Dear Safeguarding Info,
There is no way to guarantee that any data that travels over a public network is 100% secure. In fact, even data on private corporate networks shielded from the outside by firewalls is generally accessible at many of the network drops within a facility. There are a series of measures we take at AISG to ensure a level of confidence regarding the ability of a system to function securely as intended and to guard against cyber risks.
First, we question vendors about how their security products perform and make sure they include information protection best practices in their platforms and solutions. AISG follows a significant undertaking that involves architecture, design, and development of systems, components, applications, and networks. We scrutinize for weakness in a system, and examine system security procedures, internal controls, or areas that could be exploited or triggered by a threat. Our vulnerability assessment determines the adequacy of security measures and identifies security deficiencies.
Certain mechanisms, deployed on multiple levels, create a series of barriers to prevent, delay, or deter an attack. These practices in regard to products involve using strong passwords, updating firmware, disabling anonymous access, implementing authentication protocols and consistently monitoring system logs and servers. Many surveillance systems are deployed in the field, for example, with default passwords on all equipment, including cameras, switches, recorders, and more. At the very least, all surveillance network devices, including cameras, clients, and servers, should be changed from the defaults with strong passwords to prevent access to the network.
To prevent unauthorized remote access, many surveillance systems can be connected to multiple virtual networks to improve security. An easy but typically overlooked method of keeping unauthorized devices from accessing a switch is to disable all unused ports. Our IP-based solutions incorporate authentication protocols and data encryption standards to help mitigate risks of cyber threats.
While due diligence must be paid to the security configuration of networked surveillance cameras or IP-based access control systems and other IP physical security devices to eliminate exploitation, care must also be taken to guard against actual access to the systems themselves. You have to consider the human component. To avoid attackers gaining physical access to a computer, an obvious strategy as a first line of defense is access control; allowing only authorized individuals into the building.
By tying building access to network access, you can deter unauthorized individuals from accessing an unattended computer if they do gain entry into the building. You can limit access to the network, for example, if the user has not swiped a badge. This method can be further extended to allow access to assets only if individuals are accessing them from a terminal they are registered to use. A multi-factor authentication can be required: a security badge as ID and a password or biometric.
Monitoring for potential unauthorized access is also a necessary part of a protection program. Track all users: areas they are allowed access, when they access those areas; which computers and servers they use, and so on. New technology allows for monitoring the network for potential unauthorized access. Video analytics automates an alert of an incident when a possible breach occurs. A video surveillance system used in conjunction can retain the video from the area where an attempt was made.
READ NEXT: Sun Shines Brightly on AISG’s Solar Power Plant Project