Tip 1 – Eliminate port forwarding for NVR access
How does CameraMate eliminate port forwarding vulnerability?
Tip 2 – Improve Password Security
Almost all cameras sold today have a web-based graphical user interface (GUI) which comes with a default username and password that can easily be found on the internet. It is alarming how many installers do not change the password and leave the same default password for all cameras. Very few cameras have a way to disable the GUI, so the security vulnerability is that someone can attempt to hack into the camera via the web GUI and guess a password. Of course, the hacker must have network access to do this, but cameras are often on a shared network, not a physically separate network to the corporate IT network or a VLAN. Therefore, ensuring no element of your CCTV network retains a default password is an important task. The next challenge is to develop and maintain an effective password management policy.
Could your passwords be cracked in 60 seconds?
If your passwords are 7 characters long or less and use a mixture of numbers with uppercase and lowercase letters, then the answer is YES1. This is based on an analysis undertaken in 2019, so the situation is probably even worse today as the processing power in the hands of cybercriminals continues to increase. Unfortunately, some password ‘best practices’ that you may see or be forced to implement are actually detrimental to information security so we will offer here some methods for creating strong passwords that are easy to remember but hard to guess.
Password management: typically, a painful necessity
It is no secret, passwords are a pain for everyone. They cause frustration for employees, customers, and the support staff who must manage them. Who can remember the 11-character combination of letters, symbols, and digits that are prescriptive of strong passwords, let alone devise them in first instance? When a password gets lost or stolen, which they frequently do, it places a burden on the support desk. According to Gartner Group, 20-50% of support calls are for password resets, with an average cost to the organization of £50 per call, according to Forester Research.
Hackers have developed a wide range of tools to infiltrate confidential data. The main impediment standing between your information remaining safe, or leaking out, is the password you choose. Ironically, the best protection people have is usually the one they take least seriously.
From a password cracking perspective password complexity certainly improves password strength as can be seen in the diagram reproduced below from Hive Systems, but enforcing ‘strong’ password rules upon users that are difficult to remember can reduce the security of a system in the following ways:
- Users may need to write down or electronically store the password using an insecure method
- Users will need more frequent password resets
- Users are more likely to re-use the same password
- Similarly, stringent requirements for password strength, such as “having to mix uppercase and lowercase letters with digits” or “changing the password monthly”, increase the degree to which users will try to subvert the system2.
Easy to Remember but Hard to Guess
Users rarely choose passwords that are easy to remember but hard to guess. A study3 in 2004 entitled “The Memorability and Security of Passwords” set out to determine how to help users choose good passwords, the authors performed a controlled trial of the effects of giving users different kinds of advice. Some of their results challenged the established wisdom.They found that passwords based on thinking of a phrase and taking the first letter of each word are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed “algorithm” for generating obscure passwords can easily build strength upon these examples. One way to create an easy-to-use algorithm could be to take the unrelated word example but separate each word with a choice of symbols. Three random words with three different symbols could certainly create a strong password with the user having just 6 password elements to remember.In addition, wherever possible adopt the use of Dual Factor Authentication (2FA) systems which generate a one-time key or require a secondary piece of security information to be entered by the user. Single sign-on and password management apps can both help to overcome the security problems of weak passwords and that of username and password re-use that is widely used for gaining access to multiple accounts, both personal and for business.
Tip 3 - Prevent physical access to CCTV and security system network components
Tip 4 - Separate the networked IP CCTV system from the corporate IT network
Tip 5 – Pay attention to WiFi network access security
Tip 6 - Enable automatic software updates
Tip 7 – Educate all users on basic cybersecurity awareness
January 31, 2013 online:
Security: Empirical Results” (PDF). IEEE Security & Privacy Magazine online: