Arthur Kull, Business Development Director at AxxonSoft delves into the cybersecurity considerations that need to be made when deploying video management software (VMS).

As organizations increasingly rely on VMS for their surveillance needs, it is crucial to prioritize cybersecurity in the selection and implementation of these systems.

VMS deployments face an ever-evolving threat landscape.

Unauthorized access to video feeds, data breaches compromising sensitive information and malicious software targeting video surveillance systems are just a few examples of the risks organizations must address.

This article provides an exploration of the key cybersecurity features and considerations that should be taken into account when choosing a VMS solution.

By understanding these criteria, organizations can ensure the protection of their sensitive data and mitigate potential risks.

Network Security

Securing the network infrastructure is critical for VMS deployments.

Isolating VMS systems on dedicated networks enhances security by reducing the potential attack surface.

When remote access is required, port forwarding should be avoided as it introduces vulnerabilities.

Most cloud services for remote VMS monitoring provide the capability for secure access through the standard HTTPS port (port 443) commonly used for secure data transfer via the internet, without the need to keep additional ports open.

Therefore, it is advantageous if the VMS allows remote access through a cloud service for any client application, including thick clients.

If port forwarding is necessary, e.g., when using non-cloud-based architecture, all communication should be routed through a dedicated port to minimize potential risks.

It is also crucial to ensure the encryption of transmitted data by using the HTTPS protocol with TLS encryption.

Whereby an up-to-date version of the TLS protocol (currently TLS 1.2 and 1.3) should be utilized to maintain the highest level of security.

It is important to mention that the VMS architecture should support secure remote connections for both cloud-based and non-cloud-based client-server scenarios.

This can be achieved by utilizing appropriate client-server interaction protocols, such as gRPC, to ensure secure and efficient communication between VMS components.

Password Policies

Password security is a critical aspect of VMS deployments. Implementing strong password policies helps protect user accounts from unauthorized access.

Passwords should be securely stored using one-way hashing algorithms, making it extremely difficult for attackers to reverse-engineer them.

Policies should enforce complexity requirements, regular password changes and the prevention of password reuse.

It is important that VMS require changing default credentials (such as root/root) at first login so that they will not be used later in a running system.

Additionally, implementing multi-factor authentication provides an extra layer of security by requiring users to provide additional verification factors beyond their passwords, which usually involves getting a verification code via text or email.

Security Policy

Applying a comprehensive security policy can complement the password polity to enhance cybersecurity measures.

Some of the features that VMS could provide are restrictions on multiple concurrent sessions, defining a range of permitted IP addresses for client computers connecting to servers and enforcing administrator-authenticated access to servers for specific user roles.

Logging significant security-related user actions is paramount as it enables organizations to monitor and detect any suspicious activities, ensuring accountability and aiding in forensic investigations if necessary.

User Rights Management and Privacy Measures

User rights management plays a vital role in maintaining the privacy and security of VMS deployments.

Granular access controls should be implemented to restrict user access based on their roles and responsibilities.

This ensures that only authorized individuals can view live video feeds, access recorded footage, and export video recordings.

Special privacy protection features, such as face and license plate masking, can be implemented to protect sensitive information and ensure the compliance with privacy regulations, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and others.

It is important that access to video feeds with unmasked data should be limited to authorized individuals with appropriate privileges.

Logging user actions related to sensitive information is also essential to maintain accountability and provide an audit trail for forensic investigations.

System Integrity Check

System integrity checks help detect unauthorized modifications and ensure the overall integrity of the VMS, therefore, the availability of such a feature in video management software is a significant advantage.

These checks involve verifying the presence and digital signatures of all executable files upon server/client start-up to detect any unauthorized modifications or tampering.

If the check fails, the system logs the corresponding event, warns the administrator and performs other pre-configured actions to mitigate risks, such as stopping some system services and blocking users without admin rights.

Patch Management and Software Updates

Timely patch management and software updates are critical for addressing known vulnerabilities in VMS platforms.

By staying up to date with the latest patches and updates, organizations can mitigate the risk of exploitation by malicious actors and ensure the overall security of their VMS deployments.

Video management software updates can be provided via a cloud service maintained by the VMS manufacturer.

A good practice is to automatically prompt the user when a newer version of the software or a patch is available and perform the update upon user approval.

Criteria for VMS Providers

When selecting a VMS provider, organizations should prioritize trusted and experienced companies with a proven track record in implementing high-security projects.

Providers should have well-defined internal policies for handling corporate information and regularly conduct penetration tests to identify and address vulnerabilities in their products promptly.

Additionally, evaluating the provider’s commitment to ongoing security updates and support is crucial for long-term security.

Additional Recommendations for Implementation

In addition to the aforementioned aspects, there are several additional recommendations to consider during VMS implementation.

These include providing user training on cybersecurity best practices, implementing robust monitoring and incident detection systems, and establishing backup and recovery procedures.

User training plays a crucial role in maintaining a secure VMS environment.

Educating users about cybersecurity best practices, such as password hygiene and recognizing social engineering attacks, helps create a security-conscious culture within the organization.

Implementing robust monitoring and incident detection systems enables organizations to identify and respond to potential security incidents promptly.

Establishing backup and recovery procedures ensures data resilience and minimizes the impact of potential data loss or system disruptions.

Conclusion

Selecting a VMS solution with robust cybersecurity features is essential for protecting sensitive video data and ensuring the integrity of surveillance systems.

By considering the key criteria outlined in this article, organizations can make informed decisions and implement VMS solutions that meet their cybersecurity requirements.

By prioritizing data protection, network security, proper user rights management, ongoing system integrity checks and software updates and selecting reputable VMS providers, organizations can enhance the overall security posture of their VMS deployments.