printer friendly version

Securing your network while securing your premises

Besides superior image quality, intelligent cameras and lower total cost of ownership, Internet Protocol (IP) surveillance systems have also grown in popularity because of their remote accessibility. This is the ability to access the cameras in realtime from anywhere in the world via the Internet.

As with all networked equipment, network cameras have an IP address. This makes it possible for anyone who has an always-on Internet connection to access the camera regardless of their location or device, provided they have the correct IP address. This exposes the IP system to the threats that are commonly associated with the Internet such as hacking and malware.

By its nature, surveillance is all about confidentiality. The data transmitted and saved on a network surveillance system may contain privileged information such as customer information and trade secrets. It goes without saying that the protection of this data should be at the heart of any web-based surveillance system.

Like any secure transmission or delivery process, there are several steps that need to be followed to ensure data integrity is maintained. The first of these is authentication.

Authentication is the most basic aspect of network security. Before gaining access to the network, the user or device needs to identify itself. This is done by providing some kind of identification, for example a username and password or even fingerprint identification in the more sophisticated systems. Most authentication programmes in use today are based on the 802.1x standard.

This standard provides authentication to devices attached to a local area network (LAN) port, establishing a connection or preventing access from that point if authentication fails. In an IP surveillance system, this means that even if a foreign camera is connected to the network through a port, it will still need to be authenticated to gain access to the network and use it.

Apart from keeping outsiders from entering the network, there is sometimes the need to limit network access to only certain individuals in the organisation. But how do you limit access to certain areas on the network without hampering people's ability to do their job?

This question brings us to the next step in securing the network. Even though an authentication identity may be legitimate, it still needs to be validated to gain access to the network. Whenever an authentication code is entered, it is compared to a database or list of correct and approved identities. This is called authorisation. It makes it possible to limit certain sections of the network to only certain individuals in the organisation, and in the same way limits access to certain cameras within a network surveillance system.

The final step in protecting data within a network is through encryption. Encrypting data prevents outsiders from being able to read or use the data. It is important to note though, that encryption could substantially decrease network performance.

Through all this, the protection of single devices against intrusion should not be neglected. Devices such as PCs, servers and individual network cameras should also be protected from unauthorised users, viruses and similar unwanted items.

Access to PCs and servers can be controlled through the use of complex username and password combinations. These should be at least six characters long, combining letters and numbers, and featuring both lower- and uppercase letters.

To protect devices from viruses and worms, a good quality virus scanner with up-to-date filters is recommended. Furthermore, if the LAN is connected to the Internet, it is important to use a firewall to regulate traffic to and from the Internet.

Roy Alves

Roy Alves is the country manager at Axis Communications South Africa.

Share this article:

Further reading: