Physical Security Systems on the Network
Wednesday, June 30, 2010 11:00
This summer, I helped a friend install a DVR (digital video recorder) for his business security camera system. I also helped him configure the DVR and his network to allow remote viewing of the security cameras for him and a few key employees. While helping him with this project, I realized how much physical security systems have changed over the past few years. More and more of them are being manufactured with network capabilities with many of them being installed on the business network.
At this point, physical security systems mainly consist of video or security camera systems along with access control systems. Just as I wrote in a recent article on copier security issues, most of these systems have vulnerabilities and are subject to network attacks either from outside a business or from those within a business, such as employees and third-party contractors. Lately, there have been attack methods published on both networked video or security camera systems and access control systems.
Security Camera System
At the last DEFCON conference, a security research firm showed that a brand-name security camera system was vulnerable to attack. In the demonstration, the firm simply captured some video footage of an object and replayed it so that when the object was removed, it still appeared to be in the same location. It reminds me of some older action movies and TV shows which portrayed this kind of event as fiction. Now this type of capability is reality for those with the necessary technical skills.
You can download and read more about this type of attack from the DEFCON site or listen to audio of the presentation along with other resources on this DEFCON resource page. Make sure you scroll down to the “Advancing Video Application Attacks with Video Interception, Recording and Replay”, which is a little over half way down on the page. The audio and PDF versions of this information are available on this page.
Access Control System
At another security conference, a security researcher showed how a networked access control system could be attacked. The researcher showed how he was able to gain access to the system as well as how to search the internet to find access control systems which are vulnerable to attack.
You can view and download the security researcher’s presentation of the access control system attack . It will help you gain a better understanding of the vulnerabilities you might face if you are currently using a networked access control system or are considering one in the future for your business. The video is quite lengthy but does provide some good information if you are considering using a networked access control system.
While no computer or networked device is a hundred percent secure, make sure that you understand and know what security features the system has prior to purchasing and installing them on your network. The capabilities and features of these types of networked physical security systems are constantly changing and improving so my best advice is to be aware of the issue and shop around before installing one on your network. Also, you should do a web search for security vulnerabilities related to specific devices or systems. Then, evaluate the security of your business network overall because poor network security or changing things on your network such as adding a networked physical security system can affect your overall security. Lastly, make sure you change the default passwords on networked devices before deploying them on your network. This is a simple but often forgotten security step.
Leave a comment if you can provide further insight regarding networked physical security systems or have installed such systems on your own business network.
Related posts: