Showing posts with label CCTV surveillance. Show all posts
Showing posts with label CCTV surveillance. Show all posts

Saturday, June 24, 2017

Secure your security surveillance

Secure your security surveillance

Surveillance systems offer home and business owners peace of mind, knowing that their property and valuables are protected from criminals. But during Surveillance installation owners / responsible person couldn’t change default password of product, like: DVR. NVR, IP Camera, IP Intrusion Panel, Router, Access Point etc. Many users sometimes call me and ask “my DVR data is formatted, but I couldn’t share DVR password”, “I lost my NVR password, how to retrieve the same” etc. etc.

I have seen 80% of users will not change the default username and password for their IP cameras. Electronic Security Surveillance footage is useful in conducting investigations.  IP video surveillance is not immune to cyber risks, but taking basic steps toward protecting and strengthening networks and networked appliances will make them less susceptible to attacks. Below are some tips.

1.     Change default passwords and used strong word:
You can find the default username and password from either user-manual or the product sticker on the product. Sometime your installer share password. Default passwords makes your system easier to hack. It’s like leaving the door already half open for smart hackers. The most used default account for IP camera is admin/admin.  You may need to reset your device before. After reset, user settings and account information will return to their factory settings. Below are the top 10 passwords 
            a.     12345
            b.     Password
  1. 12345678
  2. qwerty
  3. abc123
  4. 987654321
  5. 111111
  6. 1234567
  7. iloveyou
  8. adobe123
Almost all cameras sold today have a web-based graphical user interface (GUI), and come with a default username and password which is published on the internet. Using a strong password is the vital step to protect your IP camera from unauthorized accessing or hacking. The strong password must contain more than eight characters and at least include four types of characters - uppercase letter, lowercase, numbers and special characters. 

2.     Change Passwords Regularly:
Regularly change the credentials to your devices to help ensure that only authorized users are able to access the system. Most cameras offer at least some form of basic authentication. It may not be super robust, but at least it is better than nothing at all. Protect your camera feeds with a username and a strong password and change it periodically. Set high quality passwords and do password enforcement and account deletion when staff changes.

3.     Rename the Default Admin Account and set a new Admin Password
Your camera's default admin name and password, set by the manufacturer, is usually available by visiting their website and going to the support section for your camera model. If you haven't changed the admin name and password then even the most novice hacker can quickly look up the default password and view your feeds and/or take control of your camera.

4.     Limitation of Guest Accounts
If your system is set up for multiple users, ensure that each user only has rights to features and functions they need to use to perform their job.

5.      Change ONVIF Password
On older IP Camera firmware (applicable for limited product), the ONVIF password does not change when you change the system’s credentials. You will need to either update the camera’s firmware to the latest revision or manually change the ONVIF password.

6.      Manage your camera settings
Including a camera in a home security system is a must these days. It can allow you to view online what’s happening at home even if you’re on the other side of the world. However, with the same feature, you can also be exposing yourself to potential hackers.
A security camera is set for remote online monitoring by default during your purchase. This feature makes it possible for you to keep an eye on your home in real time through a specific app or website. It also makes it a possibility for hackers to use your own camera to spy on your home. Scary, right?
If you can go by without remote online monitoring, turn this feature off. However, if you feel that it’s a necessity to keep the feature, then guard your home and your system by a strong password. It can also help if you strictly position the cameras to face only the areas they’re supposed to monitor. Avoid including your living room or your bedroom entirely.

7.     If Your Camera is Wireless, Turn on WPA2 Encryption
If your camera is wireless capable, you should only join it to a WPA2-encrypted wireless network so that wireless eavesdroppers can't connect to it and access your video feeds.

8.     Enable HTTPS/SSL:
Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your devices and Storage.
Many cloud vendors provide connection encryption, but it is variable. Confirm with your cloud vendor how their system handles this.

9.      Protect your router.
Like your security system, you can also make your home more secure by protecting your router with an effective password. You can use the same ideas as above. However, make sure you don’t use the same access codes for your system and router.
You can also try hiding your router by manipulating its configuration to make it invisible. However, you have to keep in mind that doing so doesn’t completely make your router invisible. Instead, it only makes your network not easily seen on basic and automatic searches. If a hacker is too advanced, he can simply look for a tool and use it to find your network.

10.   Avoid using public wi-fi.
As much as possible, try not to access your automation devices at home using public wi-fi connections. This makes you more prone to hackers getting access to your personal informations. You can try using your mobile data service or find a more secured connection before you click connect.

11.   Enable IP Filter:
Enabling your IP filter will prevent everyone, except those with specified IP addresses, from accessing the system.

12.   Check the Log
Most of the time, the easiest way to know if someone has been messing around with your system is by checking your camera logs. There are several security cameras that can show you the IP addresses that accessed your cameras. If you find a suspicious one on your log, immediately change your access codes and notify proper authorities.

13.   Disable UPNP:
UPNP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports, and you leave the credentials defaulted, you may end up with unwanted visitors.
If you manually forwarded the HTTP and TCP ports in your router/modem this feature should be turned off regardless.

14.   Disable SNMP:
Disable SNMP if you are not using it. If you are using SNMP, you should do so temporarily, for tracing and testing purposes only.

15.   Disable P2P:
P2P is used to remotely access a system via a serial number. The possibility of someone hacking into your system using P2P is highly unlikely because the system’s user name, password, and serial number are also required.

16.   Disable Multicast:
Multicast is used to share video streams between two recorders. Currently there are no known issues involving Multicast, but if you are not using this feature, you should disable it.

17.   Put up a firewall.
Make sure you have a firewall in your network to prevent unauthorized access to your devices. If you don’t have one, you can browse the internet to know your best options on firewall downloads.
For a cloud-based solution without port forwarding, an on-site firewall configuration is not needed. Speak with your integrator or system manufacturer to confirm this.

18.   Change Default HTTP and TCP Ports:
Change default HTTP and TCP ports for Dahua systems. These are the two ports used to communicate and to view video feeds remotely.
These ports can be changed to any set of numbers between 1025-65535. Avoiding the default ports reduces the risk of outsiders being able to guess which ports you are using.

19.   Forward Only Ports You Need:
Ideally, do NOT connect your unprotected server to the internet. If you do expose your system to the internet, then “port forward” as few ports as possible and utilize a next generation firewall which analyzes the protocol and blocks incorrect protocols sent over the wrong port. In an ideal situation, also deploy an IDS/IPS for further protection. Its applicable for IP Camera/ DVR/ NVR/ VMS.
The more secure cloud-based systems do not have port forwarding, so no vulnerability exists, and no incremental protection action is required. Ask your integrator or provider to verify this for any system you own or are considering acquiring.

20.   Build a separate network
Mixing the cameras on a standard network without separation is a recipe for disaster. If your security camera system is connected to your main network, you are creating a doorway for hackers to enter your main network via your surveillance system, or to enter your physical security system through your main network. Some DVRs can even be shipped with a virus.
Ideally, place the security camera system on a physically separate network from the rest of your network. If you are integrating with a sophisticated IT environment, it is not always possible to separate the two systems physically.
In this event, you should use a VLAN.

21.   Connect IP Cameras to the PoE Ports on the Back of an NVR:
Cameras connected to the PoE ports on the back of an NVR are isolated from the outside world and cannot be accessed directly.

22.   Secure your smart phone
Most of today’s home security systems are controlled through smart mobile applications  and this is what makes your smartphone very important for your home’s security. Keep it in mind to always have it protected.
For one, you should avoid logging in to your system while in public places. Someone near you could be waiting for your password. Also, make sure that no one else can access your phone by securing it with a password lock. You can also install a track app just in case you misplace or lost your phone.
If such event happens, make sure to immediately remove your phone’s access from your security system and report the incident right away.

23.   Upgrade your apps and firmwares.
The reason why companies keep updating their firmwares is to fix bugs and glitches as well as to add security patches. By complying with the updates, you are arming yourself with better protection against hackers.

24.   Disable Auto-Login on apps:
If you are using apps to view your system and you are on a computer that is used by multiple people, make sure auto-login is disabled. This adds a layer of security to prevent users without the appropriate credentials from accessing the system.

25.   Use a Different Username and Password for apps:
In the event that your social media, bank, email, etc. account is compromised, you would not want someone collecting those passwords and trying them out on your security surveillance system. Using a different username and password for your security system will make it more difficult for someone to guess their way into your system. Set high quality passwords and do password enforcement and account deletion when staff changes.

Surveillance System Assessment, Deployment & Maintenance

Data breaches continue to accelerate throughout the world. With increasing Internet connectivity, physical security systems are very vulnerable to cyber-attacks, both as direct attacks and as an entrance to the rest of the network. Liabilities for these attacks are still being defined.
It is prudent to protect your company and your customers through preventative measures.
To maximize your cyber security, it is critical to define best practices for your own company, as part of your security camera system assessment, as well as its deployment and maintenance.
Security audit is another way to know system performance of your security Surveillance systems. You need to see what camera saw, Auditing of CCTV Video Easier and Efficient. Auditing helps in gaining better Situational Awareness and Actionable Intelligence.


Some of these technologies are new and have been developed specifically to combat cyber-attacks whilst others, which were originally intended simply to make chipsets more efficient, are also able to contribute to camera security. Almost all, when mentioned in video surveillance-related documents, datasheets or on the Internet, are stated as acronyms or have names which do not make it obvious what they are intended to do. Here, therefore, is an explanation of some of those you are most likely to come across.

  • Anti-Hardware Clone: Anti-hardware clone functionality prevents a chipset from being cloned. In addition to protecting intellectual property, this ensures that a chipset with a manufacturer’s label is a genuine copy and removes the risk of a cloned device which may contain malicious software being used to steal sensitive data such as passwords.
  • Crypto Acceleration: When applied to video surveillance solutions, crypto acceleration is normally referred to within the context of a camera chipset performing complex mathematical functions for encryption and decryption This is a very intensive operation requiring the chipset to use a large proportion of its resources. Equipping chipsets with a dedicated ‘engine’ for this purpose ensures that encryption/decryption is efficiently carried out, without affecting other camera functionality.
  • Image Scrambling: Between the location of a camera and where the images it captures are remotely viewed, recorded and stored, there is always the possibility that a cyber criminal could hack into the network and gain access to what may be confidential video and data. Image scrambling is the encryption of video prior to transmission over the network. It does so by randomly rearranging the pixels of each image so that it cannot be viewed by anyone maliciously hacking into the network.
  • Secure JTAG: JTAG ports are hardware interfaces which are used to programme, test and debug devices. However, they can be compromised by cyber criminals to gain low level control of a device and perhaps replace firmware with a malicious version. This can be prevented by securing the JTAG port via a key-based authentication mechanism to which only authorised personnel working for the manufacturer have access.
  • Secure UART: UART ports are serial interfaces typically used for debugging cameras. They allow administrator access to a camera and are therefore a target for hackers attempting to access sensitive information such as password keys. Hackers could also potentially access a camera’s firmware in order to reverse engineer it, as well as examine it for vulnerabilities in the device’s communications protocols. Enforcing restricted and secure access to the UART port, will allow the debugging process to be safely completed, without opening the door to cyber criminals.
  • OTP ROM: This is an acronym for One Time Programmable Read Only Memory which allows sensitive data, such as encryption keys, to be written only once onto a chipset and then prevents the data from being modified. This protects the integrity of encryption keys which are used to validate the stages in a secure boot up sequence and allows access to the JTAG Port.
  • Secure Boot Verification: Secure Boot provides an extra layer of security by sandboxing different elements of a camera’s operating system, which means they are in a protected space. The system will complete a full boot before communicating with any other part of the system and this prevents an interruption to the boot process which could be exploited by a hacker.
  • Random Number Generator: Computers are designed to create very predictable data and are therefore not very good at generating random numbers which are required for good encryption. A dedicated random number generator overcomes this problem by having a dedicated mechanism for the task.
  • Secure OS: Using a separate operating system (OS) for encryption and decryption, as well as for verifying apps have not been modified or are forgeries, reduces the workload of a camera’s main OS. A separate Linux based API is needed to access a Secure OS and without this, there is no way to make any changes from the outside of a camera. A Secure OS should always, therefore, be used to process important stored information.

In a highly competitive market, there is no shortage of camera manufacturers to choose from. Consultants, system designers and systems integrators therefore have the freedom to narrow down their shortlist of preferred supplies to those who have fully embraced and incorporated best practise into their manufacturing process. A clear demonstration of this would be if they have equipped their cameras with most, if not all, of the above functionality and technology.




Biography:
Arindam Bhadra is an eSecurity professional 11yr + in this industry. He is a good freelance blogger. His blog is now No 1. Blog in India. 2.9L page viewer globally. Mr. Bhadra is an Electronics & telecommunication Engineer from IETE, New Delhi. He is a member of FSAI from 2011 & Go Beyond security from 2008. His blog arindamcctvaccesscontrol.blogspot.com focuses on security. Apart from his job, he loved to spend all his time with eSecurity & Safety technology understanding and loves to help people. He is a Tech enthusiast and has written articles over the period in this Magazine & blog. You can follow him on Facebook, Twitter, LinkedIn & Google+ etc.





Friday, December 19, 2014

Value of Video Verification

The Value of Video Verification

Alarm systems have been a part of security since the beginning. We all know that when an alarm goes off, police are called to respond, but how many of those alarms are false? To just one person or business it seems reasonable for police to respond to even the false alarms, but multiply that by hundreds and thousands of businesses in each city and imagine all the false alarms police are required to respond to each day. Unfortunately, police cannot respond to every alarm call within a fair amount of time. Staffing, policies, and priorities often conflict with these calls. With no way of knowing whether the alarm is real or fake, police have to make a best effort, which sometimes results in the real crimes remaining unsolved.
Today systems are being designed to allow video verification of alarms. This means that when an alarm is tripped a monitoring company is alerted and begins remote viewing the facility through installed CCTV security cameras. The monitoring company can then verify if a crime is occurring. Police departments respond faster to a crime in progress rather than an unknown situation. What does this mean to security customers? Well, it will require a higher monthly premium for monitoring your alarm system. With the higher price comes a quicker response rate from local police. In additional, customers with video verification systems will also have the peace of mind in knowing that even when they are unable to, there is someone watching over their property.
Many cities require fees to be paid for false alarm calls. Recently in Glendale, Arizona the city passed an ordinance that requires citizens to pay steep fines when police respond to false alarms. These fines range from $100 to $400 depending on the amount of previous false alarm calls received.
The equipment for a video verification system can be costly, but for some customers the price is worth the result. When you compare the potential loss of property if police are unable to respond in time to a real call or the increased risk of fines for false alarm calls, the setup and maintenance fees are well worth the investment.

How Video Verification Works
To those who are unfamiliar, video verification documents a change in local conditions. When a sensor goes into alarm, cameras record clips or open a feed to live video at the premise. The video and/or notification to view the live feed are sent to a central station where operators survey the situation.
With video evidence and other means of verification, such as audio or cross-zoning, central station operators can tell dispatchers more about what is happening at a property. As such, the quality of the process improves, raising the priority for dispatch and hastening response. This is in line with the protocol followed by most law enforcement agencies across the United States.
This is the procedure that the Central Station Alarm Association’s (CSAA) existing ANSI standard for video verification prescribes and it is an excellent starting point from which the industry can advance with input from law enforcement and the insurance industry. It is important for installing security companies to know that video verification is completely dependent on central station service.

Road to Making Gains
For video verification to truly gain acceptance by all ancillary industry stakeholders — from end users, police and the insurance industry — there must be uniformity in how it is applied. With several years of field experience gained by industry stakeholders, some of the advancements for the next generation of verification are being implemented.
Differentiations can be made for residential, commercial and high-value commercial, as well as interior and exterior applications. Within the commercial realm, there are different risk levels to be accounted for, such as the potential loss at a big-box electronics store compared with a sporting goods store that has a stock of weapons and ammunition.
Fortunately, one distinction everyone agrees upon is that professionally installed and monitored systems will garner prioritized response that DIY, self-monitored systems will not enjoy. That alone gives alarm contractors a tremendous selling point to current and prospective customers, especially as some of the largest technology companies enter into the smart-home market with automation systems and smoke/CO detector devices.
While the industry works on these issues, whatever the final form of this standard ends up being, video verification will deliver value for every stakeholder in the battle against property crime. Alarm system owners will get a fast police response and installing contractors will benefit from satisfied customers. At the same time, police remove criminals from the streets and the insurance industry cuts down on claims they have to pay out now and in the future.

The new video verification standard will be a win for everyone involved.

Wednesday, September 17, 2014

Service and Maintenance for CCTV

Service and Maintenance for CCTV
1. General:
Effective and regular maintenance of a CCTV surveillance system is essential to ensure that the system remains reliable at all times. It is advisable that maintenance of the CCTV system should be carried out by the company which installed the system. However, the maintenance company should have the means, including necessary spare parts and documentation, to meet the recommendations given here.
Note: This recommendation does not place an obligation upon customers who purchase their systems to have them maintained by the installing company. Maintenance is a matter of agreement between the customer and the installing company or a separate maintenance company. Maintenance comes under BS EN 62676-4 Clause 17 & SC CoP Guiding Principle 10.

The preservation of security within the maintenance company is of paramount importance and steps should be taken to ensure the safe keeping of all customers’ equipment and documentation relating to a particular installation/contract.

Note: BS EN 50132-7 states that “CCTV systems should be maintained in accordance with the schedule supplied by the system designer or supplier”, but does not detail any specific maintenance requirements. These guidelines give specific advice for the maintenance of CCTV surveillance systems, and provide examples of the type of documentation required to be used by the service company.

A maintenance company should ensure that adequate vetting of all employees is carried out. All employees, who visit a customer’s premises, shall carry identification cards which should include a photograph and signature of the bearer, the company’s name, contact details and a date of expiry (maximum of 3 years).
Each service technician employed by the maintenance company should carry a range of tools, test equipment and other equipment to enable them to perform their functions satisfactorily. Specialist tools, test equipment and plant should be available for deeper investigation if necessary.

Note: Disconnections, for whatever reason, should be recorded on a maintenance record and authorised by the client or his representative.
The maintenance company’s organisation should be so staffed as to ensure that the recommendations of this Code of Practice can be met at all times. The following factors should be taken into consideration:

  •       .  the number of installations to be serviced
  •        the complexity of the installations;
  •   . the geographical spread of the installations in relation to the location of the maintenance company, its branches and its service personnel
  •      .   the method of calling out service personnel outside normal office hours, where applicable.
  •     Service personnel should be adequately trained and training should be updated whenever appropriate.
Maintenance Service is 3 types but scope of work is same.
A.   Preventive Maintenance service.
B.   Corrective Maintenance service.
C.   Performance Maintenance service.

A. Preventative Maintenance
I. Frequency of visits
The following recommendations apply, unless the customer has agreed an alternative schedule of works with the maintenance company. It’s also called Planned maintenance.
Preventative Maintenance Inspection
As a minimum, this should include all the elements detailed in Clause II, and the intervals should not exceed 06 months. Customers may agree a more frequent visit where appropriate. During the 1st Visit you should note down all CCTV related Product Make, Model Nos with Version. If required make a hand sketch of geographical span.
Supplementary Preventative Maintenance Inspection
As a minimum, this should include the supplementary items detailed in Clause III. These supplementary inspections may be carried out at the same time as an annual visit or at less frequent intervals, dependent on the agreement between the customer and the maintenance company.

II. Preventative Maintenance Inspection (Scope of work)
During each preventative visit, inspection of the following, with all necessary tests, and those rectifications which are practical at the time, should be carried out:
Control Room:
1. Check the picture quality of each camera and monitor. Look for signs of condensation on housing windows and limiting of picture highlights, i.e. proper focus, proper resolution, Signal strength etc.
2. Check all controllable functions for each station e.g. pan, tilt, zoom, focus, iris, speed, auto-pan, wiper, pre-sets etc.
3. Check camera / monitor combination selection, proper functioning of Live/Spot monitors.
4. Check the operation of recorder (s) i.e. record, backup and replay.
5. Check the operation of special equipment such as video multiplexers, Storage.
6. Check any interfaces with alarms e.g. movement alarms, fences etc.
7. Check that all indications function correctly.
8. Check the IP setting at IP Camera and NVR/DVR.
9. Check BNC/RCA, LAN & Power connector at DVR/NVR/ Control Room.
10. Check the PATA/SATA cable for Hard Disk/RW. RS484 Cable.
11. Check the proper functioning of Mouse, USB port, RS485/232 port, DVR key/ Remote etc.
12. Check proper functioning of CCTV Software/Control Station/ Monitoring Software/Analytic software.

Around the supervised premises
1. Check that camera movement and field of view is free from obstruction, trees etc.
2. Check that ALL warning labels are in place (e.g. movement, voltage, LASER)
3. Check that indicator lamps are working.
4. Request that customer checks the operation of supplementary lights, including IR, at night. Leave a form and request that any faults are reported.

III. Supplementary Preventative Maintenance Inspection
During each Supplementary visit, inspection of the following, with all necessary tests, and those rectifications which are practical at the time, should be carried out:
1. Carry out all functional maintenance checks.
2. Check that external, flexible cables (Video, Power, Fiber, LAN) are properly supported and undamaged.
3. Examine all metalwork especially towers, brackets & box, for signs of corrosion and damage.
4. Lower towers and check cable for fraying. Grease the mechanism.
5. Check all glands and seals on external equipment.
6. Check all external and internal flexible wiring for signs of wear and fraying.
7. Check all fixed and flexible conduit for signs of damage.
8. Remove covers and housings and clean interiors (Lens, Camera Body, Fan, Power/Fiber Board etc) where necessary. Each camera bracket fittings and clamping bolts are tight.
9. Check the function and wear of wiper blades and washers.
10. Check the function of heaters/Cooler, Solar panel (if applicable).
11. Check the function of supplementary lighting, including IR, and photocells.
12. Check the integrity of all supports, Antenna, including cables & BNC/LAN.

Note: It is recommended that all filament lights/lamps should be replaced during this visit.
Those parts of a system, or any environmental conditions found during preventative maintenance, which could reduce the effectiveness of the system should be identified on the maintenance visit record.
Routine maintenance visits to the supervised premises should be made by a representative of the company at intervals of not less than once a year (as per SLA). Should the company, the customer or his insurer, require more frequent maintenance, this should be clearly stated in the maintenance record and in the contract documents.

Note: :If it is necessary to undertake routine maintenance work outside normal working hours, it is recommended that the contract between the customer and the company should state this requirement.

Those items of inspection or rectification which are not carried out at the time of routine inspection should be completed within a period normally not exceeding 20 days, other than by alternative agreement with the customer.
Before leaving your place provide answers to any questions or queries that you may have. Complete maintenance report and discuss work conducted with you. All work carried out on site, together with time of arrival is recorded on a record sheet (known as a docket / Case ID). The engineer will also note down any deficiencies in the system and recommend work required to maintain, full, trouble free operation. This docket is shown to your (customer) copy provided(Service Report/memo/ value reports) for placing on the file. Excludes provision of high reach equipment.

IV. Emergency service/Breakdown Call
Where an agreement exists, the customer should be kept informed of the address and telephone number of the company's service and emergency service facilities (Service call). It is recommended that except where otherwise agreed by the customer, the company’s emergency service facility should be so located and organised that under normal circumstances the company's representative should reach the supervised premises within eight hours from the notification of the fault. This recommendation need not apply to other than mainland installations. Whenever possible, the customer should be informed of any likely delay when a fault is notified.

B. Corrective Maintenance service.
Service remains same as per Preventive Maintenance (Clause I to IV). Its including all spare parts. Rapid repair of equipment that has broken down is critical to ensure uninterrupted operations, minimal downtime and optimal functionality. maintenance company offers Corrective Maintenance services to provide emergency maintenance support in the event of an unexpected breakdown of equipment and for timely resumption of operations. With Corrective Maintenance you can be assured their engineers are available when needed and that you have the backing of Maintenance Company’s extensive knowledge and support network.
Features:
1)      Technical Helpdesk support located at Maintenance Company.
2)      Travel and labour costs are included as well as replacement of parts due to wear and tear. Consumables are excluded.
3)      Maintenance company response Time commitment can be within hours after your first call.
4)      Spare parts to replace faulty components will be available during the whole length of the contract.
Benefits:
1)      Simplicity: just call and within 8Hr Maintenance company engineers will be there..
2)      Low-Risk: by ensuring the availability of your security systems you optimize your daily strategic operations.

C. Performance Maintenance service.
Service remains same as per Preventive Maintenance (Clause I to III). Its including all spare parts & Maintenance company engineers are available when needed. Technician / Engineers deputed on your (Customer) Control Room.
Features:
1)      Technical Helpdesk support at your (Customer) place.
2)      Our Response Time commitment can be within hours after your first call when Maintenance company field technicians are on-site.
3)      You decide when you want on-site technical assistance to be available: eight hours every working day, weekdays and weekend, around-the-clock or according to your own tailored schedule.
4)      Spare parts to replace faulty components will be available during the whole length of the contract.
5)      Online Monitoring gives you real-time information on your system and is crucial for delivering on the Performance Maintenance commitment.
6)      Carry out a visual inspection of all major components for signs of deterioration or damage and rectify as necessary.
Benefits:
1)      Simplicity: Availability of Technicians/Engineer 24hours a day, 365 days a year.
2)      Fast Response: you enjoy preferential treatment and Response Time commitment to rapidly restore the operation of your security systems.
3)      Risk-free: We take full responsibility for managing your security processes
4)      You know how fast your system will be up and running after any incident.
5)      Total peace of mind.

If you can get any Service and Maintenance for CCTV minimum you must maintain below point.
Do not make customer aprilfool.

Visually inspect all major components and connections for signs of deterioration or damage
Check all control equipment (DVRs, VCRs, monitors, multiplexers, video switchers, telemetry units etc) for correct operation
Check mains & power supplies and stand-by batteries including charging rates.
Check environmental conditions for adverse effects, including growth or shrubbery obscuring camera views
Check time and date settings in equipment and update the settings as appropriate
Check integrity of all cabling and sample check external insulation for damage
Clean cable fixings for security
Check auxiliary lighting equipment, infra-red units and photocells (if any) for correct operation
Check air vents are clear in all control equipment including PCs
Clean cameras, lenses and housing surfaces as necessary
Check al glands and seals on external equipment
Clean control equipment surfaces including PC (if applicable)
Establish regular back-ups are taken
Check camera is aligned to user specification, pictures for correct field of view and adjust as necessary
Check brackets, towers and fixings for corrosion or damage. Check clamping bolts/brackets are tightened correctly
Check wash/wipe units and wiper blades (if any) for correct operation and fill washer reservoir where necessary
Check quality of recording during day time and night time modes
Check pan and tilt assembly (if any) including fixings, electrical connections and functions.
Check the satisfactory CCTV transmission of images to remote site (if applicable)
Check warning signs are in place
Check all camera presets
Check all alarm presets

Tuesday, March 15, 2011

CCTV Illegal (90%) Ineffective (80%)


Whether CCTV is an existing element of your security/management strategy or you are considering investing in CCTV, you need to be sure that the system will provide unequivocal evidence.

Imagine your frustration at having your CCTV evidence rejected in a health & safety claim or employment law dispute due to poor quality images or procedural mistakes. The financial impact of such cases could amount to tens if not hundreds of thousands of currency; by comparison most instances of theft can appear almost inconsequential in terms of loss.

The quality of images as seen on TV News and crime reporting programmers is a damning indictment of CCTV standards. Consider the numbers quoted in the headline, 90% Illegal stated by CameraWatch is based on ‘initial research’ and refers to total or partial shortfall in Data Protection Act compliance. 80% Ineffective refers to the efficacy of CCTV evidence examined by the Police and is stated in the Home Office National CCTV Strategy.

These statistics are largely based on anecdotal evidence, nevertheless practical experience of those professionally involved in the assessment of CCTV systems would broadly agree with these estimates.

Another interesting number is the 3.2 to 4.2 million CCTV surveillance cameras employed in the India. Which figure is closest to reality no one knows, but there is probably 1 camera for every 15 members of the population, capturing our images as we go about our lives.

According to current folklore our image is captured 300 times a day and stored for a month or more. Should we be worried?
Provided that CCTV images are managed in accordance with Data Protection Act principles and you are a law abiding citizen, there should be no concern and in countless high profile cases CCTV has proven to be an invaluable aid to investigation. Evidence of the immediately preceding terrorist bombings was of fundamental importance to the Police investigation.

Data Protection Act legislation is at the very core of protecting our Human Rights when it comes to the use of CCTV, so are we safe to assume we are protected from its misuse? The law is certainly adequate and has been since the 1998 Data Protection Act encompassed CCTV images. The Information Commissioner is responsible for enforcement and serious cases of non compliance can result in a substantial fine or even a custodial sentence.

You must let people know that they are in an area where CCTV surveillance is being carried out. The most effective way of doing this is by prominently placed signs at the entrance to the CCTV zone and reinforcing this with further signs inside the area. The signs should contain details of the organization responsible for operating the system, the purposes for using CCTV and contact details.

The Data Protection Act does not prescribe any specific minimum or maximum periods which images should be retained for, the archive period should reflect the organization’s own purposes although 30 days is the accepted norm.
A little known aspect of DPA law is Right of Subject Access, you have a legal right to request a copy of your images captured on CCTV and subject to certain reasonable conditions the organization responsible for the CCTV system (the Data Controller) must provide a copy.

You will need to make the application in writing: stating where you were, the time & date and provide photographic identity so that the relevant images can be searched for. The Data Controller is entitled to charge something for the search including the cost of providing a CD or DVD. The images must be provided to the applicant within 40 days of the date of application or a valid reason for not being able to comply must be given within 21 days.

Legislation is weighted in favor of the applicant and the Data Controller can incur substantial costs in producing the copy recording, particularly if it is found to include images of third parties as well as the applicant. These third party images must be masked in order to protect the identities of others.
A frequent dilemma faced by Security / Facilities Managers of multi tenanted buildings is when a tenant demands access to recordings that may assist them in criminal or civil law matters. In the case of criminal investigation the response is clear cut, the tenant must report the matter to the Police who will request a copy of any video evidence they may require.

Non criminal cases are more complex and disclosure of images directly to the tenant may result in a breach of Data Protection Act law, on the other hand refusal may result in bad feeling if tenant holds the reasonable view that; ‘security is included in the service charge that I am paying and I should be allowed access to CCTV recordings that relate to my business’.

A reasonable response would be to establish the parameters of the recording; date, time and cameras. Then download images in the same manner as for a criminal investigation, but without allowing the applicant to view the images. You have at this point protected the required images from being overwritten by the recording equipment. The next move is to suggest that the tenant instruct their lawyer to request a copy, subject to an undertaking that the law firm becomes Data Controller for the issued copy.
In this article we refer to digital recording only, on the basis that video tape is redundant technology that is no longer serviceable and unlikely to be effective.

Digital images are primarily recorded to hard drive and are only downloaded on demand, the recording equipment should be held in a secure enclosure fixed to the building fabric or located in a security control room. Access to the system to download images should be password protected and only available to nominated Data Processors.

Images should be downloaded to non rewritable media such as CD or DVD and be playable on any video enabled PC or laptop without the need for additional software. It is good practice to download two copies of an incident, one being the Working Copy for issue and the other being an Archive copy held securely on site for backup or verification purposes. It is vital that a robust audit trail is created by means of Unique Reference Numbers printed on the disc during the printing process. The audit trail should be supported by suitable documentation. Download to memory stick, re-recordable media or the internet without secure encryption will compromise the veracity of the evidence.

If CCTV is an existing element within your security & management strategy, make sure that you have a CCTV policy in place describing how it should be managed in compliance with Data Protection Act law. Don’t then file and forget, but ensure that your security staff are issued with a copy and carry out an annual assessment of management and equipment performance, thereby ensuring that your CCTV continues to meet current needs and best practice.

If you are considering the installation of CCTV get a professional to assess your risks and system requirements in the form of an Operational Requirement based on the Home Office model. This is in effect a performance specification that can be issued to those responsible for the technical design and bid process, you can thus be sure of obtaining comparable quotations on which to base your buying decision. Furthermore you will have created a benchmark against which performance can be objectively assessed as a part of an effective professional handover process that will include; System Operating Manual, CCTV Policy, Management Documentation, Statutory CCTV Warning Signs and training of those responsible for managing the system.