CYBER SECURITY
DIVIS places high priority on safety in video systems for transshipment warehouse monitoring and embedded systems
Bordesholm, August 30, 2018
Protective measures, for example in the form of firewalls, against external hacker attacks on company IT systems are known and common. On the other hand, the need for security of internal connections to the outside is often underestimated. We want to inform you today about what DIVIS is doing for the "internal security" of your systems.
The problem
With digitalization and networking, technical evolution is opening up ever-widening possibilities and breaking down limitations in many areas, including video security technology.
Users benefit from this in the form of extensive features in our video research software CargoVIS and ParcelVIS.
The development of new technologies has led to the widespread replacement of analogue solutions (formerly "CCTV systems") with IP-based video surveillance cameras. The new technology generally allows worldwide access to these systems and their data. In the field of video surveillance, this is a security weak spot that makes such a system vulnerable from the outside. To ensure safe operation, the networked IP cameras must therefore be protected against external access (= closed video system).
But even within such a closed system there is still reason for caution.
So-called Embedded Systems*, integrated and necessary for the operation of the used hardware of the installation, offer interfaces to other systems of the enterprise.
Access is often barely or not regulated at all, which means there is virtually no internal protection against manipulation or misuse.
Especially in the sensitive area of video surveillance, this protection is extremely important, not only because the monitoring must comply with legal requirements.
For cost reasons, data security in the selection of embedded systems is usually a secondary criterion behind price and functionality. Potential future attacks and thus weak spots are sometimes not known or not clear at the time of planning and design of the installation. The fact that virtually every internal system with external connections is subject to security risks often only starts playing a role once problems arise.
*An Embedded System handles complex control and data processing tasks in a hardware device. Among other things, the embedded software is responsible for sensitive tasks such as data handling in the devices, control, monitoring, updating and remote maintenance.
Solutions from DIVIS
DIVIS places a strong emphasis on video security to enable the safe operation of your cameras in the corporate environment.
We offer a variety of security solutions, from which a security concept suitable for your needs is set up already during the planning stage of a video system.
Security solution 1
Physically separated video networks
For our video system solutions, the DIVIS technicians set up a separate camera network in addition to the customer's operational network.
Each of the recorders we use has at least two network cards, each responsible for different networks (one of which is physically located in the customer network). Although the network cards are installed in the same recorder, so the networks are physically separated.
At first glance, this separation may seem unnecessary. From a technical standpoint, however, this step is very important for the security of your own customer network.
The advantages of separate networks
- The network load of the transshipment warehouse monitoring video system does not affect your customer network
- The data transfer can be optimally controlled in the video network
- Quick error analysis by DIVIS in the event of a malfunction can be ensured
- Unauthorized access to the cameras is not possible
Security solution 2
Remote access via VPN - secure data transmission through the Internet
Access via a VPN (= virtual private network) is a secure way to transfer sensitive data over the Internet. Therefore, the remote dial-in of DIVIS technicians always takes place via VPN connection.
Special standards for the selection of our components further increase the running and access security of your video surveillance system. In DIVIS recorders, for example, only certified quality components are installed, which ensures smooth 24/7 operation. The customized Linux operating system is stored on an industrial flash drive and protected against unauthorized access.
In principle, our software can be installed on any customer PC. The evaluation then takes place via the customer network. In order to perform the evaluation independently in the camera network, the evaluation software needs to be installed on a separate PC.
As the future operator of a video system, you have even more options in your own hands to secure your system.
Our recommendations
1. Configure your firewall
Only required connections should be authorized and all other incoming and outgoing connections should be blocked. Especially important for a smooth process is the maintenance of the whitelist (= desired connections). This list should be checked and updated regularly.
2. Use fixed IP addresses
DIVIS only uses fixed IP addresses with all cameras and recorders. Dynamic or variable (= changing) IP addresses are unsuitable for safety-relevant applications.
3. Use strong passwords
Preconfigured user accounts should be deleted in the course of the system launch. Passwords used should consist of more complex combinations and preferably should not have any personal connection to the company or individual employees.
DIVIS software has its own security mechanisms.
Our software offers several options for configuring user access. For example, the evaluation of images can be restricted to selected persons.
For individual functions, such as live image, export, outdoor area access, etc. individual user rights can be assigned. This prevents misuse of the video system.
Another security mechanism is the expiration of inactivity during sessions. If no operation takes place at the respective monitoring location for a certain time window, then the password entry must be repeated.
4. Stay on top with updates
Updates fix vulnerabilities that have been discovered or discovered. That's why it is so important to run them as soon as possible after the release.
Always up-to-date, a transshipment warehouse surveillance video system is less prone to falling victim of improper access to security vulnerabilities.
At DIVIS, the software is regularly updated.
If new security gaps are recognized, they are immediately closed by the software maintenance.
Conclusion
Security from the inside is an essential aspect of a modern video surveillance system. You can contribute a lot to the IT security of your company.
With DIVIS you also have a competent partner by your side, who will help you with technology and service to achieve the highest possible video security for your system.