Selecting Right Security Consultant

 Selecting of Right Security Consultant

To find the right person or organization for your project, check references, create a good request for proposal and learn whether or not they will be contracting out some of the work.

If you have ever considered using a security consultant and found yourself a bit confused by the topic, don’t feel alone. Finding the right consultant, one who will save you money and benefit your campus requires a little understanding. Here are some tips that should help clear up some of the confusion.

1. What is a security consultant?

A security consultant is an individual or group of individuals who have specialized knowledge in some facet of the security industry. A consultant should serve only the interest of his or her client. Persons who work with, for or receive compensation from a vendor, integrator or anyone else who may directly benefit from your project fall into a separate category.

Some vendors may offer to provide security planning free of charge. They may even do a competent and ethical job. The problem remains that in-house experts will always have conflicting priorities: 1. to maximize company profit, and 2. to save money and work solely in the interest of their client (the vendor or integrator). A true consultant works only in the interest of their client (the hospital, school or university) with no potential conflicts.

2. How do security consultants learn their trade?

Security consultants usually begin their career in one of the many disciplines in the security industry. They may start their careers as police officers, electronic engineers, installers, integrators or manufacturers. Individual work with MNCs last 10-12Yr can show appreciation letter from there customer. The list can be extensive. 

Knowing how and from where they developed their consulting career can be helpful in judging their compatibility with your project. The area where they began will often indicate the area(s) where they are most knowledgeable.

 
3. What activities are covered by security consultants?

One of the many difficulties in choosing the right consultant is that the field is incredibly broad. Security is made up of hundreds of individual disciplines, all of which must fit carefully together like pieces of a large jigsaw puzzle. Unfortunately, no one can be an expert in all of the related topics. Here is just a partial list of specialties: perimeter fences, exterior access control, workplace violence, emergency planning, security force management, security policy and procedure, training, video surveillance, logical access control, intrusion detection, systems integration, key management, door and window hardware, building design issues, crime prevention through environmental design. The list could keep right on going. 

Some projects can be handled by an individual, while others may require a team to ensure the proper depth of knowledge in each critical subject area.

 
4. Should I look for depth or breadth of knowledge in a consultant?

Some security consultants know a little about everything, others may know a great deal about a few things. Your needs will help you determine which is most important. 

Consultants with great breadth of knowledge are valuable in seeing the overall picture, identifying all of the puzzle pieces and figuring the best way to fit them together. Consultants with depth of knowledge may be better at providing specifications for specific electronic hardware that will best fit campus requirements and compatibility needs. Finding a specialist with relatively good general security knowledge can be a real plus.

The ASIS International management credential (CPP) was designed to help specialists gain a broad understanding of the other security disciplines that must fit with their specialty. Having a CPP is not a guarantee of competence, but it is a means for a specialist to broaden his or her understanding of overall security.

5. How can security consultants benefit my campus?

Security consultants can provide a variety of services that can be quite valuable. They can:

·        Provide an unbiased view of your security needs

·        Bring knowledge from solving problems in different environments

·        Save money by resolving problems with cost effective solutions

·        Bring a fresh pair of eyes to review campus problems

·        Provide recommendations that may have more credibility than experts from the campus security department offering the same thoughts and ideas

·        Assist in negotiating lower bids by knowing what the labor time and charges should be for individual tasks

·        Write comprehensive specifications that make it difficult for unscrupulous vendors to add charges during the construction period

·        Provide post construction services to ensure that all aspects of the job have been completed properly as detailed in the specifications

·        Help recruit and select a truly qualified vendor

·        Provide other assistance

Not all consultants offer these advantages, but they are all possible when the right consultant is selected.

 

6. Should a consultant specialize in one type of campus?

If, for example, you currently manage security for a hospital, should your consultant specialize only in hospitals? Too much emphasis on specificity is reasonable but may also serve to eliminate the strongest contenders. Hospitals, high rise buildings, university campuses and schools all have unique security requirements. It is beneficial to choose consultants who have worked with and understand these requirements. 

On the other hand, consultants who also have experience outside that specific client type of institution may bring a greater breadth of ideas and experience.

7. What should I know about my consultant?
There are many things you will need to know about your consultant before signing the contract, including:

    ·        Their reputation by talking directly to their clients
·        The types of projects they work on, particularly those with similar complexity to yours
·        He / She self is member of (Security part) ASIS, SIA etc. Also check OEM contacts how is.
·        The strengths of all team members who will be assigned to your project
·        That the team will be committed to your project.
·        If they have the breadth to understand your overall security needs, and where and how a specific countermeasure must fit within the overall security program
·        If they have the depth of knowledge to write detailed specifications that will avoid extra construction period charges
·        Whether or not they have the capacity to handle your project without unreasonable delays. Companies with too many existing projects can result in delays or shortcuts that result in cost overruns.
·        Whether the contractor has any direct relationship with or receives compensation from any product or service that might relate to your project
 

8. What should I know about outsourcing and partnerships?
Some consulting organizations rely on partnerships to complete their tasks. This can be normal and beneficial to your project. Consultants who lack the required depth of knowledge in some area of your project can reach out to another consulting organization that has the requisite skill set.

It is critical that all partnerships and outsourced work be given the same scrutiny as the primary contractor. You will need to know their reputation, talk to their clients and have all team members listed along with their background and expertise.

9. How can I learn about a consultant’s reputation?
There are several things that can help in selecting the right consulting firm:

·        Develop in-house security knowledge. The broader your understanding of security, security countermeasures and how they fit together, the better you will be at selecting the right consultant.
·        Talk directly to former clients. Determine how close their project is to the one you anticipate. Ask about problems with their overall performance, including unanticipated cost overruns and delays in their service delivery. Ask how satisfied they are with the final result.
·        Get detailed information on all individuals who will be assigned to your project alongwith appreciation letter from his customers.
·        Check the information are true or falls.

10. How do I improve my chances in finding the right consultant?

·        Construct a well written request for proposal (RFP)

·        Take all prospective members on a job walk at least two weeks prior to the submittal due date 

·        Give them a good feel for your needs, areas of concern and project details 

·        Allow a period for them to submit questions prior to the proposal due date. The questions they ask may hint at their expertise. Share questions and answers with all potential vendors.

·        Have all competing vendors give a presentation on their approach and areas of emphasis that they would use in handling your project. Ensure that all evaluators fully understand the details of the RFP. 

·        The RFP should include mandatory disclosure of any monetary or other link between the consultant and any vendor that may be considered for the proposed work

·        Look beyond the low bid to your confidence in the organization and its ability to deliver what you need.

Thanks to Mr. James L. Grayson, CPP is a senior security consultant for Summers for support.

Elevator Surveillance Guide

 Elevator Surveillance Guide

Installing surveillance in an elevator can be challenging. Small but wide areas, vandal resistance, and transmission methods all present challenges not found in other areas cameras are installed. In this note, we look at:

• Form factor: Box vs. dome vs. specialty
• Resolution: How much is necessary?
• Transmission: Wired vs. wireless vs laser methods
• Dealing with electrical contractors

Form Factor

The first decision to make when considering elevator cameras is form factor. Minidome and corner mount are the two most common options in use as they most compact compared to box, bullet, or full sized dome cameras. Other form factors, such as box or bullet may be more easily tampered with due to the low ceiling height of the elevators, and more easily knocked out of position.

Minidome

The key advantage to minidomes is camera choice, as most manufacturers offer cameras in this form factor, with numerous resolution and lens options. These options are not generally seen in corner mount cameras.

However, they are more obtrusive than many corner mount housings, and do not blend into the interior of the elevator as well. Where aesthetics are the key concern, domes may not be preferred.

Corner Mount

This type of mount places the camera in a roughly triangular housing made to cover one of the elevator's corners. Some are sold as unitized housing/camera packages, while other manufacturers sell housings meant to accept a box camera. Size and appearance varies depending on manufacturer:

They key drawback to corner mount cameras is limited availability. Most manufacturers do not offer corner mount options, and those that do typically only offer one or two models, with limited resolution and lens choices. Larger corner housings built for box cameras add more flexibility, but are larger and more obtrusive.

Field of View/Resolution

Given elevators' small size, generally under 10' wide, users typically choose to cover the full car instead of just the doors. This gives them not only the opportunity to view comings and goings, tracking subjects throughout a facitity, but to view potential incidents in the elevator, as well. However, care should be taken that pixels per foot (PPF) does not drop below acceptable levels for recognition if no other cameras will provide facial shots of subjects, e.g. lobby and hallway cameras.

For example, using an actual 103° field of view from an elevator camera with Camera Calculator, we can see the difference between VGA, 720p, and 1080p in a typical 8x8' elevator. Estimating ~9' to target to reliably capture subjects as they enter through the elevator doors, 720p provides 56 PPF in this scene. This is likely enough to provide identification quality video under good lighting. VGA provides only 28 PPF, too low for recognition, while 1080p provides 85, more than enough.

Mounting Height

Since most people look down while walking, and criminals may actively avoid cameras, mounting height in elevators should be carefully considered for the best chance of capture. As we found cameras are typically best mounted as low as possible, with ~8' being a "sweet spot", better able to see those with heads down or hats on while also see over subjects beneath the camera.

This image shows the effects of mounting height and the subject's face angle, displaying the difference in capture quality at various mounting heights with the subject's face level as well as tilted down.

Signal Transmission

Once the camera has been selected, installers must decide how signal will be carried from the elevator. There are three typical options for this:

• Traveler cable
• RF wireless
• Optical laser

Traveler Cable

Connections between the elevator car and the machine room for power and signal are made via a specialized traveler cable. This cable is attached to the car, typically to the bottom, and to the top or center of the shaft. The construction of this cable varies, but it typically contains multiple twisted pair conductors for power and control, and possibly a UTP or coaxial cable for video. 

This image shows cross-sections of various flat traveler cables:

Generally speaking, since these cables are often attached to the top of the shaft, making the cable approximately twice the height of the shaft, UTP is not a usable solution for Ethernet. Buildings of 12-14 stories can easily have a 300' traveling cable, which exceeds the maximum distance category cables can be run, before even considering horizontal runs to an equipment room or IDF. In low-rise buildings, UTP may be an option, however. Fiber-optic and coaxial cables may be considered otherwise.

RF Wireless

The second option is to opt for wireless connectivity, utilizing a pair of wireless APs between the car and bottom or top of shaft. Both are used in practice, with the bottom of the shaft generally chosen for easier servicing. In this case, local power must be obtained from the car, which may involve the elevator contractor. Power is readily available, however, due to lights and air conditioning installed in the car.

Wireless eliminates the issue of necessary conductors in the traveler cable, but presents challenges of its own. Cables and conduits located in the elevator shaft may cause interference, making wireless connectivity unreliable. Very narrow beamwidth antennas may be used to compensate for this, but antenna alignment must be carefully set and maintained over time.

Optical Wireless

Optical wireless uses a pair of laser transceivers, one mounted to the car, the other in the shaft, to send/receive data. This is specified to handle elevator shafts up to 75 floors.

Optical product performance is degraded by dust, dirt, and other debris which may fall in the elevator shaft and as such should be cleaned regularly.

Dealing With Elevator Contractors

Normally, most facilities maintain service contracts with an elevator contractor, since the elevator must undergo routine maintenance. These contractors may be difficult to deal with, as a number of users have shared. They are often hesitant to modify existing traveling cables for new services, simply because it complicates (however slightly) their routine maintenance of the elevator with a system outside their control. If the traveling cable is insufficient to add video, installing a new cable is, most times, cost prohibitive, and may remove the elevator from service for several days. Both of these add up to expenses users may not wish to incur.

To avoid the coordination and expense required to have the elevator vendor add video to a car, users and integrators may attempt to add their own cable to the car. There are two things to be aware of in this case: 

• Third parties attempting to modify the cable without the contractor's permission will void warranties and service contracts in most cases. Even leaving existing cables alone and simply zip-tying a new UTP cable to it may be frowned upon.
• According to NEC code, hoistway cables must be listed for use in these applications, and be of type E. Standard UTP, fiber, and coaxial cables do not meet these requirements.

 

Video Wall Magic

Video Wall Magic 

Whenever people talk about CCTV, one of the first associations is video walls. No matter how powerful the servers behind, it is the visual that produces the "wow" effect — even on the most tech-savvy customers. Yet, they often back off, having heard the price. And this is where all EVO Global customers clearly benefit: EVO video wall has just got a major enhancement, and it does not cost you a rupee. EVO by LUXRIOT.

Video walls are widely used everywhere from airports to rock concerts. Traditionally, in CCTV their application includes, but is not limited to, showrooms and control centres. To build a video wall, you take narrow bezel monitors, projectors, or TV sets, and tile them together. Depending on the goal, some or all of them may form one huge screen. This resulting "transformer" display is much better rather than just one large display: it offers customizable shape and size, distributed processing, and superior reliability.

Typically, you would employ additional technologies to make several output devices work as one. EVO Global allows casting a single picture onto a combination of displays from separate workstations. Most importantly: without anything other than just regular Windows display management. EVO is one of the most comprehensive enterprise-level VMS solutions on the market, featuring interactive maps linked to alarms; an advanced event and action manager; analytics tools; video wall support and other components you will definitely appreciate. To ensure the safety of your data, the software also offers edge recording for synchronising all data with IP devices storage, archive replication, advanced system health monitoring and failover, which will reduce the disruption of your video surveillance recordings to zero. SSA Integrate is India Regions business partner.

Fantastic Flexibility

Video walls have been available in EVO Global since its very first versions. So what's different now?

Earlier, we already saw how the Luxriot virtual video wall helps organize collections of displays, including those in different locations. Now, EVO Global offers another option: mosaic display, or, according to a customer, "the real video wall". Previously, you could have a virtual collection of screens, scattered across the place, managed from your office. From now on, EVO Global also gives you an opportunity to combine several local screens into one. Both approaches fit into the video wall definition, yet they have different use case scenarios. And, both retain EVO's convenient and flexible management instruments.

In other words, EVO now acts as your video wall controller — no middleware required. The displays may be independent, maybe even driven by different workstations. But, in EVO they behave as a single canvas. Clever algorithms ensure full synchronization between the screens, guaranteeing zero delays.

Such architecture provides notable flexibility. Not only can you re-arrange the displays or add new ones at any point, but you also are free to use variegated hardware. This is true for both workstations and display brands. While a consistent video wall solution looks best on homogenous LCD/LED panel sets, a temporary replacement or a quick demo set-up becomes a piece of cake.

As you would expect, the rest of EVO Global video wall functionality remains the same. Once configured, any video wall screen contents can be controlled from anywhere in the universe.

Smooth Setup

Let's consider a use case. 

Four display panels tiled contiguously, driven by two workstations. The task for EVO will be to display one high-resolution picture using all four screens. Simultaneously, an extra display in the operator's room should preview the same layout.

Briefly, the plan is: create a video wall, install clients, assign client displays to the video wall screens.

Add a single screen video wall in EVO Console

Detailed description

Step 1: in your EVO Console, add a new video wall. For the current setup, the wall layout will be simply one screen, 1x1 grid. We shall use the same video wall screen for both the showroom and the operator's room.

Step 2: install EVO Monitor on all client workstations. The client application does not require a license, and you can use either 32- or 64-bit packages. Each application instance may have one or several windows. Therefore, the four panels can be split between two, three, or four workstations. Let's assume we have two client PCs here, each driving two displays.

Step 3: link physical displays to video wall screens. In this case, we have only got a single video wall screen, and we shall use it twice.

First, in the showroom, all 2x2 displays will belong to the video wall screen with a "tiled" option. To do this, open the multi-display settings, select a window, tick the Video wall screen setting, then also tick the Tiled display option on the right. In the mosaic preview, enter the grid size and then select the part of the big screen that is occupied by the underlying physical display.

Second, in the operator's room, simply point the monitor to the same video wall screen, without selecting the "tiled" setting. As a result, the same output will be produced on a single preview display.

Create a tiled video wall in EVO Monitor via multi-display setup

Step 4: have fun managing the video wall remotely or with E&A. For manual remote administration, there is a separate tab in the EVO Monitor application called — who would have thought? — Video wall. To start, drag and drop your video wall from the Resources section on the left. And then, place the desired layouts, channels and maps onto the preview area below. All adjustments will take instant effect and you will notice the changes in both rooms. Don't forget to save the current layout as start-up by clicking the "three stripes" button in the upper right corner of the preview area.

Tips & Tricks

To make the most out of the tiled video wall, remember a few aspects:

• make sure the video cards meet the hardware requirements for EVO Monitor
• calibrate your displays to match the brightness and color settings
• use displays with the same aspect ratio and resolution
• choose displays with the near-zero bezel (frame) and minimize the gap between them

Hardware requirements

Refer https://www.luxriot.com/support/hardware-calculator/

Benefits

EVO Global video wall feature is a strikingly simple yet powerful solution for anyone. All the more, we are proud to present the "stretchy" video wall option as a further advantage.

• Feel free to experiment with any size or shape, and re-build your video wall at any time. Any alterations to the original layout only need a few fine-tune clicks on the client side.
• The feature is already included with your EVO Global license - no additional costs involved.
• On top of that, the EVO Global video wall does not have strict requirements for the used display type. You do not have to stick to a particular brand, never mention additional software or hardware drivers. This also means you can start with the existing infrastructure, and the final solution may implore little or no extra investments at all.
• Easy setup and re-configuration.
• EVO Global redundancy covers for video walls, too, — have you set up your mirroring server?
• Control your video walls remotely from anywhere in the world. All changes are effective immediately. For routine scenarios, use our advanced Event & Action management: any video wall contents will pop up and disappear automatically.

Luxriot Evo Global, is not only offering 64-bit speed and all the necessary tools for setting up an absolute situational alertness system aimed to respond quickly to events, but also introduces a central server governance hierarchy of all the components. To know more on this, can mail to ssaintegrate@gmail.com

Cyber threat into Video Surveillance

Cyber threat into Video Surveillance

Yes we all are known US ban HikVision, Dahua and IPVM media cover full story time by time. Security systems are changing at an ever-increasing pace and are making more use of standard Information Technology (IT) products running over a Local Area Network (LAN) or Wide Area Network (WAN) e.g. across the Internet, where they can be remotely monitored and controlled. As a result of using Internet Protocol (IP), the opportunity has arisen for manufacturers to develop new generations of equipment from control panels, cameras, and door controllers, to fully integrated systems combining fire, access control, CCTV, intruder and building control systems. These “integrated” systems are often called security management systems as they bring together the management of all aspects of an organization’s security.

Closed-circuit television (CCTV) is a TV system in which signals are not publicly distributed, but are monitored, primarily for surveillance and security purposes. CCTV systems rely on strategic placement of cameras and observation of the camera’s input on monitors. As the cameras communicate with monitors and/or video recorders across private coaxial cable runs, or wireless communication links, they gain the designation “closed-circuit” to indicate that access to their content is limited to only those with authorisation to see it. First we need to understand below few things:

What is a network?

In simple terms, a network provides a means of communicating data between two or more computer-like devices. A network can be a LAN and can incorporate a Wireless element of networking (WLAN). Where the network has the need to communicate outside of a single LAN, a WAN is used. A WAN can connect LANs together to communicate with users and computers in other locations. The most well-known example of a WAN is the Internet.

Why use an IP network?

Traditionally, many security systems have been linked to remote monitoring centres using modem type devices connected to a telephone line to exchange information. Using a network introduces many benefits, for example a substantial financial saving compared to dial up solutions. Additionally, the use of a network can improve quality of information and the time required to connect and exchange information.

Digital formats are being chosen by many industries such as music, telephone (voice over IP networks), TV, photography etc. With so many industries making use of IP technology, networks have become extremely robust. As a result, the use of a network can make the exchange of information between a security system and a remote monitoring centre more efficient.

Internet Service Provider (ISP)

The connection between your premises and the monitoring location may use an ISP to provide the service. When choosing an ISP, you should endeavour to establish the level of service being offered. Additionally, it may be prudent to have a second ISP link. The connection between your premises and the ISP is perhaps the weaker link so if you do have concerns, you should investigate an alternate means of communication from your premises into the ISP, i.e. GPRS, GSM (mobile service providers).

Bandwidth

Bandwidth requirements (space on your network to operate) should be discussed with your IT manager. The bandwidth required to operate a CCTV system may be considerable. Your security system provider will be able to advise you on the bandwidth requirements. As a general guide, CCTV systems require considerable bandwidth to send video images over a network whereas access control, intruder alarm systems and visitor management systems that only send small amounts of data, do not require much bandwidth.

Company usage policies

You will also need to consider company policies relating to “what is allowed” to use an existing network. If the nature of your business dictates that the network shall only be used for specific applications, then this may immediately determine that a separate network must be installed for the security system.

Now SSA Integrate company Integrating existing security with IP security solutions. As now common backbone are under TCP/IP. The network of connected sensors, devices, and appliances commonly referred to as the Internet of Things (IoT) has completely changed the way business works. This is as

true of the heavy hauling and freight industry as any other. At any moment, various players in the industry can get a sense of vehicle health, cargo safety, and whether or not any infrastructure is in need of repair.

Some products allow a mixture of analogue and digital security equipment to be combined, and this means that there is not always a need to move completely to an IP based system if an existing security system is in place.

The ‘hybrid’ approach is more common where two or more security sub systems are combined to create an integrated solution. The data in a hybrid system will usually come together at one or more PC’s. Non-IP systems are often connected to a PC using a serial port, whereas IP systems will be connected over the network.

A cyber-attack at targeted points in a country or region’s network could leave it crippled, preventing people from receiving much-needed goods and services. Fortunately, it doesn’t have to be that way.

Now cyberattacks on CCTV systems making news headlines on a weekly basis of late, there is a good deal of concern and uncertainty about how at risk these systems are, as well as why they are being attacked.

In October 2016, 600,000 internet connected cameras, DVR’s, routers and other IoT devices were compromised and used to for a massive Bot Net to launch what was the largest Denial Of Service (DOS) attack the internet had experienced to date.

In 2014, a US ally observed a malicious actor attacking the US State Department computer systems. In response the NSA traced the attacker’s source and infiltrated their computer systems gaining access to their CCTV cameras from where they were able to observe the hackers’ comings and goings.

In the lead up to the 2017 US Presidential inauguration, 65 per cent of the recording servers for the city of Washington CCTV system were infected with ransomware. How did the attack take place? Whilst unknown, it most likely occurred by the same means as other common PC hacks such as infected USB keys, malicious web sites, or phishing attacks.

What was the impact? The system administrators had to wipe the infected systems and reinstall the video management system so it’s entirely possible a good deal of footage was lost, and the system was rendered inoperable for a time.

May, 2018, over 60 Canon cameras in Japan were hacked with “I’m Hacked. bye2” appearing in the camera display text. How did the attack take place? Simple. IP cameras were connected to the internet and were left on default credentials. It appears that the hackers logged into the cameras and changed the on-screen display. What was the impact? Other the defacement of the camera displays and some reputational damage, there doesn’t seem to have been much impact from these attacks.

How did the attack take place? Yet again, devices were left connected to the internet and were left on default credentials. In this case, the attackers developed software that scoured the internet searching for vulnerable devices, which they then took control using their own malicious software.

What lessons can we learn from these attacks?

Don’t connect your devices directly to the Internet. If you need to have a camera or CCTV system be remotely accessible, port forwarding all inbound traffic to your system is just asking to be attacked. Use a VPN, use non-standard network ports, enable 2 factor authentications, or use a remote access service. While these measures won’t guarantee your security, they will certainly make you less of a target for attackers that are scouring the internet for vulnerable systems.

Just because it connects to a bunch of cameras, doesn’t mean that your NVR isn’t a computer. All the cyber security advice that is applicable to traditional IT is just as applicable when said computer is used as part of a CCTV system.

On Aug 13, 2018, The US President has signed the 2019 NDAA into law, banning the use of Dahua and HikVision (and their OEMs) for the US government, for US government-funded contracts and possibly for 'critical infrastructure' and 'national Security’ usage.

US government is effectively blacklisting Dahua and HikVision products, this will have a severe branding and consequentially purchasing impact. Many buyers will be concerned about:

·         What security risks those products pose for them

·         What problems might occur if they want to integrate with public / government systems

·         What future legislation at the state or local level might ban usage of such systems

On Jun 06, 2019 Hanwha Techwin is dropping Huawei Hisilicon from all of their products. Its belongs to China’s origin. Backdoor entry are open on product.

The tightening noose around Chinese technology firms is driven by the Trump administration’s view that China poses an economic, technological and political threat, a stance that country is likely to retaliate against. The two companies prompted concern that they could be employed in espionage, according to people familiar with the matter. Last week, the administration banned Huawei Technologies Co. from purchasing American technology amid similar suspicions of spying capabilities and Chinese laws that could require home-grown firms to hand over information if asked.

Hikvision, which is controlled by the Chinese government and Dahua are leaders in the market for surveillance technology, with cameras that can produce sharp, full-color images in fog and near-total darkness. They also use artificial intelligence to power 3D people-counting cameras and facial recognition systems on a vast scale.

A Chinese firm whose subsidiary has been shortlisted to supply security cameras for the national capital is on a US watch list, with an advisory on threats, including remote hacking and potential backdoor access. 

Concerns have also been raised on the firm being owned by the Chinese government, adding a twist to the controversy over a Delhi government project to install 1.5 lakh CCTV cameras across the city.  Now question is how you Prevent Malware Attacks:

1.   Manage your router: Earlier this year, the FBI recommended that everyone reboot all home routers and small office routers. In a previous blog on the subject, Davis stated that “rebooting will disable the active malware called “VPN Filter" which has infected hundreds of thousands of routers across the Internet, and it will help the FBI assess the extent of the infection.” While this was an isolated incident in time,

2.   Disable UPNP: UPNP will automatically try to forward ports in your router or modem. Normally this would be a good thing. However, if your system automatically forwards the ports, and you leave the credentials defaulted, you may end up with unwanted visitors.

3.   Disable P2P: P2P is used to remotely access a system via a serial number. The possibility of someone hacking into your system using P2P is highly unlikely because the system’s user name, password, and serial number are also required.

4.   Disable SNMP if you are not using it. If you are using SNMP, you should do so temporarily, for tracing and testing purposes only.

5.   Disable Multicast: Multicast is used to share video streams between two recorders. Currently there are no known issues involving Multicast, but if you are not using this feature, you should disable it.

6.   Cameras connected to the POE ports on the back of an NVR are isolated from the outside world and cannot be accessed directly.

7.   Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of numbers to the device. Do not DMZ the device's IP address.

8.   Protect your computer from vulnerabilities: Clean up your computer by removing old software programs no longer in use, and make sure to install patches regularly. Updating firmware safeguards equipment by patching known vulnerabilities often adds features and sometimes will improve system performance.

9.   Use firewalls and firebreaks (network segmentation): Place devices behind firewalls to protect them from untrusted networks, such as the Internet. And, use network segmentation—splitting a network into separate networks that are isolated, not connected—so a compromise in one part of the network won’t compromise the other (i.e. human resources and finance). This works much like a firebreak, which is a strip of land in a wooded area or forest where the trees have been removed to prevent a fire from spreading.

10. The network your NVR and IP camera resides on should not be the same network as your public computer network. This will prevent any visitors or unwanted guests from getting access to the same network the security system needs in order to function properly.

Some Protection Protocols:

Cyber security procedures for video surveillance devices across the threat spectrum require certain protection protocols.

Weaponizing IP Cameras (Threat High)

Most IP cameras today are manufactured with an open operating system, or basic kernel, that gives no real consideration to data or cybersecurity. For years, people have asked about the security of the video that their system produces; now, people are asking if their IP camera system can be used against them.

Think of an IT administrator who has worked diligently to secure a network, servers and mobile devices who then finds out that the 200 recently installed IP cameras on the edge of that network that are vulnerable to root kits, can be weaponized and used as attack platforms against their own network – and there is no way to monitor them.

This may seem far-fetched, but in Sept. 2016, 1.5 million IP cameras, DVRs and L3 network devices were highjacked in the largest DDOS attack ever seen. So what are the current fundamental considerations that an organization needs to take into consideration before placing an IP camera on their network? 

Protection Protocol:

·         The operating system (OS) on a video device should be a closed OS that runs in limited memory space.

·         Nothing should be able to be written to the device itself with the exception of digitally signed firmware. If the device has the ability to run third-party apps, it can be weaponized.

·         Common ports should be disabled by default. From a vulnerability and pen testing perspective, the more ports that are open, the more opportunity there is to leverage a device or the services on that device.

·         Video devices should utilize HSTS/ HTTP Strict Transport Security if you are going to implement end-to-end security. This protocol helps protect against protocol downgrade attacks, cookie high jacking, as well as forces an HTTPS connection to the device.

·         Consider devices with a built-in “firewall” to prevent dictionary attacks from Botnets.

·         Monitor user accounts and access to the video devices. Most IP cameras are installed with the default user name and password, and if installed on an accessible network, a connection can be established from anywhere in the world. Devices should have a force password feature that also adheres to password policies, such as length and complexity.

·         Monitor a device’s chain of custody. The vendor should have a secure chain of custody during a manufacturing process all the way through to the final sale. If they are not manufactured in a controlled environment, video devices can be tampered with at any time prior to being sold to the customer

Attacking Servers and NVRs (Threat High)

Most VMS servers and NVRs reside on either a Windows operating system or some flavor of Linux. There is an illusion of security that most of us have with regards to OS security, but just take a look at an OS vulnerability chart and that illusion will quickly disappear.

A base unpatched Windows Server 2012 OS has 36 vulnerabilities; a standard Linux distribution has 119. Most vulnerability that machines are subject to are a result of “add-ons” – such as Internet Explorer (242) and Chrome (124). While Windows Server is a more secure platform, it is also a bigger target due to its market share and utilization.

Protection Protocol:

·         As with any machine on a network, it is imperative that the most current updates and patches are applied to video system devices.

·         Ensure a VMS can work within your network policies and environment while a network firewall and anti-virus software are operational.

·         Use hardened password policies, restricted physical and network access, and disable USB ports.

Recorded Video (Data at Rest-Threat Medium)

The two primary purposes of any video system are to act as a deterrent and to be used as admissible evidence in a court of law, if needed. Technically, digital video falls under the scrutiny of the Federal Rules of Evidence (FRE) as it pertains to digital evidence, and authenticity affects admissibility.

Most NVR systems write video in a base file format such as *.AVI,*.G64, *.MKV. If the video drives are accessible via network share, they are subject to tampering.

Protection Protocol:

·         Video, if written in a readable format, should be encrypted to reduce accessibility and the possibility of tampering.

·         Video devices should use some form of hashing as a form of authenticity. Hashing provides the “Data Fixity” of a file and is a form of admissible evidence. Older forms of authenticity, such as water marking can be considered video tampering.

·         The VMS should also provide a way to protect original incident video for any undefined time beyond the system’s retention time in case of prolonged court cases.  

Playback and Export (Data in Use-Threat Medium)

The current biggest threat to recorded video is internal employees posting incident video footage to social media or leaking it to the press. The need to keep recorded video secure is paramount for many reasons. Unrestricted access to recorded video can cause several different types of issues, including legal and HR incidents. 

Protection Protocol:

·         Be sure your VMS provides granular privileges concerning the export, deletion and protection of recorded video.

Streaming Video (Data in Motion-Threat Low)

While the actual threat of streaming video being intercepted and used in some way is low, the knowledge that the data from a specific IP address is video can be used against you. From the aspect of network enumeration, an attacker now knows he has non-PC target(s) that he can try to leverage.

Protection Protocol:

·         Video devices should be able to utilize HTTPS communications, with certificates. This ensures secure end-to-end communications including control channels and video payload.

·         Video devices should be equipped with a Trusted Platform Module (TPM) to securely store certificates utilized in different secure network scenarios such as 802.1x  and Public Key Infrastructure (PKI).

·         Your video devices should have features that provide the ability to disable certain protocols such as ICMP, Telnet, and FTP.

Few Current Development:

Read more at:
1.http://economictimes.indiatimes.com/articleshow/64281935.cms?from=mdr&utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

2. https://www.bloomberg.com/news/articles/2019-05-22/china-s-hikvision-weighed-for-u-s-ban-has-probably-filmed-you

3. IPVM Report

4. https://www.ifsecglobal.com/smart-cctv-and-the-internet-of-things-2016-trends-and-predications/

5. https://systemsurveyor.com/iot_survellance/

6. https://www.business-standard.com/article/international/after-huawei-us-may-ban-chinese-surveillance-tech-firm-hikvision-report-119052200173_1.html

7. https://www.thehindubusinessline.com/news/world/us-could-blacklist-chinese-surveillance-tech-firm-hikvision-report/article27203042.ece

8. https://www.scmp.com/tech/gear/article/2163948/chinese-surveillance-camera-makers-hikvision-dahua-fall-security-concerns