Ten Steps to a Successful IP Surveillance Installation: Step 8

Step 8: Security


Additional network security can be created with the use of firewalls. Firewall software normally resides on a server and protects one network from users on other networks. The firewall examines each packet of information and determines whether it should continue on to its destination or be filtered out. The firewall serves as a gatekeeper, blocking or restricting traffic between two networks, such as a video surveillance network and the Internet.

Wireless Security

Wireless network cameras can create additional security requirements. Unless security measures are in place, everyone with a compatible wireless device in the network's range is able to access the network and share services. To better secure IP surveillance installations with a wireless component, users should consider using Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) encryption.

WEP creates a wireless network that has comparable security and privacy to a wired network. It uses keys to prevent people without the correct key from accessing the network, which is the security commonly found in home networks. Data encryption protects the wireless link so that other typical local area network security mechanisms—including password protection, end-to-end encryption, VPNs and authentication—can be put in place.

However, WEP has several flaws that make it unsuitable for use in a corporate environment. The standard uses a static key, making it easy to hack into the network with inexpensive, off-the-shelf software.

For additional protection, wireless IP surveillance should employ WPA, which changes the encryption for every frame transmitted. WPA is considered the base level of security for corporate wireless networks, but for even higher security, WPA2 should be used. WPA2 uses Advanced Encryption Standard (AES), the best encryption available for wireless networks today.

Protecting System Access

In addition to protecting data, it is critical to control access to the system via a Web interface or an application housed on a PC server. Access can be secured with user names and passwords, which should be at least six characters long—the longer, the better. Passwords should also mix lower and upper cases and use a combination of numbers and letters. Additionally, tools like finger scanners and smart cards can be used to increase security.

Viruses and worms are also major security concerns in IP surveillance systems, so a virus scanner with up-to-date filters is recommended. This should be installed on all computers, and operating systems should be regularly updated with service packs and fixes from the manufacturer. Network cameras and video servers with read-only memory will also help protect against viruses and worms—programs that write themselves into a device's memory. If you use network cameras and video servers with read-only memory, these programs will not be able to corrupt the devices' internal operating systems.

Employing the outlined security measures makes an IP surveillance network secure and allows users the flexibility of off-site access without the worry that video will fall into the wrong hands. Understanding and choosing the right security options—such as firewalls, virtual private networks (VPNs) and password protection—will eliminate concerns that an IP surveillance system is open to the public.

About the author: As the general manager for Axis Communications, Fredrik Nilsson oversees the company's operations in North America . In this role, he manages all aspects of the business, including sales, marketing, business expansion and finance. He can be reached via email at Fredrik.Nilsson@axis.com.