Camera networks have become ubiquitous in the Indian security environment today. While closed circuit television (CCTV) cameras were being placed in high threat zones, increasingly camera networks are being laid out across metros such as Mumbai and Hyderabad, in buses, trains and public places where there is threat of a crime or terror incident. Ironically a CCTV network is neither “closed,” or secure but is accessible to unauthorized individuals and miscreants who have only basic knowledge of their functioning and are determined to penetrate the same. Camera networks are vulnerable to two types of attacks – physical as well as cyber. More over criminals are targeting a CCTV camera by covering or damaging the same at the scene of crime to prevent recording of their profile and activity. Thus there is a necessity for planning and ensuring security of camera networks.
The Aim of this Paper is to outline basic essentials of security of camera networks.
Physical Security of Cameras & Network
Given recent trend of blocking CCTV cameras by criminals or targeting the whole network before a major heist, there is a need to ensure physical security of the same. Some essential aspects of physical security of camera networks are underlined as follows:-
- ➜ Security cameras should be placed at locations which are not easily accessible to criminals to block the view by simply placing a cloth or physically damage the same.
- ➜ For this purpose cameras should be placed at a height so that larger field of view is obtained while at the same time remaining out of reach of miscreants.
- ➜ Network cable should be preferably laid in conduits inside walls and not exposed in a way that the same can be easily accessed and either tapped or cut. In case the network cable is exposed it should be inspected periodically to identify attempts at tapping.
- ➜ In case Wi-Fi or wireless local networks are being used security of routers should be ensured.
- ➜ Security of the control room and servers should be ensured with denial of access to unauthorized personnel. Automatic back up of data at servers in alternate locations should also be catered for.
Cyber Vulnerability of Cameras
Apart from physical threat, camera networks are also vulnerable to cyber penetrations. A cyber attack could wipe out entire data available in the system or even portions of the same which an intruder wants to deny access. The vulnerability will vary depending on the type of system used. There are presently two types of systems being used in India – Internet Protocol (IP) based systems and digital video recorder (DVR) based systems. Vulnerability of each is based on the characteristics which are briefly outlined as given below however technical manual should be referred to on installation and manufacturers be specifically asked about likely security black holes and means to block the same
IP Based System
An IP based system is like a computer network connected to a server, thus each camera will have an IP address just like a computer connected to the internet. As each camera has an individual IP address, computer or video recorder is able to identify location from which the image is being received easily. IP based systems are vulnerable to software glitches such as viruses and malware as well as hacking. Entry at one point will provide a door into the entire system thus the network can be targeted in an IP based system unlike a DVR based one. In case the IP based system is connected to the internet, hacking or injection of malware is another threat envisaged. The vulnerability of penetration is also higher in case the same is connected through Wi-Fi.
DVR Based System
The DVR is the hub of the surveillance system which is connected to cameras through a coaxial cable. The DVR has a video capture card with a connector for each camera to identify the one from which the image is transmitted. An advantage of the DVR system is that penetration or damage to one camera will not impact the network unless the mother recorder is damaged. However as DVR data is transmitted on a co-axial cable without encryption, it can be intercepted with ease by physically accessing the cabling. In case a DVR system is connected to the public internet there is a scope of penetration of these networks as well.
Protocols for Cyber Security of Camera Networks
Protocols for security of camera networks from cyber threats are similar to that applied to computers and are reiterated as follows:-
- ➜ Systems installed should be from reputed firms having depth of business and experience to ensure that security needs are catered for
- ➜ Primary security enablement of the entire network be it IP Based or DVR through measures such as passwords and firewalls is the first layer.
- ➜ Where a system has a factory enabled user name and password these should be changed immediately on installation. Similarly password should also be changed as per frequency given in the manual or at least once a week. Passwords should be obtained using software for random generation to ensure high degree of authenticity.
- ➜ Wi-Fi Protected Access (WPA) and WPA2-encrypted wireless protocols should be invariably used when camera networks are being used over Wi-Fi. Passwords should also be used for Wi-Fi routers.
- ➜ Data should be encrypted during transmission on the network thus denying an intruder ability to interpret the same. Encryption software should be upgraded from time to time to ensure holes if any are removed.
- ➜ System upgrades should be applied regularly and automatic upgrade applications should be facilitated for cameras as well as recorders.
- ➜ Maintaining air gaps – that is ensuring that the camera network IP or DVR is not connected to the internet also assumes importance. Where necessary separate computers should be provided to connect with the internet distinct from the camera networks.
- ➜ Operators should be well trained to recognize possible security glitches and take immediate action for preventing spread of a virus or malware.
- ➜ Simultaneous system backup and recovery facility should be available to prevent total loss of data.
Cameras are increasingly being used as tools for surveillance and monitoring. While being facilitators these are also vulnerable to security breaches due to physical or cyber threats which are being exploited by miscreants to prevent revelation of identity or activity. To ensure fool proof provision of security, camera networks also need to be protected some measures for which have been covered herein. Importantly on installation details of security should be worked out with the concerned provider with updates being made from time to time.