EDIT Networking_PSI_mar15 26/05/2022 13:18 Page 2
CYBER
How to secure security systems Cybersecurity is never far from the headlines and the results of bad practise can be severely damaging. Here, Dahua explains how to secure your networked security system odern video security systems are more secure than ever. Gone are the days when network video recorders and cameras were allowed to be default credentials (like a 12345 password), which attackers used to mobilise tens of thousands (or more!) devices in a botnet. It’s important to remember that security at times can be simple. Just requiring login credentials to be changed upon first use resulted in a drastic reduction of compromised security systems. But simple doesn’t always mean ‘easy’. Attackers adapt, and defenders need to do their best to stay ahead. The best systems are designed to make it easier for defenders than for attackers, and there’s a lot that can be done with some additional (and simple) configuration decisions. In a typical small security system, you may have a dozen or more IP cameras connected to Network Video Recorders (NVR). Best practice configurations usually place the IP cameras on a network subnet; that allows you to disable access from the internet and keep bandwidth intensive IP cameras streams from interfering with other traffic. However, to access the NVR from outside your network, you’d have to expose it to the internet. Doing so potentially puts your assets at risk, as hackers can more easily use the open internet to break into your system.
M
Anatomy of a hack
Any IP device that’s remotely accessible from the Internet is potentially at risk. Many times the device is available from a network that has a fixed IP address and port. If so, that’s easily detectable from anywhere in the world by using port scanning (Port scanning is a standard technique that is used to determine what ports a target system may be listening on). This can help attackers determine as well what services may be running on the system, because certain ports are usually associated with particular services. If the device is an NVR for example, it’s likely to have Port 80 open, so the legitimate user can access the NVR’s web interface. But to
www.psimagazine.co.uk
the hacker, an open Port 80 is a big clue that the device has a web server running on it. Port scanning is essentially a way of ‘fingerprinting’ the remote operating system to understand what services and software versions are running on the target. This is a problem because if there are known exploits of that version of an OS or particular services, then its good news for the attacker if your device is not up-to-date on patches or otherwise unprotected. However, there are a number of practical ways to minimise that risk. Most NVRs have a mobile app that can connect via Peer-to-Peer (P2P). This setup uses an intermediary server to query the NVR, and request a port to be opened. Once that occurs, the Mobile app connects to the NVR. When the connection is closed, the port is closed. The big advantage of this approach is the port is open only for the duration of the session. At any other time, a port scanning won’t reveal much of anything to a potential attacker. It’s the equivalent of opening your garage door when you pull up to your house, then shutting it right after you pull your car in, and leaving it shut until you need to take your car out again. Another way to minimise exposure is to use IP address blocking. Also known as a Geolocation feature in many firewalls, this allows you to block access to your system from a range of IP addresses. Some allow you to block access from IP addresses in specific countries.
Any IP device that’s remotely accessible from the Internet is potentially at risk. Many times the device is available from a network that has a fixed IP address and port
41
