Cyber Security and DW Spectrum
-----------------------------------
Affected Roles: Administrator, Owner, Viewer(s)
Related Digital Watchdog VMS Apps: DW Spectrum® IPVMS
Complexity: High
Software Version: DW Spectrum® IPVMS v5.0
Last Edit: October 6, 2022
-----------------------------------
Digital Watchdog’s Spectrum® IPVMS platform was designed to provide high levels of protection against both external and internal cybersecurity threats.
To ensure that your video surveillance system is protected against tampering and damage, additional defensive measures can be taken by your administrator to mitigate and prevent such events. For example, placing equipment inside of hardened, locked cabinets and using vandal resistant camera housings can help to prevent physical damage to your system and devices.
In addition to these conventional, physical threats, IP video systems are also at risk of virtual attack through network connections, particularly when connected to the Internet. Digital Watchdog has taken steps to ensure that your surveillance systems are protected against such attacks. However, additional system hardening measures can be taken to reduce the likelihood of system tampering through a cyberattack.
This article will outline the most common forms of cybersecurity threats, the technology and processes implemented to secure the DW Blackjack system, and additional proactive approaches that customers may take to mitigate and prevent common cyberattacks.
A cyberattack is a malicious and deliberate attempt to breach the information system of another individual or organization. These attacks can be performed from either an outside party to the system, or by an individual within the targeted system itself.
Malicious actors have different motivations for launching cyberattacks against vulnerable business systems. According to Cisco, cyberattacks are often used for ransoming systems – 53% of cyberattacks can result in damages of $500,000 and upwards.
Cyberattacks are also sometimes initiated as a form of “hacktivism” with a goal of disrupting normal business operations. In the IP video world, cyberattacks are often executed in an effort to cover up criminal behavior that may have been captured by a security system.
There are many different types of cyberattacks. Some of the most common types include:
DW Spectrum IPVMS is continuously being improved to address cybersecurity threats by using a combination of secure technology and process countermeasures.
DW Spectrum allows Administrators to control the permissions and access that users have within the IPVMS system, such as which menus that they may access, camera viewing permissions, and other privileges as well.
The Two Factor Authentication (2FA) security feature can be implemented as an additional layer of cyber security. When someone tries to gain access to a DW Spectrum System using 2FA, they will be required to enter a password when initially connecting (1st factor) then will be required to enter a pin code (2nd factor) that has been generated from an authentication application.
For instructions on how to set up 2FA, please read the Enabling Two Factor Authentication (2FA) for DW Spectrum IPVMS article.
DW Spectrum creates logs that can be used to analyze who is accessing the system and monitor past activity within the server. These logs offer information that can be used diagnose server issues and to secure the system as what is deemed appropriate.
To view the Audit Trail log, open the Main Menu and select “Audit Trail”.
There are two summary panels, Sessions and Cameras, with a related Details panel to the right. Use these tabs to navigate viewing between the summary of activities during a user’s session (Sessions) and of the devices that were used (Cameras).
The Event Log displays system events that have occurred within DW Spectrum. This can be used to search through past system activity to diagnose device or server issues.
To view this log:
Use the Event Log to view occurrences of default and custom system events (Event Rules).
Certain administrative actions can only be adjusted at the DW Spectrum Server itself. This limits the access points to your system without sacrificing conventional operation.
The default security settings vary depending on the component that is being accessed (⮀ = signifies an end-to-end connection between the two denoted components).
DW Spectrum requires a minimum level of security when creating passwords to mitigate the risk of brute force attacks.
The DW Spectrum Server and DW Cloud applications detect and prevent user enumeration (brute force attacks, guess and confirm attacks) by using timeouts.
System Administrators have the option of integrating the DW Spectrum system with an LDAP server to enable centralized management or reset of IT credentials by their IT Administrator.
DW Spectrum includes key technologies to ensure the integrity of information within and produce by the system.
This includes:
Bug fixes and detection of possible exploits are regularly assessed by our software developers. The DW Spectrum IPVMS platform includes a default option for informing users when an update has been released and is available for installation, ensuring that the system is protected and kept up to date.
DW Spectrum utilizes a variety of system communication protection methods for use on both secure (private, LAN/WAN/VPN) and unsecure networks (Internet).
DW Spectrum System Owners and Administrators have the option to encrypt the recorded video archive so that recorded video can only be viewed when using the DW Spectrum Desktop Client, DW Spectrum Mobile Client, or with the Web Admin.
The Archive Encryption feature uses 128-AES encryption, which uses 10 transformation rounds to encrypt data and is approved by the National Security Agency to protect information. When encrypting the archives is combined with encrypted communications, organizations create end-to-end encryption to protect all video streams, recorded video archives, and video stream data.
To enable the optional encryption options through an instance of the DW Spectrum® Client:
**NOTE: Encrypting video traffic will increase the CPU usage of the DW Spectrum® Server machine as more processing resources will be needed.
As the configurations and layout of your network are unique to meet the needs of your business, Digital Watchdog allows the additional customization of security methods without limiting your hardening options.
In addition to the default defensive measures of the DW Blackjack Series and DW Spectrum IPVMS platform, the following security hardening methods are recommended.
**NOTE: While these additional methods may be used to harden the security options of your surveillance system for increased cyber protection and data integrity, please be aware that alterations to factory settings of the DW Blackjack Server and its operating system may cause communication issues for the DW Spectrum IPVMS platform and its connected devices.
When combined with good access control, such as port forwarding, white-listing, and disabling open ports (router default), you can strengthen your network security without sacrificing all of your external access.
Create unique passwords by requiring a minimum character count, use of special characters, and the use of numbers in password configurations.
Additionally, discourage the sharing of user profiles and password information between users.
Change the default login of your DW Blackjack Server’s OS, the default Administrator profile configuration of DW Spectrum IPVMS, and the default login for your Digital Watchdog cameras to mitigate the possibility of a malicious agent guessing the common login. Digital Watchdog tries to make this process simple by providing easy-to-use means, such as the DW IP Finder software, which can be used to change the passwords of your IP cameras in bulk, directly from your IPVMS server.
If Internet access is needed for your server due to limited means and resources, you may consider the use of an antivirus program for the server’s OS. However, please be aware that antivirus programs may inadvertently block the processes or resources of DW Spectrum IPVMS.
Limiting external network (Internet) access to only terminals on your main network, separate from your DW Blackjack Server and your IP camera network, reduces the access points that malicious agents can use to attack your system. While this additional security option may seem inconvenient, limiting the DW Blackjack Server and DW Spectrum IPVMS to their intended purposes only increases your cybersecurity and peace of mind.
As Digital Watchdog is a security solution company and not a full-time surveillance company, we institute procedures to ensure that threat assessment and resolution is addressed as part of our culture.
DW Spectrum IPVMS undergoes rigorous quality assurance testing prior to each software release to identify and remedy vulnerabilities through external security audits with our partners.
Digital Watchdog maintains a global support presence with an active support portal and community forum. Customers and partners are encouraged to report issues and work with our support team members.
DW Spectrum provides regular, monthly patches which address emerging security threats and reported bugs. It is recommended to use patches only as needed.