Affected Roles: All Users
Related Digital Watchdog VMS Apps: DW Spectrum® IPVMS
Last Edit: December 4, 2020
Occasionally, our Sales and Support teams will be asked how DW Spectrum® is kept secure. With the assumption that an attacker is intimately familiar with how the DW Spectrum® IPVMS platform operates, Digital Watchdog (DW) takes steps to include code reviews and automated testing to ensure that there are no known encryption keys, backdoors, or hidden hacks in our code. This ensures that the security of a system is as secure as the user makes it.
This article will describe our security philosophy and how DW ensure that DW Spectrum® is as safe as possible from nefarious intervention.
Note: It is recommended to consult with a Network Security professional if additional network and data protection beyond the services that is utilized by DW Spectrum® IPVMS is needed.
The following components are either encrypted by default or can be encrypted by enabling settings within the Security section, found within the System Administration menu:
The following encryption technologies are used:
As much as Digital Watchdog strives to maintain secure connections between the DW Spectrum Server by default, the consumption of processing resources of the computer that hosts the DW Spectrum Server program is taken into consideration. For example, enabling the Encrypt video traffic security option increases the CPU usage of that computer and can create processing issues if the hardware is not sufficient or is already being used for additional purposes.
The default security settings vary depending on the component that is being accessed (⮀ - signifies a connection between the two denoted components).
Related: Cyber Security and DW Spectrum
Email Server options include TLS (Transport Layer Security) as the default option to protect Internet communication by creating a secure connection by encrypting the communication that is transmitted between a DW Spectrum Server and its clients.
Related: Accessing the DW Spectrum Web Client
To enable the optional encryption options through an instance of the DW Spectrum® Client:
A 2048-bit SSL certificate with 256-bit encryption is used when installing the DW Spectrum® IPVMS software. You can replace the SSL certificate with one provided by a Certification Authority (recommended for any public servers that you may have within the system).
The DW Spectrum® Server software runs on the server computer as a service and has administrator permissions. In order to protect DW Spectrum® Server data from being overwritten by other applications on the same server, we highly recommend that these other applications do not have administrator privileges and do not have access to the DW Spectrum® Server archive storage.
Digital Watchdog uses the OpenSSL library whenever something needs to be encrypted. Although the DW Spectrum® Server can utilize all of the hash algorithms that OpenSSL is capable of, we disable deprecated and insecure protocols that have known security vulnerabilities (such RC4 and 3DES ciphers). The Transport Layer Security (TLS) protocol aims to provide privacy and data integrity between two communicating computer applications.
The default OpenSSL cipher setting “High:!RC4:!3DES” is used, but the cipher can be changed manually to be even more secure. We support TSL1.2 by default, but other options can be enabled by modifying the parameter “allowedSslVersions”.
The DW Spectrum® Client provides logs that can be used to analyze who is accessing the system and monitor past activity within the server. These logs offer information that can be used diagnose server issues and to secure the system as what is deemed appropriate.
The Audit Trail log displays the tracked user actions and records.
To view this log, open the Main Menu and click on “Audit Trail”.
There are two summary panels, Sessions and Cameras, with a related Details panel to the right. Use these tabs to navigate viewing between the summary of activities during a user’s session (Sessions) and of the devices that were used (Cameras).
The Event Log displays system events that have occurred within DW Spectrum®. This can be utilized to search through past system activity to diagnose device or server issues.
To view this log:
Use the Event Log to view occurrences of default and custom system events (Event Rules).