As the number of IP-connected devices in physical security systems increases, conversations about information security are a natural part of the sales process.
Organizations such as the National Institute of Standards and Technology (NIST) are actively proposing an Identify - Protect - Detect - Respond - Recover framework for cyber security. The NIST framework advocates the identification of key business risks due to cyber threats, such as the protection of data, devices, and services; continuous monitoring to enable detection of cyber security events as they happen; and the development of a clear response and recovery process.
The Three Principles of Avigilon Cyber Protection
The protection of data, devices, and services can be successful only if the network-connected software and hardware implement appropriate defensive measures to ensure integrity, confidentiality, and availability.
Ensuring data and the function of the system are not maliciously or inadvertently manipulated
The integrity of a system is compromised when the software is maliciously modified or taken over by an attacker who has learned an administrator-level password. Software defects that permit buffer overflow, database code injection, and cross-site scripting vulnerabilities can also cause a loss of integrity.
- No backdoor administrative or maintenance access accounts
- Signed and encrypted firmware
- Disabling access to operating system
- Fully encrypted control communication
- Transport layer security Secure Remote Password (TLS-SRP) for client-server connections
- Automatic firmware updates
Keeping information private and secure
A system’s confidentiality is compromised when users circumvent a system’s access controls to gain unauthorized access to the data it contains. Most often, a breach in confidentiality is the result of an attacker guessing or obtaining a legitimate user’s password to access the system.
- Centralized user control through Active Directory integration and/or parent/child user sharing
- Password strength enforcement
- Ability to bulk-change camera passwords from Avigilon Control Center (ACC) software
- Lock-out on multiple invalid login attempts
Ensuring system uptime and continuity of function
In addition to loss of confidentiality and integrity, the availability of a system and its data can be compromised by external attacks. These usually take the form of a denial of service (DoS) attack where an attacker bombards a system with requests. Although it is difficult to protect against all forms of these attacks, the effect is usually temporary.
- Progressive back-off on multiple invalid login attempts
- Separate limited access gateway for thin client (web and mobile) access to video
- 802.1x device authentication
* Please note that the advice and suggestions contained in this flyer are provided for informational purposes only and should not be construed or relied upon as comprehensive or exhaustive advice on how to protect your systems from cyber vulnerabilities. Avigilon does not guarantee that any of its products are immune from a potential cyber attack and adhering to the advice and suggestions contained in this flyer may still result in your system being subject to cyber vulnerabilities or a cyber attack.