6 Considerations for Hardening Your Physical Security Systems
You may not realise many cyber attacks don’t start at a company’s network or server. Instead, hackers focus on gaining entry through systems connected to the network, such as merchant services, point-of-sale (POS) systems, physical security systems, and more.
These ancillary systems can go overlooked when updating firmware, changing default passwords, and other simple measures. Thus, they can provide welcoming entry points to a corporate network, exposing businesses to cyber attacks.
Fortunately, there are straightforward steps you can take to harden interconnected and networked systems, reducing vulnerabilities and the likelihood of a successful attack.
1. Software
- Ensure that all software throughout the system is updated at all times, including device firmware.
- Consider automating the checking and updating process with automated authenticity verification safeguards.
2. Passwords
- Establish and enforce a password management policy.
- No networked devices should continue to use default passwords provided by the manufacturer.
- Current best practices on passwords emphasise length as a major security determinant. Longer is better.
- Implementing periodic password changes will also greatly enhance security throughout the systems.
- Failed login attempts, either by usernames or passwords, should be limited, investigated and locked out.
3. Privileges
- Clearly define and determine the appropriate groups, differentiating between administrators, operators and users, and casual users and visitors.
- Each group should be assigned the system rights and privileges necessary for their assigned functions, and no more.
- Virtual Private Network (VPN) access should not be allowed for admin functions, diagnostics or similar sensitive information or access.
- Rights and privileges should be reviewed and adjusted periodically.
4. Security Architected Systems
- Security systems can be securely architected to have a low-risk connection to the internet. Careful attention needs to be given to limit susceptibility to hacking attempts. Of course, end points (cameras), access points and links to information networks must be programmatically managed to determine all system elements and connections automatically.
- Carefully curate all connections that support remote access.
- Wireless devices have vulnerabilities that must be managed, as they could be an easy gateway to physical security servers. Secure all wireless devices connected to corporate networks, including cameras, locks, printers and modems, so they cannot be accessed by unauthorised traffic.
- Implement logical separations for Virtual Local Area Networks (VLANs) and Access Control Lists (ACLs) that instruct system elements to only allow access to specific authorised devices and to deny all other requests.
5. Endpoint Connections
(Including cameras, badge readers, control panels, security-related servers, and video recorders)
- Hackers can gain access to the security network by plugging into a network cable that was installed to reach an external camera or plugging into open Universal Serial Bus (USB) ports on security endpoints.
- Port security can be used to protect against such connections by providing an additional layer of protection to restrict unauthorised devices from connecting to the router or switch ports.
- Port security makes use of the hard-coded Media Access Control (MAC) address of the authorised device, which, unlike an Internet Protocol (IP) address, is difficult to change. If a device is connected to a switch or router that doesn’t match the registered MAC address, then the system can block access to that device and raise an alarm for follow up.
6. Improving Cyber Event Detection with Automation
- Many firms are short-handed when it comes to security. Many studies have reported on a global shortage of cybersecurity talent that is expected to continue.
- Automated system verification tools provide a powerful alternative that can provide a more consistent and better detection/alerting function to detect all types of security-related issues.
- Automation can also check and verify that the installed firmware and software are current throughout physical security systems.
- The most powerful solution is to programmatically check the integrity of the video streams and stored video files themselves to ensure the system is operating as intended and that the video records are being stored as designed.
Disclaimer: By using the Blog section of this website ("Blog"), you agree to the terms of this Disclaimer, including but not limited to the terms of use and our privacy policy. The information provided on this Blog is for information purposes only. Such information is not intended to provide advice on your specific security needs nor to provide legal advice. If you would like to speak to a Security representative about your specific security needs, please contact us.