You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

Cyber Security and DW Spectrum

https://hf-files-oregon.s3-us-west-2.amazonaws.com/hdpdigitalwatchdog_kb_attachments/2019/09-24/4763eb2b-7c2d-49d6-bfc0-47620cc0f150/image.png

Cyber Security and DW Spectrum®

-----------------------------------

Affected Roles:  Administrator, Owner, Viewer(s)

Related Digital Watchdog VMS Apps:  DW Spectrum® IPVMS

Complexity:  High

Software Version:  DW Spectrum® IPVMS v4.1 or higher

Last Edit:  October 16, 2020

-----------------------------------

Fundamentals of DW Cyber Protection

Digital Watchdog’s Spectrum® IPVMS platform was designed to provide high levels of protection against both external and internal cybersecurity threats.

To ensure that your video surveillance system is protected against tampering and damage, additional defensive measures can be taken by your administrator to mitigate and prevent such events.  For example, placing equipment inside of hardened, locked cabinets and using vandal resistant camera housings can help to prevent physical damage to your system and devices.

In addition to these conventional, physical threats, IP video systems are also at risk of virtual attack through network connections, particularly when connected to the Internet.  Digital Watchdog has taken steps to ensure that your surveillance systems are protected against such attacks.  However, additional system hardening measures can be taken to reduce the likelihood of system tampering through a cyberattack.

This article will outline the most common forms of cybersecurity threats, the technology and processes implemented to secure the DW Blackjack system, and additional proactive approaches that customers may take to mitigate and prevent common cyberattacks.

Supported/Affected Devices:

  • DW Blackjack® Server Series

Cyberattacks 101

What is a Cyberattack?

A cyberattack is a malicious and deliberate attempt to breach the information system of another individual or organization. These attacks can be performed from either an outside party to the system, or by an individual within the targeted system itself.

What is the Purpose of a Cyberattack?

Malicious actors have different motivations for launching cyberattacks against vulnerable business systems. According to Cisco, cyberattacks are often used for ransoming systems – 53% of cyberattacks can result in damages of $500,000 and upwards.

Cyberattacks are also sometimes initiated as a form of “hacktivism” with a goal of disrupting normal business operations. In the IP video world, cyberattacks are often executed in an effort to cover up criminal behavior that may have been captured by a security system.

Common Types of Cyberattacks

There are many different types of cyberattacks. Some of the most common types include:

Malware – malicious software that installs itself on computers by exploiting vulnerabilities within an operating system or software.

  • Malware can be used to intercept user credentials and video streams, cause the DW Spectrum® System to function poorly through interruption of service, or consume network resources to slow down IP systems.

Phishing (aka Social Engineering) – also known as “social engineering”; a method of sending fraudulent communication (typically email) which mimics a reputable source in an effort to obtain personal information, such as login credentials.

  • Phishing attacks can be used to trick DW Spectrum® users to inadvertently provide login credentials to nefarious actors. It is recommended that users refrain from providing login credentials in response to emails whenever possible.

The DW Spectrum® Secure Password Reset feature allows System Administrators to reset the system password in such a case.

Man-in-the-Middle Attack – this type of attack occurs when the attackers insert themselves into the middle of communications between two parties in order to intercept sensitive data. Typically, this is accomplished by monitoring network traffic through the use of Malware.

  • DW Spectrum® features are equipped with secure communication capabilities including OpenSSL connections, HTTPS communications, and encrypted video traffic – features engineered to address this type of cyberattack.

Distributed Denial of Service Attack (DDOS) – this type of attack is designed to flood systems, servers, or networks with traffic in an effort to exhaust system resources, effectively rendering the system’s ability to perform processing services normally.

  • DW Spectrum® communications (SSL, HTTPS, Cloud Proxy, Secure Connections, and Encrypted Video) help to mitigate and prevent DDoS attacks.  Server Health Monitoring features also provide operators with the ability to diagnose DDoS attacks in real-time.

SQL Injection – occurs when a malicious actor inserts code into a server that is running an SQL database, forcing the server to reveal information.

  • DW Spectrum® utilizes the OWASP standard for prevention of SQL injection attacks and employs additional obfuscation techniques.

Zero-Day Exploit – this type of attack strikes after a network vulnerability is announced, but before a patch or solution is ready for implementation.

  • Digital Watchdog monitors market news regularly and updates our customers about Zero-Day vulnerabilities as they emerge, are documented, and addressed.

Password Cracking – in password-based attacks, hackers use software and brute force attacks to access secure attacks.

  • DW Spectrum® requires users to follow a set of minimum password standards, has an invalid login timeout, and a secure password reset/recovery method for DW Cloud™ connected systems.

Cyber Security Protections of DW Spectrum®

DW Spectrum® IPVMS is continuously being improved to address cybersecurity threats by using a combination of secure technology and process countermeasures.

User Rights Management

DW Spectrum® allows Administrators to implement strict control over what permissions users are able to utilize within the IPVMS system, which resources that they may access, and other privileges as well.

  • Each DW Spectrum® is limited to one (1) System Owner with super-user rights, while also allowing the creation of Administrator accounts as well.
  • User rights and roles are completely customizable by Administrators.

Audit Trail

All user actions are logged within the DW Spectrum® IPVMS Client and can be reviewed by System Administrators.  This can aid Administrators in mitigating and preventing malicious actors that may try to commit cyberattacks from within an organization.

Limited Client Access Points

Certain administrative actions can only be adjusted at the DW Spectrum® Server itself.  This limits the access points to your system without sacrificing conventional operation.

Password Security

DW Spectrum® requires a minimum level of security when creating passwords to mitigate the risk of brute force attacks.

  • Minimum password strength during account creation
    • Must use at least 8 characters
    • Must contain at least two variations of lowercase letters (abc), capitalized letters (ABC), numbers, or non-roman symbols
    • Must not match any of the 1000 most popular passwords (blacklist is updated with each software release)
  • Secure password reset through DW Cloud™
  • Complex multi-level salted/hash password storage

User Enumeration Detection

The DW Spectrum® Server and DW Cloud™ applications detect and prevent user enumeration (brute force attacks, guess and confirm attacks) through the use of timeouts.

LDAP Integration

System Administrators have the option of integrating the DW Spectrum® system with an LDAP server to enable centralized management or reset of IT credentials by their IT Administrator.

Data Integrity Checks

DW Spectrum® includes key technologies to ensure the integrity of information within and produce by the system.

This includes:

  • Archive Integrity Check – DW Spectrum® notifies operators when archived video has been modified indirectly (e.g. deleted/replaced files)
  • Watermarking for Chain of Custody – DW Spectrum® has built-in watermarking, allowing operators or viewers to check the authenticity of a video exported from a system which prevents the manipulation of video evidence.
  • Signed Software – Direct reception of data files from our FTP server mitigates the ability of malicious agents from intercepting and spoofing data files when updating the software.

Automatic Software Update Prompts

Bug fixes and detection of possible exploits are regularly assessed by our software developers.  The DW Spectrum® IPVMS platform includes a default option for informing users when an update has been released and is available for installation, ensuring that the system is protected and kept up-to-date.

Secure System Communications

DW Spectrum® utilizes a variety of system communication protection methods for use on both secure (private, LAN/WAN/VPN) and unsecure networks (Internet).

  • Hypertext Transfer Protocol Secure (HTTPS) extensions – HTTPS creates secure communication over a computer network, requiring authentication between devices, preventing data eavesdropping and tampering.
  • Secure Socket Layer (SSL) protocols – SSL certificates pair public and private keys to encrypt communication between devices to create a secure connection and a trusted environment for your system.
    • By default, deprecated and insecure protocols are disabled, only using TLS v1+.  The TLS protocol aims to provide privacy and data integrity between two communicating computer applications such as Server to Client communication or Email notifications.
  • Cloud Connection Proxy – DW Cloud™ securely proxies remote connections to systems, removing the need to open or to forward ports on secure networks.  However, whitelisting may be necessary if a SonicWall is in use.

Additional System Hardening

As the configurations and layout of your network are unique to meet the needs of your business, Digital Watchdog allows the additional customization of security methods without limiting your hardening options.

In addition to the default defensive measures of the DW Blackjack® Series and DW Spectrum® IPVMS platform, the following security hardening methods are recommended.

**Note:  While these additional methods may be used to harden the security options of your surveillance system for increased cyber protection and data integrity, please be aware that alterations to factory settings of the DW Blackjack® Server and its operating system may cause communication issues for the DW Spectrum® IPVMS platform and its connected devices.

Implement a Firewall or SonicWall Setup to Shield Against External Cyberattacks

When combined with good access control, such as port forwarding, white-listing, and disabling open ports (router default), you can strengthen your network security without sacrificing all of your external access.

Enforce Recommended Password Strength Protocols

Create unique passwords by requiring a minimum character count, use of special characters, and the use of numbers in password configurations.

Additionally, discourage the sharing of user profiles and password information between users.

Remove and Replace Default User Profile Configurations

Change the default login of your DW Blackjack® Server’s OS, the default Administrator profile configuration of DW Spectrum® IPVMS, and the default login for your Digital Watchdog cameras to mitigate the possibility of a malicious agent guessing the common login.  Digital Watchdog tries to make this process simple by providing easy-to-use means, such as the DW IP Finder™ software, which can be used to change the passwords of your IP cameras in bulk, directly from your IPVMS server.

Limit Access to External Websites from your DW Blackjack® Server

If Internet access is needed for your server due to limited means and resources, you may consider the use of an antivirus program for the server’s OS. However, please be aware that antivirus programs may inadvertently block the processes or resources of DW Spectrum® IPVMS.

Keep the IP Camera Network Configuration Separate From the Main Network

Limiting external network (Internet) access to only terminals on your main network, separate from your DW Blackjack® Server and your IP camera network, reduces the access points that malicious agents can use to attack your system. While this additional security option may seem inconvenient, limiting the DW Blackjack® Server and DW Spectrum® IPVMS to their intended purposes only increases your cybersecurity and peace of mind.

Process and Services

As Digital Watchdog is a security solution company and not a full-time surveillance company, we institute procedures to ensure that threat assessment and resolution is addressed as part of our culture.

Quality Assurance Testing

DW Spectrum® IPVMS undergoes rigorous quality assurance testing prior to each software release to identify and remedy vulnerabilities through external security audits with our partners.

Online Support Portal

Digital Watchdog maintains a global support presence with an active support portal and community forum.  Customers and partners are encouraged to report issues and work with our support team members.

Reporting DW Spectrum Issues

Regular Patch Releases

DW Spectrum® provides regular, monthly patches which address emerging security threats and reported bugs.  It is recommended to use patches only as needed.

Applying Patch Builds to DW Spectrum IPVMS

DW Spectrum Build and Patch Release List

  • 5
  • 20-Aug-2021
  • 1879 Views