-----------------------------------
Affected Roles: Administrator, Owner, Viewer(s)
Related Digital Watchdog VMS Apps: DW Spectrum® IPVMS
Complexity: High
Software Version: DW Spectrum® IPVMS v4.1 or higher
Last Edit: October 16, 2020
-----------------------------------
Digital Watchdog’s Spectrum® IPVMS platform was designed to provide high levels of protection against both external and internal cybersecurity threats.
To ensure that your video surveillance system is protected against tampering and damage, additional defensive measures can be taken by your administrator to mitigate and prevent such events. For example, placing equipment inside of hardened, locked cabinets and using vandal resistant camera housings can help to prevent physical damage to your system and devices.
In addition to these conventional, physical threats, IP video systems are also at risk of virtual attack through network connections, particularly when connected to the Internet. Digital Watchdog has taken steps to ensure that your surveillance systems are protected against such attacks. However, additional system hardening measures can be taken to reduce the likelihood of system tampering through a cyberattack.
This article will outline the most common forms of cybersecurity threats, the technology and processes implemented to secure the DW Blackjack system, and additional proactive approaches that customers may take to mitigate and prevent common cyberattacks.
A cyberattack is a malicious and deliberate attempt to breach the information system of another individual or organization. These attacks can be performed from either an outside party to the system, or by an individual within the targeted system itself.
Malicious actors have different motivations for launching cyberattacks against vulnerable business systems. According to Cisco, cyberattacks are often used for ransoming systems – 53% of cyberattacks can result in damages of $500,000 and upwards.
Cyberattacks are also sometimes initiated as a form of “hacktivism” with a goal of disrupting normal business operations. In the IP video world, cyberattacks are often executed in an effort to cover up criminal behavior that may have been captured by a security system.
There are many different types of cyberattacks. Some of the most common types include:
Malware – malicious software that installs itself on computers by exploiting vulnerabilities within an operating system or software.
Phishing (aka Social Engineering) – also known as “social engineering”; a method of sending fraudulent communication (typically email) which mimics a reputable source in an effort to obtain personal information, such as login credentials.
The DW Spectrum® Secure Password Reset feature allows System Administrators to reset the system password in such a case.
Man-in-the-Middle Attack – this type of attack occurs when the attackers insert themselves into the middle of communications between two parties in order to intercept sensitive data. Typically, this is accomplished by monitoring network traffic through the use of Malware.
Distributed Denial of Service Attack (DDOS) – this type of attack is designed to flood systems, servers, or networks with traffic in an effort to exhaust system resources, effectively rendering the system’s ability to perform processing services normally.
SQL Injection – occurs when a malicious actor inserts code into a server that is running an SQL database, forcing the server to reveal information.
Zero-Day Exploit – this type of attack strikes after a network vulnerability is announced, but before a patch or solution is ready for implementation.
Password Cracking – in password-based attacks, hackers use software and brute force attacks to access secure attacks.
DW Spectrum® IPVMS is continuously being improved to address cybersecurity threats by using a combination of secure technology and process countermeasures.
DW Spectrum® allows Administrators to implement strict control over what permissions users are able to utilize within the IPVMS system, which resources that they may access, and other privileges as well.
All user actions are logged within the DW Spectrum® IPVMS Client and can be reviewed by System Administrators. This can aid Administrators in mitigating and preventing malicious actors that may try to commit cyberattacks from within an organization.
Certain administrative actions can only be adjusted at the DW Spectrum® Server itself. This limits the access points to your system without sacrificing conventional operation.
DW Spectrum® requires a minimum level of security when creating passwords to mitigate the risk of brute force attacks.
The DW Spectrum® Server and DW Cloud™ applications detect and prevent user enumeration (brute force attacks, guess and confirm attacks) through the use of timeouts.
System Administrators have the option of integrating the DW Spectrum® system with an LDAP server to enable centralized management or reset of IT credentials by their IT Administrator.
DW Spectrum® includes key technologies to ensure the integrity of information within and produce by the system.
This includes:
Bug fixes and detection of possible exploits are regularly assessed by our software developers. The DW Spectrum® IPVMS platform includes a default option for informing users when an update has been released and is available for installation, ensuring that the system is protected and kept up-to-date.
DW Spectrum® utilizes a variety of system communication protection methods for use on both secure (private, LAN/WAN/VPN) and unsecure networks (Internet).
As the configurations and layout of your network are unique to meet the needs of your business, Digital Watchdog allows the additional customization of security methods without limiting your hardening options.
In addition to the default defensive measures of the DW Blackjack® Series and DW Spectrum® IPVMS platform, the following security hardening methods are recommended.
**Note: While these additional methods may be used to harden the security options of your surveillance system for increased cyber protection and data integrity, please be aware that alterations to factory settings of the DW Blackjack® Server and its operating system may cause communication issues for the DW Spectrum® IPVMS platform and its connected devices.
When combined with good access control, such as port forwarding, white-listing, and disabling open ports (router default), you can strengthen your network security without sacrificing all of your external access.
Create unique passwords by requiring a minimum character count, use of special characters, and the use of numbers in password configurations.
Additionally, discourage the sharing of user profiles and password information between users.
Change the default login of your DW Blackjack® Server’s OS, the default Administrator profile configuration of DW Spectrum® IPVMS, and the default login for your Digital Watchdog cameras to mitigate the possibility of a malicious agent guessing the common login. Digital Watchdog tries to make this process simple by providing easy-to-use means, such as the DW IP Finder™ software, which can be used to change the passwords of your IP cameras in bulk, directly from your IPVMS server.
If Internet access is needed for your server due to limited means and resources, you may consider the use of an antivirus program for the server’s OS. However, please be aware that antivirus programs may inadvertently block the processes or resources of DW Spectrum® IPVMS.
Limiting external network (Internet) access to only terminals on your main network, separate from your DW Blackjack® Server and your IP camera network, reduces the access points that malicious agents can use to attack your system. While this additional security option may seem inconvenient, limiting the DW Blackjack® Server and DW Spectrum® IPVMS to their intended purposes only increases your cybersecurity and peace of mind.
As Digital Watchdog is a security solution company and not a full-time surveillance company, we institute procedures to ensure that threat assessment and resolution is addressed as part of our culture.
DW Spectrum® IPVMS undergoes rigorous quality assurance testing prior to each software release to identify and remedy vulnerabilities through external security audits with our partners.
Digital Watchdog maintains a global support presence with an active support portal and community forum. Customers and partners are encouraged to report issues and work with our support team members.
DW Spectrum® provides regular, monthly patches which address emerging security threats and reported bugs. It is recommended to use patches only as needed.