP cameras are located outdoors or at other locations. We must prevent hackers from replacing a remote camera with a laptop that allows access to the camera network.  To protect your system, use a smart network switch to control network access. An intelligent switch can assign a specific MAC address to a port. Since the MAC address identifies a specific camera, any other device will be rejected by the switch.

 

If you do not want the wrong people to view the video, you can use video management software that supports increased security features. Some video management software, such as Ocularis from OnSSI, supports HTTP/SSL encryption from the camera to the recording server. The software also prevents unauthorized persons from viewing or copying exported video by using password protection and database encryption in the exported video database.

Use Antivirus Software

Antivirus software not only protects your IP camera recording system, but it also helps to keep your computer systems safe from cyber attacks. There are a number of anti-virus programs available that rely on detecting the signatures of malware.  This type of software detects and then removes computer viruses.

 

Unfortunately, cyber attacks have become more sophisticated. New malware can enter your system from websites, and email messages. Hackers have used phishing techniques to add ransomware to your system. One example of software that protects your computer system from these latest attacks is called CylanceProtect from Cylance. It uses artificial intelligence to analyze files and processes on the computer. The software works differently from the classic virus detection systems since it doesn’t require constant updates of malware signatures. Using machine learning to monitor the operation of the computer system, it constantly looks for unusual events and processes.  This advanced method detects threats and quarantines harmful code before they damage your computer system.

More Security Precautions

There are additional things that you can do to assure security.  For example, the video recording system should allow different levels of access. Only one or two persons should be assigned as the administrator and be allowed to do everything needed to manage the system, while other people can be granted the rights to just view the video.

 

There have been some issues reported by people using certain brands of cameras. Being aware of the reputation of the camera manufacturer is important.  For example, it is important to assure that ports in your router are not automatically opened when certain cameras are installed.  Even if you have IP cameras from less than trustworthy manufacturers, moving them to a separate network that does not have a router connected to the Internet will limit your risk.

Utilize a Security Enabled Network Video Recorder System

CyberShield-NVRIf you do not have a network security person, then you can always select a smart network video recorder with embedded security features. To review, network video recording solutions (NVR) systems make it easier to implement an IP camera surveillance system. The NVR contains a powerful computer that runs specialized video recording and management software. It includes the storage for recording the video from all the cameras for many weeks. Some include built-in network connections, while others rely on additional network switches to attach the cameras.

 

Recently, a new NVR system called CyberShield-NVR has been introduced that protects IP camera systems from cyber-attacks.  This smart NVR includes many of the protection schemes mentioned above.  Since these are easy to install appliances, you do not need a sophisticated IT person to implement everything.

 

The secure NVR can be used instead of a standard NVR or even your computer running VMS.  It includes a secure architecture with the ability to isolate the cameras from your general network. The system locks the connection between the cameras and the NVR, by recording the MAC address and preventing unauthorized devices from using the Ethernet connections. The video recording system supports video encryption and even integrates virus and malware protection from Cylance.  This means that it can help predict attacks and proactively prevent malware execution on your total system.

 

Conclusion

It has become more important to protect your IP camera systems from malware and other intrusions that can cause problems on your computer systems. There are a number of solutions including making sure the IP Camera passwords are secure, using a smart switch that can lock-down the network connection of the camera, as well as isolate the cameras from the general network and use anti-virus software. The alternative is a smart NVR that includes malware protection.


If you would like help selecting your IP camera system, and protecting the video recording system from cyber-attacks, please contact us at 800-431-1658 in the USA, or at 914-944-3425 everywhere else, or use our contact form.