Dispelling the Top 10 Myths of IP Surveillance: Myth No. 5

Myth #5: IP Transmission Is Insecure for Video


Note: Over the last several months, SecurityInfoWatch and ST&D have published a series of mythbusters about IP video. Check out ST&D's March issue and Securityinfowatch.com for myths one through four.

One of the most pervasive misconceptions about using Internet protocol to transmit video for security and surveillance applications is that the transmission is insecure for video. Much of this fear arises from the notion that the Internet is a portal to any and all information. Additionally, there have been several major news stories about intruders accessing network cameras after finding them through Google searches.

The IP-based networks used for video are the same as the networks used by corporations, banks, governments and hospitals for transferring data, e-mail and voice over IP. These networks are safe conduits for sensitive information if the correct security measures, such as firewalls, virtual private networks and password protection, are implemented. The same security precautions need to be taken when transferring video.

There are many examples of network video installations that monitor highly sensitive activities. Network video has been used for security during the Olympic Games, in downtown Washington, DC, and at major airports and government facilities. In all of these cases, those who installed and operated the systems took precautions to ensure that video would be kept secure.

Securing a Security System
There are three important ways to ensure secure transmissions via the Internet: authentication, authorization and privacy protection.

Authentication and Authorization. These first two methods go hand in hand. A device or user must identify itself to the network before gaining access, so it provides identity and access information to the network or system, like a username and password. The device or user is authenticated and authorized when the system compares the submitted information to a database of approved identities. Once the authorization is complete, the device is fully connected and operational in the system, or the user is free to use all authorized network features.

Password protecting network cameras and video servers is just as important as protecting your PC or servers. Passwords should be at least six characters long, combine numbers and letters, and mix lower and upper cases. Most network cameras support anonymous user access by default, which means that in the absence of a password, the video is made available to everyone with access to the network. If a video application needs to be highly secure, IP filtering should be used, meaning that the network camera will only send video if the request comes from a certain IP address, preventing unauthorized computers access even if they have the right username and password.

Privacy Protection. Encryption prevents unauthorized users from accessing data. Two of the more commonly used encryption protocols are VPNs and hypertext transfer protocol over secure socket layer (HTTPS). A VPN is a way to use public infrastructure, like the Internet, to provide remote users with secure access to a network. The VPN essentially creates a secure "tunnel" between the end points; only authorized devices or users can operate within the VPN. The data itself is not secured, but the pathway it travels on is protected. If the data itself must be protected, HTTPS can be used. HTTPS is a Web protocol that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. When a connection between the two devices is requested, the user or a third-party body such as Verisign verifies certificates that have been issued to the two devices. If the user or third party determines that the devices can be trusted, an encrypted communication is opened. HTTPS is commonly used when creating a connection to secure Web sites such as online banking pages.

Firewalls can serve as gatekeepers, blocking or restricting traffic to and from the Internet. They can prevent outsiders from accessing private data and control what information remote users can access.

This content continues onto the next page...