How secure is your security device

May 2015 Asset Management

We are often content with our false sense of security. We may even be prone to believe that ABS braking systems will stop us securely, until the day we aquaplane.

The same applies to the world of security. A device, whether it be intrusion, access, electric fence or a video monitoring system is not security in itself. There are limitations and precautions that need to be understood and observed if the system is to deliver the value we want. The following few points go a long way to ensure that your systems remain secure.

Reputable equipment

Start with using equipment that has a traceable history and ongoing development. There are hundreds of products on the market and we can be inclined to consider devices based on price as they all seem to have the same features. But have you ever wondered if there is a backdoor into the device? Is there a way to recover a lost password, and who controls this? Is there a method to default a device (make it revert to its default settings), and what are the results of such an action? Are there security updates?

Device passwords

You need to password protect every device. More importantly, you need to choose a decent password that can’t be easily guessed. Stay away from common words and sequential characters. ADMIN, ADMINISTRATOR, 1234, 12345, 123456 are all examples to avoid. Do not fool yourself that your company’s phone number or address will be secure in the hope of having something easy to remember and seemingly difficult.

The best is to consider a random set of characters. There are many software applications that can generate these, so use them.

Host network protection

Any piece of electronic equipment that connects to a network will have a calculable risk of getting attacked. Threats can emanate from both inside and outside the company. Internally, a network should have specific rights applied to users to eliminate prying into areas that need to be restricted.

All equipment on the inside of a network should ideally not be accessible from the Internet unless such access is essential. Firewalls are designed for the purpose of filtering incoming information.

Unfortunately not every organisation or school or private home will have all these facilities. It is therefore imperative to consider the device itself.

Device protection

Irrespective of the design of the host network, there should be proper considerations given to the actual device. Most important is to change the default password. You can’t consider a system as hacked if the default password is not changed, this is regarded as legitimate authorised access. Make sure that all passwords and user names, if possible, are changed. Use a complex alphanumeric code with special characters.

Control who has access to this password. Front door keys can very quickly be copied for ease of access, and the same can happen to user names and passwords. Depending on the risk profile, passwords should be changed on a regular basis.

Devices also have multiple user profiles. This is specifically designed so that different users have different access levels within a device. Use it.

Physical protection is also important. Make sure that the equipment is not readily accessible. Direct access to a device provides an opportunity for tampering, defaulting and theft.

Firmware updates

Occasionally we might see articles or hear the urban legends, of Trojans. This is where any device running software can be manipulated to perform other malicious functions. Generally, Linux-based operating systems were considered safe, but this is no longer the case. Does your manufacturer respond regularly and timeously with new updates, and are you implementing them? The more common and well known the system the more activity there is to compromise it, but conversely, there are also more engineers working to make it secure.

Heightened security

Spend some time understanding and considering how access is gained to a device. A software package may have user restrictions, but this may not apply to hardware devices. Network cameras are all configurable via a browser such as Internet Explorer, Chrome, Safari or Firefox, so it is imperative to ensure that each device has proper security implemented.

Management tools

Do not assume everything is safe and secure. Operate from a point of knowledge. In the drive-through world of quick setup, there are many features available to help speed up an installation and make it easily accessible. Features such as UPnP, Bonjour and Network and Sharing Centre make devices easily discoverable. This progresses to a stage where links are automatically created in a router for access from the Internet. Disable this if not required.

Tools such as ONVIF Device Manager are great help for an installer to discover a device, but are just as easily useable for the intruder. Teamviewer and Remote Desktop are again great tools for installers, integrators and support divisions, but just as easily grant access to anyone knowing the logon credentials.

There is not always a hacker looking at every single network and device, but they do exist and are focused on exploiting systems, whether for fun or financial gain. From the perspective of securing yourself and your business, it may be better to work from a point of paranoia, conspiracy theories and suspicion.



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Simplified fire and facilities management from one screen
Fire & Instrument Services Facilities & Building Management Fire & Safety Asset Management
Fire & Instrument Services (F&IS) and Scansoft are simplifying the complexities of facilities management, including fire safety, with iBMS Adrenaline, an integrated building and facilities management system enabling companies to monitor, control, and manage system hardware through a single interface.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...
Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Read more...
Simplify AARTO compliance for fleets
Guardian Eye IoT & Automation Asset Management Transport (Industry) Logistics (Industry)
While there are challenges around the management and implementation of the AARTO Amendment Act, there are also benefits that need to be understood today to ensure compliance and value tomorrow.

Read more...
Logistics operators stand up to safety challenges
Logistics (Industry) Asset Management Transport (Industry)
The second annual Webfleet Road Safety Report for 2023 outlines common safety factors, challenges and solutions that South African transport operators face; deteriorating roads, poor vehicle maintenance, congestion and driver fatigue are common challenges.

Read more...
People screening goes mobile
Xscann Technologies News & Events Asset Management
Xscann Technologies has delivered a new mobile solution with added value for people screening. This turnkey solution requires no civil works as it is an all-in-one complete body scanning solution built in a shipping container.

Read more...
Securing road transport across Africa
Technews Publishing Editor's Choice Asset Management Security Services & Risk Management Transport (Industry) Logistics (Industry)
SMART Security Solutions spoke to Filipe de Almeida, the Portugal & Spain Regional TAPA EMEA Lead, and Massimo Carelle, the TAPA EMEA Africa Region Lead, about securing transport and logistics in hostile environments.

Read more...
Electronic Document Centre uses Synology
Infrastructure Asset Management
Electronic Document Centre (EDC), a semi-government company operating under Emirates Post Group, opted for Synology to streamline its data management infrastructure. This decision has led to improved operational efficiency and enhanced collaboration.

Read more...
Enhancing security and access control in estates
Sensor Security Systems Access Control & Identity Management
Residential estates, including gated communities and apartment complexes, have become increasingly popular due to their promise of safety and community living. However, ensuring the security of residents within these estates is a multifaceted challenge.

Read more...
Telematics help protect SA trucks against expanding risks
Logistics (Industry) Asset Management
South Africa’s road freight transport sector currently accounts for about 85% of all goods transported in the country and is growing rapidly annually. “To ensure that goods are delivered safely, promptly, and affordably is a challenge,” says Justin Manson of Webfleet.

Read more...