Presentation is loading. Please wait.

Presentation is loading. Please wait.

Troubleshooting Networked Video

Published byDorcas Stanley Modified over 6 years ago

Similar presentations

Presentation on theme: "Troubleshooting Networked Video"— Presentation transcript:

1 Troubleshooting Networked Video
4/3/2014 Video Surveillance Hacking – How Weak Controls put IP Camera Feeds at Risk Anthony C. Caputo Advisory Board Member 2017 Connected Security ISC West Notes ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ Anthony C Caputo 1

2 Security Policy Architecture
Troubleshooting Networked Video 4/3/2014 Security Policy Architecture A Security Policy Architecture is necessary to identify existing enterprise policies and associate them with policy authorities and supporting roles. The security policy architecture typically contains top level policies that bring together all common themes of operational risk management, across all operational disciplines. It is important to identify the current security policies and procedures to incorporate them and/or improve upon them moving forward for security assets. Notes ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ Anthony C Caputo

3 Data and Information Security
This includes the organizational risk management policy for video surveillance assets that applies to Data and Information Security risk including: Enterprise Information Security Security devices should not be on the same network as corporate or web browsing Physical Security Location of devices, power, etc., and its accessibility, maintainability Identity and Access Management Policy Who, what, where and how Encryption Policy 128bit, 256bit, PKI? Information Classification Is data categorically classified? IT Physical Security policy Who has access to Data Center, MDF, IDF, Enclosures, Cameras, etc Network Security Policy Is the security network segregated? Port security to the edge? Default passwords? LDAP? WiFi?

4 Physical Infrastructure Security
Physical Infrastructure Security policies are more specific to topics or assets being protected. The security policies that are categorized as Physical Infrastructure Security policies typically include: Acceptable Use policy Includes Remote Worker, Personnel and Subcontractor, Traffic Controller, MDF, IDF, ) Access Control policy Who, when and how Identity and Access Management Policy Who holds the keys? Asset Protection Intrusion alarm, fire alarm, climate control, etc) Perimeter Protection Fence, access control, cameras, sensors, etc) Network Security Policy Remote access to what security assets?

5 Enterprise Information Security
Where does video surveillance fit in the enterprise information security policy? Enterprise Video Surveillance Access Control WiFi Internet Access Laptop Printer Fax Machine Smartphones Tablets Server & Storage Network Switches Wireless Radios IP Cameras Video Encoders Power Management Systems Sensors Archives Discrete.

6 Physical Security Intruders don’t need to unplug a copier.
Easier power installation doesn’t mean better physical security (30ft pole with elevated hand holes) Who has access to power sources? Equipment should be out of reach and inaccessible (with no passwords or IP schema information displayed)

7 Network Security DHCP Disabled – Static IP Addresses only
Port Security – tied to Physical MAC Addresses of devices with authority Hidden SSID for WiFi (Maintenance Only) Mesh Networking Radios for Video Transport (no direct client machine access) Physically or Virtually Separate Network VLANs – avoid a city-wide flat Layer 2 network (broadcast storms and increased risk) Many IoT devices with access via HTTP, HTTPS, Telnet and SSH. Disable what is not used. If disable is not an option, use a different manufacturer.

8 Passwords Change the Default Password
Change the Default Password on ALL devices More complex, the better Unlike a tablet or printer, it should not be easy to access security devices – all it takes is ONE DEVICE on the entire network to take it down.

9 Identity and Access Management Policy
Who has access to what, when and how they can have access? There are many IoT devices within the system with access interfaces: cameras, switches, routers, radios, UPS’s, PDUs, NVRs, DVRs, clients, servers, etc. Multi-Tiered User Management VMS and/or Web Access VPN Telnet SSH Password Policy (NO DEFAULT PASSWORDS)

10 A malfunctioning device can be a vulnerable device.
Staging Checklist Test each unit for operational integrity. Camera video signal is operational. Camera PTZ is operational. Archiving is operational. Wireless radio(s) are operational All devices have the latest firmware upgrade Change Passwords for Root, Admin and User. Label device with Installation Location Populate a spreadsheet for Information Management A malfunctioning device can be a vulnerable device.

11 Firewall A firewall is typically used to protect your private LAN from the Internet at a Layer 3, 4 and 7 levels. Layer 3 is the Network Layer (IP), Layer 4 is the Transport Layer (TCP and UDP), and Layer 7, which is the Application Layer. It’s all about control. A Firewall should be very granular with what is allowed inbound and outbound the network

12 Thank you Anthony Caputo is an Advisory Board Member of the upcoming 2017 Connected Security Expo at ISC West, April 5-7th 2017 in the Sands Expo, Las Vegas, Nevada. If you would like to learn more about this topic or other articles/books that Anthony Caputo has written, feel free to visit his website or connect with him directly on LinkedIn

Download ppt "Troubleshooting Networked Video"

Similar presentations

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Wi-Fi Structures.

Wi-Fi Structures.
Chapter 9 Connecting to and Setting up a Network

Chapter 9 Connecting to and Setting up a Network
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.

Router Configuration for Home Security: Forward your Ports Presenter: Steve Harris SCTE Director Advanced Network Technologies Program Development.
Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.

Topics 1.Security options and settings 2.Layer 2 vs. Layer 3 connection types 3.Advanced network and routing options 4.Local connections 5.Offline mode.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.

ITGS Networks Based on the textbook “Information Technology in a Global Society for the IB Diploma” by Stuart Gray.
Securing a Wireless Network

Securing a Wireless Network
TOSIBOX LOCK security options 1 1.

TOSIBOX LOCK security options 1 1.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,

Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.

1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Chapter Overview Network Communications.

Chapter Overview Network Communications.
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.

PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.

Similar presentations

Ads by Google